c12s-kubespray/contrib/terraform/hetzner
Anthony Bible 9dced7133c
Fixes for Hetzner terraform and Hetzner Cloud (#8702)
* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini

* - Add with_networks variable to allow different deployments of hcloud controller manager

- Add network id to hcloud controller secret (added via the inventory)

- Don't include extra_args if it's not set
2022-04-11 10:26:06 -07:00
..
modules/kubernetes-cluster Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
templates Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
default.tfvars Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
main.tf Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
output.tf Added terraform script for Hetzner cloud (#8053) 2021-10-07 10:11:46 -07:00
README.md Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
variables.tf Fixes for Hetzner terraform and Hetzner Cloud (#8702) 2022-04-11 10:26:06 -07:00
versions.tf Added terraform script for Hetzner cloud (#8053) 2021-10-07 10:11:46 -07:00

Kubernetes on Hetzner with Terraform

Provision a Kubernetes cluster on Hetzner using Terraform and Kubespray

Overview

The setup looks like following

   Kubernetes cluster
+--------------------------+
|      +--------------+    |
|      | +--------------+  |
| -->  | |              |  |
|      | | Master/etcd  |  |
|      | | node(s)      |  |
|      +-+              |  |
|        +--------------+  |
|              ^           |
|              |           |
|              v           |
|      +--------------+    |
|      | +--------------+  |
| -->  | |              |  |
|      | |    Worker    |  |
|      | |    node(s)   |  |
|      +-+              |  |
|        +--------------+  |
+--------------------------+

The nodes uses a private network for node to node communication and a public interface for all external communication.

Requirements

  • Terraform 0.14.0 or newer

Quickstart

NOTE: Assumes you are at the root of the kubespray repo.

For authentication in your cluster you can use the environment variables.

export HCLOUD_TOKEN=api-token

Copy the cluster configuration file.

CLUSTER=my-hetzner-cluster
cp -r inventory/sample inventory/$CLUSTER
cp contrib/terraform/hetzner/default.tfvars inventory/$CLUSTER/
cd inventory/$CLUSTER

Edit default.tfvars to match your requirement.

Run Terraform to create the infrastructure.

terraform init ../../contrib/terraform/hetzner
terraform apply --var-file default.tfvars ../../contrib/terraform/hetzner/

You should now have a inventory file named inventory.ini that you can use with kubespray. You can use the inventory file with kubespray to set up a cluster.

It is a good idea to check that you have basic SSH connectivity to the nodes. You can do that by:

ansible -i inventory.ini -m ping all

You can setup Kubernetes with kubespray using the generated inventory:

ansible-playbook -i inventory.ini ../../cluster.yml -b -v

Cloud controller

For better support with the cloud you can install the hcloud cloud controller and CSI driver.

Please read the instructions in both repos on how to install it.

Teardown

You can teardown your infrastructure using the following Terraform command:

terraform destroy --var-file default.tfvars ../../contrib/terraform/hetzner

Variables

  • prefix: Prefix to add to all resources, if set to "" don't set any prefix
  • ssh_public_keys: List of public SSH keys to install on all machines
  • zone: The zone where to run the cluster
  • network_zone: the network zone where the cluster is running
  • machines: Machines to provision. Key of this object will be used as the name of the machine
    • node_type: The role of this node (master|worker)
    • size: Size of the VM
    • image: The image to use for the VM
  • ssh_whitelist: List of IP ranges (CIDR) that will be allowed to ssh to the nodes
  • api_server_whitelist: List of IP ranges (CIDR) that will be allowed to connect to the API server
  • nodeport_whitelist: List of IP ranges (CIDR) that will be allowed to connect to the kubernetes nodes on port 30000-32767 (kubernetes nodeports)
  • ingress_whitelist: List of IP ranges (CIDR) that will be allowed to connect to kubernetes workers on port 80 and 443