hetzner-k3s 0.5.7 → 0.6.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d75621e1a64fc2a2cc874811aed89a81086943d4099d1f651ee7193f01d1add
-  data.tar.gz: f6b6845cc0701d771701a3ca4551722da0d8fd4e71eb63001974026a266a6a5d
+  metadata.gz: 4d8a90e68ae6fb3b434fb4f65ed00a9508fa405d5d8cf87c8cc45e86c655ec56
+  data.tar.gz: f35647f4e10202a483aa73b79d9c4d7728904978d72943cd7f51ccdb8ff739fe
 SHA512:
-  metadata.gz: 32925df0b7b2d4af9705d8cc563ed34d8dc181ec37c5c7063504a24f56cc383fdb6871d27daa8fb456979db1f6e2310567a122455a5a53894260ba4bb65b1c92
-  data.tar.gz: d8374b7a45ec03331877c8307297be4fade4237ae2c5fc07545631f112106ed74e068a4605bd8414e3a6cc903838c39cad903df4278ab65f49442705b0460e2a
+  metadata.gz: 41ecc26d3b5aaa22b363ff425ef7d0d47a3510aecdc8a8389fd16d2889a77ce278152a20a885a1ba460b19bc07224e1a61c6d3cb8e9f0ee554692f90564a8553
+  data.tar.gz: 37860df2822b9316876814bb8a33df5fbbc087f3c21ef53faf8be35ec56cfbd584bc62db1d1f98558e32d75985fe6d6e0836934838b23d0bb89ffc135a336d08

data/.github/workflows/release.yml

@@ -0,0 +1,32 @@
+name: Release
+
+on:
+  push:
+    tags:
+    - '*'
+
+jobs:
+  mcos:
+    runs-on: macos-12
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '2.7.1'
+
+      - name: Get ruby-packer
+        run: |
+          curl -o rubyc-macos https://github.com/pmq20/ruby-packer/releases/download/darwin-x64/rubyc
+          chmod +x rubyc-macos
+
+      - name: Build for macOS
+        run: |
+          env CC="xcrun clang -mmacosx-version-min=10.10 -Wno-implicit-function-declaration" time ./rubyc-macos -r ./ -o ./hetzner-k3s-macos exe/hetzner-k3s
+          chmod +x hetzner-k3s-macos
+
+      - uses: ncipollo/release-action@v1
+        with:
+          tag: v$(ruby -r ./lib/hetzner/k3s/version -e 'puts Hetzner::K3s::VERSION')
+          artifacts: "hetzner-k3s-macos"
+          token: ${{ secrets.GITHUB_TOKEN }}

data/.gitignore

@@ -11,3 +11,5 @@
 .rspec_status
 /kubeconfig
 /cluster_config.yaml
+dist/hetzner-k3s.jar
+dist/hetzner-k3s

data/.rubocop.yml

@@ -1,4 +1,4 @@
-Gemspec/DateAssignment: # new in 1.10
+Gemspec/DeprecatedAttributeAssignment: # new in 1.10
   Enabled: true
 Gemspec/RequireMFA: # new in 1.23
   Enabled: true

data/.ruby-version

@@ -1 +1 @@
-ruby-3.1.2
+ruby-2.7.1

data/Gemfile

@@ -5,5 +5,16 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in k3s.gemspec
 gemspec
 
-gem 'rake', '~> 12.0'
-gem 'rspec', '~> 3.0'
+# platforms :jruby do
+# gem 'rake', '~> 12.0'
+#   gem 'rspec', '~> 3.0'
+
+#   gem 'childprocess'
+#   gem 'ed25519'
+#   gem 'http'
+#   gem 'jruby-openssl'
+#   gem 'net-ssh'
+#   gem 'sshkey'
+#   gem 'thor'
+#   gem 'http-parser'
+# end

data/Gemfile.lock

@@ -1,90 +1,59 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.5.6)
+    hetzner-k3s (0.5.9)
       bcrypt_pbkdf
+      childprocess
       ed25519
-      http
+      httparty
       net-ssh
       sshkey
-      subprocess
       thor
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.2)
     bcrypt_pbkdf (1.1.0)
-    diff-lcs (1.4.4)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    childprocess (4.1.0)
     ed25519 (1.3.0)
-    ffi (1.15.5)
-    ffi-compiler (1.0.1)
-      ffi (>= 1.0.0)
-      rake
-    http (4.4.1)
-      addressable (~> 2.3)
-      http-cookie (~> 1.0)
-      http-form_data (~> 2.2)
-      http-parser (~> 1.2.0)
-    http-cookie (1.0.4)
-      domain_name (~> 0.5)
-    http-form_data (2.3.0)
-    http-parser (1.2.3)
-      ffi-compiler (>= 1.0, < 2.0)
+    httparty (0.20.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
+    multi_xml (0.6.0)
     net-ssh (6.1.0)
-    parallel (1.21.0)
-    parser (3.1.0.0)
+    parallel (1.20.1)
+    parser (3.1.2.1)
       ast (~> 2.4.1)
-    public_suffix (4.0.6)
     rainbow (3.1.1)
-    rake (12.3.3)
-    regexp_parser (2.2.0)
+    regexp_parser (2.5.0)
     rexml (3.2.5)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
-    rubocop (1.25.1)
+    rubocop (1.12.1)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
+    rubocop-ast (1.4.1)
+      parser (>= 2.7.1.5)
     ruby-progressbar (1.11.0)
     sshkey (2.0.0)
-    subprocess (1.5.5)
     thor (1.2.1)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8)
-    unicode-display_width (2.1.0)
+    unicode-display_width (2.2.0)
 
 PLATFORMS
   ruby
+  x86_64-darwin-21
 
 DEPENDENCIES
   hetzner-k3s!
-  rake (~> 12.0)
-  rspec (~> 3.0)
   rubocop
 
 BUNDLED WITH
-   2.3.14
+   2.3.21

data/README.md

@@ -16,6 +16,8 @@ Using this tool, creating a highly available k3s cluster with 3 masters for the
 
 See roadmap [here](https://github.com/vitobotta/hetzner-k3s/projects/1) for the features planned or in progress.
 
+Also see this [wiki page](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster) for a tutorial on how to set up a cluster with the most common setup to get you started.
+
 ## Requirements
 
 All that is needed to use this tool is
@@ -39,7 +41,12 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.7 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it \
+  -v ${PWD}:/cluster \
+  -v ${HOME}/.ssh:/tmp/.ssh \
+  vitobotta/hetzner-k3s:v0.5.9 \
+  create-cluster \
+  --config-file /cluster/test.yaml
 ```
 
 Replace `test.yaml` with the name of your config file.
@@ -58,6 +65,8 @@ public_ssh_key_path: "~/.ssh/id_rsa.pub"
 private_ssh_key_path: "~/.ssh/id_rsa"
 ssh_allowed_networks:
   - 0.0.0.0/0
+api_allowed_networks:
+  - 0.0.0.0/0
 verify_host_key: false
 location: nbg1
 schedule_workloads_on_masters: false
@@ -97,6 +106,7 @@ enable_encryption: true
 # kube_proxy_args:
 # - arg1
 # - ...
+# existing_network: <specify if you want to use an existing network, otherwise one will be created for this cluster>
 
 ```
 
@@ -136,9 +146,11 @@ curl \
 	'https://api.hetzner.cloud/v1/images'
 ```
 
-Note that if you use a custom image, the creation of the servers may take longer than when using the default image.
+Notes:
 
-Also note: the option `verify_host_key` is by default set to `false` to disable host key verification. This is because sometimes when creating new servers, Hetzner may assign IP addresses that were previously used by other servers you owned in the past. Therefore the host key verification would fail. If you set this option to `true` and this happens, the tool won't be able to continue creating the cluster until you resolve the issue with one of the suggestions it will give you.
+- if you use a custom image, the creation of the servers may take longer than when using the default image
+- the option `verify_host_key` is by default set to `false` to disable host key verification. This is because sometimes when creating new servers, Hetzner may assign IP addresses that were previously used by other servers you owned in the past. Therefore the host key verification would fail. If you set this option to `true` and this happens, the tool won't be able to continue creating the cluster until you resolve the issue with one of the suggestions it will give you
+- the setting `api_allowed_networks` allows specifying which networks can access the Kubernetes API, but this only works with single master clusters currently. Multi-master HA clusters require a load balancer for the API, but load balancers are not yet covered by Hetzner's firewalls.
 
 Finally, to create the cluster run:
 
@@ -164,6 +176,8 @@ The `create-cluster` command can be run any number of times with the same config
 
 To add one or more nodes to a node pool, just change the instance count in the configuration file for that node pool and re-run the create command.
 
+**Important**: if you are increasing the size of a node pool created prior to v0.5.7, please see [this thread](https://github.com/vitobotta/hetzner-k3s/issues/80).
+
 ### Scaling down a node pool
 
 To make a node pool smaller:
@@ -199,16 +213,6 @@ Note that the API server will briefly be unavailable during the upgrade of the c
 
 To check the upgrade progress, run `watch kubectl get nodes -owide`. You will see the masters being upgraded one per time, followed by the worker nodes.
 
-## Upgrade the OS on nodes
-
-The easiest way to upgrade the OS on existing nodes is actually to replace them, as it happens with managed Kubernetes service. To do this:
-
-- drain one node
-- delete the node from Kubernetes
-- delete the node from the Hetzner console
-- re-run the script to recreate the deleted node with an updated OS
-- proceed with the next node
-
 ### What to do if the upgrade doesn't go smoothly
 
 If the upgrade gets stuck for some reason, or it doesn't upgrade all the nodes:
@@ -234,7 +238,8 @@ I have noticed that sometimes I need to re-run the upgrade command a couple of t
 You can also check the logs of the system upgrade controller's pod:
 
 ```bash
-kubectl -n system-upgrade logs -f $(kubectl -n system-upgrade get pod -l pod-template-hash -o jsonpath="{.items[0].metadata.name}")
+kubectl -n system-upgrade \
+  logs -f $(kubectl -n system-upgrade get pod -l pod-template-hash -o jsonpath="{.items[0].metadata.name}")
 ```
 
 A final note about upgrades is that if for some reason the upgrade gets stuck after upgrading the masters and before upgrading the worker nodes, just cleaning up the resources as described above might not be enough. In that case also try running the following to tell the upgrade job for the workers that the masters have already been upgraded, so the upgrade can continue for the workers:
@@ -243,6 +248,15 @@ A final note about upgrades is that if for some reason the upgrade gets stuck af
 kubectl label node <master1> <master2> <master2> plan.upgrade.cattle.io/k3s-server=upgraded
 ```
 
+## Upgrading the OS on nodes
+
+- consider adding a temporary node during the process if you don't have enough spare capacity in the cluster
+- drain one node
+- update etc
+- reboot
+- uncordon
+- proceed with the next node
+
 ## Deleting a cluster
 
 To delete a cluster, running
@@ -277,7 +291,7 @@ I set `load-balancer.hetzner.cloud/hostname` to a valid hostname that I configur
 
 The annotation `load-balancer.hetzner.cloud/use-private-ip: "true"` ensures that the communication between the load balancer and the nodes happens through the private network, so we don't have to open any ports on the nodes (other than the port 6443 for the Kubernetes API server).
 
-The other annotations should be self explanatory. You can find a list of the available annotations here.
+The other annotations should be self explanatory. You can find a list of the available annotations [here](https://pkg.go.dev/github.com/hetznercloud/hcloud-cloud-controller-manager/internal/annotation).
 
 ## Persistent volumes
 
@@ -293,6 +307,10 @@ I recommend that you create a separate Hetzner project for each cluster, because
 
 Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.
 
+Contributors:
+
+- [TitanFighter](https://github.com/TitanFighter) for [this awesome tutorial](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster)
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/bin/build.sh

@@ -2,11 +2,17 @@
 
 set -e
 
-IMAGE="vitobotta/hetzner-k3s"
+# IMAGE="vitobotta/hetzner-k3s"
 
-docker build -t ${IMAGE}:v0.5.7 \
-  --platform=linux/amd64 \
-  --cache-from ${IMAGE}:v0.5.6 \
-  --build-arg BUILDKIT_INLINE_CACHE=1 .
+# docker build -t ${IMAGE}:v0.5.9 \
+#   --platform=linux/amd64 \
+#   --cache-from ${IMAGE}:v0.5.8 \
+#   --build-arg BUILDKIT_INLINE_CACHE=1 .
 
-docker push vitobotta/hetzner-k3s:v0.5.7
+# docker push vitobotta/hetzner-k3s:v0.5.9
+
+warble
+
+echo "#!/usr/bin/env java -jar" > dist/hetzner-k3s
+cat dist/hetzner-k3s.jar >> dist/hetzner-k3s
+chmod +x dist/hetzner-k3s

data/config/warble.rb

@@ -0,0 +1,182 @@
+# Disable Rake-environment-task framework detection by uncommenting/setting to false
+# Warbler.framework_detection = false
+
+# Warbler web application assembly configuration file
+Warbler::Config.new do |config|
+  # Features: additional options controlling how the jar is built.
+  # Currently the following features are supported:
+  # - *gemjar*: package the gem repository in a jar file in WEB-INF/lib
+  # - *executable*: embed a web server and make the war executable
+  # - *runnable*: allows to run bin scripts e.g. `java -jar my.war -S rake -T`
+  # - *compiled*: compile .rb files to .class files
+  config.features = %w(executable runnable compiled)
+
+  # Application directories to be included in the webapp.
+  config.dirs = %w(bin config exe lib)
+
+  # Additional files/directories to include, above those in config.dirs
+  # config.includes = FileList["db"]
+
+  # Additional files/directories to exclude
+  # config.excludes = FileList["lib/tasks/*"]
+
+  # Additional Java .jar files to include.  Note that if .jar files are placed
+  # in lib (and not otherwise excluded) then they need not be mentioned here.
+  # JRuby and JRuby-Rack are pre-loaded in this list.  Be sure to include your
+  # own versions if you directly set the value
+  # config.java_libs += FileList["lib/java/*.jar"]
+
+  # Loose Java classes and miscellaneous files to be included.
+  # config.java_classes = FileList["target/classes/**.*"]
+
+  # One or more pathmaps defining how the java classes should be copied into
+  # the archive. The example pathmap below accompanies the java_classes
+  # configuration above. See http://rake.rubyforge.org/classes/String.html#M000017
+  # for details of how to specify a pathmap.
+  # config.pathmaps.java_classes << "%{target/classes/,}p"
+
+  # Bundler support is built-in. If Warbler finds a Gemfile in the
+  # project directory, it will be used to collect the gems to bundle
+  # in your application. If you wish to explicitly disable this
+  # functionality, uncomment here.
+  config.bundler = true
+
+  # An array of Bundler groups to avoid including in the war file.
+  # Defaults to ["development", "test", "assets"].
+  # config.bundle_without = []
+
+  # Other gems to be included. If you don't use Bundler or a gemspec
+  # file, you need to tell Warbler which gems your application needs
+  # so that they can be packaged in the archive.
+  # For Rails applications, the Rails gems are included by default
+  # unless the vendor/rails directory is present.
+  # config.gems += ["activerecord-jdbcmysql-adapter", "jruby-openssl"]
+  # config.gems << "tzinfo"
+
+  # Uncomment this if you don't want to package rails gem.
+  # config.gems -= ["rails"]
+
+  # The most recent versions of gems are used.
+  # You can specify versions of gems by using a hash assignment:
+  # config.gems["rails"] = "4.2.5"
+
+  # You can also use regexps or Gem::Dependency objects for flexibility or
+  # finer-grained control.
+  # config.gems << /^sinatra-/
+  # config.gems << Gem::Dependency.new("sinatra", "= 1.4.7")
+
+  # Include gem dependencies not mentioned specifically. Default is
+  # true, uncomment to turn off.
+  # config.gem_dependencies = false
+
+  # Array of regular expressions matching relative paths in gems to be
+  # excluded from the war. Defaults to empty, but you can set it like
+  # below, which excludes test files.
+  # config.gem_excludes = [/^(test|spec)\//]
+
+  # Pathmaps for controlling how application files are copied into the archive
+  # config.pathmaps.application = ["WEB-INF/%p"]
+
+  # Name of the archive (without the extension). Defaults to the basename
+  # of the project directory.
+  config.jar_name = "hetzner-k3s"
+
+  # File extension for the archive. Defaults to either 'jar' or 'war'.
+  config.jar_extension = "jar"
+
+  # Destionation for the created archive. Defaults to project's root directory.
+  config.autodeploy_dir = "dist/"
+
+  # Name of the MANIFEST.MF template for the war file. Defaults to a simple
+  # MANIFEST.MF that contains the version of Warbler used to create the war file.
+  # config.manifest_file = "config/MANIFEST.MF"
+
+  # When using the 'compiled' feature and specified, only these Ruby
+  # files will be compiled. Default is to compile all \.rb files in
+  # the application.
+  # config.compiled_ruby_files = FileList['app/**/*.rb']
+
+  # Determines if ruby files in supporting gems will be compiled.
+  # Ignored unless compile feature is used.
+  config.compile_gems = true
+
+  # When set it specify the bytecode version for compiled class files
+  # config.bytecode_version = "1.6"
+
+  # When set to true, Warbler will override the value of ENV['GEM_HOME'] even it
+  # has already been set. When set to false it will use any existing value of
+  # GEM_HOME if it is set.
+  # config.override_gem_home = true
+
+  # Allows for specifing custom executables
+  # config.executable = ["exe/hetzner-k3s"]
+
+  # Sets default (prefixed) parameters for the executables
+  # config.executable_params = "do:something"
+
+  # If set to true, moves jar files into WEB-INF/lib. Prior to version 1.4.2 of Warbler this was done
+  # by default. But since 1.4.2 this config defaults to false. It may need to be set to true for
+  # web servers that do not explode the WAR file.
+  # Alternatively, this option can be set to a regular expression, which will
+  # act as a jar selector -- only jar files that match the pattern will be
+  # included in the archive.
+  # config.move_jars_to_webinf_lib = false
+
+  # === War files only below here ===
+
+  # Embedded webserver to use with the 'executable' feature. Currently supported
+  # webservers are:
+  # - *jetty* - Embedded Jetty from Eclipse
+  # config.webserver = 'jetty'
+
+  # Path to the pre-bundled gem directory inside the war file. Default
+  # is 'WEB-INF/gems'. Specify path if gems are already bundled
+  # before running Warbler. This also sets 'gem.path' inside web.xml.
+  # config.gem_path = "WEB-INF/vendor/bundler_gems"
+
+  # Files for WEB-INF directory (next to web.xml). This contains
+  # web.xml by default. If there is an .erb-File it will be processed
+  # with webxml-config. You may want to exclude this file via
+  # config.excludes.
+  # config.webinf_files += FileList["jboss-web.xml"]
+
+  # Files to be included in the root of the webapp.  Note that files in public
+  # will have the leading 'public/' part of the path stripped during staging.
+  # config.public_html = FileList["public/**/*", "doc/**/*"]
+
+  # Pathmaps for controlling how public HTML files are copied into the .war
+  # config.pathmaps.public_html = ["%{public/,}p"]
+
+  # Value of RAILS_ENV for the webapp -- default as shown below
+  # config.webxml.rails.env = ENV['RAILS_ENV'] || 'production'
+
+  # Public ROOT mapping, by default assets are copied into .war ROOT directory.
+  # config.public.root = ''
+
+  # Application booter to use, either :rack or :rails (autodetected by default)
+  # config.webxml.booter = :rails
+
+  # When using the :rack booter, "Rackup" script to use.
+  # - For 'rackup.path', the value points to the location of the rackup
+  # script in the web archive file. You need to make sure this file
+  # gets included in the war, possibly by adding it to config.includes
+  # or config.webinf_files above.
+  # - For 'rackup', the rackup script you provide as an inline string
+  #   is simply embedded in web.xml.
+  # The script is evaluated in a Rack::Builder to load the application.
+  # Examples:
+  # config.webxml.rackup.path = 'WEB-INF/hello.ru'
+  # config.webxml.rackup = %{require './lib/demo'; run Rack::Adapter::Camping.new(Demo)}
+  # config.webxml.rackup = require 'cgi' && CGI::escapeHTML(File.read("config.ru"))
+
+  # Control the pool of Rails runtimes. Leaving unspecified means
+  # the pool will grow as needed to service requests. It is recommended
+  # that you fix these values when running a production server!
+  # If you're using threadsafe! mode, you probably don't want to set these values,
+  # since 1 runtime(default for threadsafe mode) will be enough.
+  # config.webxml.jruby.min.runtimes = 2
+  # config.webxml.jruby.max.runtimes = 4
+
+  # JNDI data source name
+  # config.webxml.jndi = 'jdbc/rails'
+end

data/exe/hetzner-k3s

@@ -1,4 +1,7 @@
 #!/usr/bin/env ruby
 
+require 'rubygems'
+require 'bundler/setup'
+
 require_relative '../lib/hetzner/k3s/cli'
 Hetzner::K3s::CLI.start

data/hetzner-k3s.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.description   = 'A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.'
   spec.homepage      = 'https://github.com/vitobotta/hetzner-k3s'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 3.1.2')
+  spec.required_ruby_version = Gem::Requirement.new('~> 2.7.1')
 
   # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
 
@@ -20,12 +20,12 @@ Gem::Specification.new do |spec|
   spec.metadata['source_code_uri'] = 'https://github.com/vitobotta/hetzner-k3s'
   spec.metadata['changelog_uri'] = 'https://github.com/vitobotta/hetzner-k3s'
 
-  spec.add_dependency 'bcrypt_pbkdf'
+  spec.add_dependency 'childprocess'
   spec.add_dependency 'ed25519'
-  spec.add_dependency 'http'
+  spec.add_dependency 'httparty'
+  spec.add_dependency 'bcrypt_pbkdf'
   spec.add_dependency 'net-ssh'
   spec.add_dependency 'sshkey'
-  spec.add_dependency 'subprocess'
   spec.add_dependency 'thor'
   spec.add_development_dependency 'rubocop'
 

data/lib/hetzner/infra/client.rb

@@ -12,19 +12,19 @@ module Hetzner
 
     def get(path)
       make_request do
-        JSON.parse HTTP.headers(headers).get(BASE_URI + path).body
+        JSON.parse HTTParty.get(BASE_URI + path, headers: headers).body
       end
     end
 
     def post(path, data)
       make_request do
-        HTTP.headers(headers).post(BASE_URI + path, json: data)
+        HTTParty.post(BASE_URI + path, body: data.to_json, headers: headers)
       end
     end
 
     def delete(path, id)
       make_request do
-        HTTP.headers(headers).delete("#{BASE_URI}#{path}/#{id}")
+        HTTParty.delete("#{BASE_URI}#{path}/#{id}", headers: headers)
       end
     end
 
@@ -32,8 +32,8 @@ module Hetzner
 
     def headers
       {
-        Authorization: "Bearer #{@token}",
-        'Content-Type': 'application/json'
+        'Authorization' => "Bearer #{@token}",
+        'Content-Type' => 'application/json'
       }
     end
 

data/lib/hetzner/infra/firewall.rb

@@ -7,9 +7,10 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create(high_availability:, networks:)
+    def create(high_availability:, ssh_networks:, api_networks:)
       @high_availability = high_availability
-      @networks = networks
+      @ssh_networks = ssh_networks
+      @api_networks = api_networks
       puts
 
       if (firewall = find_firewall)
@@ -47,7 +48,7 @@ module Hetzner
 
     private
 
-    attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :networks
+    attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :ssh_networks, :api_networks
 
     def create_firewall_config
       rules = [
@@ -56,7 +57,7 @@ module Hetzner
           direction: 'in',
           protocol: 'tcp',
           port: '22',
-          source_ips: networks,
+          source_ips: ssh_networks,
           destination_ips: []
         },
         {
@@ -98,17 +99,14 @@ module Hetzner
           direction: 'in',
           protocol: 'tcp',
           port: '6443',
-          source_ips: [
-            '0.0.0.0/0',
-            '::/0'
-          ],
+          source_ips: api_networks,
           destination_ips: []
         }
       end
 
       {
         name: cluster_name,
-        rules:
+        rules: rules
       }
     end
 

data/lib/hetzner/infra/load_balancer.rb

@@ -57,7 +57,7 @@ module Hetzner
           type: 'round_robin'
         },
         load_balancer_type: 'lb11',
-        location:,
+        location: location,
         name: load_balancer_name,
         network: network_id,
         public_interface: true,