From 7ca8f79156ba30ab6bd79f039108ab503c133289 Mon Sep 17 00:00:00 2001
From: Philip Schmid <philip.schmid@isovalent.com>
Date: Tue, 3 Oct 2023 14:57:39 +0200
Subject: [PATCH] Fix Cilium NS creation in case of unstable KAPI

Signed-off-by: Philip Schmid <philip.schmid@isovalent.com>
---
 README.md              |  2 ++
 scripts/provisioner.sh | 22 ++++++++++++++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index b3435d4..4281d33 100644
--- a/README.md
+++ b/README.md
@@ -31,8 +31,10 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cilium_helm_chart"></a> [cilium\_helm\_chart](#input\_cilium\_helm\_chart) | The name of the Helm chart to use to install Cilium. It is assumed that the Helm repository containing this chart has been added beforehand (e.g. using 'helm repo add'). | `string` | `"cilium/cilium"` | no |
+| <a name="input_cilium_helm_extra_args"></a> [cilium\_helm\_extra\_args](#input\_cilium\_helm\_extra\_args) | Extra arguments to be passed to the 'helm upgrade --install' command that installs Cilium. | `string` | `""` | no |
 | <a name="input_cilium_helm_release_name"></a> [cilium\_helm\_release\_name](#input\_cilium\_helm\_release\_name) | The name of the Helm release to use for Cilium. | `string` | `"cilium"` | no |
 | <a name="input_cilium_helm_values_file_path"></a> [cilium\_helm\_values\_file\_path](#input\_cilium\_helm\_values\_file\_path) | The path to the file containing the values to use when installing Cilium. | `string` | n/a | yes |
+| <a name="input_cilium_helm_values_override_file_path"></a> [cilium\_helm\_values\_override\_file\_path](#input\_cilium\_helm\_values\_override\_file\_path) | The path to the file containing the values to use when installing Cilium. These values will override the ones in 'cilium\_helm\_values\_file\_path'. | `string` | n/a | yes |
 | <a name="input_cilium_helm_version"></a> [cilium\_helm\_version](#input\_cilium\_helm\_version) | The version of the Cilium Helm chart to install. | `string` | n/a | yes |
 | <a name="input_cilium_namespace"></a> [cilium\_namespace](#input\_cilium\_namespace) | The namespace in which to install Cilium. | `string` | `"kube-system"` | no |
 | <a name="input_deploy_etcd_cluster"></a> [deploy\_etcd\_cluster](#input\_deploy\_etcd\_cluster) | Whether to deploy an 'etcd' cluster suitable for usage as the Cilium key-value store (HIGHLY EXPERIMENTAL). | `bool` | `false` | no |
diff --git a/scripts/provisioner.sh b/scripts/provisioner.sh
index 9a33b58..c1fa197 100755
--- a/scripts/provisioner.sh
+++ b/scripts/provisioner.sh
@@ -32,11 +32,25 @@ do
   fi
 done
 
+# Wait for Kubernetes API to stabilize
+KAPI_REACHABILITY_COUNT=1
+set +e
+until kubectl get --raw='/readyz?verbose'
+do
+  if [[ ${KAPI_REACHABILITY_COUNT} -gt 180 ]];
+  then
+    echo "Failed to connect to the Kubernetes API or the Kubernetes API doesn't report an healthy state."
+    exit 1
+  else
+    KAPI_REACHABILITY_COUNT=$((KAPI_REACHABILITY_COUNT+1))
+    sleep 1
+  fi
+done
+set -e
+sleep 10
+
 # Create the target namespace if it does not exist.
-if ! kubectl get ns "${CILIUM_NAMESPACE}";
-then
-    kubectl create ns "${CILIUM_NAMESPACE}"
-fi
+kubectl create namespace "${CILIUM_NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
 
 # Upsert or delete the IPsec secret to be used for transparent encryption.
 IPSEC_ENABLED=""