diff --git a/CHANGES.md b/CHANGES.md index 7e662aad..27e52f71 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -12,6 +12,11 @@ Notable changes between versions. * Only set internal VXLAN rules when `networking` is flannel (default: calico) +#### DigitalOcean + +* Add explicit ordering between firewall rule creation and secure copying Kubelet credentials ([#469](https://github.com/poseidon/typhoon/pull/469)) + * Fix race scenario if copies to nodes were before rule creation, blocking cluster creation + #### Addons * Update Prometheus from v2.8.1 to v2.9.2 diff --git a/digital-ocean/container-linux/kubernetes/ssh.tf b/digital-ocean/container-linux/kubernetes/ssh.tf index 5c5ed774..98740a22 100644 --- a/digital-ocean/container-linux/kubernetes/ssh.tf +++ b/digital-ocean/container-linux/kubernetes/ssh.tf @@ -1,6 +1,9 @@ # Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service resource "null_resource" "copy-controller-secrets" { count = "${var.controller_count}" + depends_on = [ + "digitalocean_firewall.rules", + ] connection { type = "ssh" diff --git a/digital-ocean/fedora-atomic/kubernetes/ssh.tf b/digital-ocean/fedora-atomic/kubernetes/ssh.tf index 1d7e0002..156a4894 100644 --- a/digital-ocean/fedora-atomic/kubernetes/ssh.tf +++ b/digital-ocean/fedora-atomic/kubernetes/ssh.tf @@ -1,6 +1,9 @@ # Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service resource "null_resource" "copy-controller-secrets" { count = "${var.controller_count}" + depends_on = [ + "digitalocean_firewall.rules", + ] connection { type = "ssh"