forked from Mirantis/project-2a-docs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
62 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Non-removed VPC | ||
|
||
A bug was fixed in CAPA (Cluster API Provider AWS) for VPC removal: [kubernetes-sigs/cluster-api-provider-aws#5192](https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5192) | ||
|
||
It is possible to deal with non-deleted VPCs the following ways: | ||
|
||
## Applying ownership information on VPCs | ||
|
||
When VPCs have owner information, all AWS resources will be removed when 2A ESK cluster is deleted. | ||
So, after provisioning EKS cluster the operator can go and set tags (i.e. `tag:Owner`) and it will be sufficient for CAPA to manage them. | ||
|
||
## GuardDuty VPCE | ||
|
||
Another way to prevent an issue with non-deleted VPCs is to disable GuardDuty. | ||
GuardDuty creates an extra VPCE (VPC Endpoint) not managed by CAPA and when CAPA starts EKS cluster removal, this VPCE is not removed. | ||
|
||
## Manual removal of VPCs | ||
|
||
When it is impossible to turn off GuardDuty or applying ownership tags is not permitted, it is needed to remove VPCs manually. | ||
|
||
The sign of “stuck” VPC looks like a hidden “Delete” button. | ||
![Failed VPC deletion](../../assets/delete-vpc-fail.png) | ||
|
||
Opening “Network Interfaces” and attempting to detach an interface shows disable “Detach” button: | ||
![detach-network-interface-fail](../../assets/detach-network-interface-fail.png) | ||
|
||
It is required to get to VPC endpoints screen and remove the end-point: | ||
![delete-vpce](../../assets/delete-vpce.png) | ||
|
||
![OK Endpoint deletion](../../assets/delete-endpoint-ok.png) | ||
|
||
Wait until VPCE is completely removed, all network interfaces disappear. | ||
![No Network Interfaces](../../assets/no-network-interfaces.png) | ||
|
||
Now VPC can be finally removed: | ||
![Failed VPC OK](../../assets/delete-vpc-ok.png) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters