- Hetzner Account
- Github Account
- Select 'Console' and create a new Project
- Select 'Security' -> 'API Tokens' and create a new token with read & write permissions
- Copy the token into an editor for the next steps
- Run command "ssh-keygen -t ed25519" in terminal
- Settings -> Developer settings -> Personal access tokens -> Tokens (classic) -> Generate new token
- Check 'repo' checkbox
- Copy the token also into an editor for the next steps
- Create a new repository
- Add the following secrets
- Go back to your repository on Github an select 'Actions', then 'New workflow' and 'set up a workflow yourself' and change the name to 'initial.yml'
name: Initial
on:
workflow_dispatch:
jobs:
initial:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
token: ${{ secrets.GH_PAT }}
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y curl unzip git
- name: Install Packer, Terraform, kubectl, hcloud
run: |
# Install Packer
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y packer terraform
# Install hcloud CLI
curl -fsSL https://github.com/hetznercloud/cli/releases/latest/download/hcloud-linux-amd64.tar.gz | tar -xz
sudo mv hcloud /usr/local/bin/
- name: Run Hetzner Kube script (non-interactive)
env:
HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }}
folder_name: config
folder_path: .
create_snapshots: yes
run: |
tmp_script=$(mktemp)
curl -sSL -o "${tmp_script}" https://raw.githubusercontent.com/kube-hetzner/terraform-hcloud-kube-hetzner/master/scripts/create.sh
chmod +x "${tmp_script}"
bash "${tmp_script}"
rm "${tmp_script}"
- name: Commit and push kube.tf + snapshot file
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add config/kube.tf
git add config/hcloud-microos-snapshots.pkr.hcl
git commit -m "Add generated kube.tf and snapshot file from workflow" || echo "No changes to commit"
git push- After that choose 'Run workflow'
This workflow needs 5-10 minutes. It creates some servers on hetzner, generates a snapshot and deletes the servers. The Snapshots are needed as blueprint for your kubernetes cluster servers.
- Click on 'code' again, select the 'develop' branch in the dropdown and click on your config-folder
- Open the kube-tf file and modify it as you need (you need to click on 'Edit this file')
- After that select 'Commit Changes' twice
- Add the last workflow named deployment.yml and put in the following code
name: Deployment
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
defaults:
run:
shell: bash
working-directory: ./config/
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Create SSH files
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
echo "${{ secrets.SSH_PUBLIC_KEY }}" > ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Terraform Init
run: terraform init --upgrade
- name: Create terraform.tfvars
run: |
cat > ./terraform.tfvars <<EOF
hcloud_token = "${{ secrets.HCLOUD_TOKEN }}"
EOF
- name: Terraform Validate
run: terraform validate
- name: Terraform Apply
run: terraform apply -auto-approve- After that select 'Commit Changes' twice
The workflow starts automatically after the commit. It creates the hole cluster own your hetzner project. Based on your configuration in the kube.tf file it can take up to half an hour to finish.