> ## Documentation Index
> Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Hetzner Provider
> Set up Managed Kubernetes clusters on Hetzner Cloud with automated infrastructure management and cost-effective pricing compared to major hyperscalers.
The Hetzner Provider for Managed Kubernetes utilizes Hetzner Cloud to set up Kubernetes clusters. This provider automates the management of essential cloud components on Hetzner, enabling the creation of scalable and production-ready Kubernetes clusters. With its competitive pricing, Hetzner is an advantageous choice for users seeking to optimize cloud expenses compared to larger hyperscalers such as AWS, Azure, and GCP.
## Requirements
* [Hetzner Cloud](https://www.hetzner.com/) account and [hcloud CLI](https://github.com/hetznercloud/cli)
## Supported add-ons
* [Dashboard:](/mk8s/add-ons/dashboard) Provides a Kubernetes dashboard UI for the cluster.
* [AWS Workload Identity:](/mk8s/add-ons/aws_workload_identity) Allows your pods to assume AWS IAM Roles.
* [AWS ECR:](/mk8s/add-ons/aws_ecr) Allows pulling images from private ECR registries.
* [Local Path Storage:](/mk8s/add-ons/local_path_storage) Create PVCs backed by local volumes.
* [Logs:](/mk8s/add-ons/logs) Enable logging for pods and cluster auditing.
## Step 1 - Preparing the Hetzner Cloud Environment
1. **Log in to Hetzner Cloud Account**: Access your [Hetzner Cloud account](https://accounts.hetzner.com/login).
2. **Create a New Project**: Establish a new project named `hetzner-mk8s-example`.
3. **Create an API Token**:
* Navigate to your newly created project.
* Click on `Security` in the left sidebar, then proceed to `API tokens`.
* Click on `Generate API Token`.
* Grant `Read & Write` permissions to the token and copy it.
4. **Store the Token in Control Plane Secrets Manager**:
* Log in to the [Control Plane Console](https://console.cpln.io/console/).
* Click on `Secrets` in the left sidebar and then select `New`.
* Choose `Opaque` as the secret type and name it `hetzner-mk8s-example`.
* Store the API token's value in this secret.
5. **Create Network and Security Features in Project `hetzner-mk8s-example` on Hetzner**:
* **Network (Required)**:
* Click on `Networks` in the left sidebar.
* Create a new network by selecting `Create Network`.
The network zone should match the location you will use for your servers. For the Locations table, see the [Hetzner Cloud Locations documentation](https://docs.hetzner.com/cloud/general/locations/).
* **Firewall (Recommended)**:
* Click on `Firewalls` in the left sidebar.
* Create a new firewall by selecting `Create Firewall`.
* **SSH Key (Recommended)**:
* Click on `Security` in the left sidebar.
* Go to `SSH Keys` and click on `Add SSH Key`.
The steps above can be automated using the API or CLI tools of [Hetzner](https://docs.hetzner.com/cloud/) and [Control Plane](/cli-reference/overview).
## Step 2 - Create a Managed Kubernetes Cluster Using a Manifest File
1. **Connect with hcloud CLI**: Use the command `hcloud context create hetzner-mk8s-example` and insert the `API key` from the previous step.
2. **Capture the IDs**: Obtain the ID of the `network`, and optionally the `firewall` and the `ssh-key` created in the previous step using the [hcloud CLI](https://github.com/hetznercloud/cli).
* Network: Use `hcloud network list`.
* Firewall: Use `hcloud firewall list`.
* SSH key: Use `hcloud ssh-key list`.
3. **Update the manifest below**: Modify the following `hetzner-mk8s-example.yaml` YAML manifest with actual values from above. Customize the file as needed. Replace the placeholders for `firewallId`, `networkId`, and `sshKey`.
```yaml YAML theme={null}
kind: mk8s
name: hetzner-mk8s-example
description: An example of Hetzner mk8s
tags: {}
spec:
provider:
hetzner:
dedicatedServerNodePools: []
firewallId: '1111111'
image: ubuntu-22.04
networkId: '2222222'
nodePools:
- name: general
labels:
environment: hetzner-mk8s-example
maxSize: 4
minSize: 1
serverType: cpx31
taints: []
region: hel1
sshKey: '333333'
tokenSecretLink: //secret/hetzner-mk8s-example
addOns:
dashboard: {}
localPathStorage: {}
awsWorkloadIdentity: {}
firewall:
- description: Default
sourceCIDR: 0.0.0.0/0
version: 1.28.2
```
This example creates a Managed Kubernetes cluster in Hetzner Cloud with the following configurations:
* **[Add-ons](#supported-add-ons)**: Includes Dashboard, Local Path Storage, and AWS Workload Identity.
* **Location**: The cluster's Kubernetes control plane will be managed in the `gcp-us-east1` location. Placing worker nodes close to the control plane is recommended for optimal performance.
* **Kubernetes API Firewall**: Utilizes the `Default` rule, allowing public access to the Kubernetes API. It is advisable to restrict API access to a known IP range for security purposes.
* **Kubernetes Version**: 1.28.2.
* **Node Pool**: A single `general` node pool, scaling on-demand between 1 and 4 nodes.
* **Server Image**: Ubuntu 22.04.
4. **Create the Cluster**: Deploy the `hetzner-mk8s-example` cluster by applying the manifest.
* **Console**: Apply the `hetzner-mk8s-example.yaml` file using the `cpln apply >_` option in the upper right corner.
* **CLI**: Execute `cpln apply -f hetzner-mk8s-example.yaml --org YOUR_ORG_HERE`.
**Wait until the cluster is initialized.**
## Step 3 - Accessing the Cluster
### 1. Using the Terminal
1. **Obtain the Cluster's Kubeconfig File**: Execute the command `cpln mk8s kubeconfig hetzner-mk8s-example -f /tmp/hetzner-mk8s-example-conf`.
2. **Access the Cluster with `kubectl`**: Use the obtained kubeconfig file by running `export KUBECONFIG=/tmp/hetzner-mk8s-example-conf` for the current shell session.
### 2. Using Kubernetes Dashboard
1. **Navigate to Control Plane Console**: Visit the [Control Plane Console](https://console.cpln.io/console/).
2. **Access the Dashboard**: In the Control Plane Console, navigate to `Kubernetes` in the left sidebar panel and click on `Open` under `Dashboard` for the cluster `hetzner-mk8s-example`.