NOTE: Please update this documentation when process seems to be outdated
Deleting Sandbox Projects
safi-sandbox-tm6 SAF-1518 - Cleanup and remove safi-sandbox-tm6 project Done
safi-sandbox-tm4 SAF-1517 - Cleanup and remove safi-sandbox-tm4 project Done
safi-sandbox-tm3 SAF-1516 - Cleanup and remove safi-sandbox-tm3 project Done
safi-sandbox-istio1 SAF-1585 - Cleanup and remove - safi-sandbox-istio1 Done
safi-sandbox-datateaminfra SAF-1584 - Cleanup and remove - safi-sandbox-datateaminfra Done
Deletion steps:
Checkout GitHub sandbox branch (
sandbox/tm-6
) and comment out the TF resources
e.g. SaFiMono/commit/51397427d8bafa2b8ec71ea9ff9d9e1f8fd70a92Remove TF workspace in
tf-dispatcher
e.g. SaFiMono/commit/a3c62f28524cac1250ed6749f595234f78f78377Manually remove state for GCP API and RE-apply
tf-dispatcher
e.g.tf-dispatcher % terraform state rm 'module.sandbox_gcp_projects["tm-6"].google_project_service.api["compute.googleapis.com"]'
OR
Simply manually shutdown (delete) the project using the Google Cloud console and remove the state in tf-dispatcher
Deleting Environment Projects
Ticket Breakdown: SAF-271 - Delete Dev and Stage Environment. Done
Deleting a whole environment needs to be done with extra care, pair with someone in the team who has more experience.
List Resources Expected to be Deleted
GCP Resources
TF Resources
Teams / Permissions / Roles
Okta / CloudFlare
GCP Project and Workspaces
Vault Secrets
ArgoCD
Github Actions
Step 1. Okta and Cloudflare Resources
If the environment to be decommission is on different github branch
, check if there are okta or cloudflare, or any cross-env resources that are not environment specific which are also managed by the main
branch, deleting in the github branch of the environment can cause problem.
Step 2. Project Resources (First Layer)
To delete the environment, make sure to start cleaning up individual project resources like GKE, VMs, Buckets, etc. Delete process would be from Right to Left (see picture).
Project Resources → Project and Terraforms → Environment.
Note: From this stage, you might have some issue deleting KMS and Crypto-Key related resources. Delete them manually from the console, Remove autorotation and remove them manually in the TF state
Once you have destroyed all versions and stop rotation of the crypto keys, you can start removing them in the TF state, provided that you are in the correct workspace and environment.
terraform state list |grep (RESOUCE TO BE DELETED) terraform state rm my_resource.kms.key
Step 3. GCP Projects (2nd Layer)
Once you have cleaned up all the project resources and all what’s left are the project them selves, you can now disable the environment in devops/terraform/_shared_variables.tf by setting local.safi_environments[env].enabled
to false
safi_environments = { dev = { domain_name = "blah.blah" ... ... } tfc_agents = 1 enabled = false }
Setting the parameters to false will delete a lot or GCP and Terraform Resources, around (330 to 400) at the time of this writing. Carefully review what resources are for deletion
Sample Terraform Run from deletion of Stage
Link: https://app.terraform.io/app/safi/workspaces/dispatcher/runs/run-WXmnBxx8aUn5xKgC
Resources Type:
TF Workspaces and Variables, Teams and Team Assignment
GCP Projects and APis
Others
NOTE: Google APIs are sometimes Dependent to each other so terraform will trouble to delete them, remove them from the state manually
Step 3. Delete Folder (3rd Layer)
Once you have deleted successfully the projects, what should have left would be the Environment folder and the SharedVPC project. Delete the Env block from the shared_varialbes.tf to completely delete the environment.
Step 4. Cleanup
Delete other resources in
Vault Secrets
ArgoCD
Github Actions
Update the Network documentation in https://github.com/SafiBank/SaFiMono/blob/main/devops/docs/gcp_network_design.md
Attachments:
Screen Shot 2023-02-01 at 2.45.17 PM.png (image/png)