Fix: ENI's prevent SecGrps from being destroyed on tf destroy (#311)

whiskeyjimbo · max-rocket-internet · commit 47c7e7ad6fe4 · 2019-04-11T15:29:35.000+02:00
* Fix: remove ENI's on term fixes cluster destroy issues with security group still attached

* Fix: delete ENIs on term to allow sg destroy
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 
+- Write your awesome addition here (by @you)
+- Fixed: Ability to destroy clusters due to security groups being attached to ENI's (by @whiskeyjimbo)
 - Added outputs for worker IAM instance profile(s) (by @soapergem)
 - Added support for cluster logging via the `cluster_enabled_log_types` variable (by @sc250024)
 
diff --git a/local.tf b/local.tf
@@ -73,6 +73,7 @@ locals {
     ebs_optimized                            = true                                          # sets whether to use ebs optimization on supported types.
     enable_monitoring                        = true                                          # Enables/disables detailed monitoring.
     public_ip                                = false                                         # Associate a public ip address with a worker
+    eni_delete                               = true                                          # Delete the ENI on termination (if set to false you will have to manually delete before destroying)
     kubelet_extra_args                       = ""                                            # This string is passed directly to kubelet if set. Useful for adding labels or taints.
     subnets                                  = "${join(",", var.subnets)}"                   # A comma delimited string of subnets to place the worker nodes in. i.e. subnet-123,subnet-456,subnet-789
     autoscaling_enabled                      = false                                         # Sets whether policy and matching tags will be added to allow autoscaling.
diff --git a/workers_launch_template.tf b/workers_launch_template.tf
@@ -64,6 +64,7 @@ resource "aws_launch_template" "workers_launch_template" {
 
   network_interfaces {
     associate_public_ip_address = "${lookup(var.worker_groups_launch_template[count.index], "public_ip", local.workers_group_launch_template_defaults["public_ip"])}"
+    delete_on_termination       = "${lookup(var.worker_groups_launch_template[count.index], "eni_delete", local.workers_group_launch_template_defaults["eni_delete"])}"
     security_groups             = ["${local.worker_security_group_id}", "${var.worker_additional_security_group_ids}", "${compact(split(",",lookup(var.worker_groups_launch_template[count.index],"additional_security_group_ids", local.workers_group_launch_template_defaults["additional_security_group_ids"])))}"]
   }
 

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ resource "aws_launch_template" "workers_launch_template" {`
`64`	`64`
`65`	`65`	`network_interfaces {`
`66`	`66`	`associate_public_ip_address = "${lookup(var.worker_groups_launch_template[count.index], "public_ip", local.workers_group_launch_template_defaults["public_ip"])}"`
	`67`	`+ delete_on_termination = "${lookup(var.worker_groups_launch_template[count.index], "eni_delete", local.workers_group_launch_template_defaults["eni_delete"])}"`
`67`	`68`	`security_groups = ["${local.worker_security_group_id}", "${var.worker_additional_security_group_ids}", "${compact(split(",",lookup(var.worker_groups_launch_template[count.index],"additional_security_group_ids", local.workers_group_launch_template_defaults["additional_security_group_ids"])))}"]`
`68`	`69`	`}`
`69`	`70`