-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firewall rules not getting deleted on terraform destroy in GKE #5948
Comments
@MeghanaSrinath Can you post the code and steps you reached that error? I'd like to repro it on my side |
Hi @edwardmedia Here are the cluster and network related modules that we have in place:
We do have other modules for the bastion VM, NAT and router along with the above modules.
On looking at the GCP console, we can see that 2 firewall rules will not be deleted. The other firewall rule - But there are other firewall rules created due to our application running in the cluster and which are successfully deleted on terraform destroy as well. |
@MeghanaSrinath I can't repro the issue. Not sure what you did after the gke created which may impact some behaviors. Can you try to run |
@edwardmedia , we did |
@MeghanaSrinath between |
@edwardmedia , Sorry for the delay in response. Yes, we are creating a LB in our cluster. So this is our use case- |
@MeghanaSrinath Your above code works fine with me. I am not able to hit your error. You have mentioned other resources in this issue. Likely this issue is related to them. Can you provide exact detail steps and code that I can follow in order to repro the issue? Also please post full apply and destroy debug logs |
Hi @edwardmedia
|
@MeghanaSrinath Without seeing the complete code, I am not sure. But I see a problem here. The |
HI @edwardmedia , I agree on this. Terraform doesn't have a knowledge about these resources. Then we better find a way to delete these resources before we do a terraform destroy.You also mentioned about importing the state? Can you please explain more about that? Is it possible to have a state file for non-terraform created resources? |
@MeghanaSrinath sure yes, you can You might also want to review For now, I am closing this issue. Feel free to reopen it if you still see an issue. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
We have used terraform to set up a private GKE cluster along with the VPC and required firewall rules.
However, when we try to delete all the resources with terrafrom destroy, the VPC is not getting deleted and the error is as below:
When I view the firewall in the GCP console, I can see that there are 2 firewall rules created by GKE for allowing master node to communicate with the worker nodes.
This is also stated in the link here.
Due to these firewall rules, the VPC created by terraform cannot get destroyed. Even after deleting the cluster through terraform, these firewall rules remain.
Can someone let us know how can all the firewall rules be destroyed by terraform in order to overcome this issue.
The text was updated successfully, but these errors were encountered: