bsc#1174919 #85
bsc#1174919 #85
Conversation
| echo "...but received status ${code}; will check again in a minute ..." | ||
| sleep 60 | ||
| echo "...but received status $code; will check again shortly ..." | ||
| sleep 10 |
There was a problem hiding this comment.
UAA doesn't come up until about 20+ minutes into the CAP deploy and because of the asynchronous nature of the helm installs (with wait = false) this script can kick in right after the helm installs have triggered so waiting for only 10s is lot of unnecessary polling but only gaining little less than a minute in triggering the final metrics install.
| name = "susecf-metrics" | ||
| repository = "https://kubernetes-charts.suse.com" | ||
| chart = "metrics" | ||
| version = "1.2.1" | ||
| namespace = "metrics" | ||
| wait = "false" | ||
| wait = "true" |
There was a problem hiding this comment.
We don't need this to be true - there's nothing else dependent on it. The CAP deployment will take its time too and we are telling the end user to check the pod status for readiness.
| @@ -127,7 +119,9 @@ resource "helm_release" "scf" { | |||
| resource "helm_release" "stratos" { | |||
| depends_on = [ | |||
| helm_release.scf, | |||
| kubernetes_namespace.stratos | |||
| kubernetes_namespace.stratos, | |||
| null_resource.cluster_issuer_setup, | |||
There was a problem hiding this comment.
Why is this needed? In v1, stratos is not using cert-manager.
| "AWS_ACCESS_KEY_ID" = var.access_key_id | ||
| "AWS_SECRET_ACCESS_KEY" = var.secret_access_key | ||
| } | ||
| } |
There was a problem hiding this comment.
Is this to avoid the token expiry problem? Could using the load_config_file = true work?
|
Issues noted; I'll resolve in a subsequent PR. |
bsc#1174919
Deploy in EKS can fail due to operations taking longer than the expiration period of the k8s auth token generated by terraform, and terraform not having a built-in mechanism to renew the token:
hashicorp/terraform#24886
I'm working around this by ensuring kubernetes operations occur up-front, and helm operations use the
kubecontrolfile instead, which request a new token on each use.In addition, due to other outstanding issues, we've elected to upgrade the
helmandkubernetesprovider versions.