fix: Add wait_for_cluster to aws_auth module

devopsmakers · Mar 11, 2020 · d856d03 · d856d03
1 parent 2522bd7
commit d856d03
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -112,7 +112,7 @@ No provider.
 | subnets | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes |
 | tags | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 | vpc\_id | VPC where the cluster and workers will be deployed. | `string` | n/a | yes |
-| wait\_for\_cluster\_cmd | DEPREDATED: Unused variable, no longer required. Maintained for backwards compatibility with upstream. | `string` | `""` | no |
+| wait\_for\_cluster\_cmd | Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT | `string` | `"until wget --no-check-certificate -O - -q $ENDPOINT/healthz \u003e/dev/null; do sleep 4; done"` | no |
 | worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no |
 | worker\_ami\_name\_filter | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
 | worker\_ami\_name\_filter\_windows | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |

diff --git a/modules/aws_auth/README.md b/modules/aws_auth/README.md
@@ -5,7 +5,9 @@
 
 | Name | Version |
 |------|---------|
+| aws | >= 2.44.0 |
 | kubernetes | >= 1.6.2 |
+| null | >= 2.1 |
 | template | >= 2.1 |
 
 ## Inputs
@@ -18,6 +20,7 @@
 | map\_instances | IAM instance roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | <pre>list(object({<br>    instance_role_arn = string<br>    platform          = string<br>  }))</pre> | `[]` | no |
 | map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | <pre>list(object({<br>    rolearn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
 | map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
+| wait\_for\_cluster\_cmd | Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT | `string` | `"until wget --no-check-certificate -O - -q $ENDPOINT/healthz \u003e/dev/null; do sleep 4; done"` | no |
 
 ## Outputs
 

diff --git a/modules/aws_auth/aws_auth.tf b/modules/aws_auth/aws_auth.tf
@@ -5,9 +5,29 @@ data "template_file" "map_instances" {
   vars = var.map_instances[count.index]
 }
 
+data "aws_eks_cluster" "this" {
+  name = var.cluster_name
+}
+
+resource "null_resource" "wait_for_cluster" {
+  count = var.create_eks && var.manage_aws_auth ? 1 : 0
+
+  provisioner "local-exec" {
+    environment = {
+      ENDPOINT = data.aws_eks_cluster.this.endpoint
+    }
+
+    command = var.wait_for_cluster_cmd
+  }
+}
+
 resource "kubernetes_config_map" "aws_auth" {
   count = var.create_eks && var.manage_aws_auth ? 1 : 0
 
+  depends_on = [
+    null_resource.wait_for_cluster[0]
+  ]
+
   metadata {
     name      = "aws-auth"
     namespace = "kube-system"

diff --git a/modules/aws_auth/variables.tf b/modules/aws_auth/variables.tf
@@ -43,3 +43,9 @@ variable "map_users" {
   }))
   default = []
 }
+
+variable "wait_for_cluster_cmd" {
+  description = "Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT"
+  type        = string
+  default     = "until wget --no-check-certificate -O - -q $ENDPOINT/healthz >/dev/null; do sleep 4; done"
+}
diff --git a/modules/aws_auth/versions.tf b/modules/aws_auth/versions.tf
@@ -3,6 +3,7 @@ terraform {
 
   required_providers {
     aws        = ">= 2.44.0"
+    null       = ">= 2.1"
     template   = ">= 2.1"
     kubernetes = ">= 1.6.2"
   }

diff --git a/modules/worker_groups/data.tf b/modules/worker_groups/data.tf
@@ -1,13 +1,13 @@
 locals {
-  worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${data.aws_eks_cluster.cluster.version}-v*"
+  worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${data.aws_eks_cluster.this.version}-v*"
 
   # Windows nodes are available from k8s 1.14. If cluster version is less than 1.14, fix ami filter to some constant to not fail on 'terraform plan'.
   worker_ami_name_filter_windows = (var.worker_ami_name_filter_windows != "" ?
-    var.worker_ami_name_filter_windows : "Windows_Server-2019-English-Core-EKS_Optimized-${tonumber(data.aws_eks_cluster.cluster.version) >= 1.14 ? data.aws_eks_cluster.cluster.version : 1.14}-*"
+    var.worker_ami_name_filter_windows : "Windows_Server-2019-English-Core-EKS_Optimized-${tonumber(data.aws_eks_cluster.this.version) >= 1.14 ? data.aws_eks_cluster.this.version : 1.14}-*"
   )
 }
 
-data "aws_eks_cluster" "cluster" {
+data "aws_eks_cluster" "this" {
   name = var.cluster_name
 }
 
@@ -68,8 +68,8 @@ data "template_file" "launch_template_userdata" {
   vars = merge({
     platform             = each.value["platform"]
     cluster_name         = var.cluster_name
-    endpoint             = data.aws_eks_cluster.cluster.endpoint
-    cluster_auth_base64  = data.aws_eks_cluster.cluster.certificate_authority.0.data
+    endpoint             = data.aws_eks_cluster.this.endpoint
+    cluster_auth_base64  = data.aws_eks_cluster.this.certificate_authority.0.data
     pre_userdata         = each.value["pre_userdata"]
     additional_userdata  = each.value["additional_userdata"]
     bootstrap_extra_args = each.value["bootstrap_extra_args"]

diff --git a/variables.tf b/variables.tf
@@ -205,9 +205,9 @@ variable "cluster_delete_timeout" {
 }
 
 variable "wait_for_cluster_cmd" {
-  description = "DEPREDATED: Unused variable, no longer required. Maintained for backwards compatibility with upstream."
+  description = "Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT"
   type        = string
-  default     = ""
+  default     = "until wget --no-check-certificate -O - -q $ENDPOINT/healthz >/dev/null; do sleep 4; done"
 }
 
 variable "cluster_create_security_group" {