Skip to content

Autoscaler Node not deleted during teardown #278

New issue
New issue
Open
Open
Autoscaler Node not deleted during teardown#278
Labels
bugSomething isn't working
@christianhuening

Description

@christianhuening
christianhuening
opened on Dec 23, 2025

Description

I have defined an autoscaler nodepool like so using v3.16.0:

  cluster_autoscaler_discovery_enabled = true
  cluster_autoscaler_nodepools = [
    {
      name     = "autoscaler"
      type     = "cpx42"
      location = "fsn1"
      min      = 1
      max      = 3
      labels   = { "autoscaler-node" = "true" }
      taints   = []
    }
  ]

upon teardown after first setting

cluster_delete_protection = false

and then running

tofu state rm 'module.kubernetes.talos_machine_configuration_apply.worker'
tofu state rm 'module.kubernetes.talos_machine_configuration_apply.control_plane'
tofu state rm 'module.kubernetes.talos_machine_secrets.this'
tofu destroy

I noticed the autoscaler not getting deleted on Hetzner. It basically waited for it and only upon manual deletion via the Hetzner console the task finally finished:

Image

Expected Behavior

Autoscaler VMs to be deleted upon teardown

Actual Behavior

Autoscaler VMs not deleted during teardown

Minimal Module Configuration

module "kubernetes" {
  source  = "hcloud-k8s/kubernetes/hcloud"
  version = "v3.16.0"

  cluster_name = "base"
  hcloud_token = var.hcloud_token

  # Can be used to get tofu to output the kubeconfig and/or talosconfig:
  cluster_kubeconfig_path  = "kubeconfig"
  cluster_talosconfig_path = "talosconfig"

  talos_version = "v1.12.0" # should be same as talosctl!
  kubernetes_version = "v1.35.0"

  cilium_encryption_enabled = true                # Default true
  cilium_encryption_type    = "ipsec"         # wireguard (Default) | ipsec
  cilium_ipsec_algorithm    = "rfc4106(gcm(aes))" # IPSec AES key algorithm (Default rfc4106(gcm(aes)))
  cilium_ipsec_key_size     = 256                 # IPSec AES key size (Default 256)
  cilium_ipsec_key_id       = 1                   # IPSec key ID (Default 1)

  cert_manager_enabled       = true
  cilium_gateway_api_enabled = true

  # cluster_delete_protection = false

  firewall_kube_api_source = [
    "0.0.0.0/0",
    "::/0"
  ]
  firewall_talos_api_source = [ # required when `firewall_kube_api_source` is specified
    "0.0.0.0/0",
    "::/0"
  ]

  control_plane_nodepools = [
    { name = "control", type = "cpx22", location = "fsn1", count = 3 }
  ]
  worker_nodepools = [
    { name = "worker", type = "cpx42", location = "fsn1", count = 2 }
  ]
  cluster_autoscaler_discovery_enabled = true
  cluster_autoscaler_nodepools = [
    {
      name     = "autoscaler"
      type     = "cpx42"
      location = "fsn1"
      min      = 1
      max      = 3
      labels   = { "autoscaler-node" = "true" }
      taints   = []
    }
  ]
}

Relevant Output

see screenshot

Confirmation

  • I checked existing issues, discussions, and the web for similar problems

might be same issue as #122 but that never got a resolution.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions