Delete the Stateful app with zero downtime deployment on Compute Engine

Last reviewed 2024-05-02 UTC

This guide describes how to delete the Stateful app with zero downtime deployment on Compute Engine Jump Start Solution. You can use this guide to delete an existing deployment of the solution.

Stateful app with zero downtime deployment on Compute Engine can no longer be deployed from the Google Cloud console, and is not supported.

Cost

For an estimate of the cost of the Google Cloud resources that the stateful app with zero downtime deployment on Compute Engine solution uses, see the precalculated estimate in the Google Cloud Pricing Calculator.

Use the estimate as a starting point to calculate the cost of your deployment. You can modify the estimate to reflect any configuration changes that you made to the resources that are used in the solution.

The precalculated estimate is based on assumptions for certain factors, including the following:

  • The Google Cloud locations where the resources are deployed.
  • The amount of time that the resources are used.

You can also review usage costs for resources that you have deployed. For more details, see View your billing reports and cost trends.

Get the required IAM permissions

To delete an existing deployment, you need the Identity and Access Management (IAM) permissions that are listed in the following table. If you have the roles/owner basic role for the project in which solution is deployed, then you already have all the necessary permissions. If you don't have the roles/owner role, then ask your administrator to grant these permissions (or the roles that include these permissions) to you.

IAM permission required Predefined role that includes the required permissions

serviceusage.services.enable

Service Usage Admin
(roles/serviceusage.serviceUsageAdmin)

iam.serviceAccounts.create

Service Account Admin
(roles/iam.serviceAccountAdmin)

resourcemanager.projects.setIamPolicy

Project IAM Admin
(roles/resourcemanager.projectIamAdmin)
config.deployments.create
config.deployments.list
Cloud Infrastructure Manager Admin
(roles/config.admin)

Service account created for the solution

When you initiate the deletion process through the console, a service account is created to deploy the solution on your behalf (and to delete the deployment later if you choose). This service account is assigned certain IAM permissions temporarily; that is, the permissions are revoked automatically after the solution deployment and deletion operations are completed. Google recommends that after you delete the deployment, you delete the service account, as described later in this guide.

View the roles that are assigned to the service account

These roles are listed here in case an administrator of your Google Cloud project or organization needs this information.

  • roles/secretmanager.secretAccessor
  • roles/storage.objectAdmin
  • roles/compute.imageUser
  • roles/cloudsql.editor
  • roles/logging.logWriter

Delete the deployment

When you no longer need the solution, to avoid continued billing for the resources that you created in this solution, delete all the resources.

Delete through the console

Use this procedure if you deployed the solution through the console.

  1. In the Google Cloud console, go to the Solution deployments page.

    Go to Solution deployments

  2. Select the project that contains the deployment that you want to delete.

  3. Locate the deployment that you want to delete.

  4. In the row for the deployment, click Actions and then select Delete.

    You might need to scroll to see Actions in the row.

  5. Enter the name of the deployment and then click Confirm.

    The Status field shows Deleting.

    If the deletion fails, see the troubleshooting guidance in Error when deleting a deployment.

When you no longer need the Google Cloud project that you used for the solution, you can delete the project. For more information, see Optional: Delete the project.

Delete using the Terraform CLI

Use this procedure if you deployed the solution by using the Terraform CLI.

  1. In Cloud Shell, make sure that the current working directory is $HOME/cloudshell_open/terraform-cloud-deployment-gce/infra. If it isn't, go to that directory.

  2. Remove the resources that were provisioned by Terraform:

    terraform destroy
    

    Terraform displays a list of the resources that will be destroyed.

  3. When you're prompted to perform the actions, enter yes.

    Terraform displays messages showing the progress. After all the resources are deleted, Terraform displays the following message:

    Destroy complete!
    

    If the deletion fails, see the troubleshooting guidance in Error when deleting a deployment.

When you no longer need the Google Cloud project that you used for the solution, you can delete the project. For more information, see Optional: Delete the project.

Optional: Delete the project

If you deployed the solution in a new Google Cloud project, and if you no longer need the project, then delete it by completing the following steps:

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. At the prompt, type the project ID, and then click Shut down.

If you decide to retain the project, then delete the service account that was created for this solution, as described in the next section.

Optional: Delete the service account

If you deleted the project that you used for the solution, then skip this section.

As mentioned earlier in this guide, when you deployed the solution, a service account was created on your behalf. The service account was assigned certain IAM permissions temporarily; that is, the permissions were revoked automatically after the solution deployment and deletion operations were completed, but the service account isn't deleted. Google recommends that you delete this service account.

  • If you deployed the solution through the Google Cloud console, go to the Solution deployments page. (If you're already on that page, refresh the browser.) A process is triggered in the background to delete the service account. No further action is necessary.

  • If you deployed the solution by using the Terraform CLI, complete the following steps:

    1. In the Google Cloud console, go to the Service accounts page.

      Go to Service accounts

    2. Select the project that you used for the solution.

    3. Select the service account that you want to delete.

      The email ID of the service account that was created for the solution is in the following format:

      goog-sc-DEPLOYMENT_NAME-NNN@PROJECT_ID.iam.gserviceaccount.com
      

      The email ID contains the following values:

      • DEPLOYMENT_NAME: the name of the deployment.
      • NNN: a random 3-digit number.
      • PROJECT_ID: the ID of the project in which you deployed the solution.
    4. Click Delete.

Troubleshoot errors

The actions that you can take to diagnose and resolve errors depend on the deployment method and the complexity of the error.

Error when deleting a deployment

In certain cases, attempts to delete a deployment might fail:

  • After deploying a solution through the console, if you change any resource that was provisioned by the solution, and if you then try to delete the deployment, the deletion might fail. The Status field on the Solution deployments page shows Failed, and the Cloud Build log shows the cause of the error.
  • After deploying a solution by using the Terraform CLI, if you change any resource by using a non-Terraform interface (for example, the console), and if you then try to delete the deployment, the deletion might fail. The messages in the output of the terraform destroy command show the cause of the error.

Review the error logs and messages, identify and delete the resources that caused the error, and then try deleting the deployment again.

If a console-based deployment doesn't get deleted and if you can't diagnose the error by using the Cloud Build log, then you can delete the deployment by using the Terraform CLI, as described in the next section.

Delete a console-based deployment by using the Terraform CLI

This section describes how to delete a console-based deployment if errors occur when you try to delete it through the console. In this approach, you download the Terraform configuration for the deployment that you want to delete and then use the Terraform CLI to delete the deployment.

  1. Identify the region where the deployment's Terraform code, logs, and other data are stored. This region might be different from the region that you selected while deploying the solution.

    1. In the Google Cloud console, go to the Solution deployments page.

      Go to Solution deployments

    2. Select the project that contains the deployment that you want to delete.

    3. In the list of deployments, identify the row for the deployment that you want to delete.

    4. Click View all row content.

    5. In the Location column, note the second location, as highlighted in the following example:

      Location of the deployment code, logs and other artifacts.

  2. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  3. Create environment variables for the project ID, region, and name of the deployment that you want to delete:

    export REGION="REGION"
    export PROJECT_ID="PROJECT_ID"
    export DEPLOYMENT_NAME="DEPLOYMENT_NAME"
    

    In these commands, replace the following:

    • REGION: the location that you noted earlier in this procedure.
    • PROJECT_ID: the ID of the project where you deployed the solution.
    • DEPLOYMENT_NAME: the name of the deployment that you want to delete.
  4. Get the ID of the latest revision of the deployment that you want to delete:

    export REVISION_ID=$(curl \
        -H "Authorization: Bearer $(gcloud auth print-access-token)" \
        -H "Content-Type: application/json" \
        "https://config.googleapis.com/v1alpha2/projects/${PROJECT_ID}/locations/${REGION}/deployments/${DEPLOYMENT_NAME}" \
        | jq .latestRevision -r)
        echo $REVISION_ID
    

    The output is similar to the following:

    projects/PROJECT_ID/locations/REGION/deployments/DEPLOYMENT_NAME/revisions/r-0
    
  5. Get the Cloud Storage location of the Terraform configuration for the deployment:

    export CONTENT_PATH=$(curl \
        -H "Authorization: Bearer $(gcloud auth print-access-token)" \
        -H "Content-Type: application/json" \
        "https://config.googleapis.com/v1alpha2/${REVISION_ID}" \
        | jq .applyResults.content -r)
        echo $CONTENT_PATH
    

    The following is an example of the output of this command:

    gs://PROJECT_ID-REGION-blueprint-config/DEPLOYMENT_NAME/r-0/apply_results/content
    
  6. Download the Terraform configuration from Cloud Storage to Cloud Shell:

    gcloud storage cp $CONTENT_PATH $HOME --recursive
    cd $HOME/content/infra
    

    Wait until the Operation completed message is displayed, as shown in the following example:

    Operation completed over 45 objects/268.5 KiB
    
  7. Initialize Terraform:

    terraform init
    

    Wait until you see the following message:

    Terraform has been successfully initialized!
    
  8. Remove the deployed resources:

    terraform destroy
    

    Terraform displays a list of the resources that will be destroyed.

    If any warnings about undeclared variables are displayed, ignore the warnings.

  9. When you're prompted to perform the actions, enter yes.

    Terraform displays messages showing the progress. After all the resources are deleted, Terraform displays the following message:

    Destroy complete!
    
  10. Delete the deployment artifact:

    curl -X DELETE \
        -H "Authorization: Bearer $(gcloud auth print-access-token)" \
        -H "Content-Type: application/json" \
        "https://config.googleapis.com/v1alpha2/projects/${PROJECT_ID}/locations/${REGION}/deployments/${DEPLOYMENT_NAME}?force=true&delete_policy=abandon"
    
  11. Wait a few seconds and then verify that the deployment artifact was deleted:

    curl -H "Authorization: Bearer $(gcloud auth print-access-token)" \
        -H "Content-Type: application/json" \
        "https://config.googleapis.com/v1alpha2/projects/${PROJECT_ID}/locations/${REGION}/deployments/${DEPLOYMENT_NAME}" \
        | jq .error.message
    

    If the output shows null, wait a few seconds and then run the command again.

    After the deployment artifact is deleted, a message as shown in the following example is displayed:

    Resource 'projects/PROJECT_ID/locations/REGION/deployments/DEPLOYMENT_NAME' was not found
    

What's next