Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom HCLOUD_ENDPOINT in cluster-autoscaler Hetzner manager #7285

Merged
merged 1 commit into from
Sep 16, 2024
Merged

Support custom HCLOUD_ENDPOINT in cluster-autoscaler Hetzner manager #7285

merged 1 commit into from
Sep 16, 2024

Conversation

kamushadenes
Copy link
Contributor

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR adds support to the HCLOUD_ENDPOINT environment variable, following what's used by other projects like https://github.com/hetznercloud/hcloud-cloud-controller-manager and https://github.com/hetznercloud/csi-driver.

Which issue(s) this PR fixes:

Fixes #7284

Special notes for your reviewer:

We have developed a soon-to-be-open-source proxy that forces specific labels in order to provide scoped API access. This support is required to make full use of it inside a Kubernetes cluster.

Does this PR introduce a user-facing change?

The HCLOUD_ENDPOINT environment variable is now supported to set a custom endpoint for Hetzner usage is cluster-autoscaler.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. area/cluster-autoscaler labels Sep 14, 2024
@k8s-ci-robot k8s-ci-robot added the area/provider/hetzner Issues or PRs related to Hetzner provider label Sep 14, 2024
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Sep 14, 2024
edited
Loading

CLA Signed


The committers listed above are authorized under a signed CLA.

@k8s-ci-robot
Copy link
Contributor

Welcome @kamushadenes!

It looks like this is your first PR to kubernetes/autoscaler 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/autoscaler has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 14, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @kamushadenes. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Sep 14, 2024
@apricote
Copy link
Member

Awesome! Very curious to see your proxy, feel free to submit it to our awesome-list once you are ready 🚀

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 16, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: apricote, kamushadenes

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 16, 2024
@k8s-ci-robot k8s-ci-robot merged commit 2aba7bd into kubernetes:master Sep 16, 2024
6 checks passed
@kamushadenes
Copy link
Contributor Author

Thanks for merging @apricote !

When can we likely expect a release containing this change?

This was referenced Sep 28, 2024
Merged
Merged
@apricote
Copy link
Member

This is currently in master, so will go out with Kubernetes 1.32.

I am not sure what the official policy is on backporting features to older release series.

lukasmetzner pushed a commit to hetznercloud/hcloud-cloud-controller-manager that referenced this pull request Jan 7, 2025
@kamushadenes
feat: allow arbitrary length API tokens (#752)
c40c75c 
# Context
[We](https://github.com/altinity) have developed a
soon-to-be-open-source proxy that forces specific labels in order to
provide scoped API access, and that doesn't expose the real API token.
This was created to have better control of resources inside the same
project (as API tokens currently lack granularity), and to be able to
use a single project securely, given that it isn't possible to create a
project via the API.

One of it's operating modes is using JWT as a virtual self-validating
token, which can't have a fixed size.

This support is required to make full use of it inside a Kubernetes
cluster.

The feature is behind a default-false flag so it shouldn't interfere
with current behavior.

# Related
kubernetes/autoscaler#7285
hetznercloud/csi-driver#724
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aleksandra-malinowska aleksandra-malinowska Awaiting requested review from aleksandra-malinowska

@apricote apricote Awaiting requested review from apricote

Assignees

@apricote apricote

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/cluster-autoscaler area/provider/hetzner Issues or PRs related to Hetzner provider cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cluster-autoscaler Hetzner manager doesn't support custom endpoints
3 participants
@kamushadenes @k8s-ci-robot @apricote