switched to geneve tunneling

README.md

@@ -30,7 +30,7 @@
 Here's what is working at the moment:
 
 - Lightweight and resource-efficient Kubernetes with [k3s](https://github.com/k3s-io/k3s), and Fedora nodes to take advantage of the latest Linux kernels.
-- Optimal [Cilium](https://github.com/cilium/cilium) CNI with full BPF support, native routing, and Kube-proxy replacement. It uses the Hetzner private subnet underneath to communicate between the nodes, so no encryption is needed.
+- Optimal [Cilium](https://github.com/cilium/cilium) CNI with full BPF support, geneve tunneling (more stable than native routing), and Kube-proxy replacement. It uses the Hetzner private subnet underneath to communicate between the nodes, so no encryption is needed.
 - Automatic OS upgrades, supported by [kured](https://github.com/weaveworks/kured) that initiate a reboot of the node only when necessary and after having drained it properly.
 - Automatic HA by setting the required number of servers and agents nodes.
 - Automatic k3s upgrade by using Rancher's [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller) and tracking the latest 1.x stable branch.
@@ -222,6 +222,14 @@ Then you can proceed to taking down the rest of the cluster with:
 terraform destroy -auto-approve
 ```
 
+Sometimes, the Hetzner network is still in use and refused to be deleted via terraform, in that case you can force delete it with:
+
+```sh
+hcloud network delete k3s-net
+```
+
+Also, if you had a full blown cluster in use, it's best do delete the whole project in your Hetzner account directly, as there may be other ressources created via operators that are not part of this project.
+
 <!-- ROADMAP -->
 
 ## Roadmap

manifests/helm/cilium/values.yaml

@@ -15,10 +15,10 @@ ipam:
 
 # -- Configure the encapsulation configuration for communication between nodes.
 # Possible values:
-#   - disabled (native routing on the hetzner network)
+#   - disabled (native routing works, however I feel that geneve is more stable, but I may be wrong)
 #   - vxlan
 #   - geneve
-tunnel: disabled
+tunnel: geneve
 
 # -- Specify the IPv4 CIDR for native routing (ie to avoid IP masquerade for).
 # This value corresponds to the configured cluster-cidr.

manifests/helm/nginx/values.yaml

@@ -1,11 +1,8 @@
 controller:
-  kind: DaemonSet
   service:
     type: LoadBalancer
     annotations:
-      load-balancer.hetzner.cloud/use-private-ip: "true"
-      # Adjust the location if you have customized it in terraform.tfvars
-      # For more info on Hetzner Cloud locations, see https://docs.hetzner.com/general/others/data-centers-and-connection/
-      load-balancer.hetzner.cloud/location: "fsn1"
-      # For details about, load balancer instances, see https://www.hetzner.com/cloud/load-balancer
-      load-balancer.hetzner.cloud/type: "lb11"
+      load-balancer.hetzner.cloud/name: nginx-ingress
+      load-balancer.hetzner.cloud/use-private-ip: true
+      load-balancer.hetzner.cloud/location: fsn1
+      load-balancer.hetzner.cloud/type: lb11