`KubernetesCluster` with BYO DNS does not clean up A record after destruction

[naimadswdn]

What happened?

Private Kubernetes Cluster creation with Bring Your Own DNS does not clean up A record after destruction. Similar issue was affecting Terraform azurerm_kubernetes_cluster resource but it has been fixed with proper dependency setup.

How can we reproduce it?

Resources to create (it can be done separately or as a part of one Composition)

• Private DNS zone for the AKS (privatelink.<region>.azmk8s.io)
• User assigned Identity
• Role assignment with the role Network Contributor on the Vnet where AKS node pool subnet is located,
• Role assignment with the role Private DNS Zone Contributor on your own Private DNS zone,
• Private Kubernetes Cluster with User Assigned Identity and Private DNS configured.

After the creation, you can see that A record has been added to the Private DNS zone with the private IP.

Now, remove the Kubernetes Cluster and all the resources besides Private DNS zone. The A record will stay and will prevent creation of the AKS with the same name with the same Private DNS zone.

Its a big blocker especially with environments with centralized DNS (where Private DNS zone is created upfront and is not part of the AKS composition).

What environment did it happen in?

• Crossplane Version: v1.14.1
• Provider Version: v0.38.2
• Kubernetes Version: Server Version: v1.26.6
• Kubernetes Distribution: AKS

[jakubramut]

Just faced the same issue, do we have any workarounds to be implemented here?

[turkenf]

Hi @naimadswdn, @jakubramut,

Thank you for bringing up this, could you please share with us clear reproduction steps with used MRs?

[fherbert]

It's caused by the ordering when deleting resources, you'll need to delete the user assigned identity last, after the roleassignment for private dns zone contributer using the beta Usages feature in crossplane 1.14

[github-actions[bot]]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[github-actions[bot]]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[github-actions[bot]]

This issue is being closed since there has been no activity for 14 days since marking it as stale. If you still need help, feel free to comment or reopen the issue!