Running 'kube-aws destroy' in the wrong folder could destroy the wrong cluster #249
Comments
Sounds good overall 馃憤 |
Related: AWS recently added a 'termination protection' option for CloudFormation stacks. If you enable that, is should prevent a mistaken 'kube-aws destroy'. It doesn't block stack updates/rollbacks, even if those updates delete stuff, but it does stop an inadvertent, all-out destroy, just because you were in the wrong folder. |
Opened #1152. Probably it would be the fix for this issue :) |
Yes, allowing new cluster to start with stack protection is great. Though it is easy enough to enable manually after cluster start. |
yes, but that's a manual step which can be undocumented, forgotten, or otherwise lost in the process, which undercuts the value of kube-aws as a management tool for kubernetes on aws |
Thx for the feedback. |
+1 for this feature as i recently had to implement it via aws-cli instead, which as mentioned here is easy enough step to do but one that gets forgotten etc. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Nope, I haven't done that 馃槃 . But I worry about doing it a lot...
Feature request 1:
kube-aws destroy
should display theclusterName
and prompt for the user to type the name of the cluster to confirm the deletion. People who need to script adestroy
can 'echo "cluster-name" | kube-aws destroy".I don't think a similar check is necessarily needed for
kube-aws node-pool destroy
as it at least requires you specify--node-pool-name
. Though a similar prompt for the cluster or node pool name could protect against command history re-runs.Feature request 2:
kube-aws destroy
should check for errors. Right now it always acts as if it succeeded, even if it actually failed, because e.g. the cluster has node-pools, the cluster doesn't exist/was deleted already, the wrong AWS account is active, etc.The text was updated successfully, but these errors were encountered: