Open
Description
Describe the bug
I ran this tool and it deleted the cluster's security group but not groups created for load balancers.
To Reproduce
- Create an eks service with load balancer
- Delete the service (LB automatically removed, leaves orphan security groups in certain situations)
- Call kubergrunt.
resource "aws_eks_cluster" "eks" {
...
provisioner "local-exec" {
when = destroy
command = "kubergrunt eks cleanup-security-group --eks-cluster-arn ${self.arn} --security-group-id ${self.vpc_config.0.cluster_security_group_id} --vpc-id ${self.vpc_config.0.vpc_id}"
}
}Expected behavior
Kubergrunt deletes the orphaned load balancer security groups.
Nice to have
- Terminal output
module.eks_common.aws_eks_cluster.eks (local-exec): Executing: ["/bin/sh" "-c" "kubergrunt eks cleanup-security-group --eks-cluster-arn arn:aws:eks:us-east-1:xxxx:cluster/dpedu5-eks --security-group-id sg-0a10673de28a8a38f --vpc-id vpc-07c666f30e4bebbef"]
module.eks_common.aws_eks_cluster.eks (local-exec): [] time="2022-04-27T12:30:25-07:00" level=info msg="Successfully authenticated with AWS" name=kubergrunt
module.eks_common.aws_eks_cluster.eks (local-exec): [] time="2022-04-27T12:30:26-07:00" level=info msg="Deleting security group sg-0a10673de28a8a38f" name=kubergrunt
module.eks_common.aws_eks_cluster.eks (local-exec): [] time="2022-04-27T12:30:26-07:00" level=info msg="Security group sg-0a10673de28a8a38f already deleted." name=kubergrunt
Additional context
The orphaned security groups have a tag like: kubernetes.io/cluster/<clustername>=owned. See kubernetes/kubernetes#109698 for the conditions under which these orphaned groups are created and not deleted.