Skip to content

Commit 1c050eb

Browse files
dlupescudlupescu
committed
add delay for RBAC permission propagation
Added a 5 second delay between RBAC policy association and secret creation to ensure permissions are fully propagated in the EKS cluster. This prevents potential race conditions where Kubernetes secrets creation fails if created before RBAC permissions are active.
1 parent 5183c24 commit 1c050eb

File tree

2 files changed

+15
-4
lines changed

2 files changed

+15
-4
lines changed

litellm-terraform-stack/modules/eks/main.tf

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,15 @@ locals {
1010
}
1111

1212
# Kubernetes Secrets
13+
# Add a sleep to allow RBAC permissions to propagate
14+
resource "time_sleep" "wait_for_rbac_propagation_before_creating_secrets" {
15+
depends_on = [
16+
aws_eks_access_entry.admin,
17+
aws_eks_access_policy_association.admin_policy
18+
]
19+
create_duration = "5s"
20+
}
21+
1322
resource "kubernetes_secret" "litellm_api_keys" {
1423
metadata {
1524
name = "litellm-api-keys"
@@ -44,8 +53,7 @@ resource "kubernetes_secret" "litellm_api_keys" {
4453
}
4554

4655
depends_on = [
47-
aws_eks_access_entry.admin,
48-
aws_eks_access_policy_association.admin_policy,
56+
time_sleep.wait_for_rbac_propagation_before_creating_secrets,
4957
aws_eks_access_entry.developers,
5058
aws_eks_access_entry.operators
5159
]
@@ -62,8 +70,7 @@ resource "kubernetes_secret" "middleware_secrets" {
6270
}
6371

6472
depends_on = [
65-
aws_eks_access_entry.admin,
66-
aws_eks_access_policy_association.admin_policy,
73+
time_sleep.wait_for_rbac_propagation_before_creating_secrets,
6774
aws_eks_access_entry.developers,
6875
aws_eks_access_entry.operators
6976
]

litellm-terraform-stack/modules/eks/versions.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,5 +10,9 @@ terraform {
1010
source = "hashicorp/kubernetes"
1111
version = ">= 2.20"
1212
}
13+
time = {
14+
source = "hashicorp/time"
15+
version = ">= 0.13.0"
16+
}
1317
}
1418
}

0 commit comments

Comments
 (0)