Uninstallation on Exoscale

Steps to remove an OpenShift 4 cluster from Exoscale.

  • The commands are idempotent and can be retried if any of the steps fail.

  • In the future, this procedure will be mostly automated

Prerequisites

Cluster Decommission

  1. Export the following vars

    export EXOSCALE_ACCOUNT=<exoscale-account>
    export EXOSCALE_API_KEY=<exoscale-key>
    export EXOSCALE_API_SECRET=<exoscale-secret>
    export EXOSCALE_REGION=<cluster-region>
    
    export CLUSTER_ID=<cluster-name>
    
    # From https://git.vshn.net/profile/personal_access_tokens
    export GITLAB_TOKEN=<gitlab-api-token>
    
    # For example: https://api.syn.vshn.net
    # IMPORTANT: do NOT add a trailing `/`. Commands below will fail.
    export COMMODORE_API_URL=<lieutenant-api-endpoint>
    export COMMODORE_API_TOKEN=<lieutenant-api-token>
    
    export TF_VAR_lb_exoscale_api_key=irrelevant
    export TF_VAR_lb_exoscale_api_secret=irrelevant
  2. Compile cluster catalog to get input variables

    commodore catalog compile ${CLUSTER_ID}
  3. Configure Terraform secrets

    cat <<EOF > catalog/manifests/openshift4-terraform/.env
    EXOSCALE_API_KEY
    EXOSCALE_API_SECRET
    TF_VAR_lb_exoscale_api_key
    TF_VAR_lb_exoscale_api_secret
    EOF
  4. Setup Terraform

    Prepare terraform

    # Set terraform image and tag to be used
    tf_image=$(\
      yq eval ".parameters.openshift4_terraform.images.terraform.image" \
      dependencies/openshift4-terraform/class/defaults.yml)
    tf_tag=$(\
      yq eval ".parameters.openshift4_terraform.images.terraform.tag" \
      dependencies/openshift4-terraform/class/defaults.yml)
    
    # Generate the terraform alias
    alias terraform='docker run -it --rm \
      -u $(id -u) \
      --env-file .env \
      -w /tf \
      -v $(pwd):/tf \
      --ulimit memlock=-1 \
      ${tf_image}:${tf_tag} terraform'
    
    export GITLAB_REPOSITORY_URL=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r '.gitRepo.url' | sed 's|ssh://||; s|/|:|')
    export GITLAB_REPOSITORY_NAME=${GITLAB_REPOSITORY_URL##*/}
    export GITLAB_CATALOG_PROJECT_ID=$(curl -sH "Authorization: Bearer ${GITLAB_TOKEN}" "https://git.vshn.net/api/v4/projects?simple=true&search=${GITLAB_REPOSITORY_NAME/.git}" | jq -r ".[] | select(.ssh_url_to_repo == \"${GITLAB_REPOSITORY_URL}\") | .id")
    export GITLAB_STATE_URL="https://git.vshn.net/api/v4/projects/${GITLAB_CATALOG_PROJECT_ID}/terraform/state/cluster"
    
    pushd catalog/manifests/openshift4-terraform/

    Initiate terraform

    terraform init \
      "-backend-config=address=${GITLAB_STATE_URL}" \
      "-backend-config=lock_address=${GITLAB_STATE_URL}/lock" \
      "-backend-config=unlock_address=${GITLAB_STATE_URL}/lock" \
      "-backend-config=username=$(whoami)" \
      "-backend-config=password=${GITLAB_TOKEN}" \
      "-backend-config=lock_method=POST" \
      "-backend-config=unlock_method=DELETE" \
      "-backend-config=retry_wait_min=5"
  5. Delete resources using Terraform

    terraform destroy
  6. Use Exoscale CLI tool to remove buckets

    mkdir -p ~/.config/exoscale
    cat <<EOF >> ~/.config/exoscale/exoscale.toml
    
    [[accounts]]
      account = "${EXOSCALE_ACCOUNT}"
      defaultZone = "${EXOSCALE_REGION}"
      endpoint = "https://api.exoscale.ch/v1"
      name = "${CLUSTER_ID}"
    EOF
    
    exo storage delete -r -f "sos://${CLUSTER_ID}-bootstrap/"

This how-to currently doesn’t contain instructions to decommission the cluster in Project Syn. If you registered the cluster in Project Syn, the places to look for data to decommission are:

  • Vault

  • Lieutenant

  • Syn Tenant Repo

  • VSHN LDAP

  • LDAP IP allowlist

  • Any DNS records created in VSHN DNS