## Introduction

Hetzner has two offerings: Hetzner Robot (bare metal) and Hetzner Cloud (virtualized). The Syself Autopilot supports both of them. Please make sure you configure the connection for both Hcloud and Robot.

## Step 1: Create Hetzner Project

{% youtube id="1TPaZicCzrc" background="/images/thumbnails/create-a-project-on-hetzner.avif" /%}

We assume that you have an account at [Hetzner](https://www.hetzner.com/).

Please create a new project via [Hetzner Cloud Console](https://console.hetzner.cloud/projects).

## Step 2: Create API Token

{% youtube id="jrIEBbGmjGE" background="/images/thumbnails/adding-api-token-on-hetzner.avif" /%}

Create an API token inside your Hetzner project with read and write permissions. Store it somewhere safe, we'll be using it in later steps.

## Step 3: Upload SSH key to Hetzner Cloud

{% youtube id="NbRkBZc616w" background="/images/thumbnails/adding-ssh-key-to-hcloud.avif" /%}

1. Create a new SSH key, for example by using this command:

   {% terminal height="5rem" steps="[\"ssh-keygen -t ed25519 -C 'autopilot'\"]" /%}

2. Upload the public key to the Hetzner project.

## Step 4: Setting up a user for Hetzner Robot (bare metal)

{% youtube id="tLrJLj6Ag8E" background="/images/thumbnails/create-robot-user-and-password-on-hetzner.avif" /%}

The Robot User is needed for managing bare metal machines. You can create one like this:

1. Go to [robot.hetzner.com](https://robot.hetzner.com/)
1. Go to "Settings" (behind "👤")
1. Go to "Webservice and app settings"
1. Configure "Webservice/app user"

## Step 5: Store all values in environment variables

Store all values that you gathered during the steps above in environment variables.

```shell
export KUBECONFIG=/optional/path/to/your/management/cluster/kubeconfig
export HCLOUD_TOKEN=<your-hetzner-api-token>
export SSH_KEY_NAME=<ssh-key-name>
export HETZNER_SSH_PUB_PATH=/path/to/file/<ssh-key-name>.pub
export HETZNER_SSH_PRIV_PATH=/path/to/file/<ssh-key-name>
export HETZNER_ROBOT_USER=<robot-user>
export HETZNER_ROBOT_PASSWORD=<robot-password>
```

You can use "echo", for example `echo $SSH_KEY_NAME`, to ensure that the values are set correctly.

## Step 6: Create Secrets in Management Cluster

To create Kubernetes clusters in your Hetzner account, you need to create secrets in the management cluster.

### Secret for accessing Hetzner API

Create the secret "hetzner" in the following way:

{% terminal height="17rem" steps="[{\"command\":\"kubectl create secret generic hetzner \\\\\\n--from-literal=hcloud=$HCLOUD_TOKEN \\\\\\n--from-literal=robot-user=$HETZNER_ROBOT_USER \\\\\\n--from-literal=robot-password=$HETZNER_ROBOT_PASSWORD \\\\\\n--from-literal=hcloud-ssh-key-name=$SSH_KEY_NAME\",\"output\":\"secret/hetzner created\"},{\"command\":\"kubectl get secrets\",\"output\":\"NAME                           TYPE                                  DATA   AGE\\nhetzner                        Opaque                                4      5s\"}]" /%}

### Secret for bare metal servers

![Hetzner UI showing how to add Robot SSH to Management Cluster](/images/hetzner-add-robot-ssh-key-management-cluster.avif)

Bare metal servers get provisioned with SSH. Therefore, you need to create another secret:

{% terminal height="23rem" steps="[\"export SSH_KEY_NAME=autopilot\",\"export HETZNER_SSH_PUB_PATH=~/.ssh/autopilot.pub\",\"export HETZNER_SSH_PRIV_PATH=~/.ssh/autopilot\",{\"command\":\"kubectl create secret generic robot-ssh \\\\\\n--from-literal=sshkey-name=$SSH_KEY_NAME \\\\\\n--from-file=ssh-privatekey=$HETZNER_SSH_PRIV_PATH \\\\\\n--from-file=ssh-publickey=$HETZNER_SSH_PUB_PATH\",\"output\":\"secret/robot-ssh created\"},{\"command\":\"kubectl get secrets\",\"output\":\"NAME                           TYPE                                  DATA   AGE\\nhetzner                        Opaque                                4      4m56s\\nrobot-ssh                      Opaque                                3      5s\"}]" /%}

Via `kubectl get secrets` you can check that the secrets got created as intended.