diff --git a/cluster-autoscaler/cloudprovider/hetzner/README.md b/cluster-autoscaler/cloudprovider/hetzner/README.md index 76197defe1a2..5fbad46a8787 100644 --- a/cluster-autoscaler/cloudprovider/hetzner/README.md +++ b/cluster-autoscaler/cloudprovider/hetzner/README.md @@ -12,6 +12,8 @@ The cluster autoscaler for Hetzner Cloud scales worker nodes. `HCLOUD_NETWORK` Default empty , The name of the network that is used in the cluster , @see https://docs.hetzner.cloud/#networks +`HCLOUD_FIREWALL` Default empty , The name of the firewall that is used in the cluster , @see https://docs.hetzner.cloud/#firewalls + `HCLOUD_SSH_KEY` Default empty , This SSH Key will have access to the fresh created server, @see https://docs.hetzner.cloud/#ssh-keys Node groups must be defined with the `--nodes=::::` flag. diff --git a/cluster-autoscaler/cloudprovider/hetzner/hetzner_manager.go b/cluster-autoscaler/cloudprovider/hetzner/hetzner_manager.go index 60dd429fb057..bdfa6d4a18c5 100644 --- a/cluster-autoscaler/cloudprovider/hetzner/hetzner_manager.go +++ b/cluster-autoscaler/cloudprovider/hetzner/hetzner_manager.go @@ -42,6 +42,7 @@ type hetznerManager struct { image *hcloud.Image sshKey *hcloud.SSHKey network *hcloud.Network + firewall *hcloud.Firewall } func newManager() (*hetznerManager, error) { @@ -92,9 +93,6 @@ func newManager() (*hetznerManager, error) { image = images[0] } - var network *hcloud.Network - networkName := os.Getenv("HCLOUD_NETWORK") - var sshKey *hcloud.SSHKey sshKeyName := os.Getenv("HCLOUD_SSH_KEY") if sshKeyName != "" { @@ -104,6 +102,8 @@ func newManager() (*hetznerManager, error) { } } + var network *hcloud.Network + networkName := os.Getenv("HCLOUD_NETWORK") if networkName != "" { network, _, err = client.Network.Get(ctx, networkName) if err != nil { @@ -112,6 +112,15 @@ func newManager() (*hetznerManager, error) { } + var firewall *hcloud.Firewall + firewallName := os.Getenv("HCLOUD_FIREWALL") + if firewallName != "" { + firewall, _, err = client.Firewall.Get(ctx, firewallName) + if err != nil { + return nil, fmt.Errorf("failed to get firewall error: %s", err) + } + } + m := &hetznerManager{ client: client, nodeGroups: make(map[string]*hetznerNodeGroup), @@ -119,6 +128,7 @@ func newManager() (*hetznerManager, error) { image: image, sshKey: sshKey, network: network, + firewall: firewall, apiCallContext: ctx, } diff --git a/cluster-autoscaler/cloudprovider/hetzner/hetzner_node_group.go b/cluster-autoscaler/cloudprovider/hetzner/hetzner_node_group.go index 7d06be8c24e2..3540c8ad7583 100644 --- a/cluster-autoscaler/cloudprovider/hetzner/hetzner_node_group.go +++ b/cluster-autoscaler/cloudprovider/hetzner/hetzner_node_group.go @@ -365,6 +365,10 @@ func createServer(n *hetznerNodeGroup) error { if n.manager.network != nil { opts.Networks = []*hcloud.Network{n.manager.network} } + if n.manager.firewall != nil { + serverCreateFirewall := &hcloud.ServerCreateFirewall{Firewall: *n.manager.firewall} + opts.Firewalls = []*hcloud.ServerCreateFirewall{serverCreateFirewall} + } serverCreateResult, _, err := n.manager.client.Server.Create(n.manager.apiCallContext, opts) if err != nil {