fix: added a script that will ensure the "iks-ca-configmap" exists before enabling auto scaling (#356)

Author: Aashiq-J

README.md

@@ -195,7 +195,6 @@ Optionally, you need the following permissions to attach Access Management tags
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.62.0, < 2.0.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1 |
 
 ### Modules
 
@@ -219,9 +218,9 @@ Optionally, you need the following permissions to attach Access Management tags
 | [ibm_resource_tag.cluster_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [ibm_resource_tag.cos_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [kubernetes_config_map_v1_data.set_autoscaling](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1_data) | resource |
+| [null_resource.config_map_status](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.confirm_network_healthy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.reset_api_key](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [time_sleep.wait_operators](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [ibm_container_addons.existing_addons](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_addons) | data source |
 | [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_config) | data source |
 | [ibm_container_cluster_versions.cluster_versions](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_versions) | data source |

main.tf

@@ -151,6 +151,7 @@ resource "ibm_container_vpc_cluster" "cluster" {
 
 # copy of the cluster resource above which ignores changes to the worker pool for use in autoscaling scenarios
 resource "ibm_container_vpc_cluster" "autoscaling_cluster" {
+  depends_on                      = [null_resource.reset_api_key]
   count                           = var.ignore_worker_pool_size_changes ? 1 : 0
   name                            = var.cluster_name
   vpc_id                          = var.vpc_id
@@ -253,7 +254,7 @@ resource "null_resource" "reset_api_key" {
 ##############################################################################
 
 data "ibm_container_cluster_config" "cluster_config" {
-  count             = var.verify_worker_network_readiness ? 1 : 0
+  count             = var.verify_worker_network_readiness || lookup(local.addons_list, "cluster-autoscaler", null) != null ? 1 : 0
   cluster_name_id   = local.cluster_id
   config_dir        = "${path.module}/kubeconfig"
   resource_group_id = var.resource_group_id
@@ -373,7 +374,7 @@ resource "null_resource" "confirm_network_healthy" {
   # Worker pool creation can start before the 'ibm_container_vpc_cluster' completes since there is no explicit
   # depends_on in 'ibm_container_vpc_worker_pool', just an implicit depends_on on the cluster ID. Cluster ID can exist before
   # 'ibm_container_vpc_cluster' completes, so hence need to add explicit depends on against 'ibm_container_vpc_cluster' here.
-  depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool]
+  depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool]
 
   provisioner "local-exec" {
     command     = "${path.module}/scripts/confirm_network_healthy.sh"
@@ -394,7 +395,7 @@ resource "ibm_container_addons" "addons" {
   # Worker pool creation can start before the 'ibm_container_vpc_cluster' completes since there is no explicit
   # depends_on in 'ibm_container_vpc_worker_pool', just an implicit depends_on on the cluster ID. Cluster ID can exist before
   # 'ibm_container_vpc_cluster' completes, so hence need to add explicit depends on against 'ibm_container_vpc_cluster' here.
-  depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy]
+  depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy]
 
   cluster           = local.cluster_id
   resource_group_id = var.resource_group_id
@@ -415,11 +416,6 @@ resource "ibm_container_addons" "addons" {
   }
 }
 
-resource "time_sleep" "wait_operators" {
-  depends_on      = [ibm_container_addons.addons]
-  create_duration = "5s"
-}
-
 locals {
   worker_pool_config = [
     for worker in var.worker_pools :
@@ -433,9 +429,22 @@ locals {
 
 }
 
+resource "null_resource" "config_map_status" {
+  count      = lookup(local.addons_list, "cluster-autoscaler", null) != null ? 1 : 0
+  depends_on = [ibm_container_addons.addons]
+
+  provisioner "local-exec" {
+    command     = "${path.module}/scripts/get_config_map_status.sh"
+    interpreter = ["/bin/bash", "-c"]
+    environment = {
+      KUBECONFIG = data.ibm_container_cluster_config.cluster_config[0].config_file_path
+    }
+  }
+}
+
 resource "kubernetes_config_map_v1_data" "set_autoscaling" {
-  count      = !(var.disable_public_endpoint) && lookup(local.addons_list, "cluster-autoscaler", null) != null ? 1 : 0
-  depends_on = [time_sleep.wait_operators]
+  count      = lookup(local.addons_list, "cluster-autoscaler", null) != null ? 1 : 0
+  depends_on = [null_resource.config_map_status]
 
   metadata {
     name      = "iks-ca-configmap"

scripts/get_config_map_status.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+CONFIGMAP_NAME="iks-ca-configmap"
+NAMESPACE="kube-system"
+COUNTER=0
+MAX_ATTEMPTS=40
+
+while [[ $COUNTER -lt $MAX_ATTEMPTS ]] && ! kubectl get configmap $CONFIGMAP_NAME -n $NAMESPACE &>/dev/null; do
+  COUNTER=$((COUNTER + 1))
+  echo "Attempt $COUNTER: ConfigMap '$CONFIGMAP_NAME' not found in namespace '$NAMESPACE', retrying..."
+  sleep 30
+done
+
+if [[ $COUNTER -eq $MAX_ATTEMPTS ]]; then
+  echo "ConfigMap '$CONFIGMAP_NAME' did not become available within $MAX_ATTEMPTS attempts."
+  exit 1
+else
+  echo "ConfigMap '$CONFIGMAP_NAME' is now available." >&2
+fi

scripts/reset_iks_api_key.sh

@@ -33,7 +33,7 @@ done
 # run api-key reset command if apikey for given region + resource group does not already exist
 reset=true
 key_descriptions=()
-while IFS='' read -r line; do key_descriptions+=("$line"); done < <(ibmcloud iam api-keys --all --output json | jq -r --arg name "${APIKEY_KEY_NAME}"'.[] | select(.name == $name) | .description')
+while IFS='' read -r line; do key_descriptions+=("$line"); done < <(ibmcloud iam api-keys --all --output json | jq -r --arg name "${APIKEY_KEY_NAME}" '.[] | select(.name == $name) | .description')
 for i in "${key_descriptions[@]}"; do
   if [[ "$i" =~ ${REGION} ]] && [[ "$i" =~ ${RESOURCE_GROUP_ID} ]]; then
     echo "Found key named ${APIKEY_KEY_NAME} which covers clusters in ${REGION} and resource group ID ${RESOURCE_GROUP_ID}"

version.tf

@@ -10,10 +10,6 @@ terraform {
       source  = "hashicorp/null"
       version = ">= 3.2.1"
     }
-    time = {
-      source  = "hashicorp/time"
-      version = ">= 0.9.1"
-    }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">= 2.16.1"