Hetzner Components
Reference for every Hetzner Cloud offer in the Fractal Cloud catalogue. Parameters and their required flags are sourced from the agent param contract (FRA-2955); each offer includes a fully-parameterized JSON example.
Network
Network.SaaS.HetznerDnsRecord
A DNS record inside a Hetzner DNS zone. When the value parameter is left empty, the record value is derived from a linked compute peer's public IP (load balancer, floating IP, or cloud server). Depends on a parent Network.SaaS.HetznerDnsZone.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| recordName | Record name relative to the zone | www or @ | Yes |
| recordType | DNS record type | A, AAAA, CNAME, TXT, MX | No |
| value | Record value; leave empty to derive from a linked compute peer's public IP | 203.0.113.10 | No |
| ttl | Record TTL in seconds | 300 | No |
Example (fully parameterized):
{
"type": "Network.SaaS.HetznerDnsRecord",
"parameters": {
"recordName": "www",
"recordType": "A",
"value": "",
"ttl": 300
}
}
Network.SaaS.HetznerDnsZone
A Hetzner DNS zone for a domain. Provisions the zone and exposes its assigned name servers as output fields. The DNS API has no label support, so identity is the zone ID plus exact-name adoption.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Zone name (domain FQDN) | example.com | Yes |
| ttl | Default TTL in seconds for the zone | 86400 | No |
Example (fully parameterized):
{
"type": "Network.SaaS.HetznerDnsZone",
"parameters": {
"name": "example.com",
"ttl": 86400
}
}
NetworkAndCompute
NetworkAndCompute.IaaS.HetznerCertificate
A Hetzner TLS certificate, either managed (Hetzner-issued Let's Encrypt for the given domains) or uploaded (caller supplies PEM material). The type parameter selects the mode and determines which other parameters are required.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Certificate name | web-cert | No |
| type | Certificate type | managed (Let's Encrypt) or uploaded | No |
| domainNames | Comma-separated domain names | example.com,www.example.com | Conditional — required for the managed type |
| certificate | PEM certificate chain | -----BEGIN CERTIFICATE-----... | Conditional — required for the uploaded type |
| privateKey | PEM private key | -----BEGIN PRIVATE KEY-----... | Conditional — required for the uploaded type |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerCertificate",
"parameters": {
"name": "web-cert",
"type": "managed",
"domainNames": "example.com,www.example.com",
"certificate": "",
"privateKey": ""
}
}
NetworkAndCompute.IaaS.HetznerCloudServer
A Hetzner cloud server (virtual machine). Dependencies wire the server into a network, SSH key, and placement group; links to HetznerFirewall components declare firewall membership.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| serverType | Hetzner server type | cx22, cpx31, cax11 | No |
| image | Image name or snapshot ID | ubuntu-24.04 | No |
| location | Hetzner location | fsn1, nbg1, hel1, ash, hil, sin | No |
| userData | Cloud-init user data | #cloud-config\nruncmd:\n - echo hi | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerCloudServer",
"parameters": {
"serverType": "cx22",
"image": "ubuntu-24.04",
"location": "fsn1",
"userData": ""
}
}
NetworkAndCompute.IaaS.HetznerFirewall
A Hetzner firewall, the security group equivalent. Compute components declare membership by linking to it; the server handler applies the firewall at create time. Exposes the canonical managedGroupId output field per the platform managed-SG contract.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Firewall name (defaults to fractal-mgd-{componentId}) | web-tier-fw | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerFirewall",
"parameters": {
"name": "web-tier-fw"
}
}
NetworkAndCompute.IaaS.HetznerFloatingIp
A Hetzner floating IP that can be reassigned between servers. A link to a HetznerCloudServer component assigns the IP to that server (presence is the only signal — no settings required).
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Floating IP name | web-fip | No |
| type | IP address family | ipv4 or ipv6 | No |
| location | Home location for the floating IP | fsn1 | No |
| description | Free-form description | Public entrypoint | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerFloatingIp",
"parameters": {
"name": "web-fip",
"type": "ipv4",
"location": "fsn1",
"description": ""
}
}
NetworkAndCompute.IaaS.HetznerLoadBalancer
A Hetzner load balancer that distributes traffic across backend HetznerCloudServer targets. Listeners and targets are derived from the component's links; a dependency on a HetznerNetwork attaches the LB to a private network so targets are reached over their private IPs.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Load balancer name | web-lb | No |
| type | Hetzner LB type | lb11, lb21, lb31 | No |
| location | Hetzner location | fsn1 | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerLoadBalancer",
"parameters": {
"name": "web-lb",
"type": "lb11",
"location": "fsn1"
}
}
NetworkAndCompute.IaaS.HetznerNetwork
A Hetzner private network, the VPC equivalent. Provides the foundation for private connectivity between servers, load balancers, and subnets.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Network name | core-net | No |
| ipRange | Network CIDR (RFC 1918) | 10.0.0.0/16 | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerNetwork",
"parameters": {
"name": "core-net",
"ipRange": "10.0.0.0/16"
}
}
NetworkAndCompute.IaaS.HetznerPlacementGroup
A Hetzner placement group that controls how member servers are distributed across physical hosts. Only the spread type is supported by Hetzner.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Placement group name | app-spread | No |
| type | Placement group type | spread (only supported value) | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerPlacementGroup",
"parameters": {
"name": "app-spread",
"type": "spread"
}
}
NetworkAndCompute.IaaS.HetznerPrimaryIp
A Hetzner primary IP that attaches to a server's public interface at create time. Primary IPs are datacenter-scoped; when datacenter is omitted, it is derived from the resolved location's canonical datacenter.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Primary IP name | web-primary-ip | No |
| type | IP address family | ipv4 or ipv6 | No |
| datacenter | Hetzner datacenter | fsn1-dc14 | No |
| autoDelete | Delete the IP when its assigned server is deleted | false | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerPrimaryIp",
"parameters": {
"name": "web-primary-ip",
"type": "ipv4",
"datacenter": "fsn1-dc14",
"autoDelete": false
}
}
NetworkAndCompute.IaaS.HetznerSnapshot
A server snapshot, a Hetzner image of type snapshot. Taken once from the source HetznerCloudServer dependency; later reconciles only verify the image still exists. Depends on a HetznerCloudServer.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| description | Snapshot description | nightly-app-image | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerSnapshot",
"parameters": {
"description": "nightly-app-image"
}
}
NetworkAndCompute.IaaS.HetznerSshKey
An SSH key registered in the Hetzner project. Servers reference it via a dependency to inject the public key at create time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | SSH key name | deploy-key | No |
| publicKey | OpenSSH public key material | ssh-ed25519 AAAAC3Nza... user@host | Yes |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerSshKey",
"parameters": {
"name": "deploy-key",
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIExampleKeyMaterial user@host"
}
}
NetworkAndCompute.IaaS.HetznerSubnet
A subnet inside a Hetzner network. Hetzner subnets are sub-resources with no own ID or labels; identity is the CIDR within the parent network and ownership is inherited from it. Depends on a HetznerNetwork.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| cidrBlock | Subnet CIDR within the parent network range | 10.0.1.0/24 | Yes |
| networkZone | Hetzner network zone | eu-central | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.HetznerSubnet",
"parameters": {
"cidrBlock": "10.0.1.0/24",
"networkZone": "eu-central"
}
}
Storage
Storage.IaaS.HetznerBlockStorage
An attachable Hetzner block-storage volume. A dependency on a HetznerCloudServer attaches the volume to that server.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Volume name | data-vol | No |
| size | Size in GB (minimum 10) | 10 | No |
| location | Hetzner location | fsn1 | No |
| format | Filesystem format; empty leaves the volume unformatted | ext4, xfs | No |
Example (fully parameterized):
{
"type": "Storage.IaaS.HetznerBlockStorage",
"parameters": {
"name": "data-vol",
"size": 10,
"location": "fsn1",
"format": ""
}
}
Storage.PaaS.HetznerObjectStorageBucket
An S3 bucket on Hetzner Object Storage. The service is S3-only with no management API or labels, so the agent never adopts buckets it did not create and bucket identity is the globally unique name per location.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Bucket name (lowercase, globally unique per location) | my-data-bucket | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.HetznerObjectStorageBucket",
"parameters": {
"name": "my-data-bucket"
}
}
Storage.PaaS.HetznerStorageBox
A Hetzner Storage Box providing managed file-share storage (SMB/FTP/SSH access). The Storage Box API supports labels, so the Component Management Protocol applies.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| name | Storage box name | backups-box | No |
| type | Storage box type | bx11, bx21, bx31, bx41 | No |
| location | Hetzner location | fsn1, nbg1, hel1 | No |
| password | Initial access password | s3cr3t-passw0rd | Yes |
Example (fully parameterized):
{
"type": "Storage.PaaS.HetznerStorageBox",
"parameters": {
"name": "backups-box",
"type": "bx11",
"location": "fsn1",
"password": "s3cr3t-passw0rd"
}
}