[ca]: Add firewall support for hcloud cloud provider

Signed-off-by: Sergey Shevchenko <[email protected]>
kubernetes · Jul 8, 2021 · 936bc04 · 936bc04
1 parent 4fd184e
commit 936bc04
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 3 deletions.
diff --git a/cluster-autoscaler/cloudprovider/hetzner/README.md b/cluster-autoscaler/cloudprovider/hetzner/README.md
@@ -12,6 +12,8 @@ The cluster autoscaler for Hetzner Cloud scales worker nodes.
 
 `HCLOUD_NETWORK` Default empty , The name of the network that is used in the cluster , @see https://docs.hetzner.cloud/#networks
 
+`HCLOUD_FIREWALL` Default empty , The name of the firewall that is used in the cluster , @see https://docs.hetzner.cloud/#firewalls
+
 `HCLOUD_SSH_KEY` Default empty , This SSH Key will have access to the fresh created server, @see https://docs.hetzner.cloud/#ssh-keys
 
 Node groups must be defined with the `--nodes=<min-servers>:<max-servers>:<instance-type>:<region>:<name>` flag.

diff --git a/cluster-autoscaler/cloudprovider/hetzner/hetzner_manager.go b/cluster-autoscaler/cloudprovider/hetzner/hetzner_manager.go
@@ -42,6 +42,7 @@ type hetznerManager struct {
 	image          *hcloud.Image
 	sshKey         *hcloud.SSHKey
 	network        *hcloud.Network
+	firewall       *hcloud.Firewall
 }
 
 func newManager() (*hetznerManager, error) {
@@ -92,9 +93,6 @@ func newManager() (*hetznerManager, error) {
 		image = images[0]
 	}
 
-	var network *hcloud.Network
-	networkName := os.Getenv("HCLOUD_NETWORK")
-
 	var sshKey *hcloud.SSHKey
 	sshKeyName := os.Getenv("HCLOUD_SSH_KEY")
 	if sshKeyName != "" {
@@ -104,6 +102,8 @@ func newManager() (*hetznerManager, error) {
 		}
 	}
 
+	var network *hcloud.Network
+	networkName := os.Getenv("HCLOUD_NETWORK")
 	if networkName != "" {
 		network, _, err = client.Network.Get(ctx, networkName)
 		if err != nil {
@@ -112,13 +112,23 @@ func newManager() (*hetznerManager, error) {
 
 	}
 
+	var firewall *hcloud.Firewall
+	firewallName := os.Getenv("HCLOUD_FIREWALL")
+	if firewallName != "" {
+		firewall, _, err = client.Firewall.Get(ctx, firewallName)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get firewall error: %s", err)
+		}
+	}
+
 	m := &hetznerManager{
 		client:         client,
 		nodeGroups:     make(map[string]*hetznerNodeGroup),
 		cloudInit:      string(cloudInit),
 		image:          image,
 		sshKey:         sshKey,
 		network:        network,
+		firewall:		firewall,
 		apiCallContext: ctx,
 	}
 

diff --git a/cluster-autoscaler/cloudprovider/hetzner/hetzner_node_group.go b/cluster-autoscaler/cloudprovider/hetzner/hetzner_node_group.go
@@ -365,6 +365,10 @@ func createServer(n *hetznerNodeGroup) error {
 	if n.manager.network != nil {
 		opts.Networks = []*hcloud.Network{n.manager.network}
 	}
+	if n.manager.firewall != nil {
+		serverCreateFirewall := &hcloud.ServerCreateFirewall{Firewall: *n.manager.firewall}
+		opts.Firewalls = []*hcloud.ServerCreateFirewall{serverCreateFirewall}
+	}
 
 	serverCreateResult, _, err := n.manager.client.Server.Create(n.manager.apiCallContext, opts)
 	if err != nil {