# Only the first values starting with a * are obligatory, the rest can remain with their default values, or you # could adapt them to your needs. # # Note that some values, notably "location" and "public_key" have no effect after the initial cluster has been setup. # This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update, # those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle". # * Your Hetzner project API token hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz" # * Your public key public_key = "/home/username/.ssh/id_ed25519.pub" # * Your private key, must be "private_key = null" when you want to use ssh-agent, for a Yubikey like device auth or an SSH key-pair with passphrase private_key = "/home/username/.ssh/id_ed25519" # These can be customized, or left with the default values # For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/ # For Hetzner server types see https://www.hetzner.com/cloud location = "fsn1" # change to `ash` for us-east Ashburn, Virginia location network_region = "eu-central" # change to `us-east` if location is ash # At least 3 server nodes is recommended for HA, otherwise you need to turn off automatic upgrade (see ReadMe). # As per rancher docs, it must be always an odd number, never even! See https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/ # For instance, 1 is ok (non-HA), 2 not ok, 3 is ok (becomes HA). control_plane_count = 3 # The type of control plane nodes, see https://www.hetzner.com/cloud, the minimum instance supported is cpx11 (just a few cents more than cx11) control_plane_server_type = "cpx11" # As for the agent nodepools, below is just an example, if you do not want nodepools, just use one, # and change the name to what you want, it need not be "agent-big" or "agent-small", also give them the subnet prefer. # For single node clusters set this equal to [] or just set the counts to 0. # IMPORTANT: Once the cluster is created, you can change the count, and even set it to 0, but do not remove a nodepool from the list. # You can add others at the end of the list if you want. agent_nodepools = [ { name = "agent-small", server_type = "cpx11", count = 2 }, { name = "agent-large", server_type = "cpx21", count = 1 } ] # That will depend on how much load you want it to handle, see https://www.hetzner.com/cloud/load-balancer load_balancer_type = "lb11" ### The following values are fully optional # If you want to use a specific Hetzner CCM and CSI version, set them below, otherwise leave as is for the latest versions # hetzner_ccm_version = "" # hetzner_csi_version = "" # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # traefik_acme_tls = true # traefik_acme_email = "mail@example.com" # If you want to use disable the traefik ingress controller, you can. By default is it enabled! # traefik_enabled = false # If you want to disable the metric server, you can! By defaults it is enabled. # metrics_server_enabled = false # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". # Also good for single node clusters. # allow_scheduling_on_control_plane = true # If you want to disable automatic upgrade of k3s, you can set this to false, default is "true". # automatically_upgrade_k3s = false # Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ # initial_k3s_channel = "latest" # The cluster name, by default "k3s" # cluster_name = "" # Whether to use the cluster name in the node name, in the form of {cluster_name}-{nodepool_name} the default is "true". # use_cluster_name_in_node_name = false # Adding extra firewall rules, like opening a port # In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall # extra_firewall_rules = [ # { # direction = "in" # protocol = "tcp" # port = "5432" # source_ips = [ # "0.0.0.0/0" # ] # }, # ] # If you want to configure additional Arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/ # Example: traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"] # traefik_additional_options = []