Wait cluster responsive (#639)

* wait for cluster to respond before creating auth config map

* adds changelog entry

* fixup tf format

* fixup kubernetes required version

* fixup missing local for kubeconfig_filename

* combine wait for cluster into provisioner on cluster; change status check to /healthz on endpoint

* fix: make kubernetes provider version more permissive

Author: shaunc

CHANGELOG.md

@@ -9,6 +9,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [[v8.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v7.0.0...HEAD)] - 2019-??-??]
 
+- Wait for cluster to respond to kubectl before applying auth map_config (@shaunc)
 - Added flag `create_eks` to conditionally create resources (by @syst0m / @tbeijen)
 - Support for AWS EKS Managed Node Groups. (by @wmorgan6796)
 - Added a if check on `aws-auth` configmap when `map_roles` is empty (by @shanmugakarna)

aws_auth.tf

@@ -53,7 +53,8 @@ data "template_file" "node_group_arns" {
 }
 
 resource "kubernetes_config_map" "aws_auth" {
-  count = var.create_eks && var.manage_aws_auth ? 1 : 0
+  depends_on = [aws_eks_cluster.this]
+  count      = var.create_eks && var.manage_aws_auth ? 1 : 0
 
   metadata {
     name      = "aws-auth"

cluster.tf

@@ -31,6 +31,11 @@ resource "aws_eks_cluster" "this" {
     aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy,
     aws_cloudwatch_log_group.this
   ]
+  provisioner "local-exec" {
+    command = <<EOT
+    until curl -k ${aws_eks_cluster.this[0].endpoint}/healthz >/dev/null; do sleep 4; done
+  EOT
+  }
 }
 
 resource "aws_security_group" "cluster" {

versions.tf

@@ -2,10 +2,11 @@ terraform {
   required_version = ">= 0.12.9"
 
   required_providers {
-    aws      = ">= 2.38.0"
-    local    = ">= 1.2"
-    null     = ">= 2.1"
-    template = ">= 2.1"
-    random   = ">= 2.1"
+    aws        = ">= 2.38.0"
+    local      = ">= 1.2"
+    null       = ">= 2.1"
+    template   = ">= 2.1"
+    random     = ">= 2.1"
+    kubernetes = ">= 1.6.2"
   }
 }