Fix race condition in DigitalOcean cluster create

* DigitalOcean clusters must secure copy a kubeconfig to
worker nodes, but Terraform could decide to try copying
before firewall rules have been added to allow SSH access.
* Add an explicit dependency on adding firewall rules first
This commit is contained in:
Dalton Hubble 2019-05-17 12:52:16 +02:00
parent f62286b677
commit 37ce722f9c
3 changed files with 11 additions and 0 deletions

View File

@ -12,6 +12,11 @@ Notable changes between versions.
* Only set internal VXLAN rules when `networking` is flannel (default: calico) * Only set internal VXLAN rules when `networking` is flannel (default: calico)
#### DigitalOcean
* Add explicit ordering between firewall rule creation and secure copying Kubelet credentials ([#469](https://github.com/poseidon/typhoon/pull/469))
* Fix race scenario if copies to nodes were before rule creation, blocking cluster creation
#### Addons #### Addons
* Update Prometheus from v2.8.1 to v2.9.2 * Update Prometheus from v2.8.1 to v2.9.2

View File

@ -1,6 +1,9 @@
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service # Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service
resource "null_resource" "copy-controller-secrets" { resource "null_resource" "copy-controller-secrets" {
count = "${var.controller_count}" count = "${var.controller_count}"
depends_on = [
"digitalocean_firewall.rules",
]
connection { connection {
type = "ssh" type = "ssh"

View File

@ -1,6 +1,9 @@
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service # Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service
resource "null_resource" "copy-controller-secrets" { resource "null_resource" "copy-controller-secrets" {
count = "${var.controller_count}" count = "${var.controller_count}"
depends_on = [
"digitalocean_firewall.rules",
]
connection { connection {
type = "ssh" type = "ssh"