Closes#921 — bp-cluster-autoscaler-hcloud chart shipped without
HCLOUD_CLUSTER_CONFIG / HCLOUD_CLOUD_INIT, so cluster-autoscaler 1.32.x
FATALs at startup with "HCLOUD_CLUSTER_CONFIG or HCLOUD_CLOUD_INIT is
not specified" on every Sovereign (otech112 evidence). HelmRelease
reports Ready=True (Helm install succeeded) but the Pod
CrashLoopBackOffs invisibly behind the False-positive condition.
Closes#916 — wizard let operators dispatch unbuildable topologies
(otech109: cpx32 worker in `ash`) because PROVIDER_NODE_SIZES did not
encode regional orderability. Hetzner rejected the worker creation 41s
into `tofu apply` after Phase-0 had already created the CP + network +
LB + firewall.
Chart fix (issue #921):
- Add `clusterAutoscalerHcloud.{clusterConfig,cloudInit}` values to the
umbrella chart (base64-encoded per upstream contract).
- Render `hetzner-node-config` Secret unconditionally with both keys so
the upstream Deployment's secretKeyRef references resolve cleanly
during `helm template` AND in the live cluster regardless of overlay
state.
- Wire HCLOUD_CLUSTER_CONFIG + HCLOUD_CLOUD_INIT extraEnvSecrets onto
the upstream chart's deployment.
- Tofu Phase 0 base64-encodes the Phase-0 worker cloud-init and stamps
it under `flux-system/cloud-credentials.hcloud-cloud-init`; the
bootstrap-kit overlay lifts that key via Flux `valuesFrom` into
`clusterAutoscalerHcloud.cloudInit`. Autoscaler-spawned workers thus
receive the IDENTICAL bootstrap as the Phase-0 worker fleet.
- Bump bp-cluster-autoscaler-hcloud chart 1.0.0 → 1.1.0.
- Chart-test smoke gate (chart/tests/hetzner-node-config.sh) verifies
Secret + env var wiring + no-regression of HCLOUD_TOKEN — runs in CI's
blueprint-release "Run chart integration tests" step.
Wizard fix (issue #916):
- Add `availableRegions?: string[]` to NodeSize interface; encode
cpx32 = ['fsn1','nbg1','hel1'], cpx21/cpx31 = [] (orderable nowhere
new) per Hetzner /v1/server_types vs POST /v1/servers gap.
- Add `isSkuAvailableInRegion()` + `suggestAlternativeSkus()` helpers.
- StepProvider filters SKU dropdowns by selected region; auto-swaps
current SKU to recommended default when region change drops it out
of orderability.
- Mirror the matrix Go-side in sku_availability.go; gate
`provisioner.Request.Validate()` with same predicate so a stale
wizard build OR direct API caller bypassing the UI cannot dispatch
otech109's failure mode.
- Two-sided enforcement covers both r.Regions[] (multi-region) and the
legacy singular path.
Tests: 13 vitest cases on the wizard side + 38 Go subtests on the API
side. Chart smoke renders + helm template gates the env wiring at
publish time.
Co-authored-by: hatiyildiz <hati.yildiz@openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d1431bed09