feat: add configurable delay before addons creation

Currently, even though the cluster status is active, the addon API is not completely ready yet.
This causes retries and significant delays during addon creation, potentially negating the before_compute delay.

README.md

@@ -218,6 +218,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | [aws_security_group.node](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group_rule.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [aws_security_group_rule.node](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [time_sleep.addon_delay](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [time_sleep.this](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
@@ -232,6 +233,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_entries"></a> [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no |
+| <a name="input_addon_delay_duration"></a> [addon\_delay\_duration](#input\_addon\_delay\_duration) | Duration to wait after the EKS cluster has become active before creating the addons | `string` | `"0s"` | no |
 | <a name="input_attach_cluster_encryption_policy"></a> [attach\_cluster\_encryption\_policy](#input\_attach\_cluster\_encryption\_policy) | Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided | `bool` | `true` | no |
 | <a name="input_authentication_mode"></a> [authentication\_mode](#input\_authentication\_mode) | The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP` | `string` | `"API_AND_CONFIG_MAP"` | no |
 | <a name="input_bootstrap_self_managed_addons"></a> [bootstrap\_self\_managed\_addons](#input\_bootstrap\_self\_managed\_addons) | Indicates whether or not to bootstrap self-managed addons after the cluster has been created | `bool` | `null` | no |

main.tf

@@ -489,6 +489,14 @@ data "aws_eks_addon_version" "this" {
   most_recent        = try(each.value.most_recent, null)
 }
 
+resource "time_sleep" "addon_delay" {
+  count           = length(var.cluster_addons) > 0 ? 1 : 0
+  create_duration = var.addon_delay_duration
+  triggers = {
+    cluster_name = aws_eks_cluster.this[0].name
+  }
+}
+
 resource "aws_eks_addon" "this" {
   # Not supported on outposts
   for_each = { for k, v in var.cluster_addons : k => v if !try(v.before_compute, false) && local.create && !local.create_outposts_local_cluster }
@@ -523,6 +531,7 @@ resource "aws_eks_addon" "this" {
     module.fargate_profile,
     module.eks_managed_node_group,
     module.self_managed_node_group,
+    time_sleep.addon_delay
   ]
 
   tags = merge(var.tags, try(each.value.tags, {}))
@@ -558,6 +567,10 @@ resource "aws_eks_addon" "before_compute" {
     delete = try(each.value.timeouts.delete, var.cluster_addons_timeouts.delete, null)
   }
 
+  depends_on = [
+    time_sleep.addon_delay
+  ]
+
   tags = merge(var.tags, try(each.value.tags, {}))
 }
 

variables.tf

@@ -538,6 +538,12 @@ variable "cluster_addons_timeouts" {
   default     = {}
 }
 
+variable "addon_delay_duration" {
+  description = "Duration to wait after the EKS cluster has become active before creating the addons"
+  type        = string
+  default     = "0s"
+}
+
 ################################################################################
 # EKS Identity Provider
 ################################################################################