feat(hetzner): fix cluster-autoscaler addon for Hetzner cloud provider#18135
feat(hetzner): fix cluster-autoscaler addon for Hetzner cloud provider#18135bjornharrtell wants to merge 1 commit intokubernetes:masterfrom
Conversation
k8s-ci-robot
added
do-not-merge/invalid-commit-message
|
Hi @bjornharrtell. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Two fixes to make the kops-managed cluster-autoscaler addon work correctly on Hetzner: 1. Pass HCLOUD_TOKEN and HCLOUD_NETWORK env vars to the autoscaler pod. The addon template only had an env block for AWS (AWS_REGION); without the Hetzner token the autoscaler cannot authenticate and fails immediately on startup. The vars are sourced from the existing 'hcloud' secret in kube-system, which is already created by the CCM addon. 2. Fix the --nodes flag format. GetClusterAutoscalerNodeGroups() was producing the generic '<name>.<cluster>' suffix for all non-GCE providers, giving a 3-field format (min:max:name.cluster) that the Hetzner cloud provider does not recognise. Hetzner requires 5 fields: min:max:instanceType:region:name. The region argument is the Hetzner location name, which equals the subnet name stored in ig.Spec.Subnets[0] (e.g. 'hel1').
bjornharrtell
force-pushed
the
hetzner-fix-cluster-autoscaler-addon
branch
from
a2218eb to
9a22111
Compare
k8s-ci-robot
removed
the
do-not-merge/invalid-commit-message
2 participants
Summary
Two fixes to make the kops-managed cluster-autoscaler addon work correctly on Hetzner. Without these the addon is completely non-functional: the autoscaler pod cannot authenticate and node groups are never registered.
Fixes #18133
Fixes #18134
Also related to #17543 (original HCLOUD_TOKEN report).
Changes
1. Pass HCLOUD_TOKEN and HCLOUD_NETWORK to the autoscaler pod
File:
upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.templateThe addon template only had an
env:block for AWS (AWS_REGION). Added anelse if hetznerblock that injectsHCLOUD_TOKENandHCLOUD_NETWORKfrom thehcloudsecret inkube-system. This secret already exists because the CCM addon creates it — no new secrets are required.2. Fix the
--nodesflag format for HetznerFile:
upup/pkg/fi/cloudup/template_functions.goGetClusterAutoscalerNodeGroups()was usingig.Name + "." + cluster.Nameas the--nodessuffix for all non-GCE providers. This produces a 3-field format (min:max:name.cluster) that the Hetzner autoscaler cloud provider does not recognise.Hetzner requires 5 fields:
min:max:instanceType:region:name. Added a Hetzner branch that computes:Producing e.g.
--nodes=1:5:cpx32:hel1:nodes-hel1.Testing
Manually verified against a live Hetzner kops cluster (
kops 1.35, Hetzner hel1). The generated addon manifest now contains the correct env vars and--nodesformat, and the autoscaler pod authenticates and registers node groups successfully.