Skip to content
/ terraform-hcloud-k3s-ext Public

Terraform module to install K3S on Hetzner cloud servers with battery included. Cert-Manger, External-DNS, Nginx-ingress-controller, Minio, Octant Dashboard ...etc

registry.terraform.io/modules/deyaeddin/k3s-ext/hcloud/latest

License

Apache-2.0 license
14 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

deyaeddin/terraform-hcloud-k3s-ext

BranchesTags

Repository files navigation

Kubernetes K3S Terraform Module

This module is inspired by cicdteam/terraform-hcloud-k3s with extra applications ready to be installed with make apply. All Applications are using HELM charts, and highly customizable.

Use Hetzner Cloud link to get €20

List of Applications:

  • cert-manager: 3 ways to choice for issuing certificates [HTTP01, DNS01_CLOUDFLARE, DNS01_HETZNER]
  • default-backend: default bitnami-nginx chart
  • external-dns: external-dns chart with ability to chose between "hetzner or cloudflare"
  • nginx-ingress-controller: default bitnami-nginx-ingress-controller chart, with annotations:
    • load-balancer.hetzner.cloud/name: ${lb_name}
    • load-balancer.hetzner.cloud/location: ${lb_location}
    • load-balancer.hetzner.cloud/use-private-ip: "true"
    • load-balancer.hetzner.cloud/disable-private-ingress: "true"
    • load-balancer.hetzner.cloud/ipv6-disabled: "true"
    • load-balancer.hetzner.cloud/protocol: ${lb_protocol}

refer to Inputs for more options

Example

module "k3s-ext" {
   source                       = "deyaeddin/k3s-ext/hcloud"
   version                      = "0.0.1"
   cloud_flare_api_email        = "<Cloudflare primary email :: leave empty if you are using Hetzner>"
   cloud_flare_api_key          = "<Cloudflare api key :: leave empty if you are using Hetzner>"
   cloud_flare_api_token        = "<Cloudflare api token :: leave empty if you are using Hetzner>"
   default_domain               = "example.com"
   hcloud_dns_api_token         = "<hetzner DNS api token :: leave empty if you are using Cloudflare>"
   hcloud_masters_extra_scripts = []
   hcloud_node_extra_scripts    = []
   hcloud_token                 = "<Hetzner Cloud api token>"
   issuer_email                 = "[email protected]"
   enable_apps                  = true

   //optional
   k3s_version                  = "v1.21.1+k3s1" //"v1.19.11+k3s1" "v1.20.7+k3s1" "v1.21.1+k3s1"
   master_groups_type           = "cx21"         # 2 vCPU, 4 GB RAM, 40 GB Disk space
   master_groups_count          = 3              // Odd number for HA enabled
   node_groups = {                               // NOTE: pass emtpy map to use a single master
      "cx21" = 4
      "cpx11" = 2
   }
}

Requirements to init/plan/apply

Required libraries to be installed before running the module:

Requirements

Name Version
terraform >= 1.8.0
hcloud >= 1.47.0
helm >= 2.14.0
kubernetes >= 2.2.0
local >= 2.5.1
null >= 3.2.2
random >= 3.6.2

Providers

Name Version
hcloud >= 1.47.0

Modules

Name Source Version
apps ./modules/apps n/a
hcloud ./modules/hcloud n/a

Resources

Name Type
hcloud_ssh_key.default resource

Inputs

Name Description Type Default Required
cert_manager_solver_type which solver cert-manger will use, values : HTTP01, DNS01_CLOUDFLARE, DNS01_HETZNER string "HTTP01" no
cloud_flare_api_email Cloudflare primary email (login email) any n/a yes
cloud_flare_api_key Cloudflare api key. Ref: https://dash.cloudflare.com/profile/api-tokens any n/a yes
cloud_flare_api_proxied wither the zone will be proxied on cloudflare bool false no
cloud_flare_api_token Cloudflare api token. Ref: https://dash.cloudflare.com/profile/api-tokens any n/a yes
cluster_issuer_name name for cert-manager cluster issuer string "letsencrypt" no
cluster_name Cluster name (prefix for all resource names) string "my-cluster" no
default_backend_image_digest default backend image digest string "" no
default_backend_image_registry default backend image registry string "docker.io" no
default_backend_image_repository default backend image repository e.g. bitnami/nginx string "bitnami/nginx" no
default_backend_image_tag default backend image tag e.g. 1.27.0-debian-12-r1 string "1.27.0-debian-12-r1" no
default_domain root domain for ingress default service any n/a yes
default_namespace default applications namespace string "apps" no
dns_provider DNS provider to use. Values can be hetzner or cloudflare string "hetzner" no
enable_apps wither to enable deploying cert-manager, nginx-ingress-controller ...etc bool false no
hcloud_datacenter Hetzner datacenter where resources resides, hel1-dc2 (Helsinki 1 DC 2) or fsn1-dc14 (Falkenstein 1 DC14) string "hel1-dc2" no
hcloud_dns_api_token hashed Hetzner DNS access token any n/a yes
hcloud_masters_extra_scripts Additional list of commands to be added to initial master server creation list(string) n/a yes
hcloud_network_ip_range ip_range of the main network string "10.0.0.0/8" no
hcloud_network_subnet_ip_range ip_range of the subnetwork string "10.0.0.0/16" no
hcloud_network_subnet_type subnet type string "cloud" no
hcloud_network_subnet_zone Subnet Zon string "eu-central" no
hcloud_node_extra_scripts Additional list of commands to be added to initial node server creation list(string) n/a yes
hcloud_token Hetzner cloud auth token any n/a yes
image Node boot image string "ubuntu-24.04" no
issuer_email email for issuing certificates with LetsEncrypt any n/a yes
k3s_channel k3s channel (stable, latest, v1.19 and so on) string "latest" no
k3s_config_file String path to config file string "~/.kubeconfig/hetzner.config" no
k3s_version k3s version (v1.21.0+k3s1, v1.19.10+k3s1 and so on) string "v1.30.1+k3s1" no
lb_hcloud_location location of the loadbalancer string "hel1" no
lb_hcloud_name name of the loadbalancer string "name_cluster_lb" no
lb_hcloud_protocol protocol for the loadbalancer string "tcp" no
letsencrypt_is_prod wither to utilize the staging or production for Letsencrypt certificates issuing bool false no
master_groups_count Number of control plane nodes. number 1 no
master_groups_type Node type (size) string "cx22" no
nginx_default_backend nginx ingress controller default backend service name string "default-backend" no
node_groups Map of worker node groups, key is server_type, value is count of nodes in group. NOTE: pass emtpy map to use a single master map(string) 
{
  "cx22": 2,
  "cx32": 1
}
 no
private_key_path string path to private key which will be used to access all the servers including the nodes string "~/.ssh/id_rsa" no
public_key_path string path to public key which will be used to access all the servers including the nodes string "~/.ssh/id_rsa.pub" no
storage_class storage class to use with minio drivers string "hcloud-volumes" no

Outputs

Name Description
master_internal_ipv4 Private IP Address of the master node
master_ipv4 Public IP Address of the master node
master_nodes_internal_ipv4 Public IP Address of the master nodes in groups
master_nodes_ipv4 Public IP Address of the master nodes in groups
nodes_ipv4 Public IP Address of the worker nodes in groups

About

Terraform module to install K3S on Hetzner cloud servers with battery included. Cert-Manger, External-DNS, Nginx-ingress-controller, Minio, Octant Dashboard ...etc

registry.terraform.io/modules/deyaeddin/k3s-ext/hcloud/latest

Topics

hetzner terraform-module

Resources

Readme

License

Apache-2.0 license
Activity

Stars

14 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 2

v0.0.2 Latest
Jun 20, 2024
+ 1 release

Packages

No packages published

Languages