Skip to content

Add control plane reference teardown instructions#22

Open
sd109 wants to merge 3 commits into
mainfrom
sd/teardown-docs
Open

Add control plane reference teardown instructions#22
sd109 wants to merge 3 commits into
mainfrom
sd/teardown-docs

Conversation

@sd109

@sd109 sd109 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@sd109 sd109 added this to the now milestone Jul 1, 2026
@sd109 sd109 requested a review from alec-w July 1, 2026 15:40

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a "Teardown" section to the AWS deployment documentation, detailing the step-by-step process to delete a Connect deployment. It also adds a force_destroy configuration option to the S3 bundle bucket Terraform/Terragrunt files to facilitate the deletion of non-empty buckets. The reviewer feedback highlights a missing step to upgrade/re-apply the ExternalDNS controller after editing its configuration, and suggests minor formatting and grammatical corrections in the documentation.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread control-plane/deployment/aws/README.md Outdated
Comment thread control-plane/deployment/aws/README.md Outdated
Comment thread control-plane/deployment/aws/k8s/connect/README.md Outdated

To delete a Connect deployment deployed using this reference stack, perform the following actions in order:

1. Edit the ExternalDNS controller's [values.yaml](./k8s/controllers/external-dns/values.yaml) to set `policy: sync`, so that it is able to delete the DNS records it created for SPIRE and Connect load balancers, then re-run [install.sh](./k8s/controllers/external-dns/install.sh).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we just set that as the default to begin with?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say so but assumed you'd added this comment due to some prior bad experience? Or did the 🤖 add that one?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recall the clanker added that, and I wondered about how accurate it was, but decided that it wasn't worth digging into further.

Given the default in https://kubernetes-sigs.github.io/external-dns/latest/docs/flags/ is actually sync

Modify how DNS records are synchronized between sources and providers (default: sync, options: sync, upsert-only, create-only)

and I'm pretty sure that's how I was previously running it in production (it's one of those you setup and don't really touch) I think lets change to simplify here?

I reckon this came from some tutorial or such in Claude's training data / it being conservative

Comment thread control-plane/deployment/aws/README.md Outdated
Co-authored-by: Alec Wilson <alec-w@users.noreply.github.com>
@alec-w

alec-w commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Just torn down everything I'd still got running. Essentially, do the destroy steps in reverse order of the apply (as would be expected).

  1. Set forwarding sessions up for k8s and rds access
  2. Helm uninstall Connect UI and Connect API
  3. Add force_destroy to bucket within https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/connect/bundle-bucket
  4. Terragrunt destroy each unit within https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/connect
  5. Helm uninstall SPIRE
  6. Terragrunt destroy each unit within https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/spire-server
  7. Terragrunt destroy https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/database/iam-admin failed because by default it uses password auth - the unit supports changing the configuration to use IAM auth, the issue arises because on first apply all auth changes to be IAM auth, so need to change provider config to be IAM auth on a subsequent apply/destroy (noted in docs there) - skipped because we're about to destroy the RDS instance anyway
  8. Terragrunt destroy https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/database/rds-instance
  9. Terragrunt destroy each unit within https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/eks-cluster/controllers
  10. Terragrunt destroy https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/eks-cluster/cluster
  11. Terragrunt destroy https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/jump
  12. Terragrunt destroy https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/vpc
  13. Manually remove Route53 records created by external-dns because of Add control plane reference teardown instructions #22 (comment)
  14. Terragrunt destroy https://github.com/cofide/connect-reference/tree/main/control-plane/deployment/aws/infra/stack/base/dns

So I think the change to external-dns makes sense to do alongside the bucket change you've already got 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants