https://github.com/masterbpro/mbrc

This project leverages Terraform to automate the deployment of a Kubernetes cluster in HA mode on the Hetzner using the Talos OS
https://github.com/masterbpro/mbrc

hetzner hetzner-cloud k8s talos terraform

Last synced: 9 months ago
JSON representation

This project leverages Terraform to automate the deployment of a Kubernetes cluster in HA mode on the Hetzner using the Talos OS

Host: GitHub
URL: https://github.com/masterbpro/mbrc
Owner: masterbpro
License: apache-2.0
Created: 2024-02-20T19:05:15.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2025-01-03T14:18:36.000Z (over 1 year ago)
Last Synced: 2025-01-03T15:28:30.419Z (over 1 year ago)
Topics: hetzner, hetzner-cloud, k8s, talos, terraform
Language: HCL
Homepage:
Size: 174 KB
Stars: 35
Watchers: 2
Forks: 3
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          # mbrc

![terraform](https://img.shields.io/badge/Hetzner-D50C2D?style=for-the-badge&logo=hetzner&logoColor=white)

![k8s](https://img.shields.io/badge/kubernetes%20-%23326ce5.svg?&style=for-the-badge&logo=kubernetes&logoColor=white)

![terraform](https://img.shields.io/badge/terraform%20-%235835CC.svg?&style=for-the-badge&logo=terraform&logoColor=white)

![helm](https://img.shields.io/badge/Helm-0F1689?style=for-the-badge&logo=Helm&labelColor=0F1689)

![cloudflare](https://img.shields.io/badge/Cloudflare-F38020?style=for-the-badge&logo=Cloudflare&logoColor=white)

This repository enable easy deployment of Kubernetes clusters on Hetzner Cloud using Talos OS and Terraform. Benefit

from

scalable, and automated setup, leveraging infrastructure as core principles for efficient management. Simplify

Kubernetes deployment and focus on your applications with confidence.

### Terminology

| Terminology | Meaning                |

| ----------- | ---------------------- |

| CPN         | Control Plane Node     |

| WKN         | Worker Kubernetes Node |

### 0. Install tools

```shell

brew install age

brew install terraform

curl -sL https://talos.dev/install | sh

brew install kubectl

```

### 1. Prepare environments variables

```shell

# you need change values before execute command

cat << EOF > terraform/terraform.tfvars

hcloud_token = "YOUR_TOKEN_FROM_HETZNER"

hcloud_image = 1234567890

wkn_count    = 0

EOF

```

### 2. Create private and public key for SOPS

```shell

age-keygen -o age.agekey &&

age_pubkey=$(awk '/^# public key:/{print $NF}' age.agekey) &&

echo "

creation_rules:

  - path_regex: .*.ya?ml

    encrypted_regex: ^(data|stringData)$

    age: $age_pubkey" > .sops.yaml

```

Next, you'll need to include `.sops.yaml` in your repository. This step is crucial to allow other project contributors

to encrypt their secrets using the public key. Remember, keep the `age.agekey` private key secure.

### 3. Create k8s cluster

Before enter command below you need prepare Talos snapshot in Hetzner Cloud. For this, you can use

official [instruction](https://www.talos.dev/v1.9/talos-guides/install/cloud-platforms/hetzner/#rescue-mode).

Your snapshot of talos image will be specified as the value of variable "hcloud_image" 

Create Talos OS snapshot

Prerequisites:

- Create x86 instance with any linux distro

- Enable "Rescue" mode from hetzner (Go to the instance, then move to "Rescue" tab)

- Manually reboot the instance (only once)

- On the connection via ssh, you can see the instance is booted in rescue mode

- Execute commands below

```shell

# fulfill the prerequisites, then run:

cd /tmp

wget -O /tmp/talos.raw.xz https://factory.talos.dev/image/1c924f0d41b37542e63612149946f0a62094ea88e1e0e3ae93a15246625e6775/v1.9.3/hcloud-amd64.raw.xz

xz -d -c /tmp/talos.raw.xz | dd of=/dev/sda && sync

shutdown -h now

```

```shell

terraform init

terraform apply

```

### 4. Save kubeconfig & talosconfig to local machine

```bash

# Warning! This command remove yours old configurations (if their exists)

terraform output -raw talosconfig > ~/.talos/config

terraform output -raw kubeconfig > ~/.kube/config

```

### 5. Done 🎉

```shell

# you can check cluster status via `kubectl get nodes`.

# Output will be something like this:

(base) user@host terraform % kubectl get nodes

NAME     STATUS   ROLES           AGE   VERSION

cpn-00   Ready    control-plane   25m   v1.28.1

cpn-01   Ready    control-plane   25m   v1.28.1

cpn-02   Ready    control-plane   25m   v1.28.1

```

---

SOPS Example

```yaml

# db-auth.yaml

apiVersion: v1

kind: Secret

metadata:

  name: db-auth

  namespace: default

type: Opaque

data:

  DB_NAME: cG9zdGdyZXM=

  DB_HOST: MTI3LjAuMC4x

  DB_PORT: NTQzMg==

  DB_USERNAME: cG9zdGdyZXM=

  DB_PASSWORD: c3VwZXJTZWNyZXRQYXNzb3dyZA==

```

```shell

# You can encrypt any files by using the .sops.yaml file.

sops -e -i db-auth.yaml

# You can decrypt it only if you have the age.agekey file.

export SOPS_AGE_KEY_FILE=age.agekey

sops -i -d db-auth.yaml.yaml

```

FluxCD Example

```shell

export GITHUB_TOKEN=ghp-xyz

flux bootstrap github --owner=ownerName --repository=mbrc --path=kubernetes/flux

```

```shell

export GITLAB_TOKEN=glpat-xyz

flux bootstrap gitlab --owner=groupName --repository=mbrc --path=kubernetes/flux

```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/masterbpro/mbrc

Awesome Lists containing this project

README