c12s-kubespray/contrib/terraform/hetzner
2022-09-21 16:36:47 +02:00
..
modules flatcar_user 2022-09-21 15:13:20 +02:00
templates Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
default.tfvars add flatcar to hetzner 2022-09-18 23:34:05 +02:00
main.tf add flatcar to hetzner 2022-09-18 23:32:06 +02:00
output.tf Added terraform script for Hetzner cloud (#8053) 2021-10-07 10:11:46 -07:00
README.md add terraform instructions to README.md 2022-09-21 16:36:47 +02:00
variables.tf add ssh variable 2022-09-18 23:48:23 +02:00
versions.tf add flatcar to hetzner 2022-09-18 23:32:06 +02:00

Kubernetes on Hetzner with Terraform

Provision a Kubernetes cluster on Hetzner using Terraform and Kubespray

Overview

The setup looks like following

   Kubernetes cluster
+--------------------------+
|      +--------------+    |
|      | +--------------+  |
| -->  | |              |  |
|      | | Master/etcd  |  |
|      | | node(s)      |  |
|      +-+              |  |
|        +--------------+  |
|              ^           |
|              |           |
|              v           |
|      +--------------+    |
|      | +--------------+  |
| -->  | |              |  |
|      | |    Worker    |  |
|      | |    node(s)   |  |
|      +-+              |  |
|        +--------------+  |
+--------------------------+

The nodes uses a private network for node to node communication and a public interface for all external communication.

Requirements

  • Terraform 0.14.0 or newer

Quickstart

NOTE: Assumes you are at the root of the kubespray repo.

For authentication in your cluster you can use the environment variables.

export HCLOUD_TOKEN=api-token

Copy the cluster configuration file.

CLUSTER=my-hetzner-cluster
cp -r inventory/sample inventory/$CLUSTER
cp contrib/terraform/hetzner/default.tfvars inventory/$CLUSTER/
cd inventory/$CLUSTER

Edit default.tfvars to match your requirement.

NOTE: when you prefer use Flatcar Container Linux instead of the basic Hetzner Images.

cd contrib/terraform/hetzner

Edit main.tf and reactivate the module source = "./modules/kubernetes-cluster-flatcar"and comment out the #source = "./modules/kubernetes-cluster".

activate ssh_private_key_path = var.ssh_private_key_path. The VM boots into Rescue-Mode with the selected image of the var.machines but installs Flatcar instead.

Run Terraform to create the infrastructure.

NOTE: Assumes you are at the root of the kubespray repo.

cd ./kubespray
terraform -chdir=./contrib/terraform/hetzner/ init
terraform -chdir=./contrib/terraform/hetzner/ apply --var-file=../../../inventory/$CLUSTER/default.tfvars

You should now have a inventory file named inventory.ini that you can use with kubespray. You can use the inventory file with kubespray to set up a cluster.

It is a good idea to check that you have basic SSH connectivity to the nodes. You can do that by:

ansible -i inventory.ini -m ping all

You can setup Kubernetes with kubespray using the generated inventory:

ansible-playbook -i inventory.ini ../../cluster.yml -b -v

Cloud controller

For better support with the cloud you can install the hcloud cloud controller and CSI driver.

Please read the instructions in both repos on how to install it.

Teardown

You can teardown your infrastructure using the following Terraform command:

terraform destroy --var-file default.tfvars ../../contrib/terraform/hetzner

Variables

  • prefix: Prefix to add to all resources, if set to "" don't set any prefix
  • ssh_public_keys: List of public SSH keys to install on all machines
  • zone: The zone where to run the cluster
  • network_zone: the network zone where the cluster is running
  • machines: Machines to provision. Key of this object will be used as the name of the machine
    • node_type: The role of this node (master|worker)
    • size: Size of the VM
    • image: The image to use for the VM
  • ssh_whitelist: List of IP ranges (CIDR) that will be allowed to ssh to the nodes
  • api_server_whitelist: List of IP ranges (CIDR) that will be allowed to connect to the API server
  • nodeport_whitelist: List of IP ranges (CIDR) that will be allowed to connect to the kubernetes nodes on port 30000-32767 (kubernetes nodeports)
  • ingress_whitelist: List of IP ranges (CIDR) that will be allowed to connect to kubernetes workers on port 80 and 443