feat(robot): allow Robot support without API credentials for IP-based LB targets#1163
Open
robertlemke wants to merge 2 commits intohetznercloud:mainfrom
Open
feat(robot): allow Robot support without API credentials for IP-based LB targets#1163robertlemke wants to merge 2 commits intohetznercloud:mainfrom
robertlemke wants to merge 2 commits intohetznercloud:mainfrom
Conversation
…targets Previously, enabling Robot support (`ROBOT_ENABLED=true`) required both `ROBOT_USER` and `ROBOT_PASSWORD` to be set. This made it impossible to use Robot nodes as IP-based load balancer targets without providing Robot API credentials. With this change, Robot credentials become optional. When no credentials are provided, the load balancer reconciler derives IP targets directly from the Kubernetes Node objects' InternalIP instead of querying the Robot API. This is sufficient for setups where the node's InternalIP (e.g. a vSwitch private IP) is the correct LB target address. Partial credentials (only user or only password) are still rejected as a likely misconfiguration.
Author
|
Hey there! This is my first contribution to HCCM and I tried to make it as clean and meaningful as possible. I added tests and also tested the feature in a Talos Cluster based on Hetzner dedicated servers, as well as my CAPI-based cluster using HCloud instances. Please let me know if I missed anything or if the motivation for this feature is unclear. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
robot.enabledis set but noROBOT_USER/ROBOT_PASSWORDare provided, the HCCM now derives IP targets directly from the Kubernetes Node'sInternalIPinstead of querying the Robot API. This is useful for setups where Robot servers are connected via vSwitch and only the service controller is needed.Existing behavior is unchanged when credentials are provided. Partial credentials (only user or only password) are rejected during validation.
Fixes: #1162