No description

HCL 100%

Find a file

Sergei Poljanski e79c1d0bc6 traefik: lets encrypt		2026-03-20 22:17:56 +03:00
.gitignore	k8s cluster 2+1 CX23	2026-03-20 20:41:44 +03:00
backend.conf.example	readme & backend.conf.example	2026-03-20 20:44:13 +03:00
main.tf	k8s cluster 2+1 CX23	2026-03-20 20:41:44 +03:00
outputs.tf	k8s cluster 2+1 CX23	2026-03-20 20:41:44 +03:00
providers.tf	k8s cluster 2+1 CX23	2026-03-20 20:41:44 +03:00
README.md	readme & backend.conf.example	2026-03-20 20:44:13 +03:00
terraform.tfvars.example	k8s cluster 2+1 CX23	2026-03-20 20:41:44 +03:00
traefik-values.yaml	traefik: lets encrypt	2026-03-20 22:17:56 +03:00
traefik.tf	traefik: lets encrypt	2026-03-20 22:17:56 +03:00
variables.tf	k8s cluster 2+1 CX23	2026-03-20 20:41:44 +03:00

README.md

hcloud-k8s

My Kubernetes cluster on Hetzner Cloud. Uses hcloud-k8s/kubernetes/hcloud terraform module which runs Talos Linux (no SSH, API-only, immutable OS).

What's in here

1 control plane + 2 workers (cx23, Helsinki)
Cilium CNI with WireGuard encryption
cert-manager for TLS
Traefik ingress
State stored in Hetzner Object Storage (S3)

Setup

cp terraform.tfvars.example terraform.tfvars
# fill in your hcloud token

cp backend.conf.example backend.conf
# fill in s3 access_key and secret_key

terraform init -backend-config=backend.conf
terraform apply

Kubeconfig gets written to ./kubeconfig after apply.

Scaling to HA

Change control plane count from 1 to 3 in main.tf and re-apply. Talos handles etcd member joining automatically.