Summary
The cluster-autoscaler addon template does not inject the HCLOUD_TOKEN environment variable into the autoscaler pod when running on Hetzner. As a result, the autoscaler fails immediately on startup because it cannot authenticate with the Hetzner API.
Root cause
upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template only has an env: block for AWS (AWS_REGION). There is no corresponding block for Hetzner.
The hcloud secret (containing token and network keys) is already created in kube-system by the CCM addon, so the credentials are available — they just aren't passed to the autoscaler container.
Impact
The kops-managed cluster-autoscaler addon is completely non-functional on Hetzner. Users must deploy the autoscaler manually with the correct environment variables.
Originally reported in #17543.
Fix
Add an else if (eq GetCloudProvider "hetzner") env block that sources HCLOUD_TOKEN and HCLOUD_NETWORK from the existing hcloud secret. Fix included in the PR that accompanies this issue.
Summary
The cluster-autoscaler addon template does not inject the
HCLOUD_TOKENenvironment variable into the autoscaler pod when running on Hetzner. As a result, the autoscaler fails immediately on startup because it cannot authenticate with the Hetzner API.Root cause
upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.templateonly has anenv:block for AWS (AWS_REGION). There is no corresponding block for Hetzner.The
hcloudsecret (containingtokenandnetworkkeys) is already created inkube-systemby the CCM addon, so the credentials are available — they just aren't passed to the autoscaler container.Impact
The kops-managed cluster-autoscaler addon is completely non-functional on Hetzner. Users must deploy the autoscaler manually with the correct environment variables.
Originally reported in #17543.
Fix
Add an
else if (eq GetCloudProvider "hetzner")env block that sourcesHCLOUD_TOKENandHCLOUD_NETWORKfrom the existinghcloudsecret. Fix included in the PR that accompanies this issue.