From 7fdff38a2fd23e382e66d1890b13ff76fe4be3bb Mon Sep 17 00:00:00 2001
From: Spyros Trigazis <spyridon.trigazis@cern.ch>
Date: Tue, 14 Aug 2018 11:08:46 +0200
Subject: [PATCH] [k8s] Set order in kubemaster software deployments

When we create a cluster and pass the ca.key in a software deployment we
must ensure that the apiserver will start before calico, dashboard etc
which require the api to return ok. [0]

The heat agent process the deployment serially, so if coredns arrives
first in the agent, it will wait forever for the coredns script to
complete.

Putting the cert_manager_api first solves the issue.

[0] curl http://127.0.0.1:8080/healthz

Change-Id: I031ab34141045dde171bcf6206e227fa7eb5885d
story: 2003434
task: 24630
---
 .../templates/kubemaster.yaml                 | 39 +++++++++++--------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index 92f8fbeeca..0f497066e0 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -614,53 +614,55 @@ resources:
         - config: {get_resource: kube_apiserver_to_kubelet_role}
         - config: {get_resource: master_wc_notify}
 
-  core_dns_service:
+  enable_cert_manager_api:
     type: OS::Heat::SoftwareConfig
     properties:
       group: script
-      config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
+      config:
+        str_replace:
+          template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}
+          params:
+            "$CA_KEY": {get_param: ca_key}
 
-  core_dns_service_deployment:
+  enable_cert_manager_api_deployment:
     type: OS::Heat::SoftwareDeployment
     properties:
       signal_transport: HEAT_SIGNAL
-      config: {get_resource: core_dns_service}
+      config: {get_resource: enable_cert_manager_api}
       server: {get_resource: kube-master}
       actions: ['CREATE']
 
-  enable_prometheus_monitoring:
+  core_dns_service:
     type: OS::Heat::SoftwareConfig
     properties:
       group: script
-      config:
-        str_replace:
-          template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
-          params:
-            "$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
+      config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
 
-  enable_prometheus_monitoring_deployment:
+  core_dns_service_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: enable_cert_manager_api_deployment
     properties:
       signal_transport: HEAT_SIGNAL
-      config: {get_resource: enable_prometheus_monitoring}
+      config: {get_resource: core_dns_service}
       server: {get_resource: kube-master}
       actions: ['CREATE']
 
-  enable_cert_manager_api:
+  enable_prometheus_monitoring:
     type: OS::Heat::SoftwareConfig
     properties:
       group: script
       config:
         str_replace:
-          template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}
+          template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
           params:
-            "$CA_KEY": {get_param: ca_key}
+            "$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
 
-  enable_cert_manager_api_deployment:
+  enable_prometheus_monitoring_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: core_dns_service_deployment
     properties:
       signal_transport: HEAT_SIGNAL
-      config: {get_resource: enable_cert_manager_api}
+      config: {get_resource: enable_prometheus_monitoring}
       server: {get_resource: kube-master}
       actions: ['CREATE']
 
@@ -672,6 +674,7 @@ resources:
 
   calico_service_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: enable_prometheus_monitoring_deployment
     properties:
       signal_transport: HEAT_SIGNAL
       config: {get_resource: calico_service}
@@ -690,6 +693,7 @@ resources:
 
   enable_ingress_controller_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: calico_service_deployment
     properties:
       signal_transport: HEAT_SIGNAL
       config: {get_resource: enable_ingress_controller}
@@ -704,6 +708,7 @@ resources:
 
   kubernetes_dashboard_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: enable_ingress_controller_deployment
     properties:
       signal_transport: HEAT_SIGNAL
       config: {get_resource: kubernetes_dashboard}