search

jenkinsci / hetzner-cloud-plugin

Hetzner cloud integration for Jenkins
https://plugins.jenkins.io/hetzner-cloud/
Apache License 2.0
24 stars 8 forks source link

Support "Primary IPs" feature #39

Closed WalBeh closed 2 years ago

WalBeh commented 2 years ago

What feature do you want to see added?

Dear Richard,

first things first: Thank you very much for conceiving and maintaining this excellent Jenkins plugin.

Introduction

We recently found out about the new "Primary IPs" feature [1,2] and wanted to share our thoughts how it could be used to improve this plugin.

The background of this is: We would like to employ IP-based restrictions from/to the runner machines, but there is no way to find out about Hetzner's IP ranges. Submitting a support request did not help either.

So, the recently introduced feature on the HCloud API resonated well with us. When it would be used from hetzner-cloud-plugin, it could serve the purpose of only allocating IP addresses from a defined set/range.

How?

We would pre-create the IP addresses and put a label on them, similar to the filesystem image labeling. Using a query like outlined below, the plugin could inquire the list of available IP addresses for a specific label and datacenter. The IP address identifier from the response can then be used on the "Create Server" API [3] with the public_net.ipv4 parameter.

curl --silent --header "Authorization: Bearer $HCLOUD_TOKEN" \
    'https://api.hetzner.cloud/v1/primary_ips?label_selector=jenkins' \
    | jq '[ .primary_ips[] | select(.assignee_id == null and .datacenter.location.name == "fsn1") | { id: .id, address: .ip } ]'

[
  {
    "id": 8760218,
    "address": "117.203.24.230"
  },
  {
    "id": 8760668,
    "address": "168.236.236.254"
  }
]

Details

Probably, when implementing this feature, there would be another configurable option flag (maybe just a bool) needed for the unhappy path: When there are no IP addresses available from the inquiry outlined above, either croak, or fall back to runner creation without designated IP address, like beforehand.

Thoughts

It would be nice if Hetzner would extend their API to do the filtering by label, datacenter, and assignedness on the server side already. We will forward a corresponding feature request to them. Unless it is implemented, the filtering would have to be done on the client side, like outlined in the jq expression.

What do you think about it?

Keep up the spirit and with kind regards, Walter.

[1] https://docs.hetzner.com/cloud/servers/primary-ips/overview [2] https://docs.hetzner.cloud/#primary-ips [3] https://docs.hetzner.cloud/#servers-create-a-server

Upstream changes

No response

rkosegi commented 2 years ago

Hi Walter,

thanks for interesting idea :+1: I need get familiar with these new Hetzner features first, but it looks pretty doable on first sight :wink:

Will look into it soon.

amotl commented 2 years ago

Dear Richard,

wow, that was fast. Thank you so much for that turbocharged turnaround on this matter. We will test the new feature soon!

With kind regards, Andreas.