forked from aws-samples/aws-amazon-eks-ansible-example
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy patheks-destroy-cluster.playbook.yaml
executable file
·151 lines (131 loc) · 5.52 KB
/
eks-destroy-cluster.playbook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#############################################################
## NOT FOR PRODUCTION USE. ##
## THE CONTENT OF THIS FILE IS FOR LEARNING PURPOSES ONLY ##
## created by David Surey, Amazon Web Services, 2020 ##
#############################################################
- name: example Kubernetes Workshop Workshop Destruction
hosts: localhost
gather_facts: no
vars:
ansible_ssh_private_key_file: "./secrets/id_rsa_eks"
ansible_user: ec2-user
vars_prompt:
- name: "security_check"
prompt: "Do really want to DESTROY your Amazon EKS cluster deployment (yes/no)?"
private: no
tasks:
- name: check if we're gonna destroy
when: not security_check | bool
fail:
msg: cancelled
- name: check ansible version
when: (ansible_version.major == 2 and ansible_version.minor < 10 ) or (ansible_version.major < 2)
run_once: yes
fail:
msg: Please use Ansible 2.10 or newer
- name: import static var data
include_vars:
dir: vars/static
ignore_unknown_extensions: True
extensions:
- yaml
- name: import dynamic var data
include_vars:
dir: vars/dynamic
ignore_unknown_extensions: True
extensions:
- yaml
- name: check if eks cluster setup
delegate_to: "{{ EKSBastionInstancePublicIP }}"
shell: eksctl get cluster --region {{ eksexample_region }} --verbose 0
register: eks_check_output
- name: remove iamserviceaccounts via eksctl
delegate_to: "{{ EKSBastionInstancePublicIP }}"
shell: >
eksctl delete iamserviceaccount \
--name {{ item.name }} \
--namespace {{ item.namespace }} \
--cluster "{{ eksexample_clustername }}" \
--wait \
--region {{ eksexample_region }}
loop:
- { name: cluster-autoscaler, namespace: kube-system }
- { name: external-dns, namespace: kube-system }
- { name: aws-load-balancer-controller, namespace: kube-system }
- { name: ebs-csi-controller-sa, namespace: kube-system }
- { name: efs-csi-controller-sa, namespace: kube-system }
- { name: xray-daemon, namespace: kube-system }
when: not eks_check_output.stdout == "No clusters found"
- name: destroy cloudformation stacks
cloudformation:
region: "{{ eksexample_region }}"
profile: "{{ eksexample_aws_profilename }}"
stack_name: "{{ item }}"
state: "absent"
loop:
- "{{ eksexample_clustername }}-cluster-autoscaler-policy"
- "{{ eksexample_clustername }}-container-insights-policy"
- "{{ eksexample_clustername }}-external-dns-policy"
- "{{ eksexample_clustername }}-cluster-loadbalancercontroller-policy"
- "{{ eksexample_clustername }}-storage-provider-ebscsi-policy"
- "{{ eksexample_clustername }}-storage-provider-efscsi-policy"
- "{{ eksexample_clustername }}-storage-provider-efscsi-storage"
- name: check if cert exists on ACM
delegate_to: "{{ EKSBastionInstancePublicIP }}"
shell: >
aws acm list-certificates --region {{ eksexample_region }} \
| jq -r ".CertificateSummaryList | .[] | select (.DomainName == \"{{ eksexample_hostedzonename }}\").CertificateArn"
register: cert_existing
- name: read ssl cert name
delegate_to: "{{ EKSBastionInstancePublicIP }}"
shell: >
aws acm describe-certificate --certificate-arn "{{ cert_existing.stdout }}" \
--query Certificate.DomainValidationOptions --region {{ eksexample_region }} | jq -r ".[] | select(.DomainName == \"{{ eksexample_hostedzonename }}\").ResourceRecord.Name"
register: ssl_cert_name
when: cert_existing.stdout
- name: remove ACM Certfificate
delegate_to: "{{ EKSBastionInstancePublicIP }}"
shell: >
aws acm delete-certificate --region {{ eksexample_region }} --certificate-arn "{{ cert_existing.stdout }}"
when: cert_existing.stdout
- name : delete record set in route53
delegate_to: "{{ EKSBastionInstancePublicIP }}"
route53:
state: absent
zone: "{{ eksexample_hostedzonename }}"
record: "{{ ssl_cert_name.stdout }}"
when: cert_existing.stdout == eksexample_hostedzonename
- name: destroy amazon eks cluster
delegate_to: "{{ EKSBastionInstancePublicIP }}"
shell: >
eksctl delete cluster \
--name {{ eksexample_clustername }} \
--region {{ eksexample_region }} \
--wait
when: not eks_check_output.stdout == "No clusters found"
- name: remove bastion host stack
cloudformation:
region: "{{ eksexample_region }}"
profile: "{{ eksexample_aws_profilename }}"
stack_name: "{{ eksexample_clustername }}-bastion"
state: "absent"
- name: remove ec2 secret key
ec2_key:
state: absent
profile: "{{ eksexample_aws_profilename }}"
name: "{{ eksexample_clustername }}-keypair"
region: "{{ eksexample_region }}"
- name: find dynamic var files
find:
paths: ./vars/dynamic/
patterns: "*"
register: files_to_delete
- name: remove dynamic var files
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ files_to_delete.files }}"
- name: delete local secret file
file:
path: ./secrets/id_rsa_eks
state: absent