Summary
The internet-readiness loop in modules/bootstrap/templates/cloud-init.yaml.tpl currently probes http://1.1.1.1 (plain HTTP), but the bootstrap flow immediately depends on HTTPS access to https://get.rke2.io and https://dl.k8s.io.
Using a plain HTTP probe makes the gate too narrow for the real dependency and can either hang unnecessarily (e.g. if plain HTTP is blocked but HTTPS is fine) or pass too early (e.g. if only plain HTTP is reachable but HTTPS endpoints are not).
Proposed change
Replace the current until loop with one that probes the actual HTTPS endpoints the bootstrap script needs:
until curl -fsSL --connect-timeout 5 https://get.rke2.io > /dev/null && \
curl -fsSL --connect-timeout 5 https://dl.k8s.io > /dev/null; do
echo "Still waiting for internet (https://get.rke2.io / https://dl.k8s.io)..." > /dev/console
sleep 5
doneThis ensures the loop exits only when the endpoints the script actually depends on are reachable.
References
Summary
The internet-readiness loop in
modules/bootstrap/templates/cloud-init.yaml.tplcurrently probeshttp://1.1.1.1(plain HTTP), but the bootstrap flow immediately depends on HTTPS access tohttps://get.rke2.ioandhttps://dl.k8s.io.Using a plain HTTP probe makes the gate too narrow for the real dependency and can either hang unnecessarily (e.g. if plain HTTP is blocked but HTTPS is fine) or pass too early (e.g. if only plain HTTP is reachable but HTTPS endpoints are not).
Proposed change
Replace the current
untilloop with one that probes the actual HTTPS endpoints the bootstrap script needs:This ensures the loop exits only when the endpoints the script actually depends on are reachable.
References