From cdc8d9c74f2a1f63162d2a3211f776e4b04009ef Mon Sep 17 00:00:00 2001
From: Serge Logvinov <serge.logvinov@sinextra.dev>
Date: Thu, 14 Jul 2022 10:20:28 +0300
Subject: [PATCH] Add robot creds

---
 .../hcloud-cloud-controller-manager.yaml           | 10 ++++++++++
 hetzner/instances-master.tf                        |  2 ++
 hetzner/templates/controlplane.yaml.tpl            |  2 ++
 hetzner/variables.tf                               | 14 ++++++++++++++
 4 files changed, 28 insertions(+)

diff --git a/hetzner/deployments/hcloud-cloud-controller-manager.yaml b/hetzner/deployments/hcloud-cloud-controller-manager.yaml
index 8df0623..6911e50 100644
--- a/hetzner/deployments/hcloud-cloud-controller-manager.yaml
+++ b/hetzner/deployments/hcloud-cloud-controller-manager.yaml
@@ -88,3 +88,13 @@ spec:
                   key: network
             - name: HCLOUD_INSTANCES_ADDRESS_FAMILY
               value: dualstack
+            - name: ROBOT_USER_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: hcloud
+                  key: user
+            - name: ROBOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: hcloud
+                  key: password
diff --git a/hetzner/instances-master.tf b/hetzner/instances-master.tf
index 0923d54..cf5fda4 100644
--- a/hetzner/instances-master.tf
+++ b/hetzner/instances-master.tf
@@ -25,6 +25,8 @@ resource "hcloud_server" "controlplane" {
       lbv6           = local.lbv6
       hcloud_network = hcloud_network.main.id
       hcloud_token   = var.hcloud_token
+      robot_user     = var.robot_user
+      robot_password = var.robot_password
       labels         = "topology.kubernetes.io/region=${element(var.regions, count.index)}"
     })
   )
diff --git a/hetzner/templates/controlplane.yaml.tpl b/hetzner/templates/controlplane.yaml.tpl
index fefc1f9..73b7cca 100644
--- a/hetzner/templates/controlplane.yaml.tpl
+++ b/hetzner/templates/controlplane.yaml.tpl
@@ -132,6 +132,8 @@ cluster:
         data:
           network: ${base64encode(hcloud_network)}
           token: ${base64encode(hcloud_token)}
+          user: ${base64encode(robot_user)}
+          password: ${base64encode(robot_password)}
   externalCloudProvider:
     enabled: true
     manifests:
diff --git a/hetzner/variables.tf b/hetzner/variables.tf
index 9554fc3..55dcefd 100644
--- a/hetzner/variables.tf
+++ b/hetzner/variables.tf
@@ -5,6 +5,20 @@ variable "hcloud_token" {
   sensitive   = true
 }
 
+variable "robot_user" {
+  description = "The hezner cloud token (export TF_VAR_robot_user=$USER)"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "robot_password" {
+  description = "The hezner cloud token (export TF_VAR_robot_password=$PASSWORD)"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
 variable "regions" {
   description = "The id of the hezner region (oreder is important)"
   type        = list(string)