fix: wait for VPC resource controller before deploying workloads (#914)

eytanaim · web-flow · commit 902302a84aa5 · 2025-08-21T12:18:09.000-06:00
diff --git a/terraform/eks/default/data.tf b/terraform/eks/default/data.tf
@@ -8,4 +8,13 @@ data "aws_eks_cluster_auth" "this" {
 
 data "aws_eks_cluster_auth" "cluster" {
   name = module.retail_app_eks.eks_cluster_id
+}
+
+data "kubernetes_service" "ui_service" {
+  depends_on = [helm_release.ui]
+
+  metadata {
+    name      = "ui"
+    namespace = "ui"
+  }
 }
diff --git a/terraform/eks/default/kubernetes.tf b/terraform/eks/default/kubernetes.tf
@@ -57,9 +57,20 @@ resource "time_sleep" "workloads" {
   ]
 }
 
+# Wait for VPC Resource Controller to attach trunk ENIs to nodes
+data "kubernetes_nodes" "vpc_ready_nodes" {
+  depends_on = [time_sleep.workloads]
+
+  metadata {
+    labels = {
+      "vpc.amazonaws.com/has-trunk-attached" = "true"
+    }
+  }
+}
+
 resource "kubernetes_namespace_v1" "catalog" {
   depends_on = [
-    time_sleep.workloads
+    data.kubernetes_nodes.vpc_ready_nodes
   ]
 
   metadata {
@@ -91,7 +102,7 @@ resource "helm_release" "catalog" {
 
 resource "kubernetes_namespace_v1" "carts" {
   depends_on = [
-    time_sleep.workloads
+    data.kubernetes_nodes.vpc_ready_nodes
   ]
 
   metadata {
@@ -121,7 +132,7 @@ resource "helm_release" "carts" {
 
 resource "kubernetes_namespace_v1" "checkout" {
   depends_on = [
-    time_sleep.workloads
+    data.kubernetes_nodes.vpc_ready_nodes
   ]
 
   metadata {
@@ -152,7 +163,7 @@ resource "helm_release" "checkout" {
 
 resource "kubernetes_namespace_v1" "orders" {
   depends_on = [
-    time_sleep.workloads
+    data.kubernetes_nodes.vpc_ready_nodes
   ]
 
   metadata {
@@ -189,7 +200,7 @@ resource "helm_release" "orders" {
 
 resource "kubernetes_namespace_v1" "ui" {
   depends_on = [
-    time_sleep.workloads
+    data.kubernetes_nodes.vpc_ready_nodes
   ]
 
   metadata {
@@ -249,7 +260,7 @@ resource "null_resource" "restart_pods" {
     }
 
     command = <<-EOT
-      kubectl delete pod -A -l app.kuberneres.io/owner=retail-store-sample --kubeconfig <(echo $KUBECONFIG | base64 -d)
+      kubectl delete pod -A -l app.kubernetes.io/owner=retail-store-sample --kubeconfig <(echo $KUBECONFIG | base64 -d)
     EOT
   }
 }
diff --git a/terraform/eks/default/output.tf b/terraform/eks/default/output.tf
@@ -2,3 +2,11 @@ output "configure_kubectl" {
   description = "Command to update kubeconfig for this cluster"
   value       = module.retail_app_eks.configure_kubectl
 }
+
+output "retail_app_url" {
+  description = "URL to access the retail store application"
+  value = try(
+    "http://${data.kubernetes_service.ui_service.status[0].load_balancer[0].ingress[0].hostname}",
+    "LoadBalancer provisioning - run: kubectl get svc -n ui ui"
+  )
+}

Original file line number	Diff line number	Diff line change
`@@ -57,9 +57,20 @@ resource "time_sleep" "workloads" {`
`57`	`57`	`]`
`58`	`58`	`}`
`59`	`59`
	`60`	`+# Wait for VPC Resource Controller to attach trunk ENIs to nodes`
	`61`	`+data "kubernetes_nodes" "vpc_ready_nodes" {`
	`62`	`+ depends_on = [time_sleep.workloads]`
	`63`	`+`
	`64`	`+ metadata {`
	`65`	`+ labels = {`
	`66`	`+ "vpc.amazonaws.com/has-trunk-attached" = "true"`
	`67`	`+ }`
	`68`	`+ }`
	`69`	`+}`
	`70`	`+`
`60`	`71`	`resource "kubernetes_namespace_v1" "catalog" {`
`61`	`72`	`depends_on = [`
`62`		`- time_sleep.workloads`
	`73`	`+ data.kubernetes_nodes.vpc_ready_nodes`
`63`	`74`	`]`
`64`	`75`
`65`	`76`	`metadata {`
`@@ -91,7 +102,7 @@ resource "helm_release" "catalog" {`
`91`	`102`
`92`	`103`	`resource "kubernetes_namespace_v1" "carts" {`
`93`	`104`	`depends_on = [`
`94`		`- time_sleep.workloads`
	`105`	`+ data.kubernetes_nodes.vpc_ready_nodes`
`95`	`106`	`]`
`96`	`107`
`97`	`108`	`metadata {`
`@@ -121,7 +132,7 @@ resource "helm_release" "carts" {`
`121`	`132`
`122`	`133`	`resource "kubernetes_namespace_v1" "checkout" {`
`123`	`134`	`depends_on = [`
`124`		`- time_sleep.workloads`
	`135`	`+ data.kubernetes_nodes.vpc_ready_nodes`
`125`	`136`	`]`
`126`	`137`
`127`	`138`	`metadata {`
`@@ -152,7 +163,7 @@ resource "helm_release" "checkout" {`
`152`	`163`
`153`	`164`	`resource "kubernetes_namespace_v1" "orders" {`
`154`	`165`	`depends_on = [`
`155`		`- time_sleep.workloads`
	`166`	`+ data.kubernetes_nodes.vpc_ready_nodes`
`156`	`167`	`]`
`157`	`168`
`158`	`169`	`metadata {`
`@@ -189,7 +200,7 @@ resource "helm_release" "orders" {`
`189`	`200`
`190`	`201`	`resource "kubernetes_namespace_v1" "ui" {`
`191`	`202`	`depends_on = [`
`192`		`- time_sleep.workloads`
	`203`	`+ data.kubernetes_nodes.vpc_ready_nodes`
`193`	`204`	`]`
`194`	`205`
`195`	`206`	`metadata {`
`@@ -249,7 +260,7 @@ resource "null_resource" "restart_pods" {`
`249`	`260`	`}`
`250`	`261`
`251`	`262`	`command = <<-EOT`
`252`		`- kubectl delete pod -A -l app.kuberneres.io/owner=retail-store-sample --kubeconfig <(echo $KUBECONFIG \| base64 -d)`
	`263`	`+ kubectl delete pod -A -l app.kubernetes.io/owner=retail-store-sample --kubeconfig <(echo $KUBECONFIG \| base64 -d)`
`253`	`264`	`EOT`
`254`	`265`	`}`
`255`	`266`	`}`