Hetzner remote provisioning (Beta)

Provisioning a BYOC environment in your Hetzner account

NOTE: Altinity.Cloud support for Bring Your Own Cloud on Hetzner Cloud is currently in beta.

Altinity.Cloud Anywhere operates inside your Hetzner account. We’ll go through the steps required to create a BYOC environment here, including steps that currently can only be handled by Altinity Support.

Setting up a Bring Your Own Cloud environment for Azure involves these steps:

  1. Get an Altinity.Cloud Anywhere account. If you don’t have an account already, follow the steps at the link and come back. (We’ll wait here.)
  2. Create a new project in your Hetzner Cloud account.
  3. Create an API key with read/write privileges in your Hetzner account.
  4. Create a new Altinity.Cloud Anywhere BYOK environment. (Yes, this is Bring Your Own Cloud, but for now, creating a Bring Your Own Kubernetes environment is the process.)
  5. Generate the key that will tie your Hetzner environment and your Altinity.Cloud Anywhere account together.
  6. Contact Altinity Support to complete the configuration.

We’ll cover these steps in detail now.

Create a project in your Hetzner Cloud account

From the Hetzner Cloud Console, go to your list of projects and click the + New Project link at the bottom of the list:

Creating a new project

Figure 1 - Creating a new project

Give your new project a new name and click Add project:

The New Project dialog

Figure 2 - The New Project dialog

In a few seconds, you’ll see your new project in the console:

The new project in the project list

Figure 3 - The new project in the project list

Create an API key with read/write privileges in your Hetzner account

With your server created, you need to create a read/write API key. Click the Security link in the left navigation panel, then API tokens and Generate API token.

In the Generate API token dialog, give your token a name, click the Read & Write radio button, then click the Generate API token button:

The Generate API token dialog

Figure 4 - The Generate API token dialog

Your new token will be created shortly. Click the Click to show link in the text box to see the token. Be sure to make a copy of it somewhere; you won’t be able to see it again in the console.

The new API token

Figure 5 - The new API token

Your new token will show up in the list of tokens. The Prefix column here is the first few characters of the token; once you close the Generate API token dialog, you can never see the entire token again.

The list of API tokens

Figure 6 - The list of API tokens

With your Hetzner environment set up, it’s time to go to the Altinity Cloud Manager (ACM) to create a BYOK environment.

Create a new Altinity.Cloud Anywhere BYOK environment

Log in to your Altinity.Cloud account and click the button to create a new Environment. In the Environment Setup dialog, select Bring Your Own Kubernetes (BYOK):

Creating a Hetzner BYOK environment

Figure 7 - Creating a Hetzner BYOK environment (Yes, BYOK.)

Click OK to start the environment creation process.

Generate the key to tie everything together

The next step is to generate the key that Altinity support needs to complete provisioning. You’ll see this dialog:

Connection information for the Hetzner environment

Figure 8 -Connection information for the Hetzner environment

First, as shown at the top of Figure 8, get the latest version of altinitycloud-connect at https://github.com/Altinity/altinitycloud-connect. The current version as of November 2024 is 0.90.0.

Now ignore the commands in the steps 2 and 3 in Figure 8 and run the following altinitycloud-connect encrypt command instead. You’ll use the value of the token field in step 2 (the text in red in Figure 8) along with the Hetzner API token you generated earlier. The command format here is:

altinitycloud-connect encrypt --token=[token from Figure 8] [Hetzner API token]

Here’s an example:

altinitycloud-connect encrypt 
--token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdGFnaW5nLmFsdGluaXRi 
ZXhwIjoxNzI2OTI1MzU3LCJzdWIiOiJhbHRpbml0eS1taW5pa3VlMiJ9.VA-7717mZ7iVoOwiSZPQ
59PpsOYRkkqoUd0fz301W_C8x3RG2wRqMB0LUqHV8j1s4izgA27_o5V5hEJpAoDP_6qn_HwfGn5EU
78sDN2w1gs6XzbVc3IB0sAYN_L4yYZJcliY4DBswQ1Kt4xlrMKXJIhGmrFYomIUXi7LWOfe2x3nFC
3LLPBaBtrZli1dY2At0Ahux3HL_TsIJ8PNHBMf6wPOcxfH4Sti4WfVjLkpUy0ndWM9GvRBZd6IiPQ
gAIbfPxn7LCuN6D7juEM3hO4lX4Bj3aKw0HHEI9lTynW6GR8DtpQSyxLXWrCveoiihNal_Zrci0r0
OFnTXpDLYpABu_vG636Y97kAoSD_toIU8A59zdruW8tjZqSRf8upBDr5tEfCWn4pSwfAPhVb0h6vx
rjJLeFJrm_mma0VWvxonrWORBtOeDHWWaT21PyC1KE9E_CT6MFe_ExI4aENt4RPGDd2fxPRNEWKCf
xEb5hOx30anJgzuT7-3IcVoS2vg7sbr6zRfAm9LO-zgY-myeWdOUMhE-zhjN9jzKD-IatvA4dJph-
mzs_Ow966_oB7xfi-R6tjQ2pqmWG7zQzscO7NwVJQlt_cY3lDRBOM4D50sqHS0F7AGen35utB9mQ4
VPRye_3V95VeqAtfEgYpI7IbhlcR8Mi3I5_n_cYUq9v-ObU4 
huiY8fONapcaskcMjPlOcjOwY0U1JyvWhhmHUFB966GuqmI6fZaSC2jHm5a7vjRQ

For clarity, we inserted a line break between the end of the Altinity.Cloud token and the start of the Hetzner API token. The (fake) Hetzner API token starts with huiY8f.

This command generates output similar to this:

b385361ddfeab44f55ec440120fa5d.9acf87480aeb8d31408c1481bf6a41bd8a3f8980c23f606
819326345b02c9e823076e637fc14073a20ea09cfa8caf4e4a8ce89a8baae439e224f8533c6ac4
42a4a7183ad1b723ed023b60881f9a9ba89d8ea7ba31e558ed2858df35df2c2cd60a2c89cc59f7
b7a3e788e883e09e814e83c87e60d17f6c9906f0de1f80f4ce5f7de6bfacd63edbdf52536943f9
8cdf0fc3de9660a2a1bdbc5a57e91cfb0cc2001f0764c76f41fa7bd3be4a60fcb6bed5378cf1dd
1726e984616178a8654009064d3cdd96e6cf4f00042f6db27d6769d5fa894265e18ae33024adbc
423ace3ecab66200d8c99a0bb801aef9b6ffcf2ad2042d7c8e9c9a286f341d578e1a3424442e3c
e62aebadf06ff5ed844ba0c589cc32825d458ebb9b182e30c6fb2ea0c358890cf048e3b77c4907
257261565320ccfbf0b2ebc1afba105b05e308f469c04658eea26bc6c6e2448c727a3bdeb83975
0dd2cee3180f61d19890aa483a1513fb6817e1562b3822fd39c1d9c79d233f0f07ba98daf37284
2db03440c0dccf1a30807904c68cde95a16ba152a92b3134764c6378141a217089d19ad89bd520
a61894b3d44a0755dd48a320596468d542cdc42e9737fc7b37a75c38c6acb9831b6b68063e8a57
a39862cd2477a4f32d770324d2f83a81642441b3f64576f0902af248ccc7920c6dd11ee77ac38b
7d072573957ff814f3b34e87892ac16c789cc6d18dc

Copy that output; you’ll need it for the next step.

Contact Altinity support

Everything is ready now, you just need to contact Altinity support to complete the provisioning and configuration process. You’ll need to give Altinity support the output from the altinitycloud-connect encrypt command…but nothing else. Don’t give us your Hetzner API key or any other sensitive information; all we need to complete the Hetzner setup process is the output from the altinitycloud-connect encrypt command.

When your Altinity.Cloud environment is ready

Once everything is set up, take a look at the Altinity Cloud Manager introduction for an overview of the Altinity.Cloud UI, or skip straight to the documentation for the Launch Cluster Wizard to create your first ClickHouse® cluster.