From 69da402b0d848df8cd325bc4525a3bf3d98472a4 Mon Sep 17 00:00:00 2001
From: Gerd Oberlechner <goberlec@redhat.com>
Date: Wed, 13 Nov 2024 00:28:07 +0100
Subject: [PATCH] AKS creation timing issue with KV rolebinding

sometimes the AKS cluster creation fails because the AKS MI does not have permissions on the etcd KV yet. this PR introduces an explicit dependency from the AKS resource to the KV roleassignment (and the VNET role assignment as well).

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>
---
 dev-infrastructure/modules/aks-cluster-base.bicep | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dev-infrastructure/modules/aks-cluster-base.bicep b/dev-infrastructure/modules/aks-cluster-base.bicep
index b503c0d69..2af685289 100644
--- a/dev-infrastructure/modules/aks-cluster-base.bicep
+++ b/dev-infrastructure/modules/aks-cluster-base.bicep
@@ -361,6 +361,10 @@ resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-04-02-previ
     }
     supportPlan: 'KubernetesOfficial'
   }
+  dependsOn: [
+    aksNetworkContributorRoleAssignment
+    aks_keyvault_crypto_user
+  ]
 }
 
 resource userAgentPools 'Microsoft.ContainerService/managedClusters/agentPools@2024-04-02-preview' = [