logo

Rancher on Hetzner

There are some articles around already about installing Rancher on Hetzner Infrastructure. I found some of them outdated and others not matching my requirements.

Some preparation in Hetzner Cloud Console should be made. First you should set up a Network there for the nodes to communicate. It should have some unroutable ip range such as 10.0.0.0/16.

Also you should register at least on SSH key under Security, to make sure you can access created servers.

Also under “security” you will need to create an API Token with read and write permission.

If you want to use Hetzner Loadbalancers to terminate SSL and provide load balancing for your k8s services later, you will also need to create a Certificate under “Security:Certificates” for the domain you wish to use. I could not select them by name in my services so i also needed to get the ID of the created certificate. This id must be obtained using the API by requesting https://api.hetzner.cloud/v1/certificates and examining the result.

So first, i created a CX31 VM on Hetzner to install Rancher on. This should be quite straightforward. Then i installed rancher using rancherD as described in the rancher documentation . I did not care to make the installation HA for now, but it should be possible to scale later.

Next step was to install a node driver in Rancher, allowing it to automatically provision servers for the kubernetes clusters it manages.

For a node driver, two things are needed: a Docker Machine Driver and a matching UI driver. With these two installed, Rancher can create Node Templates for Hetzner Based Nodes.

To install these two, i first checked for the most recent binary release files. At the time of writing, these were:

To register a Rancher node driver, i navigated to Tools:Drivers in the main menu, then selected to “Node Driver” Tab and clicked “Add Node Driver”. The URLs must be pasted into the according fields.

IMPORTANT: In order for the UI driver to work, you must add “storage.googleapis.com” to the whitelisted domains under these url fields. Otherwise the UI driver will simply be ignored.

There is no Cluster Driver for Hetzner, we will later install controllers into our clusters to achieve integration with hetzner.

After the node driver was registered, i needed to create Node Templates. The Navigation Item for this can be found under you login symbol on the top right of the screen in rancher. If the UI driver is working correctly “Hetzner” should be available as a type for the new template.

I created two templates: controller and worker. How you configure them and which templates to configure might be different for every project. The important thing is that your Hetzner API Token is needed during Node Template Creation. Rancher will later use this token to create Hetzner VMs. This is where the UI driver comes into the play. It provides a field to enter the token and to select information about the VM Rancher should create for you if this template is used. The UI can be a bit unintuitive at times. Make sure to select a network (even if there is only one) and to select the additional ssh keys if you want them. The list is just showing the options, you have to click to activate a selection.

After Node Templates are set up, a cluster can be created using these templates.