Hetzner Provider

The Hetzner Provider for Managed Kubernetes utilizes Hetzner Cloud to set up Kubernetes clusters. This provider automates the management of essential cloud components on Hetzner, enabling the creation of scalable and production-ready Kubernetes clusters. With its competitive pricing, Hetzner is an advantageous choice for users seeking to optimize cloud expenses compared to larger hyperscalers such as AWS, Azure, and GCP.

​

Requirements

• Hetzner Cloud account and hcloud CLI

​

Supported add-ons

• Dashboard: Provides a Kubernetes dashboard UI for the cluster.
• AWS Workload Identity: Allows your pods to assume AWS IAM Roles.
• AWS ECR: Allows pulling images from private ECR registries.
• Local Path Storage: Create PVCs backed by local volumes.
• Logs: Enable logging for pods and cluster auditing.

​

Step 1 - Preparing the Hetzner Cloud Environment

1. Log in to Hetzner Cloud Account: Access your Hetzner Cloud account.

2. Create a New Project: Establish a new project named hetzner-mk8s-example.

3. Create an API Token:

   • Navigate to your newly created project.
   • Click on Security in the left sidebar, then proceed to API tokens.
   • Click on Generate API Token.
   • Grant Read & Write permissions to the token and copy it.

4. Store the Token in Control Plane Secrets Manager:

   • Log in to the Control Plane Console.
   • Click on Secrets in the left sidebar and then select New.
   • Choose Opaque as the secret type and name it hetzner-mk8s-example.
   • Store the API token’s value in this secret.

5. Create Network and Security Features in Project hetzner-mk8s-example on Hetzner:

   • Network (Required):

     • Click on Networks in the left sidebar.

     • Create a new network by selecting Create Network.

       The network zone should match the location you will use for your servers. For the Locations table, click here.

   • Firewall (Recommended):

     • Click on Firewalls in the left sidebar.
     • Create a new firewall by selecting Create Firewall.

   • SSH Key (Recommended):

     • Click on Security in the left sidebar.
     • Go to SSH Keys and click on Add SSH Key.

​

Step 2 - Create a Managed Kubernetes Cluster Using a Manifest File

1. Connect with hcloud CLI: Use the command hcloud context create hetzner-mk8s-example and insert the API key from the previous step.
2. Capture the IDs: Obtain the ID of the network, and optionally the firewall and the ssh-key created in the previous step using the hcloud CLI.
   • Network: Use hcloud network list.
   • Firewall: Use hcloud firewall list.
   • SSH key: Use hcloud ssh-key list.
3. Update the manifest below: Modify the following hetzner-mk8s-example.yaml YAML manifest with actual values from above. Customize the file as needed. Replace the placeholders for firewallId, networkId, and sshKey.

kind: mk8s
name: hetzner-mk8s-example
description: An example of Hetzner mk8s
tags: {}
spec:
  provider:
    hetzner:
      dedicatedServerNodePools: []
      firewallId: '1111111'
      image: ubuntu-22.04
      networkId: '2222222'
      nodePools:
        - name: general
          labels:
            environment: hetzner-mk8s-example
          maxSize: 4
          minSize: 1
          serverType: cpx31
          taints: []
      region: hel1
      sshKey: '333333'
      tokenSecretLink: //secret/hetzner-mk8s-example
  addOns:
    dashboard: {}
    localPathStorage: {}
    awsWorkloadIdentity: {}
  firewall:
    - description: Default
      sourceCIDR: 0.0.0.0/0
  version: 1.28.2

This example creates a Managed Kubernetes cluster in Hetzner Cloud with the following configurations:

• Add-ons: Includes Dashboard, Local Path Storage, and AWS Workload Identity.
• Location: The cluster’s Kubernetes control plane will be managed in the gcp-us-east1 location. Placing worker nodes close to the control plane is recommended for optimal performance.
• Kubernetes API Firewall: Utilizes the Default rule, allowing public access to the Kubernetes API. It is advisable to restrict API access to a known IP range for security purposes.
• Kubernetes Version: 1.28.2.
• Node Pool: A single general node pool, scaling on-demand between 1 and 4 nodes.
• Server Image: Ubuntu 22.04.

4. Create the Cluster: Deploy the hetzner-mk8s-example cluster by applying the manifest.

   • Console: Apply the hetzner-mk8s-example.yaml file using the cpln apply >_ option in the upper right corner.
   • CLI: Execute cpln apply -f hetzner-mk8s-example.yaml --org YOUR_ORG_HERE.

   Wait until the cluster is initialized.

​

Step 3 - Accessing the Cluster

​

1. Using the Terminal

1. Obtain the Cluster’s Kubeconfig File: Execute the command cpln mk8s kubeconfig hetzner-mk8s-example -f /tmp/hetzner-mk8s-example-conf.
2. Access the Cluster with kubectl: Use the obtained kubeconfig file by running export KUBECONFIG=/tmp/hetzner-mk8s-example-conf for the current shell session.

​

2. Using Kubernetes Dashboard

1. Navigate to Control Plane Console: Visit the Control Plane Console.
2. Access the Dashboard: In the Control Plane Console, navigate to Kubernetes in the left sidebar panel and click on Open under Dashboard for the cluster hetzner-mk8s-example.