# You need to replace these hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz" public_key = "/home/username/.ssh/id_ed25519.pub" # Must be "private_key = null" when you want to use ssh-agent, for a Yubikey like device auth or an SSH key-pair with passphrase private_key = "/home/username/.ssh/id_ed25519" # These can be customized, or left with the default values # For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/ # For Hetzner server types see https://www.hetzner.com/cloud location = "fsn1" # change to `ash` for us-east Ashburn, Virginia location network_region = "eu-central" # change to `us-east` if location is ash control_plane_server_type = "cpx11" lb_server_type = "lb11" # At least 3 server nodes is recommended for HA, otherwise you need to turn off automatic upgrade (see ReadMe). servers_num = 3 # For agent nodes, at least 2 is recommended for HA, but you can keep automatic upgrades. agent_nodepools = { big = { server_type = "cpx31", count = 3 } # Will fail because of the ip address collision (we use index number) # small = { # server_type = "cpx31", # count = 3 # } } # If you want to use a specific Hetzner CCM and CSI version, set them below, otherwise leave as is for the latest versions # hetzner_ccm_version = "" # hetzner_csi_version = "" # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # traefik_acme_tls = true # traefik_acme_email = "mail@example.com" # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". # allow_scheduling_on_control_plane = true # If you want to disable automatic upgrade of k3s (stable channel), you can set this to false, default is "true". # automatically_upgrade_k3s = false # If you would like to specify the k3s upgrade channel from the get go, you can do so, the default is "stable". # For a list of available channels, see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ and https://update.k3s.io/v1-release/channels # k3s_upgrade_channel = "latest"