Add multiple SSH keys support for Hetzner

2022-07-28 18:36:04 +03:00 · 2022-07-28 18:36:04 +03:00 · 1cf3e5f0da
parent 7d40680ec7
commit 1cf3e5f0da
6 changed files with 29 additions and 64 deletions
--- a/pkg/model/hetznermodel/context.go
+++ b/pkg/model/hetznermodel/context.go
@ -29,8 +29,3 @@ func (b *HetznerModelContext) LinkToNetwork() *hetznertasks.Network {
 	name := b.ClusterName()
 	return &hetznertasks.Network{Name: &name}
 }
-
-func (b *HetznerModelContext) LinkToSSHKey() *hetznertasks.SSHKey {
-	name := b.ClusterName()
-	return &hetznertasks.SSHKey{Name: &name}
-}
--- a/pkg/model/hetznermodel/servers.go
+++ b/pkg/model/hetznermodel/servers.go
@ -18,6 +18,7 @@ package hetznermodel

 import (
 	"k8s.io/kops/pkg/model"
+	"k8s.io/kops/pkg/pki"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/hetzner"
 	"k8s.io/kops/upup/pkg/fi/cloudup/hetznertasks"
@ -33,6 +34,24 @@ type ServerGroupModelBuilder struct {
 var _ fi.ModelBuilder = &ServerGroupModelBuilder{}

 func (b *ServerGroupModelBuilder) Build(c *fi.ModelBuilderContext) error {
+	var sshkeyTasks []*hetznertasks.SSHKey
+	for _, sshkey := range b.SSHPublicKeys {
+		fingerprint, err := pki.ComputeOpenSSHKeyFingerprint(string(sshkey))
+		if err != nil {
+			return err
+		}
+		t := &hetznertasks.SSHKey{
+			Name:      fi.String(b.ClusterName() + "-" + fingerprint),
+			Lifecycle: b.Lifecycle,
+			PublicKey: string(sshkey),
+			Labels: map[string]string{
+				hetzner.TagKubernetesClusterName: b.ClusterName(),
+			},
+		}
+		c.AddTask(t)
+		sshkeyTasks = append(sshkeyTasks, t)
+	}
+
 	for _, ig := range b.InstanceGroups {
 		igSize := fi.Int32Value(ig.Spec.MinSize)

@ -49,7 +68,7 @@ func (b *ServerGroupModelBuilder) Build(c *fi.ModelBuilderContext) error {
 		serverGroup := hetznertasks.ServerGroup{
 			Name:       fi.String(ig.Name),
 			Lifecycle:  b.Lifecycle,
-			SSHKey:     b.LinkToSSHKey(),
+			SSHKeys:    sshkeyTasks,
 			Network:    b.LinkToNetwork(),
 			Count:      int(igSize),
 			Location:   ig.Spec.Subnets[0],
--- a/pkg/model/hetznermodel/sshkey.go
+++ b/pkg/model/hetznermodel/sshkey.go
@ -1,48 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package hetznermodel
-
-import (
-	"k8s.io/kops/upup/pkg/fi"
-	"k8s.io/kops/upup/pkg/fi/cloudup/hetzner"
-	"k8s.io/kops/upup/pkg/fi/cloudup/hetznertasks"
-)
-
-// SSHKeyModelBuilder configures SSHKey objects
-type SSHKeyModelBuilder struct {
-	*HetznerModelContext
-	Lifecycle fi.Lifecycle
-}
-
-var _ fi.ModelBuilder = &SSHKeyModelBuilder{}
-
-func (b *SSHKeyModelBuilder) Build(c *fi.ModelBuilderContext) error {
-	// TODO(hakman): Add support for multiple SSH keys
-	sshkey := b.SSHPublicKeys[0]
-
-	t := &hetznertasks.SSHKey{
-		Name:      fi.String(b.ClusterName()),
-		Lifecycle: b.Lifecycle,
-		PublicKey: string(sshkey),
-		Labels: map[string]string{
-			hetzner.TagKubernetesClusterName: b.ClusterName(),
-		},
-	}
-	c.AddTask(t)
-
-	return nil
-}
--- a/upup/pkg/fi/cloudup/apply_cluster.go
+++ b/upup/pkg/fi/cloudup/apply_cluster.go
@ -597,7 +597,6 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 				KopsModelContext: modelContext,
 			}
 			l.Builders = append(l.Builders,
-				&hetznermodel.SSHKeyModelBuilder{HetznerModelContext: hetznerModelContext, Lifecycle: securityLifecycle},
 				&hetznermodel.NetworkModelBuilder{HetznerModelContext: hetznerModelContext, Lifecycle: networkLifecycle},
 				&hetznermodel.ExternalAccessModelBuilder{HetznerModelContext: hetznerModelContext, Lifecycle: networkLifecycle},
 				&hetznermodel.LoadBalancerModelBuilder{HetznerModelContext: hetznerModelContext, Lifecycle: networkLifecycle},
--- a/upup/pkg/fi/cloudup/hetznertasks/servergroup.go
+++ b/upup/pkg/fi/cloudup/hetznertasks/servergroup.go
@ -33,7 +33,7 @@ import (
 type ServerGroup struct {
 	Name      *string
 	Lifecycle fi.Lifecycle
-	SSHKey    *SSHKey
+	SSHKeys   []*SSHKey
 	Network   *Network

 	Count      int
@ -180,8 +180,8 @@ func (_ *ServerGroup) RenderHetzner(t *hetzner.HetznerAPITarget, a, e, changes *
 		return nil
 	}

-	if e.SSHKey == nil {
-		return fmt.Errorf("failed to find ssh key for server %q", fi.StringValue(e.Name))
+	if len(e.SSHKeys) == 0 {
+		return fmt.Errorf("failed to find ssh keys for server %q", fi.StringValue(e.Name))
 	}
 	if e.Network == nil {
 		return fmt.Errorf("failed to find network for server %q", fi.StringValue(e.Name))
@ -204,11 +204,6 @@ func (_ *ServerGroup) RenderHetzner(t *hetzner.HetznerAPITarget, a, e, changes *
 		opts := hcloud.ServerCreateOpts{
 			Name:             name,
 			StartAfterCreate: fi.Bool(true),
-			SSHKeys: []*hcloud.SSHKey{
-				{
-					ID: fi.IntValue(e.SSHKey.ID),
-				},
-			},
 			Networks: []*hcloud.Network{
 				{
 					ID: fi.IntValue(e.Network.ID),
@ -231,6 +226,11 @@ func (_ *ServerGroup) RenderHetzner(t *hetzner.HetznerAPITarget, a, e, changes *
 			},
 		}

+		// Add the SSH keys
+		for _, sshkey := range e.SSHKeys {
+			opts.SSHKeys = append(opts.SSHKeys, &hcloud.SSHKey{ID: fi.IntValue(sshkey.ID)})
+		}
+
 		// Add the user-data hash label
 		opts.Labels[hetzner.TagKubernetesInstanceUserData] = userDataHash

--- a/upup/pkg/fi/cloudup/hetznertasks/sshkey.go
+++ b/upup/pkg/fi/cloudup/hetznertasks/sshkey.go
@ -109,7 +109,7 @@ func (_ *SSHKey) RenderHetzner(t *hetzner.HetznerAPITarget, a, e, changes *SSHKe
 		if len(tokens) == 3 {
 			sshkeyComment := tokens[2]
 			_, err := mail.ParseAddress(sshkeyComment)
-			if err != nil {
+			if err == nil {
 				name = sshkeyComment
 			}
 		}