create both keys in the secret: hcloud and token.

Author: guettli

Makefile

@@ -199,11 +199,12 @@ ifeq ($(BUILD_IN_CONTAINER),true)
 		-v $(shell pwd):/src/cluster-api-provider-$(INFRA_PROVIDER)$(MOUNT_FLAGS) \
 		$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
 else
-	helm repo add syself https://charts.syself.com
-	helm repo update syself
-	KUBECONFIG=$(WORKER_CLUSTER_KUBECONFIG) helm upgrade --install ccm syself/ccm-hetzner --version 2.0.1 \
-	--namespace kube-system \
-	--set privateNetwork.enabled=$(PRIVATE_NETWORK)
+	helm repo add hcloud https://charts.hetzner.cloud
+	helm repo update hcloud
+	KUBECONFIG=$(WORKER_CLUSTER_KUBECONFIG) helm install hccm \
+		hcloud/ cloud-cloud-controller-manager -n kube-system \
+		--set privateNetwork.enabled=$(PRIVATE_NETWORK)
+		--set robot.enabled=true
 	@echo 'run "kubectl --kubeconfig=$(WORKER_CLUSTER_KUBECONFIG) ..." to work with the new target cluster'
 endif
 

api/v1beta1/types.go

@@ -121,15 +121,15 @@ type HetznerSecretRef struct {
 type HetznerSecretKeyRef struct {
 	// HCloudToken defines the name of the key where the token for the Hetzner Cloud API is stored.
 	// +optional
-	// +kubebuilder:default=hcloud-token
+	// +kubebuilder:default=token
 	HCloudToken string `json:"hcloudToken"`
 	// HetznerRobotUser defines the name of the key where the username for the Hetzner Robot API is stored.
 	// +optional
-	// +kubebuilder:default=hetzner-robot-user
+	// +kubebuilder:default=robot-user
 	HetznerRobotUser string `json:"hetznerRobotUser"`
 	// HetznerRobotPassword defines the name of the key where the password for the Hetzner Robot API is stored.
 	// +optional
-	// +kubebuilder:default=hetzner-robot-password
+	// +kubebuilder:default=robot-password
 	HetznerRobotPassword string `json:"hetznerRobotPassword"`
 	// SSHKey defines the name of the ssh key.
 	// +optional

config/crd/bases/infrastructure.cluster.x-k8s.io_hetznerclusters.yaml

@@ -246,17 +246,17 @@ spec:
                       Need to specify either HCloudToken or both HetznerRobotUser and HetznerRobotPassword.
                     properties:
                       hcloudToken:
-                        default: hcloud-token
+                        default: token
                         description: HCloudToken defines the name of the key where
                           the token for the Hetzner Cloud API is stored.
                         type: string
                       hetznerRobotPassword:
-                        default: hetzner-robot-password
+                        default: robot-password
                         description: HetznerRobotPassword defines the name of the
                           key where the password for the Hetzner Robot API is stored.
                         type: string
                       hetznerRobotUser:
-                        default: hetzner-robot-user
+                        default: robot-user
                         description: HetznerRobotUser defines the name of the key
                           where the username for the Hetzner Robot API is stored.
                         type: string
@@ -267,7 +267,13 @@ spec:
                     type: object
                   name:
                     default: hetzner
-                    description: Name defines the name of the secret.
+                    description: |-
+                      Name defines the name of the secret. The name gets used for reading the credential in the
+                      mgt-cluster, and it gets used for creating a secret in the wl-cluster. About the secret in
+                      the wl-cluster: Attention, the upstream hcloud-ccm helm chart expects the name to be
+                      "hcloud". The Syself ccm defaults to "hetzner". The secret will be created in the namespace
+                      "mgt-system" of the workload-cluster. Set `spec.skipCreatingHetznerSecretInWorkloadCluster`,
+                      if you don't want that secret in the wl-cluster to be created.
                     type: string
                 required:
                 - key

config/crd/bases/infrastructure.cluster.x-k8s.io_hetznerclustertemplates.yaml

@@ -275,18 +275,18 @@ spec:
                               Need to specify either HCloudToken or both HetznerRobotUser and HetznerRobotPassword.
                             properties:
                               hcloudToken:
-                                default: hcloud-token
+                                default: token
                                 description: HCloudToken defines the name of the key
                                   where the token for the Hetzner Cloud API is stored.
                                 type: string
                               hetznerRobotPassword:
-                                default: hetzner-robot-password
+                                default: robot-password
                                 description: HetznerRobotPassword defines the name
                                   of the key where the password for the Hetzner Robot
                                   API is stored.
                                 type: string
                               hetznerRobotUser:
-                                default: hetzner-robot-user
+                                default: robot-user
                                 description: HetznerRobotUser defines the name of
                                   the key where the username for the Hetzner Robot
                                   API is stored.
@@ -298,7 +298,13 @@ spec:
                             type: object
                           name:
                             default: hetzner
-                            description: Name defines the name of the secret.
+                            description: |-
+                              Name defines the name of the secret. The name gets used for reading the credential in the
+                              mgt-cluster, and it gets used for creating a secret in the wl-cluster. About the secret in
+                              the wl-cluster: Attention, the upstream hcloud-ccm helm chart expects the name to be
+                              "hcloud". The Syself ccm defaults to "hetzner". The secret will be created in the namespace
+                              "mgt-system" of the workload-cluster. Set `spec.skipCreatingHetznerSecretInWorkloadCluster`,
+                              if you don't want that secret in the wl-cluster to be created.
                             type: string
                         required:
                         - key

controllers/hetznercluster_controller.go

@@ -533,7 +533,7 @@ func reconcileWorkloadClusterSecret(ctx context.Context, clusterScope *scope.Clu
 			return fmt.Errorf("failed to acquire secret: %w", err)
 		}
 
-		hetznerToken, keyExists := mgtSecret.Data[clusterScope.HetznerCluster.Spec.HetznerSecret.Key.HCloudToken]
+		hcloudToken, keyExists := mgtSecret.Data[clusterScope.HetznerCluster.Spec.HetznerSecret.Key.HCloudToken]
 		if !keyExists {
 			return fmt.Errorf("error key %s does not exist in secret/%s: %w",
 				clusterScope.HetznerCluster.Spec.HetznerSecret.Key.HCloudToken,
@@ -546,7 +546,13 @@ func reconcileWorkloadClusterSecret(ctx context.Context, clusterScope *scope.Clu
 			wlSecret.Data = make(map[string][]byte)
 		}
 
-		wlSecret.Data[clusterScope.HetznerCluster.Spec.HetznerSecret.Key.HCloudToken] = hetznerToken
+		wlSecret.Data[clusterScope.HetznerCluster.Spec.HetznerSecret.Key.HCloudToken] = hcloudToken
+
+		// upstream hcloud-ccm uses the secret key "token", while the old Syself ccm used "hcloud".
+		// For compatibilty, we create always the other key, too.
+		for _, key := range []string{"token", "hcloud"} {
+			wlSecret.Data[key] = hcloudToken
+		}
 
 		// Save robot credentials if available
 		if clusterScope.HetznerCluster.Spec.HetznerSecret.Key.HetznerRobotUser != "" {