Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/masterbpro/mbrc
This project leverages Terraform to automate the deployment of a Kubernetes cluster in HA mode on the Hetzner using the Talos OS
https://github.com/masterbpro/mbrc
hetzner hetzner-cloud k8s talos terraform
Last synced: 2 days ago
JSON representation
This project leverages Terraform to automate the deployment of a Kubernetes cluster in HA mode on the Hetzner using the Talos OS
- Host: GitHub
- URL: https://github.com/masterbpro/mbrc
- Owner: masterbpro
- License: apache-2.0
- Created: 2024-02-20T19:05:15.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2025-01-03T14:18:36.000Z (11 days ago)
- Last Synced: 2025-01-03T15:28:30.419Z (11 days ago)
- Topics: hetzner, hetzner-cloud, k8s, talos, terraform
- Language: HCL
- Homepage:
- Size: 174 KB
- Stars: 35
- Watchers: 2
- Forks: 3
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# mbrc
This repository enable easy deployment of Kubernetes clusters on Hetzner Cloud using Talos OS and Terraform. Benefit
from
scalable, and automated setup, leveraging infrastructure as core principles for efficient management. Simplify
Kubernetes deployment and focus on your applications with confidence.
### Terminology
| Terminology | Meaning |
| ----------- | ---------------------- |
| CPN | Control Panel Node |
| WKN | Worker Kubernetes Node |
### 0. Install tools
```shell
brew install age
brew install terraform
curl -sL https://talos.dev/install | sh
brew install kubectl
```
### 1. Prepare environments variables
```shell
# you need change values before execute command
cat << EOF > terraform/terraform.tfvars
hcloud_token = "YOUR_TOKEN_FROM_HETZNER"
hcloud_image = 1234567890
cf_token = "YOUR_TOKEN_FROM_CLOUDFLARE"
wkn_count = 0
EOF
```
### 2. Create private and public key for SOPS
```shell
age-keygen -o age.agekey &&
age_pubkey=$(awk '/^# public key:/{print $NF}' age.agekey) &&
echo "
creation_rules:
- path_regex: .*.ya?ml
encrypted_regex: ^(data|stringData)$
age: $age_pubkey" > .sops.yaml
```
Next, you'll need to include `.sops.yaml` in your repository. This step is crucial to allow other project contributors
to encrypt their secrets using the public key. Remember, keep the `age.agekey` private key secure.
### 3. Create k8s cluster
Before enter command bellow you need prepare Talos snapshot in Hetzner Cloud. For this, you can use
official [instruction](https://www.talos.dev/v1.6/talos-guides/install/cloud-platforms/hetzner/#rescue-mode).
You have to give the name of the snapshot `talos-1.15`
```shell
terraform init
terraform apply
```
### 4. Save kubeconfig & talosconfig to local machine
```bash
# Warning! This command remove yours old configurations (if their exists)
terraform output -raw talosconfig > ~/.talos/config
terraform output -raw kubeconfig > ~/.kube/config
```
### 5. Done 🎉
```shell
# you can check cluster status via `kubectl get nodes`.
# Output will be something like this:
(base) user@host terraform % kubectl get nodes
NAME STATUS ROLES AGE VERSION
cpn-00 Ready control-plane 25m v1.28.1
cpn-01 Ready control-plane 25m v1.28.1
cpn-02 Ready control-plane 25m v1.28.1
```
---
SOPS Example
```yaml
# db-auth.yaml
apiVersion: v1
kind: Secret
metadata:
name: db-auth
namespace: default
type: Opaque
data:
DB_NAME: cG9zdGdyZXM=
DB_HOST: MTI3LjAuMC4x
DB_PORT: NTQzMg==
DB_USERNAME: cG9zdGdyZXM=
DB_PASSWORD: c3VwZXJTZWNyZXRQYXNzb3dyZA==
```
```shell
# You can encrypt any files by using the .sops.yaml file.
sops -e -i db-auth.yaml
# You can decrypt it only if you have the age.agekey file.
export SOPS_AGE_KEY_FILE=age.agekey
sops -i -d db-auth.yaml.yaml
```
FluxCD Example
```shell
export GITHUB_TOKEN=ghp-xyz
flux bootstrap github --owner=ownerName --repository=mbrc --path=kubernetes/flux
```
```shell
export GITLAB_TOKEN=glpat-xyz
flux bootstrap gitlab --owner=groupName --repository=mbrc --path=kubernetes/flux
```