The latest articles on DEV Community by Edin Husejnefendic (@lihnjo). https://dev.to/lihnjo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3926641%2F3ce654d8-767c-43cb-b516-21ed37523664.jpg https://dev.to/lihnjo en Edin Husejnefendic Fri, 15 May 2026 07:39:42 +0000 https://dev.to/lihnjo/stop-paying-150month-for-managed-kubernetes-run-your-own-for-10-24gc https://dev.to/lihnjo/stop-paying-150month-for-managed-kubernetes-run-your-own-for-10-24gc <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgt7xa4ve7k5hwkx0pjl6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgt7xa4ve7k5hwkx0pjl6.png" alt="hetzner-k3s" width="800" height="758"></a></p> <h2> Table of Contents </h2> <ul> <li>Task</li> <li>Assumptions</li> <li> Flow <ul> <li>Init or Restore</li> <li>Init</li> <li>Delete</li> <li>Restore</li> <li>Price</li> </ul> </li> <li>Info</li> <li>Install hetznerk3s</li> <li>Install hcloud</li> <li>Install kubectl</li> <li>Install HELM</li> <li>Install AZ (azure CLI) for Linux Mint/DEB</li> <li> AZURE <ul> <li>Set AZURE defaults</li> <li>Create the storage</li> <li>Create the blob container</li> <li>Velero credentials file</li> </ul> </li> <li> Velero CLI <ul> <li>Install CLI</li> <li>Install Velero on k3s</li> <li>List Backup</li> </ul> </li> <li> File structure <ul> <li>1. init_cluster.sh</li> <li>2. .env</li> <li>3. cluster.yml</li> <li>4. values_traefik-default.yml</li> <li>5. values_kube-prometheus-stack.yml</li> <li>6. gateway-post.yml</li> </ul> </li> <li> How to Run <ul> <li>1st Run - init</li> <li>Delete (Power Off)</li> <li>Restore (Power On)</li> <li>Costs</li> </ul> </li> </ul> <h2> 🔹Task </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━</p> <ul> <li> <strong>Create the cheapest Kubernetes solution with the possibility to delete the Kubernetes cluster/instance and recreate it from scratch (as a DR solution).</strong>-</li> <li> <strong>Implement Power On/Off for the environment.</strong>-</li> <li><strong>$0 cost for offline mode, except for storage space for S3 and volumes.</strong></li> </ul> <h2> 🔹Assumptions </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━</p> <ul> <li>Use a Hetzner cloud instance as single Master/Worker</li> <li>Use the integrated Load Balancer in Traefik Gateway</li> <li>Use Kubernetes Gateway instead of Ingress</li> <li>Recreate the Kubernetes environment from a Velero backup</li> <li>Use your host file (/etc/hosts) as a DNS provider</li> </ul> <h2> 🔹Flow </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━</p> <h3> Init or Restore </h3> <p>────────────────────────────────────────────</p> <p>(1) Import Configuration<br> (2) Activate empty Hetzner Project<br> (3) Install Kubernetes k3scluster on single node as Master/Worker with hetzner-k3s<br> (4) Install Velero backup by HELM with AZURE plugin and AZURE credentials</p> <h3> Init </h3> <p>────────────────────────────────────────────<br> (5) Install Kubernetes CRD Gateway API<br> (6) Install Traefik<br> (7) Install kube-prometheus-stack with Helm<br> (8) Deploy nginx reverse proxy (/prometheus, /grafana)<br> (9a) Post steps: generate self-signed TLS cert → secret tls-traefik<br> (9b) Apply gateway-post.yml<br> (10) Print costs report (Hetzner servers + volumes)<br> Update your /etc/hosts</p> <h3> Delete </h3> <p>────────────────────────────────────────────<br> (1) Set all PVs to Retain<br> (2) Make Velero Backup<br> (3) Delete Hetzner Cloud instance</p> <h3> Restore </h3> <p>────────────────────────────────────────────<br> (5) Wait for Velero to sync backups from Azure storage<br> (6) Find latest completed backup<br> (7) Create Velero restore (excludes: kube-system, kube-public, kube-node-lease, velero<br> (8) Print costs report (Hetzner servers + volumes)<br> Update your /etc/hosts</p> <h3> Price </h3> <p>────────────────────────────────────────────<br> Print costs report (Hetzner servers + volumes)</p> <h2> 🔹Info </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgyhaf9s2rc07jeaqt4k0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgyhaf9s2rc07jeaqt4k0.png" alt="INFO" width="50" height="30"></a><br> <strong>For the purposes of this project, we need to have:</strong></p> <ul> <li>Active a Hetzner account</li> <li>Installed the hcloud CLI</li> <li>Installed the kubectl CLI</li> <li>Installed the HELM CLI</li> <li>Installed the Velero CLI</li> <li>SSH key for server access</li> <li>Active a Azure account for an S3 bucket</li> <li>Installed the Azure CLI - az</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwajyjdy3sa4lhusz3ctf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwajyjdy3sa4lhusz3ctf.png" alt="ATTENTION" width="92" height="28"></a></p> <p>⚠️ For this occasion, we will be using an S3 bucket on the Azure platform, but keep in mind that you can use this setup for any S3-compatible storage.</p> <p>⚠️ A list of supported providers for Velero can be found at <a href="https://velero.io/docs/main/supported-providers/" rel="noopener noreferrer">https://velero.io/docs/main/supported-providers/</a></p> <p>⚠️ Depending on your provider, adapt this installation according to your requirements.</p> <h2> 🔹Install hetznerk3s </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> <strong>Install</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cd ~/Documents/hetzner-k3s/edo # -- Install latest # Tags: wget -O hetzner-k3s-linux-amd64 \ "https://github.com/vitobotta/hetzner-k3s/releases/latest/download/hetzner-k3s-linux-amd64" chmod -v +x hetzner-k3s-linux-amd64 sudo mv -v hetzner-k3s-linux-amd64 /usr/local/bin/hetzner-k3s </code></pre> </div> <p><strong>Check Version</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>hetzner-k3s --version </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>2.4.9 </code></pre> </div> <h2> 🔹Install hcloud </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgyhaf9s2rc07jeaqt4k0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgyhaf9s2rc07jeaqt4k0.png" alt="INFO" width="50" height="30"></a><br> ℹ️ GitHub releases: <a href="https://github.com/hetznercloud/cli/releases" rel="noopener noreferrer">https://github.com/hetznercloud/cli/releases</a></p> <p><strong>Check if the current version exists</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hcloud version </code></pre> </div> <p><strong>Download to /tmp</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>wget <span class="si">$(</span>curl <span class="nt">-s</span> https://api.github.com/repos/hetznercloud/cli/releases/latest <span class="se">\</span> | jq <span class="nt">-r</span> <span class="s1">'.assets[0].browser_download_url'</span> <span class="se">\</span> | <span class="nb">sed</span> <span class="s1">'s%checksums.txt%hcloud-linux-amd64.tar.gz%g'</span><span class="si">)</span> <span class="se">\</span> <span class="nt">-P</span> /tmp/ </code></pre> </div> <p><strong>Check tar.gz</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">tar</span> <span class="nt">-tvzf</span> /tmp/hcloud-linux-amd64.tar.gz </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>-rw-r--r-- runner/docker 1075 2025-01-16 18:15 LICENSE -rw-r--r-- runner/docker 6811 2025-01-16 18:15 README.md -rwxr-xr-x runner/docker 15311000 2025-01-16 18:19 hcloud </code></pre> </div> <p><strong>Extract to /usr/local/bin/</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo tar</span> <span class="nt">-xvzf</span> /tmp/hcloud-linux-amd64.tar.gz <span class="se">\</span> <span class="nt">-C</span> /usr/local/bin/ hcloud <span class="nb">sudo chmod</span> +x /usr/local/bin/hcloud </code></pre> </div> <p><strong>Check command</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>whereis hcloud which hcloud </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hcloud version </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>hcloud 1.63.0 </code></pre> </div> <p><strong>Add to BASH autocomplete</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vi ~/.bashrc </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># -- hcloud -------------------------------------------------------------------</span> <span class="nb">source</span> &lt;<span class="o">(</span>hcloud completion bash<span class="o">)</span> <span class="c"># ------------------------------------------------------------------------------</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">source</span> ~/.bashrc </code></pre> </div> <p><strong>Test hcloud autocomplete</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hcloud &lt;TAB&gt;&lt;TAB&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>all image server-type certificate iso ssh-key completion load-balancer storage-box config load-balancer-type storage-box-type context location version datacenter network volume firewall placement-group zone floating-ip primary-ip help server </code></pre> </div> <h2> 🔹Install kubectl </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> ℹ️ See <a href="https://kubernetes.io/docs/tasks/tools/" rel="noopener noreferrer">https://kubernetes.io/docs/tasks/tools/</a></p> <h2> 🔹Install HELM </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgyhaf9s2rc07jeaqt4k0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgyhaf9s2rc07jeaqt4k0.png" alt="INFO" width="50" height="30"></a><br> <strong>Url:</strong><br> ℹ️ Official Site: <a href="https://helm.sh/" rel="noopener noreferrer">https://helm.sh/</a><br> ℹ️ How to Install: <a href="https://helm.sh/docs/intro/install/" rel="noopener noreferrer">https://helm.sh/docs/intro/install/</a></p> <p><strong>Install</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> /tmp curl <span class="nt">-fsSL</span> <span class="nt">-o</span> get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-4 <span class="nb">chmod</span> +x get_helm.sh <span class="nb">sudo</span> ./get_helm.sh </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Helm v4.1.4 is available. Changing from version v3.19.4. Downloading https://get.helm.sh/helm-v4.1.4-linux-amd64.tar.gz Verifying checksum... Done. Preparing to install helm into /usr/local/bin helm installed into /usr/local/bin/helm </code></pre> </div> <p><strong>Cleanup</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo rm</span> <span class="nt">-fv</span> /tmp/get_helm.sh </code></pre> </div> <p><strong>Check version</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/usr/local/bin/helm version <span class="nt">--short</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v4.1.4+g05fa379 </code></pre> </div> <p><strong>Add $PATH and autocomplete to ~/.bashrc</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vi ~/.bashrc </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># -- HELM ---------------------------------------------------------------------</span> <span class="nb">export </span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="nv">$PATH</span><span class="s2">:/usr/local/bin"</span> <span class="nb">source</span> &lt;<span class="o">(</span>helm completion bash<span class="o">)</span> <span class="c"># -----------------------------------------------------------------------------</span> </code></pre> </div> <p><strong>Check $PATH and version</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># -- LogOut</span> <span class="c"># -- LogIn</span> <span class="nb">source</span> ~/.bashrc helm version <span class="nt">--short</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v4.1.3+gc94d381 </code></pre> </div> <h2> 🔹Install AZ (azure CLI) for Linux Mint/DEB </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> ℹ️ Based on: <a href="https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?view=azure-cli-latest&amp;pivots=apt" rel="noopener noreferrer">https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?view=azure-cli-latest&amp;pivots=apt</a></p> <p><strong>APT</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt-get update <span class="nb">sudo </span>apt-get <span class="nb">install </span>apt-transport-https <span class="se">\</span> ca-certificates curl <span class="se">\</span> gnupg <span class="se">\</span> lsb-release </code></pre> </div> <p><strong>Microsoft signing key</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /etc/apt/keyrings curl <span class="nt">-sLS</span> https://packages.microsoft.com/keys/microsoft.asc | gpg <span class="nt">--dearmor</span> | <span class="nb">sudo tee</span> /etc/apt/keyrings/microsoft.gpg <span class="o">&gt;</span> /dev/null <span class="nb">sudo chmod </span>go+r /etc/apt/keyrings/microsoft.gpg </code></pre> </div> <p><strong>Create repository</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">AZ_DIST</span><span class="o">=</span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Types: deb URIs: https://packages.microsoft.com/repos/azure-cli/ Suites: </span><span class="k">${</span><span class="nv">AZ_DIST</span><span class="k">}</span><span class="s2"> Components: main Architectures: </span><span class="si">$(</span>dpkg <span class="nt">--print-architecture</span><span class="si">)</span><span class="s2"> Signed-by: /etc/apt/keyrings/microsoft.gpg"</span> | <span class="nb">sudo tee</span> /etc/apt/sources.list.d/azure-cli.sources </code></pre> </div> <p><strong>APT</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt-get update <span class="nb">sudo </span>apt-get <span class="nb">install </span>azure-cli </code></pre> </div> <p><strong>Upgrade</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt-get update <span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">--only-upgrade</span> azure-cli </code></pre> </div> <p><strong>Check version</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az version </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"azure-cli"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.85.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"azure-cli-core"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.85.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"azure-cli-telemetry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.1.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"extensions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"bastion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.4.3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ssh"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0.6"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> AZURE </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━</p> <h3> 🔹Set AZURE defaults </h3> <p>────────────────────────────────────────────<br> <strong>az login</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az login </code></pre> </div> <p><strong>Set default subscription</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az account list <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Name CloudName SubscriptionId TenantId State IsDefault ------- ----------- ------------------------------------ ------------------------------------ ------- ----------- default AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy Enabled True AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy Enabled True </code></pre> </div> <p><strong>Set default subscription | by SubscriptionId</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az account <span class="nb">set</span> <span class="nt">--subscription</span> <span class="s2">"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"</span> Set default location | West Europe az configure <span class="nt">--list-defaults</span> az configure <span class="nt">--defaults</span> <span class="nv">location</span><span class="o">=</span>westeurope az configure <span class="nt">--list-defaults</span> </code></pre> </div> <p><strong>Create resource group</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az group list <span class="nt">-o</span> table az group create <span class="nt">-n</span> velero <span class="nt">--location</span> westeurope az group list <span class="nt">-o</span> table az group show <span class="nt">--name</span> velero <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Location Name ---------- ------ westeurope velero </code></pre> </div> <h3> 🔹Create the storage </h3> <p>────────────────────────────────────────────<br> <strong>az login</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az login <span class="nv">AZURE_SUBSCRIPTION_ID</span><span class="o">=</span><span class="si">$(</span>az account list <span class="nt">--all</span> <span class="nt">--query</span> <span class="s1">'[?isDefault].id'</span> <span class="nt">-o</span> tsv<span class="si">)</span> <span class="nv">AZURE_TENANT_ID</span><span class="o">=</span><span class="si">$(</span>az account list <span class="nt">--all</span> <span class="nt">--query</span> <span class="s1">'[?isDefault].tenantId'</span> <span class="nt">-o</span> tsv<span class="si">)</span> <span class="nv">AZURE_BACKUP_RESOURCE_GROUP</span><span class="o">=</span>velero <span class="nv">BLOB_CONTAINER</span><span class="o">=</span>edok3s <span class="nv">AZURE_STORAGE_ACCOUNT_ID</span><span class="o">=</span><span class="s2">"velero</span><span class="si">$(</span>uuidgen | <span class="nb">cut</span> <span class="nt">-d</span> <span class="s1">'-'</span> <span class="nt">-f5</span> | <span class="nb">tr</span> <span class="s1">'[A-Z]'</span> <span class="s1">'[a-z]'</span><span class="si">)</span><span class="s2">"</span> </code></pre> </div> <p><strong>Create the storage account</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az storage account create <span class="se">\</span> <span class="nt">--name</span> <span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span> <span class="se">\</span> <span class="nt">--resource-group</span> <span class="nv">$AZURE_BACKUP_RESOURCE_GROUP</span> <span class="se">\</span> <span class="nt">--sku</span> Standard_LRS <span class="se">\</span> <span class="nt">--encryption-services</span> blob <span class="se">\</span> <span class="nt">--https-only</span> <span class="nb">true</span> <span class="se">\</span> <span class="nt">--min-tls-version</span> TLS1_2 <span class="se">\</span> <span class="nt">--kind</span> BlobStorage <span class="se">\</span> <span class="nt">--access-tier</span> Hot </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"accessTier"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Hot"</span><span class="p">,</span><span class="w"> </span><span class="nl">"accountMigrationInProgress"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowBlobPublicAccess"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowCrossTenantReplication"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowSharedKeyAccess"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowedCopyScope"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"azureFilesIdentityBasedAuthentication"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"blobRestoreStatus"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"creationTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-03T19:30:06.161353+00:00"</span><span class="p">,</span><span class="w"> </span><span class="nl">"customDomain"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"defaultToOAuthAuthentication"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"dnsEndpointType"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"dualStackEndpointPreference"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"enableExtendedGroups"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"enableHttpsTrafficOnly"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"enableNfsV3"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"encryption"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"encryptionIdentity"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"keySource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Microsoft.Storage"</span><span class="p">,</span><span class="w"> </span><span class="nl">"keyVaultProperties"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"requireInfrastructureEncryption"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"services"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"blob"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"enabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"keyType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Account"</span><span class="p">,</span><span class="w"> </span><span class="nl">"lastEnabledTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-03T19:30:06.574215+00:00"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"file"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"enabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"keyType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Account"</span><span class="p">,</span><span class="w"> </span><span class="nl">"lastEnabledTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-03T19:30:06.574215+00:00"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"queue"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"extendedLocation"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"failoverInProgress"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"geoPriorityReplicationStatus"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"geoReplicationStats"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/velero/providers/Microsoft.Storage/storageAccounts/velero44dfh567h5gh"</span><span class="p">,</span><span class="w"> </span><span class="nl">"identity"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"immutableStorageWithVersioning"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"isHnsEnabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"isLocalUserEnabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"isSftpEnabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"isSkuConversionBlocked"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"keyCreationTime"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"key1"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-03T19:30:06.564067+00:00"</span><span class="p">,</span><span class="w"> </span><span class="nl">"key2"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-03T19:30:06.564067+00:00"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"keyPolicy"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"kind"</span><span class="p">:</span><span class="w"> </span><span class="s2">"BlobStorage"</span><span class="p">,</span><span class="w"> </span><span class="nl">"largeFileSharesState"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"lastGeoFailoverTime"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"westeurope"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minimumTlsVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"TLS1_2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"velero44dfh567h5gh"</span><span class="p">,</span><span class="w"> </span><span class="nl">"networkRuleSet"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"bypass"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AzureServices"</span><span class="p">,</span><span class="w"> </span><span class="nl">"defaultAction"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ipRules"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w"> </span><span class="nl">"ipv6Rules"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w"> </span><span class="nl">"resourceAccessRules"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"virtualNetworkRules"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"placement"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"primaryEndpoints"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"blob"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://velero44dfh567h5gh.blob.core.windows.net/"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dfs"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://velero44dfh567h5gh.dfs.core.windows.net/"</span><span class="p">,</span><span class="w"> </span><span class="nl">"file"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"internetEndpoints"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"ipv6Endpoints"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"microsoftEndpoints"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"queue"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://velero44dfh567h5gh.table.core.windows.net/"</span><span class="p">,</span><span class="w"> </span><span class="nl">"web"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"primaryLocation"</span><span class="p">:</span><span class="w"> </span><span class="s2">"westeurope"</span><span class="p">,</span><span class="w"> </span><span class="nl">"privateEndpointConnections"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w"> </span><span class="nl">"provisioningState"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Succeeded"</span><span class="p">,</span><span class="w"> </span><span class="nl">"publicNetworkAccess"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"resourceGroup"</span><span class="p">:</span><span class="w"> </span><span class="s2">"velero"</span><span class="p">,</span><span class="w"> </span><span class="nl">"routingPreference"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"sasPolicy"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"secondaryEndpoints"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"secondaryLocation"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"sku"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Standard_LRS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"tier"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Standard"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"statusOfPrimary"</span><span class="p">:</span><span class="w"> </span><span class="s2">"available"</span><span class="p">,</span><span class="w"> </span><span class="nl">"statusOfSecondary"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"storageAccountSkuConversionStatus"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"tags"</span><span class="p">:</span><span class="w"> </span><span class="p">{},</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Microsoft.Storage/storageAccounts"</span><span class="p">,</span><span class="w"> </span><span class="nl">"zones"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>List all storage</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az storage account list <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AccessTier AllowBlobPublicAccess AllowCrossTenantReplication CreationTime EnableHttpsTrafficOnly Kind Location MinimumTlsVersion Name PrimaryLocation ProvisioningState ResourceGroup StatusOfPrimary ------------ ----------------------- ----------------------------- -------------------------------- ------------------------ ----------- ---------- ------------------- ------------------ ----------------- ------------------- --------------- ----------------- Hot False False 2026-05-03T19:30:06.161353+00:00 True BlobStorage westeurope TLS1_2 velero44dfh567h5gh westeurope Succeeded velero available </code></pre> </div> <p><strong>List storage</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># --name "$AZURE_STORAGE_ACCOUNT_ID" \</span> az storage account show <span class="se">\</span> <span class="nt">--name</span> <span class="s2">"velero44dfh567h5gh"</span> <span class="se">\</span> <span class="nt">--resource-group</span> <span class="s2">"</span><span class="nv">$AZURE_BACKUP_RESOURCE_GROUP</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s2">"{name:name, location:location, sku:sku.name, kind:kind, accessTier:accessTier, httpsOnly:enableHttpsTrafficOnly, minTls:minimumTlsVersion}"</span> <span class="se">\</span> <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Name Location Sku Kind AccessTier HttpsOnly MinTls ------------------ ---------- ------------ ----------- ------------ ----------- -------- velero44dfh567h5gh westeurope Standard_LRS BlobStorage Hot True TLS1_2 </code></pre> </div> <h3> 🔹Create the blob container </h3> <p>────────────────────────────────────────────<br> <strong>Pull the storage account key once</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">ACCOUNT_KEY</span><span class="o">=</span><span class="si">$(</span>az storage account keys list <span class="se">\</span> <span class="nt">--account-name</span> <span class="s2">"</span><span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--resource-group</span> <span class="s2">"</span><span class="nv">$AZURE_BACKUP_RESOURCE_GROUP</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s2">"[0].value"</span> <span class="nt">-o</span> tsv<span class="si">)</span> <span class="nb">echo</span> <span class="k">${</span><span class="nv">ACCOUNT_KEY</span><span class="k">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bhsfgZJd-gkjae79kdgmkasfjk+fgghghflks56GJKJDSSA67jdd+htghlllsjhre46hgfdd2klj3i45fo45QW== </code></pre> </div> <p><strong>Create the storage account</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az storage container create <span class="se">\</span> <span class="nt">--account-name</span> <span class="s2">"</span><span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--name</span> <span class="s2">"</span><span class="nv">$BLOB_CONTAINER</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--public-access</span> off <span class="se">\</span> <span class="nt">--account-key</span> <span class="s2">"</span><span class="nv">$ACCOUNT_KEY</span><span class="s2">"</span> </code></pre> </div> <p><strong>Verify</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az storage container list <span class="se">\</span> <span class="nt">--account-name</span> <span class="s2">"</span><span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--account-key</span> <span class="s2">"</span><span class="nv">$ACCOUNT_KEY</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Name Lease Status Last Modified ------ -------------- ------------------------- edok3s 2026-05-03T19:56:01+00:00 </code></pre> </div> <h3> 🔹Velero credentials file </h3> <p>────────────────────────────────────────────<br> <strong>Save the same key for Velero's use</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">AZURE_STORAGE_ACCOUNT_ACCESS_KEY</span><span class="o">=</span><span class="s2">"</span><span class="nv">$ACCOUNT_KEY</span><span class="s2">"</span> <span class="nb">echo</span> <span class="k">${</span><span class="nv">AZURE_STORAGE_ACCOUNT_ACCESS_KEY</span><span class="k">}</span> .credentials-velero <span class="nb">cat</span> <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh"> &gt; ./.credentials-velero AZURE_STORAGE_ACCOUNT_ACCESS_KEY=</span><span class="k">${</span><span class="nv">AZURE_STORAGE_ACCOUNT_ACCESS_KEY</span><span class="k">}</span><span class="sh"> AZURE_CLOUD_NAME=AzurePublicCloud </span><span class="no">EOF </span></code></pre> </div> <p><strong>Protect and list</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod </span>600 <span class="nt">-v</span> ./.credentials-velero <span class="nb">ls</span> <span class="nt">-l</span> <span class="nb">cat</span> .credentials-velero </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyewrosp36wgeion0wbf4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyewrosp36wgeion0wbf4.png" alt="Example: AZURE S3 bucket with Velero backups" width="800" height="386"></a></p> <h2> 🔹Velero CLI </h2> <ul> <li>Release page: <a href="https://github.com/velero-io/velero/releases" rel="noopener noreferrer">https://github.com/velero-io/velero/releases</a> </li> </ul> <h3> 🔹Install CLI </h3> <p><strong>Install CLI</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">VELERO_VERSION</span><span class="o">=</span>v1.18.0 <span class="c"># -- Download</span> <span class="nb">cd</span> /tmp wget https://github.com/vmware-tanzu/velero/releases/download/<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span>/velero-<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span><span class="nt">-linux-amd64</span>.tar.gz <span class="c"># -- Install</span> <span class="nb">ls</span> <span class="nt">-alh</span> velero-<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span><span class="nt">-linux-amd64</span>.tar.gz <span class="nb">tar</span> <span class="nt">-tvzf</span> velero-<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span><span class="nt">-linux-amd64</span>.tar.gz <span class="nb">tar</span> <span class="nt">-xvzf</span> velero-<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span><span class="nt">-linux-amd64</span>.tar.gz <span class="nb">sudo mv</span> <span class="nt">-v</span> velero-<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span><span class="nt">-linux-amd64</span>/velero /usr/local/bin/ <span class="c"># -- Clean Up</span> <span class="nb">rm</span> <span class="nt">-rf</span> /tmp/velero-<span class="k">${</span><span class="nv">VELERO_VERSION</span><span class="k">}</span><span class="nt">-linux-amd64</span><span class="k">*</span> </code></pre> </div> <p><strong>Check version</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>velero version <span class="nt">--client-only</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client: Version: v1.18.0 Git commit: 6adcf06b5b0e6fb93998d3e101e2cbdc134fa3c3 </code></pre> </div> <h3> 🔹Install Velero on k3s </h3> <p><strong>Path</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> ~/Documents/hetzner-k3s/edo </code></pre> </div> <p><strong>Env. variables</strong><br> See below .env file</p> <p><strong>Kubeconfig</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">source</span> .env <span class="nb">export </span><span class="nv">KUBECONFIG</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">HOME</span><span class="k">}</span><span class="s2">/.kube/config-</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">.yml"</span> </code></pre> </div> <p><strong>Check dependencies</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">"VER_PLUGIN_AZURE=</span><span class="nv">$VER_PLUGIN_AZURE</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_SUBSCRIPTION_ID=</span><span class="nv">$AZURE_SUBSCRIPTION_ID</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_TENANT_ID=</span><span class="nv">$AZURE_TENANT_ID</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_BACKUP_RESOURCE_GROUP=</span><span class="nv">$AZURE_BACKUP_RESOURCE_GROUP</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"BLOB_CONTAINER=</span><span class="nv">$BLOB_CONTAINER</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_STORAGE_ACCOUNT_ID=</span><span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span><span class="s2">"</span> <span class="nb">test</span> <span class="nt">-f</span> .credentials-velero <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"File exists: .credentials-velero"</span> <span class="o">||</span> f_error <span class="s2">"File .credentials-velero DOES NOT EXIST"</span> </code></pre> </div> <p><strong>Check installation</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">-n</span> velero get all </code></pre> </div> <p><strong>Check backupstoragelocation Available</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">-n</span> velero get backupstoragelocation default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.status.phase}'</span> kubectl <span class="nt">-n</span> velero get backupstoragelocation default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.status.phase}'</span> | <span class="nb">grep</span> <span class="nt">-qx</span> <span class="s1">'Available'</span> </code></pre> </div> <p><strong>Check Logs</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">-n</span> velero logs deployment/velero </code></pre> </div> <h3> 🔹List Backup </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">"----- List Velero Backups and Describe Last Backup ----------------------------"</span> <span class="nv">prev_count</span><span class="o">=</span>0 <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..30<span class="o">}</span><span class="p">;</span> <span class="k">do </span><span class="nv">curr_count</span><span class="o">=</span><span class="si">$(</span>velero backup get <span class="nt">-o</span> json 2&gt;/dev/null | jq <span class="s1">'[.items[] | select(.status.phase == "Completed")] | length'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nt">-gt</span> 0 <span class="o">&amp;&amp;</span> <span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nt">-eq</span> <span class="s2">"</span><span class="nv">$prev_count</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">break </span><span class="k">fi </span><span class="nv">prev_count</span><span class="o">=</span><span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Attempt </span><span class="nv">$i</span><span class="s2">: Found </span><span class="nv">$curr_count</span><span class="s2"> backups, waiting for sync to settle..."</span> <span class="nb">sleep </span>5 <span class="k">done </span>velero backup get <span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="o">=</span><span class="si">$(</span>velero backup get <span class="nt">-o</span> json 2&gt;/dev/null | <span class="se">\</span> jq <span class="nt">-r</span> <span class="s1">'[.items[] | select(.status.phase == "Completed")] | sort_by(.status.startTimestamp) | last | .metadata.name // empty'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">""</span> velero backup describe <span class="s2">"</span><span class="k">${</span><span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="c"># velero backup logs "${VELERO_LAST_BACKUP_NAME}"</span> <span class="nb">echo</span> <span class="s2">""</span> </code></pre> </div> <h2> 🔹File structure </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> <strong>File tree</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>├── cluster.yml # hetzner-k3s configuration file ├── .credentials-velero # AZIRE credentials for S3 ├── .env # Your configuration for init_cluster.sh ├── gateway-post.yml # k3s Gateway configuration ├── init_cluster.sh ├── kubeconfig # File create by hetzner-k3s --config. Don't use it ├── nginx.yml # Setup nginx reverse proxy for /promethes and /grafana ├── values_kube-prometheus-stack.yml # Prometheus/Grafana configuration └── values_traefik-default.yml # Traefik configuration </code></pre> </div> <h3> 🔹1. init_cluster.sh </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># -----------------------------------------------------------------------------</span> <span class="c"># FLOW:</span> <span class="c"># - Check for required arguments</span> <span class="c"># - Source .env config; define helper functions (f_error, f_az_login_check)</span> <span class="c"># If OPTION is "init" or "restore":</span> <span class="c"># - Create k3s cluster with hetzner-k3s</span> <span class="c"># - Get kubeconfig from cluster master and update server address to use public IP</span> <span class="c"># - Install Velero with Azure plugin</span> <span class="c"># If OPTION is "init":</span> <span class="c"># - Install Traefik (Gateway API mode)</span> <span class="c"># - Install kube-prometheus-stack with Helm</span> <span class="c"># - Deploy nginx reverse proxy (nginx.yml: Namespace, ConfigMap, Secret, Service, Deployment)</span> <span class="c"># - Post steps: generate self-signed TLS cert → secret tls-traefik; apply gateway-post.yml</span> <span class="c"># If OPTION is "delete":</span> <span class="c"># - Set all PVs to Retain</span> <span class="c"># - Create Velero backup (TTL 6 months)</span> <span class="c"># - Delete all servers (with confirmation prompt)</span> <span class="c"># If OPTION is "restore":</span> <span class="c"># - Wait for Velero to sync backups from Azure storage</span> <span class="c"># - Find latest completed backup</span> <span class="c"># - Create Velero restore (excludes: kube-system, kube-public, kube-node-lease, velero)</span> <span class="c"># If OPTION is "init" or"costs":</span> <span class="c"># - Print costs report (Hetzner servers + load balancers + volumes)</span> <span class="c"># Note: costs report also runs automatically at the end of "init"</span> <span class="c"># -----------------------------------------------------------------------------</span> <span class="c"># -- Check for required arguments ---------------------------------------------</span> <span class="c"># Cluster name</span> <span class="k">if</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-}</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: OPTION is required"</span> <span class="o">&gt;</span>&amp;2 <span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;init|delete|restore|costs&gt;"</span> <span class="o">&gt;</span>&amp;2 <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Power state must be 'on' or 'off'</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"init"</span> <span class="o">&amp;&amp;</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"delete"</span> <span class="o">&amp;&amp;</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"restore"</span> <span class="o">&amp;&amp;</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"costs"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: OPTION must be 'init', 'delete', 'restore' or 'costs', got '</span><span class="nv">$1</span><span class="s2">'"</span> <span class="o">&gt;</span>&amp;2 <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># -----------------------------------------------------------------------------</span> <span class="c"># -- Include Configs ----------------------------------------------------------</span> <span class="nv">CONFIG_FILE</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span><span class="nb">dirname</span> <span class="s2">"</span><span class="nv">$0</span><span class="s2">"</span><span class="si">)</span><span class="s2">/.env"</span> <span class="o">[[</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$CONFIG_FILE</span><span class="s2">"</span> <span class="o">]]</span> <span class="o">||</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"Error: </span><span class="nv">$CONFIG_FILE</span><span class="s2"> not found"</span><span class="p">;</span> <span class="nb">exit </span>1<span class="p">;</span> <span class="o">}</span> <span class="c"># shellcheck source=/dev/null</span> <span class="nb">source</span> <span class="s2">"</span><span class="nv">$CONFIG_FILE</span><span class="s2">"</span> <span class="c"># -----------------------------------------------------------------------------</span> <span class="c"># ----- f_error msg -----------------------------------------------------------</span> f_error<span class="o">()</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"*** Error: </span><span class="nv">$1</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="o">}</span> <span class="c"># -----------------------------------------------------------------------------</span> <span class="c"># ----- f_az_login_check ------------------------------------------------------</span> f_az_login_check<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span>current_subscription_id current_tenant_id <span class="nv">current_subscription_id</span><span class="o">=</span><span class="si">$(</span>az account show <span class="nt">--query</span> <span class="nb">id</span> <span class="nt">-o</span> tsv 2&gt;/dev/null<span class="si">)</span> <span class="nv">current_tenant_id</span><span class="o">=</span><span class="si">$(</span>az account show <span class="nt">--query</span> tenantId <span class="nt">-o</span> tsv 2&gt;/dev/null<span class="si">)</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$current_subscription_id</span><span class="s2">"</span> <span class="o">]]</span> <span class="o">&amp;&amp;</span> f_error <span class="s2">"Not logged into Azure. Run: az login"</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$current_subscription_id</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"</span><span class="nv">$AZURE_SUBSCRIPTION_ID</span><span class="s2">"</span> <span class="o">]]</span> <span class="o">&amp;&amp;</span> <span class="se">\</span> f_error <span class="s2">"Azure subscription mismatch: current=</span><span class="nv">$current_subscription_id</span><span class="s2">, expected=</span><span class="nv">$AZURE_SUBSCRIPTION_ID</span><span class="s2">"</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$current_tenant_id</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"</span><span class="nv">$AZURE_TENANT_ID</span><span class="s2">"</span> <span class="o">]]</span> <span class="o">&amp;&amp;</span> <span class="se">\</span> f_error <span class="s2">"Azure tenant mismatch: current=</span><span class="nv">$current_tenant_id</span><span class="s2">, expected=</span><span class="nv">$AZURE_TENANT_ID</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Azure login verified: subscription=</span><span class="nv">$current_subscription_id</span><span class="s2">, tenant=</span><span class="nv">$current_tenant_id</span><span class="s2">"</span> <span class="o">}</span> <span class="c"># -----------------------------------------------------------------------------</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"init"</span> <span class="o">||</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"restore"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then</span> <span class="c"># -- Create k3s -----------------------------------------------------------</span> hcloud context use edok3s <span class="o">||</span> f_error <span class="s2">"Failed to switch context to edok3s"</span> <span class="nb">echo</span> <span class="s2">"----- Hetzner Context List ---------------------------------------------------"</span> hcloud context list <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"----- Create Cluster ----------------------------------------------------------"</span> hetzner-k3s create <span class="nt">--config</span> &lt;<span class="o">(</span>envsubst &lt; cluster.yml<span class="o">)</span> <span class="o">||</span> f_error <span class="s2">"Failed to create cluster with hetzner-k3s"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- Kubeconf -------------------------------------------------------------</span> <span class="nv">IP_CLUSTER_MASTER</span><span class="o">=</span><span class="si">$(</span>hcloud server describe <span class="s2">"</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">"</span><span class="nt">-master1</span> <span class="nt">-o</span> <span class="nv">format</span><span class="o">=</span><span class="s1">'{{.PublicNet.IPv4.IP}}'</span><span class="si">)</span> <span class="c"># Get kubeconfig from cluster master and update server address to use public IP</span> ssh <span class="nt">-p</span> 8512 <span class="se">\</span> <span class="nt">-i</span> <span class="k">${</span><span class="nv">SSH_KEY</span><span class="k">}</span> <span class="se">\</span> <span class="nt">-o</span> <span class="nv">UserKnownHostsFile</span><span class="o">=</span>/dev/null <span class="se">\</span> <span class="nt">-o</span> <span class="nv">StrictHostKeyChecking</span><span class="o">=</span>no <span class="se">\</span> root@<span class="k">${</span><span class="nv">IP_CLUSTER_MASTER</span><span class="k">}</span> <span class="se">\</span> <span class="s1">'cat /etc/rancher/k3s/k3s.yaml'</span> <span class="se">\</span> | <span class="nb">sed</span> <span class="s2">"s%server: https://127.0.0.1:6443%server: https://</span><span class="k">${</span><span class="nv">IP_CLUSTER_MASTER</span><span class="k">}</span><span class="s2">:6443%g"</span> <span class="se">\</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="k">${</span><span class="nv">HOME</span><span class="k">}</span><span class="s2">/.kube/config-</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">"</span>.yml <span class="nb">echo</span> <span class="s2">"----- Kubeconfig --------------------------------------------------------------"</span> <span class="nb">cat</span> <span class="k">${</span><span class="nv">HOME</span><span class="k">}</span>/.kube/config-<span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span>.yml <span class="nb">export </span><span class="nv">KUBECONFIG</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">HOME</span><span class="k">}</span><span class="s2">/.kube/config-</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">.yml"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"----- Test kubectl ------------------------------------------------------------"</span> <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..5<span class="o">}</span><span class="p">;</span> <span class="k">do </span>kubectl get all <span class="nt">-A</span> <span class="o">&amp;&amp;</span> <span class="nb">break</span> <span class="o">||</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"Attempt </span><span class="nv">$i</span><span class="s2">/5 failed, retrying in 3s..."</span><span class="p">;</span> <span class="nb">sleep </span>3<span class="p">;</span> <span class="o">}</span> <span class="k">done</span> <span class="o">||</span> f_error <span class="s2">"Failed to get all resources in cluster with kubectl"</span> kubectl version <span class="o">||</span> f_error <span class="s2">"Failed to connect to cluster with kubectl"</span> <span class="c"># -- Set pool=master label for control-plane nodes</span> kubectl get nodes <span class="nt">-l</span> node-role.kubernetes.io/control-plane <span class="se">\</span> <span class="nt">-o</span> name | xargs <span class="nt">-I</span><span class="o">{}</span> kubectl label <span class="o">{}</span> <span class="nv">pool</span><span class="o">=</span>master <span class="nt">--overwrite</span> <span class="o">||</span> f_error <span class="s2">"Failed to label control-plane nodes with pool=master"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- VELERO Install -------------------------------------------------------</span> <span class="nb">echo</span> <span class="s2">"VER_PLUGIN_AZURE=</span><span class="nv">$VER_PLUGIN_AZURE</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_SUBSCRIPTION_ID=</span><span class="nv">$AZURE_SUBSCRIPTION_ID</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_TENANT_ID=</span><span class="nv">$AZURE_TENANT_ID</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_BACKUP_RESOURCE_GROUP=</span><span class="nv">$AZURE_BACKUP_RESOURCE_GROUP</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"BLOB_CONTAINER=</span><span class="nv">$BLOB_CONTAINER</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"AZURE_STORAGE_ACCOUNT_ID=</span><span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span><span class="s2">"</span> <span class="nb">test</span> <span class="nt">-f</span> .credentials-velero <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"File exists: .credentials-velero"</span> <span class="o">||</span> f_error <span class="s2">"File .credentials-velero DOES NOT EXIST"</span> velero <span class="nb">install</span> <span class="se">\</span> <span class="nt">--provider</span> azure <span class="se">\</span> <span class="nt">--plugins</span> velero/velero-plugin-for-microsoft-azure:<span class="s2">"</span><span class="nv">$VER_PLUGIN_AZURE</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--bucket</span> <span class="s2">"</span><span class="nv">$BLOB_CONTAINER</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--secret-file</span> .credentials-velero <span class="se">\</span> <span class="nt">--backup-location-config</span> <span class="s2">"storageAccount=</span><span class="nv">$AZURE_STORAGE_ACCOUNT_ID</span><span class="s2">,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY,subscriptionId=</span><span class="nv">$AZURE_SUBSCRIPTION_ID</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--use-volume-snapshots</span><span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--wait</span> <span class="o">||</span> f_error <span class="s2">"Failed to install Velero with Azure plugin"</span> <span class="c"># -- Add nodeSelector for Velero</span> kubectl patch deployment velero <span class="nt">-n</span> velero <span class="nt">-p</span> <span class="se">\</span> <span class="s1">'{"spec": {"template": {"spec": {"nodeSelector": {"pool": "master"}}}}}'</span> kubectl <span class="nt">-n</span> velero get all <span class="k">if </span>kubectl <span class="nt">-n</span> velero get backupstoragelocation default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.status.phase}'</span> | <span class="nb">grep</span> <span class="nt">-qx</span> <span class="s1">'Available'</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Velero backupstoragelocation Available"</span> <span class="k">else </span>kubectl <span class="nt">-n</span> velero logs deployment/velero f_error <span class="s2">"Velero backupstoragelocation Not Available"</span> <span class="k">fi</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="k">fi</span> <span class="c">###### OPTION: init ##################################################################################################</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"init"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then</span> <span class="c"># -- 01 FUNCTION: Traefik Install -----------------------------------------</span> f_Traefik<span class="o">()</span> <span class="o">{</span> helm repo add traefik https://traefik.github.io/charts helm repo update <span class="c"># -- Gateway API CRDs (required; chart no longer ships them in future versions)</span> kubectl apply <span class="nt">--server-side</span> <span class="nt">-f</span> https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml <span class="o">||</span> f_error <span class="s2">"Failed to install Gateway API CRDs"</span> <span class="c"># -- Install Traefik with custom values</span> <span class="c"># --skip-crds \</span> helm upgrade <span class="nt">--install</span> traefik traefik/traefik <span class="se">\</span> <span class="nt">-n</span> traefik <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--wait</span> <span class="nt">--timeout</span> 5m <span class="se">\</span> <span class="nt">-f</span> &lt;<span class="o">(</span>envsubst &lt; <span class="s2">"</span><span class="si">$(</span><span class="nb">dirname</span> <span class="s2">"</span><span class="nv">$0</span><span class="s2">"</span><span class="si">)</span><span class="s2">/values_traefik-default.yml"</span><span class="o">)</span> <span class="o">||</span> f_error <span class="s2">"Failed to install Traefik with Helm"</span> <span class="nb">echo</span> <span class="s2">"----- Check Traefik status ----------------------------------------------------"</span> kubectl <span class="nt">-n</span> traefik get all <span class="nb">echo</span> <span class="s2">"----- Check CRDs Gateway ------------------------------------------------------"</span> kubectl get crd | <span class="nb">grep </span>gateway.networking.k8s.io <span class="nb">echo</span> <span class="s2">" ----- Check Gatewayclass ------------------------------------------------------"</span> kubectl get gatewayclass <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- 02 FUNCTION: PROMETHESU/GRAFANA stack Install ------------------------</span> f_Prometheus_Stack<span class="o">()</span> <span class="o">{</span> helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update <span class="nb">echo</span> <span class="s2">"----- List available versions of kube-prometheus-stack ------------------------"</span> helm search repo prometheus-community/kube-prometheus-stack <span class="nt">--versions</span> | <span class="nb">head</span> <span class="nt">-n</span> 20 <span class="nb">echo</span> <span class="s2">""</span> <span class="c"># -- Install kube-prometheus-stack with custom values</span> helm upgrade <span class="nt">--install</span> <span class="se">\</span> <span class="nt">--version</span> <span class="s2">"</span><span class="k">${</span><span class="nv">VER_PROMETHEUS_STACK</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-n</span> monitoring <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--wait</span> <span class="nt">--timeout</span> 5m <span class="se">\</span> kube-prometheus-stack prometheus-community/kube-prometheus-stack <span class="se">\</span> <span class="nt">-f</span> &lt;<span class="o">(</span>envsubst &lt; <span class="s2">"</span><span class="si">$(</span><span class="nb">dirname</span> <span class="s2">"</span><span class="nv">$0</span><span class="s2">"</span><span class="si">)</span><span class="s2">/values_kube-prometheus-stack.yml"</span><span class="o">)</span> <span class="o">||</span> f_error <span class="s2">"Failed to install kube-prometheus-stack with Helm"</span> <span class="nb">echo</span> <span class="s2">"----- Check kube-prometheus-stack status --------------------------------------"</span> kubectl <span class="nt">--namespace</span> monitoring get all <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- 03 FUNCTION: Nginx ---------------------------------------------------</span> f_Nginx<span class="o">()</span> <span class="o">{</span> <span class="c"># envsubst with explicit var list — expands only ${PASSWORD_GUI}, leaves nginx $host/$remote_addr etc. untouched</span> kubectl apply <span class="nt">-f</span> &lt;<span class="o">(</span>envsubst <span class="s1">'${PASSWORD_GUI}'</span> &lt; <span class="s2">"</span><span class="si">$(</span><span class="nb">dirname</span> <span class="s2">"</span><span class="nv">$0</span><span class="s2">"</span><span class="si">)</span><span class="s2">/nginx.yml"</span><span class="o">)</span> <span class="o">||</span> f_error <span class="s2">"Failed to apply Nginx"</span> <span class="nb">echo</span> <span class="s2">"----- Check Nginx status ------------------------------------------------------"</span> kubectl <span class="nt">-n</span> nginx get all <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- FUNCTION: Post Restore Steps -----------------------------------------</span> f_Post_Restore<span class="o">()</span> <span class="o">{</span> <span class="c"># -- Generate cert ----------------------</span> <span class="nb">echo</span> <span class="s2">"*** Generate TLS cert for Traefik with CN=</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2"> and SAN DNS:</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2"> ..."</span> openssl req <span class="nt">-x509</span> <span class="nt">-nodes</span> <span class="nt">-days</span> 3650 <span class="se">\</span> <span class="nt">-newkey</span> rsa:2048 <span class="se">\</span> <span class="nt">-keyout</span> tls.key <span class="nt">-out</span> tls.crt <span class="se">\</span> <span class="nt">-subj</span> <span class="s2">"/CN=</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-addext</span> <span class="s2">"subjectAltName=DNS:</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="c"># -- Create the secret Traefik expects</span> kubectl create secret tls tls-traefik <span class="se">\</span> <span class="nt">-n</span> traefik <span class="se">\</span> <span class="nt">--cert</span><span class="o">=</span>tls.crt <span class="se">\</span> <span class="nt">--key</span><span class="o">=</span>tls.key <span class="c"># -- Cleanup</span> <span class="nb">rm </span>tls.key tls.crt <span class="c"># ---------------------------------------</span> <span class="nb">echo</span> <span class="s2">"*** Post restore steps for cluster </span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2"> ..."</span> kubectl apply <span class="nt">-f</span> &lt;<span class="o">(</span>envsubst &lt; <span class="s2">"</span><span class="si">$(</span><span class="nb">dirname</span> <span class="s2">"</span><span class="nv">$0</span><span class="s2">"</span><span class="si">)</span><span class="s2">/gateway-post.yml"</span><span class="o">)</span> <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> f_Traefik f_Prometheus_Stack f_Nginx f_Post_Restore <span class="k">fi</span> <span class="c">###### OPTION: delete ################################################################################################</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"delete"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">export </span><span class="nv">KUBECONFIG</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">HOME</span><span class="k">}</span><span class="s2">/.kube/config-</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">.yml"</span> <span class="c"># -- FUNCTION: Set All PV Retain -----------------------------------------</span> f_Set_All_PV_Retain<span class="o">()</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"*** Set all PVs to Retain for cluster </span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2"> ..."</span> kubectl get pv <span class="nt">-o</span> name | xargs <span class="nt">-I</span><span class="o">{}</span> kubectl patch <span class="o">{}</span> <span class="se">\</span> <span class="nt">-p</span> <span class="s1">'{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'</span> <span class="o">||</span> f_error <span class="s2">"Failed to patch PVs"</span> <span class="nb">echo</span> <span class="s2">"----- Get PV ------------------------------------------------------------------"</span> kubectl get pv <span class="nb">echo</span> <span class="s2">""</span> kubectl get pv <span class="nt">-o</span> custom-columns<span class="o">=</span>NAME:.metadata.name,RECLAIM:.spec.persistentVolumeReclaimPolicy,HETZNER:.spec.csi.volumeHandle <span class="nb">echo</span> <span class="s2">""</span> <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- FUNCTION: Velero Backup ----------------------------------------------</span> f_Velero_Backup<span class="o">()</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"*** Create Velero backup for cluster </span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2"> ..."</span> <span class="c"># 6 months</span> velero backup create <span class="s2">"</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">-backup-</span><span class="si">$(</span><span class="nb">date</span> +%Y%m%d-%H%M<span class="si">)</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--include-cluster-resources</span><span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--include-namespaces</span> <span class="s2">"*"</span> <span class="se">\</span> <span class="nt">--ttl</span> 4380h <span class="nt">--wait</span> <span class="o">||</span> f_error <span class="s2">"Failed to create Velero backup for cluster </span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"----- List Velero Backups and Describe Last Backup ----------------------------"</span> <span class="nv">prev_count</span><span class="o">=</span>0 <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..30<span class="o">}</span><span class="p">;</span> <span class="k">do </span><span class="nv">curr_count</span><span class="o">=</span><span class="si">$(</span>velero backup get <span class="nt">-o</span> json 2&gt;/dev/null | jq <span class="s1">'[.items[] | select(.status.phase == "Completed")] | length'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nt">-gt</span> 0 <span class="o">&amp;&amp;</span> <span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nt">-eq</span> <span class="s2">"</span><span class="nv">$prev_count</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">break </span><span class="k">fi </span><span class="nv">prev_count</span><span class="o">=</span><span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Attempt </span><span class="nv">$i</span><span class="s2">: Found </span><span class="nv">$curr_count</span><span class="s2"> backups, waiting for sync to settle..."</span> <span class="nb">sleep </span>5 <span class="k">done </span>velero backup get <span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="o">=</span><span class="si">$(</span>velero backup get <span class="nt">-o</span> json 2&gt;/dev/null | <span class="se">\</span> jq <span class="nt">-r</span> <span class="s1">'[.items[] | select(.status.phase == "Completed")] | sort_by(.status.startTimestamp) | last | .metadata.name // empty'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">""</span> velero backup describe <span class="s2">"</span><span class="k">${</span><span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="c"># velero backup logs "${VELERO_LAST_BACKUP_NAME}"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> <span class="c"># -- FUNCTION: Delete all servers in current project ----------------------</span> f_Delete_Server<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span>servers <span class="nv">servers</span><span class="o">=</span><span class="si">$(</span>hcloud server list <span class="nt">-o</span> noheader <span class="nt">-o</span> <span class="nv">columns</span><span class="o">=</span>name<span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$servers</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"*** No servers found in current project"</span> <span class="k">return fi </span><span class="nb">echo</span> <span class="s2">"*** Servers to delete:"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$servers</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">read</span> <span class="nt">-r</span> <span class="nt">-p</span> <span class="s2">"Delete all servers listed above? [y/N] "</span> reply <span class="o">[[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">reply</span><span class="p">,,</span><span class="k">}</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"y"</span> <span class="o">]]</span> <span class="o">||</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"Aborted."</span><span class="p">;</span> <span class="k">return</span><span class="p">;</span> <span class="o">}</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span> <span class="nb">read</span> <span class="nt">-r</span> server<span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"*** Deleting server: </span><span class="nv">$server</span><span class="s2"> ..."</span> hcloud server delete <span class="s2">"</span><span class="nv">$server</span><span class="s2">"</span> <span class="o">||</span> <span class="nb">echo</span> <span class="s2">"Warning: failed to delete </span><span class="nv">$server</span><span class="s2">"</span> &amp; <span class="k">done</span> <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$servers</span><span class="s2">"</span> <span class="nb">wait</span> <span class="o">}</span> <span class="c"># -------------------------------------------------------------------------</span> f_Set_All_PV_Retain f_Velero_Backup f_Delete_Server master1 <span class="k">fi</span> <span class="c">###### OPTION: restore ###############################################################################################</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"restore"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"*** Waiting for Velero to discover backups from Azure storage ..."</span> <span class="nv">prev_count</span><span class="o">=</span>0 <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..30<span class="o">}</span><span class="p">;</span> <span class="k">do </span><span class="nv">curr_count</span><span class="o">=</span><span class="si">$(</span>velero backup get <span class="nt">-o</span> json 2&gt;/dev/null | jq <span class="s1">'[.items[] | select(.status.phase == "Completed")] | length'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nt">-gt</span> 0 <span class="o">&amp;&amp;</span> <span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nt">-eq</span> <span class="s2">"</span><span class="nv">$prev_count</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">break </span><span class="k">fi </span><span class="nv">prev_count</span><span class="o">=</span><span class="s2">"</span><span class="nv">$curr_count</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Attempt </span><span class="nv">$i</span><span class="s2">: Found </span><span class="nv">$curr_count</span><span class="s2"> backups, waiting for sync to settle..."</span> <span class="nb">sleep </span>5 <span class="k">done </span><span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="o">=</span><span class="si">$(</span>velero backup get <span class="nt">-o</span> json 2&gt;/dev/null | <span class="se">\</span> jq <span class="nt">-r</span> <span class="s1">'[.items[] | select(.status.phase == "Completed")] | sort_by(.status.startTimestamp) | last | .metadata.name // empty'</span><span class="si">)</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$VELERO_LAST_BACKUP_NAME</span><span class="s2">"</span> <span class="o">]]</span> <span class="o">&amp;&amp;</span> f_error <span class="s2">"No Velero backups found after waiting"</span> <span class="nb">echo</span> <span class="s2">"Found backup: </span><span class="k">${</span><span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"----- Get All Velero Backups --------------------------------------------------"</span> velero get backup <span class="nb">echo</span> <span class="s2">"*** Create Velero restore for cluster </span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2"> from backup </span><span class="k">${</span><span class="nv">VELERO_LAST_BACKUP_NAME</span><span class="k">}</span><span class="s2"> ..."</span> velero restore create <span class="s2">"</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">-restore-</span><span class="si">$(</span><span class="nb">date</span> +%Y%m%d-%H%M<span class="si">)</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--from-backup</span> <span class="s2">"</span><span class="nv">$VELERO_LAST_BACKUP_NAME</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--include-cluster-resources</span><span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--exclude-namespaces</span> kube-system,kube-public,kube-node-lease,velero <span class="se">\</span> <span class="nt">--wait</span> <span class="o">||</span> f_error <span class="s2">"Failed to create Velero restore"</span> <span class="k">fi</span> <span class="c">###### OPTIN: costs ##################################################################################################</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"init"</span> <span class="o">||</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"costs"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nv">IP_CLUSTER_MASTER</span><span class="o">=</span><span class="si">$(</span>hcloud server describe <span class="s2">"</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">"</span><span class="nt">-master1</span> <span class="nt">-o</span> <span class="nv">format</span><span class="o">=</span><span class="s1">'{{.PublicNet.IPv4.IP}}'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Kubernetes </span><span class="nv">$CLUSTER_NAME</span><span class="s2"> Master IP address: </span><span class="nv">$IP_CLUSTER_MASTER</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nv">PRICE_PER_GB_MO_NET</span><span class="o">=</span><span class="s2">"0.044"</span> <span class="o">{</span> <span class="nb">printf</span> <span class="s2">"%-8s %-10s %-42s %-12s %5s %7s %-6s %10s %10s</span><span class="se">\n</span><span class="s2">"</span> <span class="se">\</span> <span class="s2">"TYPE"</span> <span class="s2">"ID"</span> <span class="s2">"NAME"</span> <span class="s2">"MODEL"</span> <span class="s2">"CPU"</span> <span class="s2">"RAM_GB"</span> <span class="s2">"SITE"</span> <span class="s2">"PRICE/h"</span> <span class="s2">"PRICE/MO"</span> <span class="o">{</span> jq <span class="nt">-s</span> <span class="nt">-r</span> <span class="s1">' .[0] as $servers | .[1] as $types | $servers[] as $s | ($s.datacenter.location.name // $s.location.name) as $loc | ($types[] | select(.id == $s.server_type.id)) as $t | ($t.prices[] | select(.location == $loc)) as $p | [ "SERVER", $s.id, $s.name, $t.name, $t.cores, $t.memory, $loc, $p.price_hourly.net, $p.price_monthly.net ] | @tsv '</span> <span class="se">\</span> &lt;<span class="o">(</span>hcloud server list <span class="nt">-o</span> json<span class="o">)</span> <span class="se">\</span> &lt;<span class="o">(</span>hcloud server-type list <span class="nt">-o</span> json<span class="o">)</span> jq <span class="nt">-s</span> <span class="nt">-r</span> <span class="s1">' .[0] as $lbs | .[1] as $types | $lbs[] as $lb | ($lb.location.name) as $loc | ($types[] | select(.id == $lb.load_balancer_type.id)) as $t | ($t.prices[] | select(.location == $loc)) as $p | [ "LB", $lb.id, $lb.name, $t.name, "-", "-", $loc, $p.price_hourly.net, $p.price_monthly.net ] | @tsv '</span> <span class="se">\</span> &lt;<span class="o">(</span>hcloud load-balancer list <span class="nt">-o</span> json<span class="o">)</span> <span class="se">\</span> &lt;<span class="o">(</span>hcloud load-balancer-type list <span class="nt">-o</span> json<span class="o">)</span> hcloud volume list <span class="nt">-o</span> json | jq <span class="nt">-r</span> <span class="s1">' .[] | [ "VOLUME", .id, .name, ((.size | tostring) + "GB"), "-", .size, (.location.name // "-"), "0", "0" ] | @tsv '</span> | <span class="nv">LC_ALL</span><span class="o">=</span>C <span class="nb">awk</span> <span class="nt">-F</span> <span class="s1">'\t'</span> <span class="nt">-v</span> <span class="nv">price_gb_mo</span><span class="o">=</span><span class="s2">"</span><span class="nv">$PRICE_PER_GB_MO_NET</span><span class="s2">"</span> <span class="s1">' { size = $6 + 0 price_mo = size * price_gb_mo price_h = price_mo / 730 printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%.4f\t%.2f\n", $1, $2, $3, $4, $5, $6, $7, price_h, price_mo } '</span> <span class="o">}</span> | <span class="nv">LC_ALL</span><span class="o">=</span>C <span class="nb">awk</span> <span class="nt">-F</span> <span class="s1">'\t'</span> <span class="s1">' { printf "%-8s %-10s %-42s %-12s %5s %7s %-6s %10.4f %10.2f\n", $1, $2, $3, $4, $5, $6, $7, $8 + 0, $9 + 0 } '</span> <span class="o">}</span> <span class="k">fi</span> </code></pre> </div> <h3> 🔹2. .env </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># -- Configuration ------------------------------------------------------------</span> <span class="nb">export </span><span class="nv">CLUSTER_NAME</span><span class="o">=</span>edok3s <span class="c"># Cluster name, Basic Auth Password "!${CLUSTER_NAME}!"</span> <span class="nb">export </span><span class="nv">SSH_KEY</span><span class="o">=</span><span class="s1">'/mnt/aaa/bbb/.ssh/id_ed25519_ccc'</span> <span class="c"># SSH key access to cluster nodes, must be added to Hetzner project</span> <span class="nb">export </span><span class="nv">PASSWORD_GUI</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>htpasswd <span class="nt">-nbBC</span> 10 admin <span class="s1">'!'</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s1">'!'</span><span class="si">)</span><span class="s2">"</span> <span class="c"># Password for Nginx Basic Auth</span> <span class="c"># az login</span> <span class="c"># AZURE_SUBSCRIPTION_ID=$(az account list --all --query '[?isDefault].id' -o tsv)</span> <span class="c"># AZURE_TENANT_ID=$(az account list --all --query '[?isDefault].tenantId' -o tsv)</span> <span class="c"># AZURE_BACKUP_RESOURCE_GROUP=velero</span> <span class="c"># BLOB_CONTAINER=edok3s</span> <span class="c"># AZURE_STORAGE_ACCOUNT_ID="velero$(uuidgen | cut -d '-' -f5 | tr '[A-Z]' '[a-z]')"</span> <span class="c"># Release: https://github.com/velero-io/velero-plugin-for-microsoft-azure/releases</span> <span class="nb">export </span><span class="nv">VER_PLUGIN_AZURE</span><span class="o">=</span><span class="s1">'v1.14.0'</span> <span class="nb">export </span><span class="nv">AZURE_SUBSCRIPTION_ID</span><span class="o">=</span><span class="s1">'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'</span> <span class="nb">export </span><span class="nv">AZURE_TENANT_ID</span><span class="o">=</span><span class="s1">'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy'</span> <span class="nb">export </span><span class="nv">AZURE_BACKUP_RESOURCE_GROUP</span><span class="o">=</span><span class="s1">'velero'</span> <span class="nb">export </span><span class="nv">BLOB_CONTAINER</span><span class="o">=</span><span class="s1">'edok3s'</span> <span class="nb">export </span><span class="nv">AZURE_STORAGE_ACCOUNT_ID</span><span class="o">=</span><span class="s1">'velero44dfh567h5gh'</span> <span class="nb">export </span><span class="nv">VER_PROMETHEUS_STACK</span><span class="o">=</span><span class="s1">'84.5.0'</span> <span class="c"># -----------------------------------------------------------------------------</span> </code></pre> </div> <h3> 🔹3. cluster.yml </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Quick Start: https://github.com/vitobotta/hetzner-k3s#quick-start</span> <span class="c1"># Full cluster.yaml: https://vitobotta.github.io/hetzner-k3s/Creating_a_cluster/</span> <span class="c1"># hetzner-k3s create --config cluster.yml</span> <span class="na">hetzner_token</span><span class="pi">:</span> <span class="s">gfghxdhdgh01OwjffjjwugQ0G6kkhkheo01d4huI7T8p7Px1kcLpmgV3gnkGX965430FLDu58wqUe3VAs</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">${CLUSTER_NAME}</span> <span class="c1"># Add name same as Hetzner project name</span> <span class="na">kubeconfig_path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">./kubeconfig"</span> <span class="na">k3s_version</span><span class="pi">:</span> <span class="s">v1.35.3+k3s1</span> <span class="c1"># https://github.com/k3s-io/k3s/releases | https://docs.k3s.io/</span> <span class="na">networking</span><span class="pi">:</span> <span class="na">ssh</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8512</span> <span class="na">use_agent</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># set to true if your key has a passphrase</span> <span class="na">use_private_ip</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># set to true to connect to nodes via their private IPs</span> <span class="na">public_key_path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${SSH_KEY}.pub"</span> <span class="na">private_key_path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${SSH_KEY}"</span> <span class="na">allowed_networks</span><span class="pi">:</span> <span class="na">ssh</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">78.79.224.0/19</span> <span class="c1"># My1</span> <span class="pi">-</span> <span class="s">1.2.3.4/32</span> <span class="c1"># My2</span> <span class="c1"># - 0.0.0.0</span> <span class="na">api</span><span class="pi">:</span> <span class="c1"># this will firewall port 6443 on the nodes</span> <span class="pi">-</span> <span class="s">78.79.224.0/19</span> <span class="c1"># My1</span> <span class="pi">-</span> <span class="s">1.2.3.4/32</span> <span class="c1"># MY2</span> <span class="c1"># - 0.0.0.0</span> <span class="c1"># OPTIONAL: define extra inbound/outbound firewall rules.</span> <span class="c1"># Each entry supports the following keys:</span> <span class="c1"># description (string, optional)</span> <span class="c1"># direction (in | out, default: in)</span> <span class="c1"># protocol (tcp | udp | icmp | esp | gre, default: tcp)</span> <span class="c1"># port (single port "80", port range "30000-32767", or "any") – only relevant for tcp/udp</span> <span class="c1"># source_ips (array of CIDR blocks) – required when direction is in</span> <span class="c1"># destination_ips (array of CIDR blocks) – required when direction is out</span> <span class="c1">#</span> <span class="c1"># IMPORTANT: Outbound traffic is allowed by default (implicit allow-all).</span> <span class="c1"># If you add **any** outbound rule (direction: out), Hetzner Cloud switches</span> <span class="c1"># the outbound chain to an implicit **deny-all**; only traffic matching your</span> <span class="c1"># outbound rules will be permitted. Define outbound rules carefully to avoid</span> <span class="c1"># accidentally blocking required egress (DNS, updates, etc.).</span> <span class="c1"># NOTE: Hetzner Cloud Firewalls support **max 50 entries per firewall**. The built-</span> <span class="c1"># in rules (SSH, ICMP, node-port ranges, etc.) use ~10 slots. If the sum of the</span> <span class="c1"># default rules plus your custom ones exceeds 50, hetzner-k3s will abort with</span> <span class="c1"># an error.</span> <span class="na">custom_firewall_rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Allow</span><span class="nv"> </span><span class="s">MY</span><span class="nv"> </span><span class="s">own</span><span class="nv"> </span><span class="s">IP"</span> <span class="na">direction</span><span class="pi">:</span> <span class="s">in</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">443"</span> <span class="na">source_ips</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">78.79.224.0/19</span> <span class="pi">-</span> <span class="s">1.2.3.4/32</span> <span class="c1"># -- List Cloudflare public Ipv4 addresses</span> <span class="c1"># curl -s https://www.cloudflare.com/ips-v4 \</span> <span class="c1"># | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 \</span> <span class="c1"># | awk 'BEGIN {</span> <span class="c1"># print " - description: \"Allow Cloudflare HTTPS IPv4\""</span> <span class="c1"># print " direction: in"</span> <span class="c1"># print " protocol: tcp"</span> <span class="c1"># print " port: \"443\""</span> <span class="c1"># print " source_ips:"</span> <span class="c1"># } /^[0-9]/ { print " - " $0 }'</span> <span class="pi">-</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Allow</span><span class="nv"> </span><span class="s">Cloudflare</span><span class="nv"> </span><span class="s">HTTPS</span><span class="nv"> </span><span class="s">IPv4"</span> <span class="na">direction</span><span class="pi">:</span> <span class="s">in</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">443"</span> <span class="na">source_ips</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">103.21.244.0/22</span> <span class="pi">-</span> <span class="s">103.22.200.0/22</span> <span class="pi">-</span> <span class="s">103.31.4.0/22</span> <span class="pi">-</span> <span class="s">104.16.0.0/13</span> <span class="pi">-</span> <span class="s">104.24.0.0/14</span> <span class="pi">-</span> <span class="s">108.162.192.0/18</span> <span class="pi">-</span> <span class="s">131.0.72.0/22</span> <span class="pi">-</span> <span class="s">141.101.64.0/18</span> <span class="pi">-</span> <span class="s">162.158.0.0/15</span> <span class="pi">-</span> <span class="s">172.64.0.0/13</span> <span class="pi">-</span> <span class="s">173.245.48.0/20</span> <span class="pi">-</span> <span class="s">188.114.96.0/20</span> <span class="pi">-</span> <span class="s">190.93.240.0/20</span> <span class="pi">-</span> <span class="s">197.234.240.0/22</span> <span class="pi">-</span> <span class="s">198.41.128.0/17</span> <span class="c1"># - description: "Allow HTTP from any IPv4"</span> <span class="c1"># direction: in</span> <span class="c1"># protocol: tcp</span> <span class="c1"># port: 80</span> <span class="c1"># source_ips:</span> <span class="c1"># - 0.0.0.0/0</span> <span class="c1"># - description: "UDP game servers (outbound)"</span> <span class="c1"># direction: out</span> <span class="c1"># protocol: udp</span> <span class="c1"># port: 60000-60100</span> <span class="c1"># destination_ips:</span> <span class="c1"># - 203.0.113.0/24</span> <span class="na">node_port_firewall_enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># optional: set false to disable NodePort firewall rules (TCP/UDP)</span> <span class="c1"># node_port_range: "30000-32767" # optional: NodePort range to open on firewalls (TCP/UDP)</span> <span class="na">public_network</span><span class="pi">:</span> <span class="na">ipv4</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">ipv6</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># hetzner_ips_query_server_url: https://.. # for large clusters, see https://github.com/vitobotta/hetzner-k3s/blob/main/docs/Recommendations.md</span> <span class="c1"># use_local_firewall: false # for large clusters, see https://github.com/vitobotta/hetzner-k3s/blob/main/docs/Recommendations.md</span> <span class="na">private_network</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">subnet</span><span class="pi">:</span> <span class="s">10.0.0.0/16</span> <span class="na">existing_network_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cni</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">encryption</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">flannel</span> <span class="na">cilium</span><span class="pi">:</span> <span class="c1"># Optional: specify a path to a custom values file for Cilium Helm chart</span> <span class="c1"># When specified, this file will be used instead of the default values</span> <span class="c1"># helm_values_path: "./cilium-values.yaml"</span> <span class="c1"># chart_version: "v1.17.2"</span> <span class="c1"># cluster_cidr: 10.244.0.0/16 # optional: a custom IPv4/IPv6 network CIDR to use for pod IPs</span> <span class="c1"># service_cidr: 10.43.0.0/16 # optional: a custom IPv4/IPv6 network CIDR to use for service IPs. Warning, if you change this, you should also change cluster_dns!</span> <span class="c1"># cluster_dns: 10.43.0.10 # optional: IPv4 Cluster IP for coredns service. Needs to be an address from the service_cidr range</span> <span class="na">datastore</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">etcd</span> <span class="c1"># etcd (default) or external</span> <span class="na">external_datastore_endpoint</span><span class="pi">:</span> <span class="s">postgres://....</span> <span class="c1"># etcd:</span> <span class="c1"># # etcd snapshot configuration (optional)</span> <span class="c1"># snapshot_retention: 24</span> <span class="c1"># snapshot_schedule_cron: "0 * * * *"</span> <span class="c1">#</span> <span class="c1"># # S3 snapshot configuration (optional)</span> <span class="c1"># s3_enabled: false</span> <span class="c1"># s3_endpoint: "" # Can also be set with ETCD_S3_ENDPOINT environment variable</span> <span class="c1"># s3_region: "" # Can also be set with ETCD_S3_REGION environment variable</span> <span class="c1"># s3_bucket: "" # Can also be set with ETCD_S3_BUCKET environment variable</span> <span class="c1"># s3_access_key: "" # Can also be set with ETCD_S3_ACCESS_KEY environment variable</span> <span class="c1"># s3_secret_key: "" # Can also be set with ETCD_S3_SECRET_KEY environment variable</span> <span class="c1"># s3_folder: ""</span> <span class="c1"># s3_force_path_style: false</span> <span class="na">schedule_workloads_on_masters</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># set to true to allow pods to be scheduled on master nodes (useful for small clusters) | Single instance cluster</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ubuntu-24.04</span> <span class="c1"># optional: default is ubuntu-24.04 | hcloud image list | awk 'NR==1{print; next} {print | "sort -k3,3"}'</span> <span class="c1"># autoscaling_image: 103908130 # optional, defaults to the `image` setting</span> <span class="c1"># snapshot_os: microos # optional: specified the os type when using a custom snapshot</span> <span class="na">masters_pool</span><span class="pi">:</span> <span class="c1"># cpx22 shared 2cpu/4GB/80GB</span> <span class="c1"># cpx32 shared 4cpu/16GB/160GB</span> <span class="na">instance_type</span><span class="pi">:</span> <span class="s">cpx22</span> <span class="c1"># hcloud server-type list | grep -E "ID|shared" | grep -v arm</span> <span class="na">instance_count</span><span class="pi">:</span> <span class="m">1</span> <span class="c1"># for HA; you can also create a single master cluster for dev and testing (not recommended for production)</span> <span class="na">locations</span><span class="pi">:</span> <span class="c1"># You can choose a single location for single master clusters or if you prefer to have all masters in the same location. For regional clusters (which are only available in the eu-central network zone), each master needs to be placed in a separate location.</span> <span class="pi">-</span> <span class="s">fsn1</span> <span class="c1"># - hel1</span> <span class="c1"># - nbg1</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ubuntu-24.04</span> <span class="na">worker_node_pools</span><span class="pi">:</span> <span class="pi">[]</span> <span class="c1"># Single instance Cluster</span> <span class="c1"># worker_node_pools:</span> <span class="c1"># - name: default</span> <span class="c1"># # hcloud server-type list | grep -v arm | grep fsn1</span> <span class="c1"># instance_type: cpx22</span> <span class="c1"># instance_count: 2</span> <span class="c1"># location: fsn1</span> <span class="c1"># image: ubuntu-24.04</span> <span class="c1"># labels: # Kubernetes labels to apply to nodes in this pool (for node selection in workloads)</span> <span class="c1"># - key: pool</span> <span class="c1"># value: default</span> <span class="c1"># # taints: # Kubernetes taints to apply to nodes in this pool (to repel pods unless they tolerate the taint)</span> <span class="c1"># # - key: something</span> <span class="c1"># # value: value1:NoSchedule</span> <span class="c1"># # - name: medium-autoscaled</span> <span class="c1"># # instance_type: cpx32</span> <span class="c1"># # location: fsn1</span> <span class="c1"># # autoscaling:</span> <span class="c1"># # enabled: true</span> <span class="c1"># # min_instances: 0</span> <span class="c1"># # max_instances: 3</span> <span class="na">addons</span><span class="pi">:</span> <span class="c1"># csi_driver:</span> <span class="c1"># enabled: true # Hetzner CSI driver (default true). Set to false to skip installation.</span> <span class="c1"># manifest_url: "https://raw.githubusercontent.com/hetznercloud/csi-driver/v2.20.2/deploy/kubernetes/hcloud-csi.yml"</span> <span class="c1"># traefik:</span> <span class="c1"># enabled: false # built-in Traefik ingress controller. Disabled by default.</span> <span class="na">servicelb</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># built-in ServiceLB. Disabled by default.</span> <span class="na">metrics_server</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># Kubernetes metrics-server addon. Disabled by default.</span> <span class="c1"># cluster_autoscaler:</span> <span class="c1"># enabled: true # Cluster Autoscaler addon (default true). Set to false to omit autoscaling.</span> <span class="c1"># manifest_url: "https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/hetzner/examples/cluster-autoscaler-run-on-master.yaml"</span> <span class="c1"># container_image_tag: "v1.35.0"</span> <span class="c1"># scan_interval: "10s" # How often cluster is reevaluated for scale up or down</span> <span class="c1"># scale_down_delay_after_add: "10m" # How long after scale up that scale down evaluation resumes</span> <span class="c1"># scale_down_delay_after_delete: "10s" # How long after node deletion that scale down evaluation resumes</span> <span class="c1"># scale_down_delay_after_failure: "3m" # How long after scale down failure that scale down evaluation resumes</span> <span class="c1"># max_node_provision_time: "15m" # Maximum time CA waits for node to be provisioned</span> <span class="c1"># cloud_controller_manager:</span> <span class="c1"># enabled: true # Hetzner Cloud Controller Manager (default true). Disabling stops automatic LB provisioning for Service objects.</span> <span class="c1"># manifest_url: "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.30.1/ccm-networks.yaml"</span> <span class="c1"># system_upgrade_controller:</span> <span class="c1"># enabled: true # System Upgrade Controller (default true). Set to false to omit autoscaling.</span> <span class="c1"># deployment_manifest_url: "https://github.com/rancher/system-upgrade-controller/releases/download/v0.19.2/system-upgrade-controller.yaml"</span> <span class="c1"># crd_manifest_url: "https://github.com/rancher/system-upgrade-controller/releases/download/v0.19.2/crd.yaml"</span> <span class="c1"># embedded_registry_mirror:</span> <span class="c1"># enabled: false # Enables fast p2p distribution of container images between nodes for faster pod startup. Check if your k3s version is compatible before enabling this option. You can find more information at https://docs.k3s.io/installation/registry-mirror</span> <span class="na">protect_against_deletion</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># prevents accidental deletion of the cluster with the "hetzner-k3s delete" command</span> <span class="na">create_load_balancer_for_the_kubernetes_api</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># creates a load balancer for HA API access; note: Hetzner firewalls can't yet restrict access to load balancers by IP</span> <span class="na">k3s_upgrade_concurrency</span><span class="pi">:</span> <span class="m">1</span> <span class="c1"># how many nodes to upgrade at the same time; increase for faster upgrades in large clusters, but higher values may impact availability</span> <span class="c1"># additional_packages:</span> <span class="c1"># - somepackage</span> <span class="c1"># additional_pre_k3s_commands:</span> <span class="c1"># - apt update</span> <span class="c1"># - apt upgrade -y</span> <span class="c1"># additional_post_k3s_commands:</span> <span class="c1"># - apt autoremove -y</span> <span class="c1"># For more advanced usage like resizing the root partition for use with Rook Ceph, see [Resizing root partition with additional post k3s commands](./Resizing_root_partition_with_post_create_commands.md)</span> <span class="c1"># kube_api_server_args:</span> <span class="c1"># - arg1</span> <span class="c1"># - ...</span> <span class="c1"># kube_scheduler_args:</span> <span class="c1"># - arg1</span> <span class="c1"># - ...</span> <span class="c1"># kube_controller_manager_args:</span> <span class="c1"># - arg1</span> <span class="c1"># - ...</span> <span class="c1"># kube_cloud_controller_manager_args:</span> <span class="c1"># - arg1</span> <span class="c1"># - ...</span> <span class="c1"># kubelet_args:</span> <span class="c1"># - arg1</span> <span class="c1"># - ...</span> <span class="c1"># kube_proxy_args:</span> <span class="c1"># - arg1</span> <span class="c1"># - ...</span> <span class="c1"># api_server_hostname: k8s.example.com # optional: DNS for the k8s API LoadBalancer. After the script has run, create a DNS record with the address of the API LoadBalancer.</span> </code></pre> </div> <h3> 🔹4. values_traefik-default.yml </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Git: https://github.com/traefik/traefik-helm-chart</span> <span class="c1"># Default vaules: https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml</span> <span class="c1">#</span> <span class="na">namespaceOverride</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">pool</span><span class="pi">:</span> <span class="s">master</span> <span class="na">providers</span><span class="pi">:</span> <span class="na">kubernetesCRD</span><span class="pi">:</span> <span class="c1"># kubectl get crd | grep gateway.networking.k8s.io</span> <span class="c1"># kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">kubernetesIngress</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubernetesGateway</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">gateway</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">service</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LoadBalancer</span> <span class="na">ports</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8000</span> <span class="c1"># default: 8000 — internal container port</span> <span class="na">expose</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">exposedPort</span><span class="pi">:</span> <span class="m">80</span> <span class="c1"># external LB port</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="c1"># # -- Enable for Hezner Cloud Load Balancer with TCP protocol --------------</span> <span class="c1"># proxyProtocol:</span> <span class="c1"># trustedIPs:</span> <span class="c1"># - "10.0.0.0/8" # Hetzner private network range</span> <span class="na">websecure</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8443</span> <span class="c1"># default: 8443 — internal container port</span> <span class="na">expose</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">exposedPort</span><span class="pi">:</span> <span class="m">443</span> <span class="c1"># external LB port</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="c1"># # -- Enable for Hezner Cloud Load Balancer with TCP protocol --------------</span> <span class="c1"># proxyProtocol:</span> <span class="c1"># trustedIPs:</span> <span class="c1"># - "10.0.0.0/8" # Hetzner private network range</span> </code></pre> </div> <h3> 🔹5. values_kube-prometheus-stack.yml </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># values_kube-prometheus-stack</span> <span class="c1"># kube-prometheus-stack configuration for hetzner-k3s</span> <span class="c1"># Apply with: helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack -n monitoring -f values_kube-prometheus-stack</span> <span class="c1"># ============================================================================</span> <span class="c1"># K3S-SPECIFIC FIXES</span> <span class="c1"># ============================================================================</span> <span class="c1"># k3s runs all control-plane components in a single binary and exposes</span> <span class="c1"># their metrics through the kubelet endpoint, not on separate ports.</span> <span class="c1"># Disable the scrapers and alerts that assume vanilla Kubernetes.</span> <span class="na">kubeControllerManager</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeScheduler</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeProxy</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeEtcd</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">defaultRules</span><span class="pi">:</span> <span class="na">create</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">rules</span><span class="pi">:</span> <span class="na">etcd</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeProxy</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeSchedulerAlerting</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeSchedulerRecording</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">kubeControllerManager</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># ============================================================================</span> <span class="c1"># PROMETHEUS</span> <span class="c1"># ============================================================================</span> <span class="na">prometheus</span><span class="pi">:</span> <span class="na">prometheusSpec</span><span class="pi">:</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">pool</span><span class="pi">:</span> <span class="s">master</span> <span class="na">externalUrl</span><span class="pi">:</span> <span class="s">https://${CLUSTER_NAME}/prometheus</span> <span class="na">routePrefix</span><span class="pi">:</span> <span class="s">/prometheus</span> <span class="c1"># How long to keep metrics</span> <span class="na">retention</span><span class="pi">:</span> <span class="s">7d</span> <span class="na">retentionSize</span><span class="pi">:</span> <span class="s2">"</span><span class="s">18GB"</span> <span class="c1"># leave some headroom in the 20Gi PVC</span> <span class="c1"># Persistent storage on Hetzner block storage</span> <span class="na">storageSpec</span><span class="pi">:</span> <span class="na">volumeClaimTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">hcloud-volumes</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ReadWriteOnce"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">20Gi</span> <span class="c1"># Resource requests/limits — sized for a small dev cluster</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">200m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">512Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">2Gi</span> <span class="c1"># Pick up ServiceMonitor / PodMonitor / PrometheusRule resources from any</span> <span class="c1"># namespace, not just those with the chart's release label.</span> <span class="c1"># This is what you want for a real cluster — apps in other namespaces</span> <span class="c1"># can declare their own scrape configs.</span> <span class="na">serviceMonitorSelectorNilUsesHelmValues</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">podMonitorSelectorNilUsesHelmValues</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">ruleSelectorNilUsesHelmValues</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">probeSelectorNilUsesHelmValues</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># Single replica is fine for dev; bump to 2 for HA</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="c1"># ============================================================================</span> <span class="c1"># ALERTMANAGER</span> <span class="c1"># ============================================================================</span> <span class="na">alertmanager</span><span class="pi">:</span> <span class="na">alertmanagerSpec</span><span class="pi">:</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">pool</span><span class="pi">:</span> <span class="s">master</span> <span class="na">storage</span><span class="pi">:</span> <span class="na">volumeClaimTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">hcloud-volumes</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ReadWriteOnce"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">5Gi</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">50m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">64Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">128Mi</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="c1"># Default alert routing — all alerts go to the "null" receiver (silenced).</span> <span class="c1"># Replace with Slack/PagerDuty/email config when you want real alerts.</span> <span class="na">config</span><span class="pi">:</span> <span class="na">global</span><span class="pi">:</span> <span class="na">resolve_timeout</span><span class="pi">:</span> <span class="s">5m</span> <span class="na">route</span><span class="pi">:</span> <span class="na">group_by</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">namespace"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">alertname"</span><span class="pi">]</span> <span class="na">group_wait</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">group_interval</span><span class="pi">:</span> <span class="s">5m</span> <span class="na">repeat_interval</span><span class="pi">:</span> <span class="s">12h</span> <span class="na">receiver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">null"</span> <span class="na">routes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">matchers</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">alertname = "Watchdog"</span> <span class="na">receiver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">null"</span> <span class="na">receivers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">null"</span> <span class="c1"># ============================================================================</span> <span class="c1"># GRAFANA</span> <span class="c1"># ============================================================================</span> <span class="na">grafana</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">pool</span><span class="pi">:</span> <span class="s">master</span> <span class="c1"># CHANGE THIS PASSWORD before applying</span> <span class="na">adminPassword</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${PASSWORD_GUI}"</span> <span class="na">grafana.ini</span><span class="pi">:</span> <span class="na">server</span><span class="pi">:</span> <span class="na">root_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://${CLUSTER_NAME}/grafana"</span> <span class="na">serve_from_sub_path</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">auth.anonymous</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">org_role</span><span class="pi">:</span> <span class="s">Admin</span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">pvc</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">hcloud-volumes</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ReadWriteOnce"</span><span class="pi">]</span> <span class="na">size</span><span class="pi">:</span> <span class="s">5Gi</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">250m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1024Mi</span> <span class="c1"># Default service is ClusterIP — use port-forward or expose via Gateway/Ingress</span> <span class="na">service</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="c1"># Pre-loaded Grafana dashboards from the chart</span> <span class="na">defaultDashboardsEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">defaultDashboardsTimezone</span><span class="pi">:</span> <span class="s">utc</span> <span class="c1"># Helpful Grafana plugins (optional — comment out if you want lean install)</span> <span class="na">plugins</span><span class="pi">:</span> <span class="pi">[]</span> <span class="c1"># plugins:</span> <span class="c1"># - grafana-piechart-panel</span> <span class="c1"># - grafana-clock-panel</span> <span class="c1"># Sidecar that auto-loads dashboards from ConfigMaps with a label.</span> <span class="c1"># Lets you ship dashboards as Kubernetes manifests later.</span> <span class="na">sidecar</span><span class="pi">:</span> <span class="na">dashboards</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">label</span><span class="pi">:</span> <span class="s">grafana_dashboard</span> <span class="na">labelValue</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span> <span class="na">searchNamespace</span><span class="pi">:</span> <span class="s">ALL</span> <span class="na">provider</span><span class="pi">:</span> <span class="na">allowUiUpdates</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">datasources</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">label</span><span class="pi">:</span> <span class="s">grafana_datasource</span> <span class="na">labelValue</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span> <span class="na">searchNamespace</span><span class="pi">:</span> <span class="s">ALL</span> <span class="c1"># ============================================================================</span> <span class="c1"># PROMETHEUS OPERATOR</span> <span class="c1"># ============================================================================</span> <span class="na">prometheusOperator</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">pool</span><span class="pi">:</span> <span class="s">master</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">100m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">128Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256Mi</span> <span class="c1"># Admission webhooks — keep enabled, they validate alert/rule syntax</span> <span class="na">admissionWebhooks</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">patch</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># ============================================================================</span> <span class="c1"># NODE EXPORTER (host-level metrics)</span> <span class="c1"># ============================================================================</span> <span class="na">prometheus-node-exporter</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">50m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">32Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">64Mi</span> <span class="c1"># ============================================================================</span> <span class="c1"># KUBE-STATE-METRICS (Kubernetes object metrics)</span> <span class="c1"># ============================================================================</span> <span class="na">kube-state-metrics</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">pool</span><span class="pi">:</span> <span class="s">master</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">50m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">64Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">128Mi</span> <span class="c1"># ============================================================================</span> <span class="c1"># KUBELET — keep enabled, this is where k3s exposes most metrics</span> <span class="c1"># ============================================================================</span> <span class="na">kubelet</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">serviceMonitor</span><span class="pi">:</span> <span class="na">metricRelabelings</span><span class="pi">:</span> <span class="pi">[]</span> <span class="c1"># ============================================================================</span> <span class="c1"># COREDNS — k3s ships with CoreDNS, scrape it</span> <span class="c1"># ============================================================================</span> <span class="na">coreDns</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># ============================================================================</span> <span class="c1"># KUBE API SERVER — exposed on port 6443 in k3s, scraping works fine</span> <span class="c1"># ============================================================================</span> <span class="na">kubeApiServer</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># ============================================================================</span> <span class="c1"># CRDs — let Helm manage them</span> <span class="c1"># ============================================================================</span> <span class="na">crds</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># ============================================================================</span> <span class="c1"># CLEANUP JOB — removes leftover resources on uninstall</span> <span class="c1"># ============================================================================</span> <span class="na">cleanPrometheusOperatorObjectNames</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># ============================================================================</span> <span class="c1"># COMMON LABELS — applied to all resources for easier filtering</span> <span class="c1"># ============================================================================</span> <span class="na">commonLabels</span><span class="pi">:</span> <span class="na">environment</span><span class="pi">:</span> <span class="s">dev</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">${CLUSTER_NAME}</span> </code></pre> </div> <h3> 🔹6. gateway-post.yml </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">gateway.networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">traefik-gateway</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">gatewayClassName</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">listeners</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">web</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">HTTP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8000</span> <span class="na">allowedRoutes</span><span class="pi">:</span> <span class="na">namespaces</span><span class="pi">:</span> <span class="na">from</span><span class="pi">:</span> <span class="s">All</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">websecure</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">HTTPS</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8443</span> <span class="na">allowedRoutes</span><span class="pi">:</span> <span class="na">namespaces</span><span class="pi">:</span> <span class="na">from</span><span class="pi">:</span> <span class="s">All</span> <span class="na">tls</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">Terminate</span> <span class="na">certificateRefs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">tls-traefik</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">traefik</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Namespace</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="nn">---</span> <span class="c1"># -- HTTPRoute /grafana + /prometheus → nginx reverse proxy</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">gateway.networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">HTTPRoute</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">parentRefs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">traefik-gateway</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">hostnames</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">edok3s</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">matches</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">PathPrefix</span> <span class="na">value</span><span class="pi">:</span> <span class="s">/grafana</span> <span class="na">backendRefs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="pi">-</span> <span class="na">matches</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">PathPrefix</span> <span class="na">value</span><span class="pi">:</span> <span class="s">/prometheus</span> <span class="na">backendRefs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <h2> 🔹How to Run </h2> <p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br> <strong>1. Make sure that you are logged to AZURE and configured S3 bucket</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az login </code></pre> </div> <p><strong>2. Activated Hetzner project</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hcloud context list hcloud config list </code></pre> </div> <h3> 🔹1st Run - init </h3> <p><strong>Hetzner server list before 'init'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fve851qddz3nwi0brkcz1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fve851qddz3nwi0brkcz1.png" alt="Hetzner server list before 'init'" width="800" height="314"></a></p> <p><strong>Hetzner volume list before </strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frmdxjh5vhty0oad0vvcp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frmdxjh5vhty0oad0vvcp.png" alt="Hetzner volume list before &lt;init&gt;" width="800" height="318"></a></p> <p><strong>1. Configure cluster.yml</strong></p> <ul> <li>IP addresses / Firewall</li> <li>Hetzner Instance Type Model</li> </ul> <p><strong>2. Configure .env</strong></p> <ul> <li>Cluster name</li> <li>SSH key</li> <li>AZURE</li> <li>Prometheus stack version</li> <li>etc</li> </ul> <p><strong>3. Run</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./init_cluster.sh init </code></pre> </div> <p><strong>4. Sanity check</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">source</span> .env <span class="nb">export </span><span class="nv">KUBECONFIG</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">HOME</span><span class="k">}</span><span class="s2">/.kube/config-</span><span class="k">${</span><span class="nv">CLUSTER_NAME</span><span class="k">}</span><span class="s2">.yml"</span> kubectl get deployment <span class="nt">-A</span> </code></pre> </div> <p>Everything must be 1/1, except <em>for cluster-autoscaler</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE kube-system cluster-autoscaler 0/1 1 0 23m kube-system coredns 1/1 1 1 28m kube-system hcloud-cloud-controller-manager 1/1 1 1 23m kube-system hcloud-csi-controller 1/1 1 1 23m kube-system metrics-server 1/1 1 1 28m monitoring kube-prometheus-stack-grafana 1/1 1 1 22m monitoring kube-prometheus-stack-kube-state-metrics 1/1 1 1 22m monitoring kube-prometheus-stack-operator 1/1 1 1 22m nginx nginx 1/1 1 1 22m system-upgrade system-upgrade-controller 1/1 1 1 23m traefik traefik 1/1 1 1 22m velero velero 1/1 1 1 23m </code></pre> </div> <p><strong>Successful installation with IP address and current costs[€]:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Kubernetes edok3s Master IP address: 178.105.69.141 TYPE ID NAME MODEL CPU RAM_GB SITE PRICE/h PRICE/MO SERVER 130758742 edok3s-master1 cpx22 2 4 fsn1 0.0128 7.99 VOLUME 105698396 pvc-f0278cda-ba7a-422c-859f-054004afda6a 10GB - 10 fsn1 0.0006 0.44 VOLUME 105698397 pvc-4880c913-33be-40a0-a2c2-9ebb5951ad08 10GB - 10 fsn1 0.0006 0.44 VOLUME 105698398 pvc-30aa4c80-9c6e-40f8-99d9-5f824cc21a1a 20GB - 20 fsn1 0.0012 0.88 </code></pre> </div> <p><strong>Hetzner server list after 'init'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2plg1qsjlcq7qyyyco52.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2plg1qsjlcq7qyyyco52.png" alt="Hetzner server list after 'init'" width="800" height="154"></a></p> <p><strong>Hetzner volume list after 'init'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxvrpw3sw9xeofsntb18j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxvrpw3sw9xeofsntb18j.png" alt="Hetzner volume list after 'init'" width="800" height="264"></a></p> <p><strong>Access</strong></p> <ul> <li>Url Grafana: <a href="https://CLUSTER_NAME/prometheus" rel="noopener noreferrer">https://CLUSTER_NAME/Grafana</a> </li> <li>Url Prometheus: <a href="https://CLUSTER_NAME/prometheus" rel="noopener noreferrer">https://CLUSTER_NAME/prometheus</a> </li> <li>Username: <code>admin</code> </li> </ul> <ul> <li>Password: <code>!CLUSTER_NAME!</code> </li> </ul> <h3> 🔹Delete (Power Off) </h3> <p><strong>1. Run</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./init_cluster.sh delete </code></pre> </div> <p><strong>Hetzner server list after 'delete'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fve851qddz3nwi0brkcz1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fve851qddz3nwi0brkcz1.png" alt="Hetzner server list after 'delete'" width="800" height="314"></a></p> <p><strong>Hetzner volume list after 'delete'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffskoi0oyve3yfyhrpgx6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffskoi0oyve3yfyhrpgx6.png" alt="Hetzner volume list after 'delete'" width="800" height="265"></a></p> <h3> 🔹Restore (Power On) </h3> <p><strong>1. Run</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./init_cluster.sh restore </code></pre> </div> <p>Done<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION QUEUE POSITION SELECTOR 09:28:41 +0200 CEST 182d default &lt;none&gt; edok3s-backup-20260513-0943 Completed 0 0 2026-05-13 09:43:33 +0200 CEST 182d default &lt;none&gt; edok3s-backup-20260513-1019 Completed 0 0 2026-05-13 10:19:53 +0200 CEST 182d default &lt;none&gt; edok3s-backup-20260513-1107 Completed 0 0 2026-05-13 11:07:37 +0200 CEST 182d default &lt;none&gt; edok3s-backup-20260513-1311 Completed 0 0 2026-05-13 13:11:18 +0200 CEST 182d default &lt;none&gt; *** Create Velero restore for cluster edok3s from backup edok3s-backup-20260513-1311 ... Restore request "edok3s-restore-20260513-1316" submitted successfully. Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background. ...................... Restore completed with status: Completed. You may check for more information using the commands `velero restore describe edok3s-restore-20260513-1316` and `velero restore logs edok3s-restore-20260513-1316`. </code></pre> </div> <p><strong>Hetzner server list after 'restore'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw45eswo0hntscao94tth.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw45eswo0hntscao94tth.png" alt="Hetzner server list after 'restore'" width="800" height="195"></a></p> <p><strong>Hetzner volume list after 'restore'</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1e9vw2mbdyqqtrneje4g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1e9vw2mbdyqqtrneje4g.png" alt="Hetzner volume list after 'restore'" width="800" height="262"></a></p> <h3> 🔹Costs </h3> <p><strong>1. Run</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./init_cluster.sh cost </code></pre> </div> <p>In EUROS [€]<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Kubernetes edok3s Master IP address: 178.105.69.141 TYPE ID NAME MODEL CPU RAM_GB SITE PRICE/h PRICE/MO SERVER 130781232 edok3s-master1 cpx22 2 4 fsn1 0.0128 7.99 VOLUME 105698396 pvc-f0278cda-ba7a-422c-859f-054004afda6a 10GB - 10 fsn1 0.0006 0.44 VOLUME 105698397 pvc-4880c913-33be-40a0-a2c2-9ebb5951ad08 10GB - 10 fsn1 0.0006 0.44 VOLUME 105698398 pvc-30aa4c80-9c6e-40f8-99d9-5f824cc21a1a 20GB - 20 fsn1 0.0012 0.88 </code></pre> </div> kubernetes devops k3s hetzner