[CASCL-647] Add a subcommand to kubectl plugin to uninstall Karpenter

[L3n41c]

What does this PR do?

Add a subcommand to the kubectl plugin to uninstall Karpenter on a cluster:

kubectl datadog autoscaling cluster uninstall

Motivation

#2301 added a subcommand to install Karpenter.
This PR introduce a subcommend to do the reverse operation.

Additional Notes

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?
No

Describe your test plan

• Create an EKS cluster;
• Install Karpenter on it with kubectl datadog autoscaling cluster install;
• Then validate that it can be uninstalled with kubectl datadog autoscaling cluster uninstall.

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label

[codecov-commenter]

Codecov Report

❌ Patch coverage is 2.55906% with 495 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.05%. Comparing base (43cb394) to head (ea85b71).
⚠️ Report is 16 commits behind head on main.

Files with missing lines	Patch %	Lines
...datadog/autoscaling/cluster/uninstall/uninstall.go	0.00%	307 Missing ⚠️
...adog/autoscaling/cluster/common/clients/clients.go	0.00%	51 Missing ⚠️
...ctl-datadog/autoscaling/cluster/install/install.go	0.00%	46 Missing ⚠️
...g/autoscaling/cluster/common/aws/cloudformation.go	0.00%	31 Missing ⚠️
...datadog/autoscaling/cluster/common/aws/aws-auth.go	0.00%	26 Missing ⚠️
...tl-datadog/autoscaling/cluster/common/helm/helm.go	0.00%	21 Missing ⚠️
...l-datadog/autoscaling/cluster/common/k8s/object.go	0.00%	10 Missing ⚠️
cmd/kubectl-datadog/autoscaling/cluster/cluster.go	0.00%	1 Missing ⚠️
...og/autoscaling/cluster/install/k8s/ec2nodeclass.go	0.00%	1 Missing ⚠️
...atadog/autoscaling/cluster/install/k8s/nodepool.go	0.00%	1 Missing ⚠️

❌ Your patch status has failed because the patch coverage (2.55%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2424      +/-   ##
==========================================
- Coverage   38.15%   38.05%   -0.10%     
==========================================
  Files         292      303      +11     
  Lines       24822    27123    +2301     
==========================================
+ Hits         9470    10323     +853     
- Misses      14638    16029    +1391     
- Partials      714      771      +57     

Flag	Coverage Δ
unittests	38.05% <2.55%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...adog/autoscaling/cluster/common/display/display.go	100.00% <100.00%> (ø)
cmd/kubectl-datadog/autoscaling/cluster/cluster.go	0.00% <0.00%> (ø)
...og/autoscaling/cluster/install/k8s/ec2nodeclass.go	0.00% <0.00%> (ø)
...atadog/autoscaling/cluster/install/k8s/nodepool.go	0.00% <0.00%> (ø)
...l-datadog/autoscaling/cluster/common/k8s/object.go	0.00% <0.00%> (ø)
...tl-datadog/autoscaling/cluster/common/helm/helm.go	0.00% <0.00%> (ø)
...datadog/autoscaling/cluster/common/aws/aws-auth.go	34.69% <0.00%> (ø)
...g/autoscaling/cluster/common/aws/cloudformation.go	0.00% <0.00%> (ø)
...ctl-datadog/autoscaling/cluster/install/install.go	16.82% <0.00%> (+3.91%)	⬆️
...adog/autoscaling/cluster/common/clients/clients.go	0.00% <0.00%> (ø)
... and 1 more

... and 31 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 43cb394...ea85b71. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[L3n41c]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[L3n41c]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[L3n41c]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f580791782

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[L3n41c]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4c5bbded96

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[L3n41c]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 👍

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[L3n41c]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9881734887

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Respect full kubeconfig overrides for Helm config

This uses kube.GetConfig(kubeConfig, kubeContext, namespace), which only honors the kubeconfig path and context and ignores other ConfigFlags overrides like --server, --token, --certificate-authority, --insecure-skip-tls-verify, or impersonation flags. In environments where users rely on those flags (e.g., CI or ephemeral clusters without a kubeconfig file), the Helm install/uninstall will silently target the default kubeconfig context or fail to authenticate, causing operations to hit the wrong cluster or error. Consider passing the ConfigFlags RESTClientGetter directly so all overrides are respected.

Useful? React with 👍 / 👎.

[L3n41c]

Fixed in f8616f7#diff-c8b943f4b048b7d6e8f1e96bcba9e124e2e3a038c50b1e49595074b72d3c2b16

[chatgpt-codex-connector]

Scope EC2 wait to managed Karpenter nodepools

The EC2 filter matches any instance with the karpenter.sh/nodepool tag in the cluster, regardless of whether the nodepool was created by this tool. If the cluster has other Karpenter nodepools not labeled for this uninstall, the wait loop will continue counting those nodes and likely time out, yet the uninstall still proceeds to remove Helm/CloudFormation resources, potentially leaving unrelated nodepools orphaned. The wait should be limited to the nodepools this command deletes (e.g., filter by tag value list) or explicitly handle non-managed pools.

Useful? React with 👍 / 👎.

[L3n41c]

Fixed in f8616f7#diff-a42350cb037bad7adef8e1396310575c39180e73ea1181e182fa3179a7464f32R428-R429

[AlexanderYastrebov]

nit: could use slices.DeleteFunc:

oldLen := len(roles)
roles = slices.DeleteFunc(roles, func(role RoleMapping) bool { return role.RoleArn == roleArn })
found := oldLen != len(roles)

[L3n41c]

That’s much better! Thanks!
Implemented in f8616f7#diff-75e34b5bb02db7ae8e1635b717b48c7090c87a7f1a2d2a63b955847f3db9acd3

[AlexanderYastrebov]

nit: could line them up nicely via empty string prefix:

			expected: "" +
				"╭──────────╮\n" +
				"│ Hello 🎉 │\n" +
				"│ World    │\n" +
				"╰──────────╯\n",

[L3n41c]

Good idea!
Implemented in f8616f7#diff-774caa6680aa940302346b336b4cb70b818f61b82b1cab7ecd107ff245fc540a

[AlexanderYastrebov]

Is it a good idea to mask 404? E.g. update bubbles it up.

[L3n41c]

This is inside the Delete function the goal of which is to ensure that the given object is eventually not existing anymore.
If the given object cannot be found, it is already not existing, then the system is already in the expected state.
The promise of the Delete function, which is: “The object will eventually be deleted” is already kept.
Such a situation shouldn’t be considered as an error.

The question might then be: why would we try to delete an object that doesn’t exist?
Well, this might happen if a user tries to manually delete some objects concurrently to the execution of this script.
One could argue that it isn’t a good idea to do manual actions that might conflict with a running script.
But if we can handle this case gracefully, that’s still better.

[AlexanderYastrebov]

Does it make sense to proceed in case of error? Maybe its better to bail out an let user resolve some steps manually.

[L3n41c]

As far as cleanup is concerned, I preferred to have a best-effort approach, trying to clean up as much things as possible.
The errors won’t be lost and they will eventually be logged at the end.

I wanted to avoid that a failure on one step prevents other steps.

Let’s imagine a situation where the user has broken their Kubernetes cluster so that the API server isn’t reachable anymore and they want to destroy their broken cluster and to cleanup everything.

If the Kubernetes cluster is so broken that the API server isn’t reachable, we won’t be able to list and delete the Karpenter node pools.
This isn’t a big deal because the user will destroy the whole cluster anyway.
Yet, we still need to destroy the CloudFormation stacks that we created.
If our “uninstall” command exits at the first error, it means that it won’t be helpful to clean AWS objects when the K8s cluster isn’t reachable.

We can also imagine a situation where a user first deletes their Kubernetes cluster and then realizes afterwards that kubectl datadog autoscaling cluster uninstall still needs to be executed to clean AWS objects up.
Then, this command should be able to delete the AWS objects even if the K8s cluster isn’t reachable anymore.

That’s why I think that a failure at one cleanup step shouldn’t prevent the other steps from running.
Otherwise, there will be some situations where the user won’t be able to use that script to clean things up.

[AlexanderYastrebov]

Isn't this a good sign that something is off? Maybe its better to bail out if we can not list stuff to delete.

[L3n41c]

I initially changed the behavior in f8616f7#diff-a42350cb037bad7adef8e1396310575c39180e73ea1181e182fa3179a7464f32 to make the script abort if it’s unable to list stuff to delete.

But the more I think about it, the more I think it’s a mistake.
As explained in my above comment, I want this uninstall command to still be useful for users to clean up the AWS objects even if they deleted their Kubernetes cluster first.

[L3n41c]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. More of your lovely PRs please.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[L3n41c]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Chef's kiss.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".