mirror of
https://github.com/outbackdingo/terraform-hcloud-talos.git
synced 2026-01-27 10:20:30 +00:00
dd14674005
This commit introduces a time delay for the cilium setup in both the `manifest_hcloud_ccm.tf` and `manifest_cilium.tf` files. This delay helps ensure the cilium network is properly settled down before proceeding with the rest of the setup.
Terraform - Hcloud - Talos
This repository contains a Terraform module for creating a Kubernetes cluster with Talos in the Hetzner Cloud.
- Talos is a modern OS for Kubernetes. It is designed to be secure, immutable, and minimal.
- Hetzner Cloud is a cloud hosting provider with nice terraform support and cheap prices.
Goals 🚀
| Goals | Status | Description |
|---|---|---|
| Production ready cluster in minutes | ❌ | Actually not production ready |
| Use private networks for the internal communication of the cluster | ✅ | |
| Do not expose the Kubernetes and Talos API to the public internet | ❌ | Actually, the APIs are exposed to the public internet, but it is secured via the firewall_use_current_ip flag and a firewall rule that only allows traffic from one IP address. |
| Possibility to change alls CIDRs of the networks | ⁉️ | Needs to be tested. |
Prerequisites
Required Software
Recommended Software
Hetzner Cloud
- Create a new project in the Hetzner Cloud Console
- Create a new API token in the project
- You can store the token in the environment variable
HCLOUD_TOKENor use it in the following commands/terraform files.
Usage
Packer
Create the talos os images (AMD and x86) via packer through running the create.sh.
It is using the HCLOUD_TOKEN environment variable to authenticate against the Hetzner Cloud API and uses the project
of the token to store the images.
The talos os version is defined in the variable talos_version
in talos-hcloud.pkr.hcl.
./_packer/create.sh
Terraform
Use the module as shown in the following example:
module "talos" {
source = "hcloud-talos/talos/hcloud"
version = "1.0.0"
hcloud_token = "" // Your hcloud token
cluster_name = "talos-cluster"
datacenter_name = "fsn1-dc14"
ssh_public_key = "" // e.g. file("~/.ssh/id_rsa.pub")
firewall_use_current_ip = true // allow traffic only from the current IP address
control_plane_count = 3 // number of control planes to create
control_plane_server_type = "cax21" // server type for the control plane
worker_count = 3 // number of worker to create (if 0, allow_scheduling_on_control_planes will be set to true)
worker_server_type = "cax21" // server type for the worker
}
You can then run the following commands to export the kubeconfig and talosconfig:
terraform output --raw kubeconfig > ./kubeconfig
terraform output --raw talosconfig > ./talosconfig
If you want to merge the kubeconfig with your existing kubeconfig, you can use the following commands. (backup
file ~/.kube/config.bak is created)
terraform output --raw kubeconfig > ./kubeconfig
mv ~/.kube/config ~/.kube/config.bak
KUBECONFIG=./kubeconfig:~/.kube/config.bak kubectl config view --flatten > ~/.kube/config
rm ./kubeconfig
And for the talosconfig:
terraform output --raw talosconfig > ./talosconfig
cp ~/.talos/config ~/.talos/config.bak
talosctl config merge ./talosconfig
rm ./talosconfig
Future Plans
- Addition module to bootstrap ArgoCD
Credits
- kube-hetzner For the inspiration and the great terraform module. This module is based on many ideas and code snippets from kube-hetzner.
- Talos For the incredible OS.
- Hetzner Cloud For the great cloud hosting.