How to clean up cloud resources

This guide demonstrates how to clean up a previously initialized cloud environment and a deployed Charmed HPC cluster. This includes clean-up of both the machine cloud and the Kubernetes (K8s) cloud. All compute plane and control plane applications hosted on these clouds will be destroyed.

Warning

Clean-up may result in permanent data loss. Ensure all data you wish to preserve has been migrated to a safe location before proceeding.

Always clean up public cloud resources that are no longer necessary! Abandoned resources are tricky to detect and can become expensive over time.

Microsoft Azure & AKS

To clean up Microsoft Azure and Azure Kubernetes Service (AKS) resources, it is assumed you have:

• Bootstrapped a Juju controller on Azure

• Added AKS to the controller

• Signed into the Azure CLI

Clean up Azure resources

List all controllers that have been registered to the local client with:

juju controllers

To destroy the Juju controller and remove the Azure instance:

juju destroy-controller <controller name> --destroy-all-models --destroy-storage --force

List current AKS instances with:

az aks list

This will give JSON-formatted output representing the current AKS instances. Look for the values of "name" and "resourceGroup" in the output:

[
  {
    "aadProfile": null,
    [...]
    "name": "charmed-aks-cluster",
    [...]
    "resourceGroup": "aks",
    [...]
    },
  }
]

Here charmed-aks-cluster and aks. Now delete both the instance and its resource group with the following commands (substituting in your AKS instance name for charmed-aks-cluster and your resource group for aks):

az aks delete -n charmed-aks-cluster -g aks
az group delete -n aks

Destroying the controller or AKS instance may take a long time depending on the complexity of the deployment. Should the destroy process exceed 15 minutes or otherwise be seemingly stuck, you can proceed to delete resources manually via the Azure web portal or via the az CLI.

To list any remaining Azure resources, use:

az resource list

This command will return [] if no Azure resources remain. If there are charmed-hpc resources showing, repeat the above steps. If not, proceed to the steps for cleaning up your credentials below.

Clean up credentials

List your Juju credentials with:

~$ juju credentials

Client Credentials:Cloud        Credentialsazure        <your credential name>

Remove Azure CLI credentials from Juju:

juju remove-credential azure <your credential name>

After deleting the credential, the interactive process may not clean up its Azure role resource and assignment. Check the full list of role definitions with:

az role definition list

Look for role definitions with "roleType": "CustomRole". If a custom <Azure role definition name> was not specified when initially adding the credential, the "roleName" will be similar to "Juju Role Definition" or "juju-controller-role", followed by an ID, otherwise it will be the custom name provided. These definitions should be removed if Juju is no longer in use.

To remove a role definition, first its assignments must be removed. To check whether a role assignment is bound to <Azure role definition name> run:

az role assignment list --role <Azure role definition name>

The assignment and then the definition itself can be removed with:

az role assignment delete --role <Azure role definition name>
az role definition delete --name <Azure role definition name>

To finish cleaning up, log out from Azure CLI:

az logout

Amazon Web Services & EKS

To clean up Amazon Web Services and Amazon Elastic Kubernetes Service (EKS) resources, it is assumed you have:

• Bootstrapped a Juju controller on AWS

• Added EKS to the controller

• Authenticated into the AWS CLI

• Installed the eksctl CLI

Clean up AWS resources

List all controllers that have been registered to the local client with:

juju controllers

To destroy the Juju controller and remove the AWS instance:

juju destroy-controller <controller name> --destroy-all-models --destroy-storage --force

List current EKS clusters with:

aws eks list-clusters

This will give JSON-formatted output representing the currently active EKS clusters. Identify the cluster used by Juju in the output:

{
    "clusters": [
        "charmed-eks-cluster"
    ]
}

Here charmed-aks-cluster. Now delete the cluster using the following command (substituting in your EKS cluster name for charmed-eks-cluster):

eksctl delete cluster charmed-eks-cluster

Destroying the controller or EKS cluster may take a long time depending on the complexity of the deployment. Should the destroy process exceed 15 minutes or otherwise be seemingly stuck, you can proceed to delete resources manually via the AWS Management Console or via the aws CLI.

Clean up credentials

List your Juju credentials with:

~$ juju credentials

Client Credentials:Cloud        Credentialsaws        <your credential name>

Remove AWS credentials from Juju:

juju remove-credential aws <your credential name>

After deleting the credential, the interactive process may not clean up its AWS user and group. Check the full list of users with:

aws iam list-users

Then, refer to Deleting an IAM user (AWS CLI) for instructions on how to delete a user.

Next, list all the groups in the account with:

aws iam list-groups

Then, refer to Delete an IAM group for instructions on how to delete a group.

If you created a managed policy to restrict the Juju user permissions, list all custom policies with:

aws iam list-policies --scope Local

Then, refer to Delete IAM policies (AWS CLI) for instructions on how to delete a custom policy.

Finally, if you are using SSO to authenticate the AWS CLI, you can log out from the AWS CLI using:

aws sso logout