Skip to content

fix(hetzner): truncate schematic label to 63 chars and expand ~ in kubeconfig path#4647

Open
Copilot wants to merge 2 commits intomainfrom
copilot/fix-hetzner-autoscaler-issue
Open

fix(hetzner): truncate schematic label to 63 chars and expand ~ in kubeconfig path#4647
Copilot wants to merge 2 commits intomainfrom
copilot/fix-hetzner-autoscaler-issue

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 7, 2026
edited
Loading

Two bugs prevent ksail cluster update from creating the autoscaler config secret on Hetzner clusters.

Schematic label exceeds Hetzner's 63-char limit

Talos factory schematic IDs are SHA256 hex digests (64 chars). Hetzner Cloud label values are capped at 63 chars, so the label selector is rejected.

  • Added SchematicLabelValue() to labels.go that truncates to 63 chars
  • Applied in snapshot.go for both label creation and selector queries
  • Full schematic ID still used for the factory image URL

~ not expanded before EvalCanonicalPath

ensureHcloudSecret and ensureAutoscalerSecret pass ~/.kube/config directly to EvalCanonicalPath, which calls filepath.Abs — this does not expand ~, producing <cwd>/~/.kube/config.

  • Added fsutil.ExpandHomePath before EvalCanonicalPath in both functions, matching the existing pattern in writeKubeconfig

Copilot AI review requested due to automatic review settings May 7, 2026 22:36
Copilot AI review requested due to automatic review settings May 7, 2026 22:36
@github-project-automation github-project-automation Bot moved this to 🫴 Ready in 🌊 Project Board May 7, 2026
Copilot AI linked an issue May 7, 2026 that may be closed by this pull request
fix(hetzner): autoscaler blocked by 64-char schematic label and unexpanded ~ in kubeconfig path #4646
Open
@devantler
fix(hetzner): truncate schematic label to 63 chars and expand ~ in ku…
49a3a45 
…beconfig path

Agent-Logs-Url: https://github.com/devantler-tech/ksail/sessions/91b58726-f6a6-49a0-80dc-e3ae777e4be9

Co-authored-by: devantler <26203420+devantler@users.noreply.github.com>
Copilot AI requested review from Copilot and removed request for Copilot May 7, 2026 22:47
Copilot AI changed the title [WIP] Fix autoscaler block due to 64-char schematic label in Hetzner fix(hetzner): truncate schematic label to 63 chars and expand ~ in kubeconfig path May 7, 2026
Copilot AI requested a review from devantler May 7, 2026 22:53
This was referenced May 8, 2026
Open
Open
@devantler devantler marked this pull request as ready for review May 8, 2026 06:01
Copilot AI review requested due to automatic review settings May 8, 2026 06:01
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026

MegaLinter analysis: Success

✅ Linters with no issues

actionlint, git_diff, hadolint, jscpd, jsonlint, lychee, markdown-table-formatter, markdownlint, prettier, prettier, stylelint, syft, trivy-sbom, trufflehog, v8r, v8r, yamllint

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes two Hetzner/Talos update-path bugs that prevented ksail cluster update from successfully finding/creating the autoscaler-related secrets and snapshot resources by ensuring Hetzner label constraints and kubeconfig path resolution are handled correctly.

Changes:

  • Truncate Talos factory schematic IDs to Hetzner’s 63-character label value limit via SchematicLabelValue() and use it consistently for snapshot label creation and label-selector queries.
  • Expand ~ in kubeconfig paths before canonicalization in the Hetzner Talos provisioner’s secret-ensuring helpers.
  • Add focused unit tests covering schematic truncation behavior and ensuring snapshot lookup uses the truncated label value.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/svc/provisioner/cluster/talos/provisioner_hetzner.go Expands ~ before EvalCanonicalPath when creating kubeclients for Hetzner autoscaler-related secrets.
pkg/svc/provider/hetzner/snapshot.go Applies schematic label truncation for snapshot labels and snapshot lookup selectors.
pkg/svc/provider/hetzner/snapshot_test.go Adds coverage ensuring SHA256-length schematic IDs are truncated in label selectors and snapshot reuse works.
pkg/svc/provider/hetzner/labels.go Introduces SchematicLabelValue() and documents Hetzner label value length constraint.
pkg/svc/provider/hetzner/labels_test.go Adds table-driven tests for SchematicLabelValue() truncation behavior.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 8, 2026

Codecov Report

❌ Patch coverage is 42.85714% with 8 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...c/provisioner/cluster/talos/provisioner_hetzner.go 0.00% 8 Missing ⚠️

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@devantler devantler Awaiting requested review from devantler devantler is a code owner

Assignees

@devantler devantler

Copilot code review Copilot

Labels

None yet

Projects

🌊 Project Board
Status: 🫴 Ready

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(hetzner): autoscaler blocked by 64-char schematic label and unexpanded ~ in kubeconfig path

3 participants

@devantler