Skip to content
/ mbrc Public template

This project leverages Terraform to automate the deployment of a Kubernetes cluster in HA mode on the Hetzner using the Talos OS

License

Apache-2.0 license
47 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

masterbpro/mbrc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
kubernetes
kubernetes
 
 
terraform
terraform
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

mbrc

terraform k8s terraform helm cloudflare

This repository enable easy deployment of Kubernetes clusters on Hetzner Cloud using Talos OS and Terraform. Benefit from scalable, and automated setup, leveraging infrastructure as core principles for efficient management. Simplify Kubernetes deployment and focus on your applications with confidence.

Terminology

Terminology Meaning
CPN Control Plane Node
WKN Worker Kubernetes Node

0. Install tools

brew install age
brew install terraform
curl -sL https://talos.dev/install | sh
brew install kubectl

1. Prepare environments variables

# you need change values before execute command
cat << EOF > terraform/terraform.tfvars
hcloud_token = "YOUR_TOKEN_FROM_HETZNER"
hcloud_image = 1234567890
wkn_count    = 0
EOF

2. Create private and public key for SOPS

age-keygen -o age.agekey &&
age_pubkey=$(awk '/^# public key:/{print $NF}' age.agekey) &&
echo "
creation_rules:
  - path_regex: .*.ya?ml
    encrypted_regex: ^(data|stringData)$
    age: $age_pubkey" > .sops.yaml

Next, you'll need to include .sops.yaml in your repository. This step is crucial to allow other project contributors to encrypt their secrets using the public key. Remember, keep the age.agekey private key secure.

3. Create k8s cluster

Before enter command bellow you need prepare Talos snapshot in Hetzner Cloud. For this, you can use official instruction. You have to give the name of the snapshot talos-1.15

terraform init
terraform apply

4. Save kubeconfig & talosconfig to local machine

# Warning! This command remove yours old configurations (if their exists)

terraform output -raw talosconfig > ~/.talos/config
terraform output -raw kubeconfig > ~/.kube/config

5. Done 🎉

# you can check cluster status via `kubectl get nodes`.
# Output will be something like this:

(base) user@host terraform % kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION
cpn-00   Ready    control-plane   25m   v1.28.1
cpn-01   Ready    control-plane   25m   v1.28.1
cpn-02   Ready    control-plane   25m   v1.28.1
SOPS Example 
# db-auth.yaml
apiVersion: v1
kind: Secret
metadata:
  name: db-auth
  namespace: default
type: Opaque
data:
  DB_NAME: cG9zdGdyZXM=
  DB_HOST: MTI3LjAuMC4x
  DB_PORT: NTQzMg==
  DB_USERNAME: cG9zdGdyZXM=
  DB_PASSWORD: c3VwZXJTZWNyZXRQYXNzb3dyZA==
# You can encrypt any files by using the .sops.yaml file.
sops -e -i db-auth.yaml

# You can decrypt it only if you have the age.agekey file.
export SOPS_AGE_KEY_FILE=age.agekey
sops -i -d db-auth.yaml.yaml
FluxCD Example 
export GITHUB_TOKEN=ghp-xyz
flux bootstrap github --owner=ownerName --repository=mbrc --path=kubernetes/flux
export GITLAB_TOKEN=glpat-xyz
flux bootstrap gitlab --owner=groupName --repository=mbrc --path=kubernetes/flux

About

This project leverages Terraform to automate the deployment of a Kubernetes cluster in HA mode on the Hetzner using the Talos OS

Topics

terraform k8s talos hetzner hetzner-cloud

Resources

Readme

License

Apache-2.0 license
Activity

Stars

47 stars

Watchers

2 watching

Forks

4 forks
Report repository

Contributors 2

Languages