Requirements
- Hetzner Cloud account and hcloud CLI
Supported add-ons
- Dashboard: Provides a Kubernetes dashboard UI for the cluster.
- AWS Workload Identity: Allows your pods to assume AWS IAM Roles.
- AWS ECR: Allows pulling images from private ECR registries.
- Local Path Storage: Create PVCs backed by local volumes.
- Logs: Enable logging for pods and cluster auditing.
Step 1 - Preparing the Hetzner Cloud Environment
- Log in to Hetzner Cloud Account: Access your Hetzner Cloud account.
-
Create a New Project: Establish a new project named
hetzner-mk8s-example
. -
Create an API Token:
- Navigate to your newly created project.
- Click on
Security
in the left sidebar, then proceed toAPI tokens
. - Click on
Generate API Token
. - Grant
Read & Write
permissions to the token and copy it.
-
Store the Token in Control Plane Secrets Manager:
- Log in to the Control Plane Console.
- Click on
Secrets
in the left sidebar and then selectNew
. - Choose
Opaque
as the secret type and name ithetzner-mk8s-example
. - Store the API token’s value in this secret.
-
Create Network and Security Features in Project
hetzner-mk8s-example
on Hetzner:-
Network (Required):
-
Click on
Networks
in the left sidebar. -
Create a new network by selecting
Create Network
.The network zone should match the location you will use for your servers. For the Locations table, click here.
-
Click on
-
Firewall (Recommended):
- Click on
Firewalls
in the left sidebar. - Create a new firewall by selecting
Create Firewall
.
- Click on
-
SSH Key (Recommended):
- Click on
Security
in the left sidebar. - Go to
SSH Keys
and click onAdd SSH Key
.
- Click on
-
Network (Required):
The steps above can be automated using the API or CLI tools of Hetzner and Control Plane.
Step 2 - Create a Managed Kubernetes Cluster Using a Manifest File
- Connect with hcloud CLI: Use the command
hcloud context create hetzner-mk8s-example
and insert theAPI key
from the previous step. - Capture the IDs: Obtain the ID of the
network
, and optionally thefirewall
and thessh-key
created in the previous step using the hcloud CLI.- Network: Use
hcloud network list
. - Firewall: Use
hcloud firewall list
. - SSH key: Use
hcloud ssh-key list
.
- Network: Use
- Update the manifest below: Modify the following
hetzner-mk8s-example.yaml
YAML manifest with actual values from above. Customize the file as needed. Replace the placeholders forfirewallId
,networkId
, andsshKey
.
YAML
- Add-ons: Includes Dashboard, Local Path Storage, and AWS Workload Identity.
- Location: The cluster’s Kubernetes control plane will be managed in the
gcp-us-east1
location. Placing worker nodes close to the control plane is recommended for optimal performance. - Kubernetes API Firewall: Utilizes the
Default
rule, allowing public access to the Kubernetes API. It is advisable to restrict API access to a known IP range for security purposes. - Kubernetes Version: 1.28.2.
- Node Pool: A single
general
node pool, scaling on-demand between 1 and 4 nodes. - Server Image: Ubuntu 22.04.
-
Create the Cluster: Deploy the
hetzner-mk8s-example
cluster by applying the manifest.- Console: Apply the
hetzner-mk8s-example.yaml
file using thecpln apply >_
option in the upper right corner. - CLI: Execute
cpln apply -f hetzner-mk8s-example.yaml --org YOUR_ORG_HERE
.
- Console: Apply the
Step 3 - Accessing the Cluster
1. Using the Terminal
- Obtain the Cluster’s Kubeconfig File: Execute the command
cpln mk8s kubeconfig hetzner-mk8s-example -f /tmp/hetzner-mk8s-example-conf
. - Access the Cluster with
kubectl
: Use the obtained kubeconfig file by runningexport KUBECONFIG=/tmp/hetzner-mk8s-example-conf
for the current shell session.
2. Using Kubernetes Dashboard
- Navigate to Control Plane Console: Visit the Control Plane Console.
- Access the Dashboard: In the Control Plane Console, navigate to
Kubernetes
in the left sidebar panel and click onOpen
underDashboard
for the clusterhetzner-mk8s-example
.