Terraform and Ansible setup for provisioning a K3s cluster using Hetzner Cloud infrastructure.
-
Ubuntu 20.04, k3s 1.23,
-
Multiple supported CNI's:
- calico 3.21, using Hetzner's Private Network for node-to-node traffic,
- built-in flannel CNI (host-gw) + k3s NetworkPolicy controller, using Hetzner's Private Network for node-to-node traffic,
-
Support for HA control plane setups (Optional),
- k3s with embedded etcd,
- Every master node runs all control plane components (etcd, apiserver, scheduler, controller-manager),
- Multiple options for external HA access to apiserver:
- Hetzner Loadbalancer,
- Keepalived + HAProxy + Hetzner Floating IP,
- Keepalived + HAProxy + private network (only inside private network),
- None (if you want to use DNS or don't need HA for external clients),
-
Full PV support using Hetzner Volumes (via CSI driver, optional addon) or k3s local volume provisioner,
-
Full LoadBalancer services support, using one of two options:
- Hetzner Load Balancer
- Hetzner Floating IP - using MetalLB + HCloud IP Floater
-
Basic firewall setup to protect provisioned instances, supported options include:
- Hetzner Cloud Firewall,
- iptables setup on nodes,
- Both of them at once or none of them.
-
Support for various optional addons:
- MetalLB + HCloud IP Floater
-
Support for upgrading and scaling up the master/worker nodes
-
Terraform 0.13 or newer (tested on 1.1),
-
Ansible 2.9 or newer,
-
Hetzner Cloud API key,
-
SSH key registered in Hetzner Cloud.
Copy examples/example.tfvars to terraform/terraform.tfvars. Customize it as needed, then provision cluster using:
export HCLOUD_TOKEN="YOUR HETZNER TOKEN"
cd terraform
terraform apply
cd ../ansible
ansible-playbook -i inventory/hosts.ini cluster-setup.yml
Available Terraform variables are defined in terraform/variables.tf file.
Example configurations are available in examples directory.