hetzner-k3s
The easiest and fastest way to create and manage Kubernetes clusters in Hetzner Cloud using the lightweight distribution k3s by Rancher.
MIT License
Bot releases are hidden (Show)
Published by vitobotta about 2 years ago
- Ensure the
releasescommand lists all the available k3s releases, not just the most recent ones - Require one or more networks to configure in the firewall to allow access to the Kubernetes API. In the previous version, access to the Kubernetes API was allowed from any network. Note that this is currently supported only for single master clusters; HA clusters use a load balancer for the Kubernetes API, but the Hetzner firewalls don't support protecting load balancers yet.
- From clusters with k3s version equal or greater than v1.23.6+k3s1, now uses the wireguard-native flannel backend instead of the old wireguard backend (if encryption is enabled in the configuration)
- Update CSI driver to support Kubernetes up to 1.24
- Update System Upgrade Controller to 1.9.1 for k3s updates
Published by vitobotta about 2 years ago
- Ensure the
releasescommand lists all the available k3s releases, not just the most recent ones. This allows for creating clusters with an older version if needed.
Published by vitobotta over 2 years ago
- Allow specifying some commands to run on the servers soon after they are created and before Kubernetes is set up. This can be used to update the OS packages.
Published by vitobotta over 2 years ago
- Fixed an issue when setting location for the API load balancer in HA clusters
Published by vitobotta over 2 years ago
- Remove leftover from config validation no longer needed
Published by vitobotta over 2 years ago
- Allow specifying extra args for Kubernetes components
- Mutli-zone clusters support: allow creating node pools in different location within the same network zone
Published by vitobotta over 2 years ago
-
Important: ipsec encryption was causing some issues with load balancers so it has been replaced with wireguard, which also encrypts the traffic but works just fine with user created load balancers. Converting an existing cluster is possible, you only need to re-run the create-cluster command and optionally restart k3s on the nodes if needed. Please note that the encryption config option has been renamed from
enable_ipsec_encryptiontoenable_encryption.
Published by vitobotta over 2 years ago
- Ensure that in a HA cluster the nodes connect to the load balancer for the API server, instead of the first master
Published by vitobotta over 2 years ago
- Each node pool gets its own placement group. This is to minimize issues due to the max 10 nodes limitation for a single node group. A validation has also been added to limit pools to 10 nodes each because of this.
Published by vitobotta almost 3 years ago
- Allow installing additional packages when creating the servers
- Allow enabling ipsec encryption
Published by vitobotta almost 3 years ago
- Ensure the program always exits with exit code 1 if the config file fails validation
- Upgrade System Upgrade Controller to 0.8.1
- Remove dependency on unmaintained gem k8s-ruby
- Make the gem compatible with Ruby 3.1.0
Published by vitobotta almost 3 years ago
- Increase timeout with API requests to 30 seconds
- Limit number of retries for API requests to 3
- Ensure all version tags are listed for k3s (thanks @janosmiko)
Published by vitobotta almost 3 years ago
- Made it possible to specify a custom image/snapshot for the servers
Published by vitobotta almost 3 years ago
- Added a check to abort gracefully when for some reason one or more servers are not created, for example due to temporary problems with the Hetzner API.
Published by vitobotta almost 3 years ago
- Fix network creation (bug introduced in the previous version)
Published by vitobotta almost 3 years ago
- Add support for the new Ashburn, Virginia (USA) location
- Automatically use a placement group so that the instances are all created on different physical hosts for high availability
Published by vitobotta about 3 years ago
- Fix an issue with SSH key creation
Published by vitobotta about 3 years ago
- Update Hetzner CSI driver to v1.6.0
- Update System Upgrade Controller to v0.8.0
Published by vitobotta about 3 years ago
- Allow to optionally specify the path of the private SSH key
- Set correct permissions for the kubeconfig file
- Retry fetching manifests a few times to allow for temporary network issues
- Allow to optionally schedule workloads on masters
- Allow clusters with no worker node pools if shceduling is enabled for the masters
- Ensure the masters are removed from the API load balancer before deleting the load balancer
- Ensure the servers are removed from the firewall before deleting it
- Allow using an environment variable to specify the Hetzner token
- Allow restricting SSH access to the nodes to specific networks
- Do not open the port 6443 on the nodes if a load balancer is created for an HA cluster
