{"id":13464722,"url":"https://github.com/hobby-kube/provisioning","last_synced_at":"2025-10-19T04:00:16.254Z","repository":{"id":20050906,"uuid":"88660055","full_name":"hobby-kube/provisioning","owner":"hobby-kube","description":"Kubernetes cluster provisioning using Terraform.","archived":false,"fork":false,"pushed_at":"2025-02-20T07:55:11.000Z","size":137,"stargazers_count":322,"open_issues_count":6,"forks_count":111,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-04-01T04:53:30.413Z","etag":null,"topics":["automation","guide","kubernetes","provisioning","secure","setup","terraform"],"latest_commit_sha":null,"homepage":"https://hobby-kube.dev/guide","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hobby-kube.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/ufw/main.tf","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"pstadler"}},"created_at":"2017-04-18T18:58:02.000Z","updated_at":"2025-02-20T07:55:15.000Z","dependencies_parsed_at":"2023-02-13T22:16:04.395Z","dependency_job_id":"a4c0a067-2a71-438a-90b4-e817608f9635","html_url":"https://github.com/hobby-kube/provisioning","commit_stats":{"total_commits":88,"total_committers":26,"mean_commits":"3.3846153846153846","dds":"0.48863636363636365","last_synced_commit":"15cc2970c12c7c67b79d22b637c873510e9e0107"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hobby-kube%2Fprovisioning","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hobby-kube%2Fprovisioning/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hobby-kube%2Fprovisioning/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hobby-kube%2Fprovisioning/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hobby-kube","download_url":"https://codeload.github.com/hobby-kube/provisioning/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247796331,"owners_count":20997552,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","guide","kubernetes","provisioning","secure","setup","terraform"],"created_at":"2024-07-31T14:00:49.300Z","updated_at":"2025-10-19T04:00:11.181Z","avatar_url":"https://github.com/hobby-kube.png","language":"HCL","funding_links":["https://github.com/sponsors/pstadler"],"categories":["HCL","automation"],"sub_categories":[],"readme":"# Kubernetes cluster setup automation\n\n\u003e This is part of the Hobby Kube project. Functionality of the modules is described in the [guide](https://github.com/hobby-kube/guide).\n\nDeploy a secure Kubernetes cluster on [Hetzner Cloud](https://www.hetzner.com/cloud), [Scaleway](https://www.scaleway.com/), [DigitalOcean](https://www.digitalocean.com/) or [Packet](https://www.packet.com/) using [Terraform](https://www.terraform.io/).\n\n## Setup\n\n### Requirements\n\nThe following packages are required to be installed locally:\n\n```sh\nbrew install terraform kubectl jq wireguard-tools\n```\n\nModules are using ssh-agent for remote operations. Add your SSH key with `ssh-add -K` if Terraform repeatedly fails to connect to remote hosts.\n\n### Configuration\n\n**Important:** Modify only [main.tf](main.tf) in project root, comment or uncomment sections as needed. All variables in [variables.tf](variables.tf) can be set\neither directly or from environment variable.\n\nExport the following environment variables depending on the modules you're using:\n\n#### Set number of hosts (nodes)\n\n```sh\nexport TF_VAR_node_count=3\n```\n\n#### Set number of etcd members\n\nThe first N nodes will be part of the etcd cluster.\n3 or 5 are good values, see [here](https://coreos.com/etcd/docs/latest/faq.html#system-requirements).\n\n```sh\nexport TF_VAR_etcd_node_count=3\n```\n\n#### Using Hetzner Cloud as provider\n\n```sh\nexport TF_VAR_hcloud_token=\u003ctoken\u003e\nexport TF_VAR_hcloud_ssh_keys=\u003ckeys\u003e\nexport TF_VAR_hcloud_ssh_keys='[\"\u003cdescription-key1\u003e\", \"\u003cdescription-key2\u003e\"]'\n# Defaults:\n# export TF_VAR_hcloud_location=\"nbg1\"\n# export TF_VAR_hcloud_type=\"cx22\"\n# export TF_VAR_hcloud_image=\"ubuntu-24.04\"\n```\n\nSSH keys are referenced by their description. Visit the Hetzner Cloud console at\n`https://console.hetzner.cloud/projects/\u003cproject-id\u003e/access/sshkeys`\n\n#### Using Scaleway as provider\n\n```sh\nexport TF_VAR_scaleway_organization_id=\u003corganization_id\u003e\nexport TF_VAR_scaleway_access_key=\u003caccess_key\u003e # can be omitted for now\nexport TF_VAR_scaleway_secret_key=\u003csecret_key\u003e\n# Defaults:\n# export TF_VAR_scaleway_zone=\"nl-ams-1\"\n# export TF_VAR_scaleway_type=\"DEV1-S\"\n# export TF_VAR_scaleway_image=\"Ubuntu 24.04 Noble Numbat\"\n# export TF_VAR_scaleway_image_architecture=\"x86_64\"\n```\n\n#### Using DigitalOcean as provider\n\n```sh\nexport TF_VAR_digitalocean_token=\u003ctoken\u003e\nexport TF_VAR_digitalocean_ssh_keys=\u003ckeys\u003e\nexport TF_VAR_digitalocean_ssh_keys='[\"\u003cid-key1\u003e\", \"\u003cid-key2\u003e\"]'\n# Defaults:\n# export TF_VAR_digitalocean_region=\"fra1\"\n# export TF_VAR_digitalocean_size=\"1gb\"\n# export TF_VAR_digitalocean_image=\"ubuntu-24-04-x64\"\n```\n\nYou can get SSH key IDs using [this API](https://developers.digitalocean.com/documentation/v2/#list-all-keys).\n\n#### Using Packet as provider\n\n```sh\nexport TF_VAR_packet_auth_token=\u003ctoken\u003e\nexport TF_VAR_packet_project_id=\u003cuuid\u003e\n# Defaults:\n# export TF_VAR_packet_facility=\"sjc1\"\n# export TF_VAR_packet_plan=\"c1.small.x86\"\n# export TF_VAR_packet_operating_system=\"ubuntu_24_04\"\n```\n\n#### Using vSphere as provider\n\n```sh\nexport TF_VAR_vsphere_server=\u003cFQDN or IP of vCenter Server\u003e\nexport TF_VAR_vsphere_datacenter=\u003cvSphere Datacenter Name\u003e\nexport TF_VAR_vsphere_cluster=\u003cvSphere Cluster Name\u003e\nexport TF_VAR_vsphere_network=\u003cvSphere Network Name\u003e\nexport TF_VAR_vsphere_datastore=\u003cvSphere Datastore Name\u003e\nexport TF_VAR_vsphere_vm_template=\u003cvSphere VM Template Name\u003e\nexport TF_VAR_vsphere_user=\u003cvSphere Admin Username\u003e\nexport TF_VAR_vsphere_password=\u003cvSphere Admin Password\u003e\n# Defaults:\n# export TF_VAR_vsphere_vm_linked_clone=false\n# export TF_VAR_vsphere_vm_num_cpus=\"2\"\n# export TF_VAR_vsphere_vm_memory=\"2048\"\n```\n\nTemplate VM needs to pre-configured so that root can login using SSH key.\n\n#### Using UpCloud as provider\n\n```sh\nexport TF_VAR_upcloud_username=\u003cUpCloud API account username\u003e\nexport TF_VAR_upcloud_password=\u003cUpCloud API account password\u003e\nexport TF_VAR_upcloud_ssh_keys='[\"\u003cPUBLIC KEY HERE\u003e\"]'\n# Defaults:\n# export TF_VAR_upcloud_zone=\"de-fra1\"\n# export TF_VAR_upcloud_plan=\"1xCPU-2GB\"\n# export TF_VAR_upcloud_disk_template=\"Ubuntu Server 24.04 LTS (Noble Numbat)\"\n```\n\nYou will need API credentials to use the UpCloud terraform provider, see https://upcloud.com/community/tutorials/getting-started-upcloud-api/ for more info.\n\n#### Using Cloudflare for DNS entries\n\n```sh\nexport TF_VAR_domain=\u003cdomain\u003e # e.g. example.org\nexport TF_VAR_cloudflare_api_token=\u003ctoken\u003e\n```\n\n#### Using Amazon Route 53 for DNS entries\n\n```sh\nexport TF_VAR_domain=\u003cdomain\u003e # e.g. example.org shall be already added to hosted zones.\nexport TF_VAR_aws_access_key=\u003cACCESS_KEY\u003e\nexport TF_VAR_aws_secret_key=\u003cSECRET_KEY\u003e\nexport TF_VAR_aws_region=\u003cregion\u003e # e.g. eu-west-1\n```\n\n#### Install additional APT packages\n\nEach provider takes an optional variable to install further packages during provisioning:\n\n```\nmodule \"provider\" {\n  # ...\n  apt_packages = [\"ceph-common\", \"nfs-common\"]\n}\n```\n\n#### Add more firewall rules\n\nSecurity/ufw takes an optional variable to add custom firewall rules during provisioning:\n\n```\nmodule \"firewall\" {\n  # ...\n  additional_rules = [\"allow 1194/udp\", \"allow ftp\"]\n}\n```\n\n### Execute\n\nFrom the root of this project...\n\n```sh\n# fetch the required modules\n$ terraform init\n\n# see what `terraform apply` will do\n$ terraform plan\n\n# execute it\n$ terraform apply\n```\n\n## Using modules independently\n\nModules in this repository can be used independently:\n\n```hcl\nmodule \"kubernetes\" {\n  source = \"github.com/hobby-kube/provisioning/service/kubernetes\"\n\n  # Or to pin a certain commit\n  # source = \"git::https://github.com/hobby-kube/provisioning.git//service/kubernetes?ref=800d5d5031245cf31a803a147eaa40a0de0573f1\"\n}\n```\n\nAfter adding this to your plan, run `terraform get` to fetch the module.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhobby-kube%2Fprovisioning","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhobby-kube%2Fprovisioning","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhobby-kube%2Fprovisioning/lists"}