Fine-tuned cluster creation logic

PhilipSchmid · PhilipSchmid · commit b45ec598fa60 · 2025-06-26T09:19:10.000+02:00
Signed-off-by: Philip Schmid &lt;phisch@cisco.com&gt;
diff --git a/02-infra.tf b/02-infra.tf
@@ -88,10 +88,10 @@ module "elb_k8s_elb" {
 
   health_check = {
     target              = "tcp:50000"
-    interval            = 30
-    healthy_threshold   = 2
+    interval            = 5
+    healthy_threshold   = 3
     unhealthy_threshold = 2
-    timeout             = 5
+    timeout             = 2
   }
 
   number_of_instances = var.controlplane_count
diff --git a/03-talos.tf b/03-talos.tf
@@ -216,7 +216,15 @@ resource "talos_machine_configuration_apply" "controlplane" {
   node                        = var.use_private_ips_only ? module.talos_control_plane_nodes[each.key].private_ip : module.talos_control_plane_nodes[each.key].public_ip
 }
 
+# Wait until Talos APID has rotated its cert & ELB sees the node healthy
+resource "time_sleep" "wait_api_ready" {
+  depends_on      = [talos_machine_bootstrap.this]
+  create_duration = "30s"
+}
+
 resource "talos_machine_configuration_apply" "worker_group" {
+  depends_on = [time_sleep.wait_api_ready]
+
   for_each = merge([for info in var.worker_groups : { for index in range(0, var.workers_count) : "${info.name}.${index}" => info }]...)
 
   client_configuration        = talos_machine_secrets.this.client_configuration
diff --git a/README.md b/README.md
@@ -61,6 +61,7 @@ module "talos" {
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
 | <a name="provider_random"></a> [random](#provider\_random) | ~> 3.7 |
 | <a name="provider_talos"></a> [talos](#provider\_talos) | 0.9.0-alpha.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | n/a |
 
 ### Modules
 
@@ -87,6 +88,7 @@ module "talos" {
 | [talos_machine_configuration_apply.controlplane](https://registry.terraform.io/providers/siderolabs/talos/0.9.0-alpha.0/docs/resources/machine_configuration_apply) | resource |
 | [talos_machine_configuration_apply.worker_group](https://registry.terraform.io/providers/siderolabs/talos/0.9.0-alpha.0/docs/resources/machine_configuration_apply) | resource |
 | [talos_machine_secrets.this](https://registry.terraform.io/providers/siderolabs/talos/0.9.0-alpha.0/docs/resources/machine_secrets) | resource |
+| [time_sleep.wait_api_ready](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_ami.talos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_subnets.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
