This is a follow up to Private Networking on Hetzner Cloud with Tailscale The previous post was about the network. This one is about what I put inside that network: a private Kubernetes cluster running Talos on Hetzner Cloud. The important part is not just “Kubernetes on Hetzner Cloud”. There are many posts about it. The part I cared about was making the cluster private from the first boot. No public IPs on the control plane. No public IPs on the workers. Access only through the Tailnet. That made Talos a good fit. No package manager, no SSH. You give it machine configuration, it becomes a Kubernetes node, and that is mostly it. Mostly. What I Wanted from the Cluster Private-only nodes: every Kubernetes node should live only on the Hetzner private network. Terraform-managed bootstrap: machines, Talos config, kubeconfig, and base add-ons should come from code. Talos: no manual server maintenance. Separate node pools: platform components should not fight application workloads. GitOps:…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.