Fix MetalLB pool apply ordering

2026-05-26 23:12:22 -06:00 · 2026-05-26 23:12:22 -06:00 · 1108e21b1b
parent 7c0a74cf51
commit 1108e21b1b
1 changed files with 43 additions and 25 deletions
--- a/bootstrap/platform/main.tf
+++ b/bootstrap/platform/main.tf
@ -75,6 +75,35 @@ ip6.arpa:53 {
    prometheus :9253
 }
 EOT
+
+  metallb_ip_address_pool_manifest = yamlencode({
+    apiVersion = "metallb.io/v1beta1"
+    kind       = "IPAddressPool"
+    metadata = {
+      name      = var.metallb.pool_name
+      namespace = var.metallb.namespace
+    }
+    spec = {
+      addresses = var.metallb.address_pool
+    }
+  })
+
+  metallb_l2_advertisement_manifest = yamlencode({
+    apiVersion = "metallb.io/v1beta1"
+    kind       = "L2Advertisement"
+    metadata = {
+      name      = var.metallb.pool_name
+      namespace = var.metallb.namespace
+    }
+    spec = {
+      ipAddressPools = [var.metallb.pool_name]
+    }
+  })
+
+  metallb_l2_manifests = join("\n---\n", compact([
+    local.metallb_ip_address_pool_manifest,
+    var.metallb.l2_advertisement_enabled ? local.metallb_l2_advertisement_manifest : "",
+  ]))
 }

 resource "helm_release" "calico_crds" {
@ -536,39 +565,28 @@ resource "helm_release" "metallb" {
  ]
 }

-resource "kubernetes_manifest" "metallb_ip_address_pool" {
+resource "null_resource" "metallb_l2_config" {
  for_each = var.metallb.enabled && length(var.metallb.address_pool) > 0 ? { enabled = true } : {}

  depends_on = [helm_release.metallb]

-  manifest = {
-    apiVersion = "metallb.io/v1beta1"
-    kind       = "IPAddressPool"
-    metadata = {
-      name      = var.metallb.pool_name
-      namespace = var.metallb.namespace
-    }
-    spec = {
-      addresses = var.metallb.address_pool
-    }
+  triggers = {
+    kubeconfig_path = var.kubeconfig_path
+    manifest_hash   = sha256(local.metallb_l2_manifests)
  }
-}

-resource "kubernetes_manifest" "metallb_l2_advertisement" {
-  for_each = var.metallb.enabled && var.metallb.l2_advertisement_enabled && length(var.metallb.address_pool) > 0 ? { enabled = true } : {}
+  provisioner "local-exec" {
+    interpreter = ["/bin/bash", "-lc"]
+    command     = <<EOT
+set -euo pipefail

-  depends_on = [kubernetes_manifest.metallb_ip_address_pool]
+kubectl --kubeconfig "${self.triggers.kubeconfig_path}" wait --for=condition=Established --timeout=180s crd/ipaddresspools.metallb.io
+kubectl --kubeconfig "${self.triggers.kubeconfig_path}" wait --for=condition=Established --timeout=180s crd/l2advertisements.metallb.io

-  manifest = {
-    apiVersion = "metallb.io/v1beta1"
-    kind       = "L2Advertisement"
-    metadata = {
-      name      = var.metallb.pool_name
-      namespace = var.metallb.namespace
-    }
-    spec = {
-      ipAddressPools = [var.metallb.pool_name]
-    }
+cat <<'METALLB_MANIFESTS' | kubectl --kubeconfig "${self.triggers.kubeconfig_path}" apply -f -
+${local.metallb_l2_manifests}
+METALLB_MANIFESTS
+EOT
  }
 }