feat(robot): allow Robot support without API credentials for IP-based LB targets#1163
feat(robot): allow Robot support without API credentials for IP-based LB targets#1163robertlemke wants to merge 1 commit intohetznercloud:mainfrom
Conversation
|
Hey there! This is my first contribution to HCCM and I tried to make it as clean and meaningful as possible. I added tests and also tested the feature in a Talos Cluster based on Hetzner dedicated servers, as well as my CAPI-based cluster using HCloud instances. Please let me know if I missed anything or if the motivation for this feature is unclear. |
lukasmetzner
left a comment
lukasmetzner
left a comment
There was a problem hiding this comment.
Hey, I did a quick review and left some suggestions.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1163 +/- ##
==========================================
- Coverage 68.02% 65.67% -2.36%
==========================================
Files 24 24
Lines 2643 2657 +14
==========================================
- Hits 1798 1745 -53
- Misses 670 744 +74
+ Partials 175 168 -7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
The e2e tests failing is normal here due to missing permissions. Once everything is resolved in the PR I will manually run them on my machine. If you have the resources to test your changes on the Cloud and Robot platform, feel free to share the results, but as this induces costs, don't feel obligated to do so. |
robertlemke
force-pushed
the
flownative/robot-without-credentials
branch
from
b027622 to
79c707e
Compare
|
Thanks again for your review and the time you put into adjusting my code! I adopted your changes and adjusted tests accordingly. Regarding the e2e test: Would be great if you could run them for me! I tested the changes on a Talos cluster with Hetzner dedicated servers connected via vSwitch, as well as a CAPI-based cluster with HCloud instances (to verify no regressions). |
…targets Previously, enabling Robot support (`ROBOT_ENABLED=true`) required both `ROBOT_USER` and `ROBOT_PASSWORD` to be set. This made it impossible to use Robot nodes as IP-based load balancer targets without providing Robot API credentials. With this change, Robot credentials become optional. When no credentials are provided, the load balancer reconciler derives IP targets directly from the Kubernetes Node objects' InternalIP instead of querying the Robot API. This is sufficient for setups where the node's InternalIP (e.g. a vSwitch private IP) is the correct LB target address. Partial credentials (only user or only password) are still rejected as a likely misconfiguration.
robertlemke
force-pushed
the
flownative/robot-without-credentials
branch
from
79c707e to
f57cdf6
Compare
|
Fixed lint complaint and rebased the commit. |
2 participants
When
robot.enabledis set but noROBOT_USER/ROBOT_PASSWORDare provided, the HCCM now derives IP targets directly from the Kubernetes Node'sInternalIPinstead of querying the Robot API. This is useful for setups where Robot servers are connected via vSwitch and only the service controller is needed.Existing behavior is unchanged when credentials are provided. Partial credentials (only user or only password) are rejected during validation.
Fixes: #1162