[k8s] Set order in kubemaster software deployments

When we create a cluster and pass the ca.key in a software deployment we
must ensure that the apiserver will start before calico, dashboard etc
which require the api to return ok. [0]

The heat agent process the deployment serially, so if coredns arrives
first in the agent, it will wait forever for the coredns script to
complete.

Putting the cert_manager_api first solves the issue.

[0] curl http://127.0.0.1:8080/healthz

Change-Id: I031ab34141045dde171bcf6206e227fa7eb5885d
story: 2003434
task: 24630

magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml

@@ -614,38 +614,6 @@ resources:
         - config: {get_resource: kube_apiserver_to_kubelet_role}
         - config: {get_resource: master_wc_notify}
 
-  core_dns_service:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
-
-  core_dns_service_deployment:
-    type: OS::Heat::SoftwareDeployment
-    properties:
-      signal_transport: HEAT_SIGNAL
-      config: {get_resource: core_dns_service}
-      server: {get_resource: kube-master}
-      actions: ['CREATE']
-
-  enable_prometheus_monitoring:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config:
-        str_replace:
-          template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
-          params:
-            "$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
-
-  enable_prometheus_monitoring_deployment:
-    type: OS::Heat::SoftwareDeployment
-    properties:
-      signal_transport: HEAT_SIGNAL
-      config: {get_resource: enable_prometheus_monitoring}
-      server: {get_resource: kube-master}
-      actions: ['CREATE']
-
   enable_cert_manager_api:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -664,6 +632,40 @@ resources:
       server: {get_resource: kube-master}
       actions: ['CREATE']
 
+  core_dns_service:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: script
+      config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
+
+  core_dns_service_deployment:
+    type: OS::Heat::SoftwareDeployment
+    depends_on: enable_cert_manager_api_deployment
+    properties:
+      signal_transport: HEAT_SIGNAL
+      config: {get_resource: core_dns_service}
+      server: {get_resource: kube-master}
+      actions: ['CREATE']
+
+  enable_prometheus_monitoring:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: script
+      config:
+        str_replace:
+          template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
+          params:
+            "$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
+
+  enable_prometheus_monitoring_deployment:
+    type: OS::Heat::SoftwareDeployment
+    depends_on: core_dns_service_deployment
+    properties:
+      signal_transport: HEAT_SIGNAL
+      config: {get_resource: enable_prometheus_monitoring}
+      server: {get_resource: kube-master}
+      actions: ['CREATE']
+
   calico_service:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -672,6 +674,7 @@ resources:
 
   calico_service_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: enable_prometheus_monitoring_deployment
     properties:
       signal_transport: HEAT_SIGNAL
       config: {get_resource: calico_service}
@@ -690,6 +693,7 @@ resources:
 
   enable_ingress_controller_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: calico_service_deployment
     properties:
       signal_transport: HEAT_SIGNAL
       config: {get_resource: enable_ingress_controller}
@@ -704,6 +708,7 @@ resources:
 
   kubernetes_dashboard_deployment:
     type: OS::Heat::SoftwareDeployment
+    depends_on: enable_ingress_controller_deployment
     properties:
       signal_transport: HEAT_SIGNAL
       config: {get_resource: kubernetes_dashboard}