feat: added the ability to skip the worker network readiness check using the verify_worker_network_readiness variable (#68)

imprateeksh · web-flow · commit b2cc2c8318a9 · 2023-03-16T09:50:27.000Z
diff --git a/README.md b/README.md
@@ -168,6 +168,7 @@ No modules.
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The Id of an existing IBM Cloud resource group where the cluster will be grouped. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Metadata labels describing this cluster deployment, i.e. test | `list(string)` | `[]` | no |
 | <a name="input_use_existing_cos"></a> [use\_existing\_cos](#input\_use\_existing\_cos) | Flag indicating whether or not to use an existing COS instance | `bool` | `false` | no |
+| <a name="input_verify_worker_network_readiness"></a> [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. | `bool` | `true` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | Id of the VPC instance where this cluster will be provisioned | `string` | n/a | yes |
 | <a name="input_vpc_subnets"></a> [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created | <pre>map(list(object({<br>    id         = string<br>    zone       = string<br>    cidr_block = string<br>  })))</pre> | n/a | yes |
 | <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br>    subnet_prefix     = string<br>    pool_name         = string<br>    machine_type      = string<br>    workers_per_zone  = number<br>    resource_group_id = optional(string)<br>    labels            = optional(map(string))<br>  }))</pre> | <pre>[<br>  {<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "default",<br>    "subnet_prefix": "zone-1",<br>    "workers_per_zone": 2<br>  },<br>  {<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "zone-2",<br>    "subnet_prefix": "zone-2",<br>    "workers_per_zone": 2<br>  },<br>  {<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "zone-3",<br>    "subnet_prefix": "zone-3",<br>    "workers_per_zone": 2<br>  }<br>]</pre> | no |
diff --git a/main.tf b/main.tf
@@ -223,7 +223,7 @@ resource "ibm_container_vpc_worker_pool" "pool" {
   # Apply taints to worker pools i.e. other_pools
 
   dynamic "taints" {
-    for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], var.worker_pools_taints[each.value["pool_name"]])
+    for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], lookup(var.worker_pools_taints, each.value["pool_name"], []))
     content {
       effect = taints.value.effect
       key    = taints.value.key
@@ -265,7 +265,7 @@ resource "ibm_container_vpc_worker_pool" "autoscaling_pool" {
   # Apply taints to worker pools i.e. other_pools
 
   dynamic "taints" {
-    for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], var.worker_pools_taints[each.value["pool_name"]])
+    for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], lookup(var.worker_pools_taints, each.value["pool_name"], []))
     content {
       effect = taints.value.effect
       key    = taints.value.key
@@ -277,6 +277,10 @@ resource "ibm_container_vpc_worker_pool" "autoscaling_pool" {
 
 ##############################################################################
 # Confirm network healthy by ensuring master can communicate with all workers.
+#
+# Please note:
+# The network health check is applicable only if the cluster is accessible.
+#
 # To do this, we run a script to execute "kubectl logs" against each calico
 # daemonset pod (as there will be one pod per node) and ensure it passes.
 #
@@ -290,10 +294,13 @@ resource "ibm_container_vpc_worker_pool" "autoscaling_pool" {
 # push down an updated vpn config, and then the vpn server and client need
 # to pick up this updated config. Depending on how busy the network
 # microservice is handling requests, there might be a delay.
+
 ##############################################################################
 
 resource "null_resource" "confirm_network_healthy" {
 
+  count = var.verify_worker_network_readiness ? 1 : 0
+
   depends_on = [ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool]
 
   provisioner "local-exec" {
diff --git a/module-metadata.json b/module-metadata.json
@@ -201,6 +201,19 @@
         "line": 141
       }
     },
+    "verify_worker_network_readiness": {
+      "name": "verify_worker_network_readiness",
+      "type": "bool",
+      "description": "By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false.",
+      "default": true,
+      "source": [
+        "null_resource.confirm_network_healthy.count"
+      ],
+      "pos": {
+        "filename": "variables.tf",
+        "line": 169
+      }
+    },
     "vpc_id": {
       "name": "vpc_id",
       "type": "string",
@@ -482,12 +495,15 @@
       "mode": "managed",
       "type": "null_resource",
       "name": "confirm_network_healthy",
+      "attributes": {
+        "count": "verify_worker_network_readiness"
+      },
       "provider": {
         "name": "null"
       },
       "pos": {
         "filename": "main.tf",
-        "line": 295
+        "line": 300
       }
     },
     "null_resource.reset_api_key": {
diff --git a/variables.tf b/variables.tf
@@ -166,4 +166,10 @@ variable "vpc_id" {
   description = "Id of the VPC instance where this cluster will be provisioned"
 }
 
-#############################################################################
+variable "verify_worker_network_readiness" {
+  type        = bool
+  description = "By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false."
+  default     = true
+}
+
+##############################################################################
