This project provides a Terraform module for deploying and managing highly optimized, auto-upgrading Kubernetes clusters on Hetzner Cloud. It targets users seeking a cost-effective, maintenance-free Kubernetes solution comparable to managed services like GKE Autopilot, leveraging k3s on openSUSE MicroOS for efficiency and security.

How It Works

The solution utilizes Terraform for infrastructure provisioning and k3s as the Kubernetes distribution. openSUSE MicroOS is chosen as the base OS for its container-optimized, read-only filesystem, default security hardening, and automatic update/rollback capabilities via BTRFS snapshots. k3s is selected for its single-binary deployment, fast setup, and integrated features like Helm controller and automatic upgrades via system-upgrade-controller.

Quick Start & Requirements

• Install: terraform init --upgrade, terraform validate, terraform apply -auto-approve within the project directory.
• Prerequisites: Hetzner Cloud account, Terraform or Tofu, Packer, kubectl CLI, hcloud CLI.
• Setup: A script (scripts/create.sh) assists in creating the necessary kube.tf configuration and OpenSUSE MicroOS snapshot.
• Docs: kube.tf.example, terraform.md

Highlighted Details

• Maintenance-free with automatic OS and k3s upgrades.
• Supports multi-architecture instances (including ARM).
• Flexible CNI choices (Flannel, Calico, Cilium) and ingress controllers (Traefik, Nginx, HAProxy).
• Default HA configuration with three control-plane nodes.
• Optional Wireguard encryption for the Kube network.
• Supports Longhorn and Hetzner CSI with encryption at rest.

Maintenance & Community

• Actively maintained with contributions from the community.
• Project details and contribution guidelines are available on GitHub.

Licensing & Compatibility

• The project is licensed under the MIT License.
• Compatible with commercial use and closed-source linking.

Limitations & Caveats

Manual intervention may be required for scaling down nodes to avoid cluster instability. While automatic upgrades are default, disabling them requires careful manual management, especially for HA setups with fewer than three control-plane nodes.