kops tries to delete route tables and nat gateways when subnets are shared #4767
Comments
|
This maybe related to #4614, but I thought I'd open this incase it isn't related. I can help contribute a fix if pointed in the right direction. |
|
Components need to be tagged shared label. When kops first ran did it try to tag the resources? |
|
There has been internal discussion if kops should or should not delete resources that are not tagged. @justinsb can you comment. |
|
When kops first ran, it did not tag the existing route tables, subnets, or nat gateways. |
|
Thanks for reporting @valdisrigdon and sorry for the problem. You're absolutely correct - if kops does not create the object, it should not delete it! It does get a little trickier for EIPs because it used to be the case that they could not be tagged, so I'm really looking at route tables. Was your route-table was actually deleted? Because kops shouldn't do that if the attached subnets are not deleted. Was kops also trying to delete the subnets? And you'll see we had a bug in alpha.2 where we might have tried to delete route tables when the VPC was shared - but this should have simply failed if the subnets were shared. Was the cluster also created with alpha.2? I'm working to reproduce it & add test coverage, but I'm struggling to hit the same problem. |
|
The cluster was created. The subnets were shared and kops did not try to delete them. It was actively trying to delete route tables. It also followed the route tables and did delete the NAT gateways and the route to the nat gateway. On a delete it also indicated that it found new EIPs and marked those to be deleted as well. It never actually deleted the route table because of dependencies from other AWS objects I believe. |
|
@valdisrigdon I fixed the deletion of the route table, and the new PRs this weekend should clear up NGW, eips, etc. We did not have enough tags on enough items. These fixes will be in the alpha or beta. They are in master if you want to test drive them. Should merge shortly. Thanks to @justinsb |
|
Thanks for the quick turnaround! I'll test this out today. Is it expected that I would need to tag each route table or given I'm using shared subnets and shared VPC that kops won't delete the networking stack? |
|
@valdisrigdon with kops 1.9.0-alpha.3 or beta.1 or later, it should "just work". We'll add a "k8s.io/cluster/=shared |
|
My testing was successful as well. Thanks for fixing! |
|
Great news - thanks for confirming! |
Thanks for submitting an issue! Please fill in as much of the template below as
you can.
------------- BUG REPORT TEMPLATE --------------------
kopsversion are you running? The commandkops version, will displaythis information.
1.9.0.alpha2kubectl versionwill print theversion if a cluster is running or provide the Kubernetes version specified as
a
kopsflag.1.9.6awsCreate a cluster with a private topology with subnets already created. Destroy the cluster and the route tables and nat gateways that kops did not create are deleted.
Route tables, EIPs, and NAT gateways are deleted.
kops didn't create them -- don't delete them!
Please provide your cluster manifest. Execute
kops get --name my.example.com -oyamlto display your cluster manifest.You may want to remove your cluster name and other sensitive information.
Please run the commands with most verbose logging by adding the
-v 10flag.Paste the logs into this report, or in a gist and provide the gist link here.
Anything else do we need to know?
If I Tag the Routetable with
AssociatedNatgateway:nat-idandkubernetes.io.cluster/<cluster-name>: shared, kops doesn't attempt to delete them.The text was updated successfully, but these errors were encountered: