Skip to content

Commit

Permalink
✨ Add ssh key name via hetzner secret (#1289)
Browse files Browse the repository at this point in the history 
Adding the ssh key name via hetzner secret facilitates use cases where a
lot of clusters are created with the same ssh key. Instead of having to
specify it every time in the HetznerClusterTemplate object, it can be
specified in the secret ones.

On top, this commit introduces default values for the HetznerSecret to
allow use cases where all is hard-coded and doesn't have to be specified
e.g. in a ClusterClass or in the templates of the cluster object
anymore.
  • Loading branch information
@janiskemper
janiskemper authored May 8, 2024
1 parent 2a305e1 commit 9eaf507
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 0 deletions.
8 changes: 8 additions & 0 deletions api/v1beta1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ type HCloudPlacementGroupStatus struct {
// HetznerSecretRef defines all the names of the secret and the relevant keys needed to access Hetzner API.
type HetznerSecretRef struct {
// Name defines the name of the secret.
// +kubebuilder:default=hetzner
Name string `json:"name"`
// Key defines the keys that are used in the secret.
// Need to specify either HCloudToken or both HetznerRobotUser and HetznerRobotPassword.
Expand All @@ -113,13 +114,20 @@ type HetznerSecretRef struct {
type HetznerSecretKeyRef struct {
// HCloudToken defines the name of the key where the token for the Hetzner Cloud API is stored.
// +optional
// +kubebuilder:default=hcloud-token
HCloudToken string `json:"hcloudToken"`
// HetznerRobotUser defines the name of the key where the username for the Hetzner Robot API is stored.
// +optional
// +kubebuilder:default=hetzner-robot-user
HetznerRobotUser string `json:"hetznerRobotUser"`
// HetznerRobotPassword defines the name of the key where the password for the Hetzner Robot API is stored.
// +optional
// +kubebuilder:default=hetzner-robot-password
HetznerRobotPassword string `json:"hetznerRobotPassword"`
// SSHKey defines the name of the ssh key.
// +optional
// +kubebuilder:default=ssh-key
SSHKey string `json:"sshKey"`
}

// PublicNetworkSpec contains specs about the public network spec of an HCloud server.
Expand Down
8 changes: 8 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_hetznerclusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,19 +242,27 @@ spec:
Need to specify either HCloudToken or both HetznerRobotUser and HetznerRobotPassword.
properties:
hcloudToken:
default: hcloud-token
description: HCloudToken defines the name of the key where
the token for the Hetzner Cloud API is stored.
type: string
hetznerRobotPassword:
default: hetzner-robot-password
description: HetznerRobotPassword defines the name of the
key where the password for the Hetzner Robot API is stored.
type: string
hetznerRobotUser:
default: hetzner-robot-user
description: HetznerRobotUser defines the name of the key
where the username for the Hetzner Robot API is stored.
type: string
sshKey:
default: ssh-key
description: SSHKey defines the name of the ssh key.
type: string
type: object
name:
default: hetzner
description: Name defines the name of the secret.
type: string
required:
Expand Down
8 changes: 8 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_hetznerclustertemplates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,21 +273,29 @@ spec:
Need to specify either HCloudToken or both HetznerRobotUser and HetznerRobotPassword.
properties:
hcloudToken:
default: hcloud-token
description: HCloudToken defines the name of the key
where the token for the Hetzner Cloud API is stored.
type: string
hetznerRobotPassword:
default: hetzner-robot-password
description: HetznerRobotPassword defines the name
of the key where the password for the Hetzner Robot
API is stored.
type: string
hetznerRobotUser:
default: hetzner-robot-user
description: HetznerRobotUser defines the name of
the key where the username for the Hetzner Robot
API is stored.
type: string
sshKey:
default: ssh-key
description: SSHKey defines the name of the ssh key.
type: string
type: object
name:
default: hetzner
description: Name defines the name of the secret.
type: string
required:
Expand Down
24 changes: 24 additions & 0 deletions controllers/hetznercluster_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,30 @@ func (r *HetznerClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reque
func (r *HetznerClusterReconciler) reconcileNormal(ctx context.Context, clusterScope *scope.ClusterScope) (ctrl.Result, error) {
hetznerCluster := clusterScope.HetznerCluster

// write ssh key name from secret to spec of HetznerCluster if it is specified
sshKeyName := clusterScope.HetznerSecret().Data[hetznerCluster.Spec.HetznerSecret.Key.SSHKey]
if len(sshKeyName) > 0 {
// Check if the SSH key name already exists
keyExists := false
for _, key := range hetznerCluster.Spec.SSHKeys.HCloud {
if string(sshKeyName) == key.Name {
keyExists = true
break
}
}

// If the SSH key name doesn't exist, append it
if !keyExists {
hetznerCluster.Spec.SSHKeys.HCloud = append(hetznerCluster.Spec.SSHKeys.HCloud, infrav1.SSHKey{Name: string(sshKeyName)})
record.Eventf(
hetznerCluster,
"SSHKeyNameAddedFromHetznerSecret", "added the ssh key %q from the hetzner secret specified under key %q",
string(sshKeyName),
hetznerCluster.Spec.HetznerSecret.Key.SSHKey,
)
}
}

// If the HetznerCluster doesn't have our finalizer, add it.
controllerutil.AddFinalizer(hetznerCluster, infrav1.ClusterFinalizer)
if err := clusterScope.PatchObject(ctx); err != nil {
Expand Down

0 comments on commit 9eaf507

Please sign in to comment.