The latest articles on Forem by Adil Kairbekov (@vesnante). https://forem.com/vesnante https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3247359%2Fc2ab9b4f-9586-4f81-ab9f-3f5aaffedfaa.png https://forem.com/vesnante en Adil Kairbekov Thu, 05 Jun 2025 14:12:52 +0000 https://forem.com/vesnante/setup-kubernetes-cluster-using-talos-linux-on-hetzner-cloud-2lj6 https://forem.com/vesnante/setup-kubernetes-cluster-using-talos-linux-on-hetzner-cloud-2lj6 <h2> Introduction </h2> <p>Welcome to this comprehensive guide on building a production-grade, highly available Kubernetes cluster using <strong>Talos Linux</strong> on <strong>Hetzner Cloud</strong>. By the end of this walkthrough, you'll have a private Kubernetes environment, seamlessly integrated with <strong>Cilium</strong> as the CNI provider.</p> <p>To ensure isolation and security, your Kubernetes nodes will reside in a private network, with access to the internet routed <strong>through a NAT virtual machine</strong>, which you'll also set up as part of this process. This architecture allows you to expose only what's necessary while keeping your control plane and worker nodes safely tucked away from the public internet.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdm26f1ru7g756xwn4zav.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdm26f1ru7g756xwn4zav.png" alt="Introduction Diagra" width="800" height="560"></a></p> <p><strong>Prerequisites</strong></p> <p>Before starting, ensure you have:</p> <ul> <li> <strong>Hetzner Cloud API token</strong> - Generate from <a href="https://docs.hetzner.com/cloud/api/getting-started/generating-api-token" rel="noopener noreferrer">Hetzner Cloud Console</a> with Read &amp; write permissions</li> <li> <strong>Talos Linux snapshot</strong> - Follow the <a href="https://www.talos.dev/latest/talos-guides/install/cloud-platforms/hetzner/#rescue-mode" rel="noopener noreferrer">official Talos Linux documentation</a> to create one</li> <li> <strong>Local tools installed</strong>: <ul> <li><a href="https://github.com/hetznercloud/cli/blob/main/docs/tutorials/setup-hcloud-cli.md#1-install-the-hcloud-cli" rel="noopener noreferrer">hcloud CLI</a></li> <li><a href="https://www.talos.dev/latest/talos-guides/install/talosctl/" rel="noopener noreferrer">talosctl</a></li> <li><a href="https://kubernetes.io/docs/tasks/tools/" rel="noopener noreferrer">kubectl</a></li> <li><a href="https://helm.sh/docs/intro/install/" rel="noopener noreferrer">helm</a></li> </ul> </li> <li><strong>Basic Kubernetes knowledge</strong></li> </ul> <h2> Step 1 - Initial Setup </h2> <p>Set up your project configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">PROJECT_NAME</span><span class="o">=</span>example <span class="nb">export </span><span class="nv">HCLOUD_TOKEN</span><span class="o">=</span>&lt;your_api_token_here&gt; <span class="nb">export </span><span class="nv">TALOS_IMAGE_ID</span><span class="o">=</span>&lt;your_snapshot_id_here&gt; </code></pre> </div> <blockquote> <p><strong>Important</strong>: Replace the placeholder values with your project name, actual Hetzner API token and image snapshot ID.</p> </blockquote> <p>Create a new context:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hcloud context create <span class="nv">$PROJECT_NAME</span> <span class="c"># Type (Y)</span> </code></pre> </div> <h2> Step 2 - Infrastructure Components </h2> <p>In this step, you'll create the necessary networking components, load balancer, and the NAT VM that will form the foundation of your Kubernetes cluster infrastructure.</p> <h3> Step 2.1 - Private Network Setup </h3> <p>Create a private network:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create the main network</span> hcloud network create <span class="nt">--name</span> <span class="nv">$PROJECT_NAME</span> <span class="nt">--ip-range</span> 10.0.0.0/16 <span class="c"># Add a subnet for servers</span> hcloud network add-subnet <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--type</span> server <span class="se">\</span> <span class="nt">--ip-range</span> 10.0.0.0/24 <span class="se">\</span> <span class="nt">--network-zone</span> eu-central <span class="c"># Configure routing (we'll create the NAT VM gateway at 10.0.0.3 later)</span> hcloud network add-route <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--destination</span> 0.0.0.0/0 <span class="se">\</span> <span class="nt">--gateway</span> 10.0.0.3 </code></pre> </div> <h3> Step 2.2 - Create Load Balancer </h3> <p>Create a load balancer for accessing Kubernetes and Talos API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create the load balancer</span> hcloud load-balancer create <span class="nt">--name</span> apid <span class="nt">--location</span> hel1 <span class="nt">--type</span> lb11 <span class="c"># Add Kubernetes API service</span> hcloud load-balancer add-service apid <span class="se">\</span> <span class="nt">--listen-port</span> 6443 <span class="nt">--destination-port</span> 6443 <span class="nt">--protocol</span> tcp <span class="c"># Add Talos API service </span> hcloud load-balancer add-service apid <span class="se">\</span> <span class="nt">--listen-port</span> 50000 <span class="nt">--destination-port</span> 50000 <span class="nt">--protocol</span> tcp <span class="c"># Connect to private network</span> hcloud load-balancer attach-to-network apid <span class="se">\</span> <span class="nt">--network</span> <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--ip</span> 10.0.0.2 <span class="c"># Target control plane nodes</span> hcloud load-balancer add-target apid <span class="se">\</span> <span class="nt">--label-selector</span> <span class="nb">type</span><span class="o">=</span><span class="nb">cp</span> <span class="se">\</span> <span class="nt">--use-private-ip</span> </code></pre> </div> <h3> Step 2.3 - Create NAT VM Gateway </h3> <p>Create cloud-init configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; nat-vm-cloud-init.yaml #cloud-config write_files: - path: /etc/network/interfaces content: | auto eth0 iface eth0 inet dhcp post-up echo 1 &gt; /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/16' -o eth0 -j MASQUERADE append: true runcmd: - reboot </span><span class="no">EOF </span></code></pre> </div> <p>Create a NAT VM gateway:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hcloud server create <span class="se">\</span> <span class="nt">--name</span> nat-vm <span class="se">\</span> <span class="nt">--type</span> cx22 <span class="se">\</span> <span class="nt">--image</span> debian-12 <span class="se">\</span> <span class="nt">--user-data-from-file</span> nat-vm-cloud-init.yaml <span class="se">\</span> <span class="nt">--network</span> <span class="nv">$PROJECT_NAME</span> </code></pre> </div> <blockquote> <p><strong>What this does</strong>: Prepares the small Debian VM to act as a NAT gateway: it enables IP forwarding and sets up a rule to replace private IPs (10.0.0.0/16) with the VM's public IP when traffic goes to the internet. This allows private Talos nodes to access the internet through the NAT VM.</p> </blockquote> <h2> Step 3 - Talos Linux Configuration </h2> <p>Here we generate the machine configurations for Talos nodes, customized for your environment.</p> <h3> Step 3.1 - Get Load Balancer IP </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">LOAD_BALANCER_IP</span><span class="o">=</span><span class="si">$(</span>hcloud load-balancer describe apid <span class="nt">-o</span> <span class="nv">format</span><span class="o">=</span><span class="s1">'{{.PublicNet.IPv4.IP}}'</span><span class="si">)</span> </code></pre> </div> <h3> Step 3.2 - Configuration Patches </h3> <p>Create directory and configuration files:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>patches </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Control plane specific config</span> <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; patches/patch-cp.yaml cluster: proxy: disabled: true externalCloudProvider: enabled: false allowSchedulingOnControlPlanes: false </span><span class="no">EOF </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># General machine config</span> <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; patches/patch.yaml machine: certSANs: - </span><span class="k">${</span><span class="nv">LOAD_BALANCER_IP</span><span class="k">}</span><span class="sh"> network: interfaces: - interface: eth0 dhcp: true routes: - network: 0.0.0.0/0 gateway: 10.0.0.1 - network: 10.0.0.1/32 cluster: network: cni: name: none externalCloudProvider: enabled: true </span><span class="no">EOF </span></code></pre> </div> <h3> Step 3.3 - Generate Machine Configs from Patches </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate secrets</span> talosctl gen secrets </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate configurations</span> talosctl gen config <span class="nv">$PROJECT_NAME</span> https://<span class="k">${</span><span class="nv">LOAD_BALANCER_IP</span><span class="k">}</span>:6443 <span class="se">\</span> <span class="nt">--with-secrets</span> secrets.yaml <span class="se">\</span> <span class="nt">--config-patch</span> @patches/patch.yaml <span class="se">\</span> <span class="nt">--config-patch-control-plane</span> @patches/patch-cp.yaml <span class="se">\</span> <span class="nt">--with-examples</span><span class="o">=</span><span class="nb">false</span> <span class="nt">--with-docs</span><span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--force</span> <span class="se">\</span> <span class="nt">--output</span> <span class="nb">.</span> </code></pre> </div> <h2> Step 4 - Create Nodes </h2> <p>This step walks you through creating control plane and worker nodes, then bootstrapping your Kubernetes cluster.</p> <h3> Step 4.1 - Control Plane Nodes </h3> <p>Create 3 control plane nodes for high availability:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Control plane node 1</span> hcloud server create <span class="nt">--name</span> cp1 <span class="se">\</span> <span class="nt">--image</span> <span class="nv">$TALOS_IMAGE_ID</span> <span class="se">\</span> <span class="nt">--type</span> cx22 <span class="se">\</span> <span class="nt">--location</span> hel1 <span class="se">\</span> <span class="nt">--label</span> <span class="s1">'type=cp'</span> <span class="se">\</span> <span class="nt">--network</span> <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--without-ipv4</span> <span class="se">\</span> <span class="nt">--without-ipv6</span> <span class="se">\</span> <span class="nt">--user-data-from-file</span> controlplane.yaml <span class="c"># Control plane node 2</span> hcloud server create <span class="nt">--name</span> cp2 <span class="se">\</span> <span class="nt">--image</span> <span class="nv">$TALOS_IMAGE_ID</span> <span class="se">\</span> <span class="nt">--type</span> cx22 <span class="se">\</span> <span class="nt">--location</span> hel1 <span class="se">\</span> <span class="nt">--label</span> <span class="s1">'type=cp'</span> <span class="se">\</span> <span class="nt">--network</span> <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--without-ipv4</span> <span class="se">\</span> <span class="nt">--without-ipv6</span> <span class="se">\</span> <span class="nt">--user-data-from-file</span> controlplane.yaml <span class="c"># Control plane node 3</span> hcloud server create <span class="nt">--name</span> cp3 <span class="se">\</span> <span class="nt">--image</span> <span class="nv">$TALOS_IMAGE_ID</span> <span class="se">\</span> <span class="nt">--type</span> cx22 <span class="se">\</span> <span class="nt">--location</span> hel1 <span class="se">\</span> <span class="nt">--label</span> <span class="s1">'type=cp'</span> <span class="se">\</span> <span class="nt">--network</span> <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--without-ipv4</span> <span class="se">\</span> <span class="nt">--without-ipv6</span> <span class="se">\</span> <span class="nt">--user-data-from-file</span> controlplane.yaml </code></pre> </div> <h3> Step 4.2 - Worker Nodes </h3> <p>Create at least 1 worker node:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Worker node 1</span> hcloud server create <span class="nt">--name</span> worker1 <span class="se">\</span> <span class="nt">--image</span> <span class="nv">$TALOS_IMAGE_ID</span> <span class="se">\</span> <span class="nt">--type</span> cx22 <span class="se">\</span> <span class="nt">--location</span> hel1 <span class="se">\</span> <span class="nt">--label</span> <span class="s1">'type=worker'</span> <span class="se">\</span> <span class="nt">--network</span> <span class="nv">$PROJECT_NAME</span> <span class="se">\</span> <span class="nt">--without-ipv4</span> <span class="se">\</span> <span class="nt">--without-ipv6</span> <span class="se">\</span> <span class="nt">--user-data-from-file</span> worker.yaml </code></pre> </div> <blockquote> <p><strong>Wait Time</strong>: Nodes take about 5 minutes to boot up. Check with <code>hcloud server list</code> until all show "running" status.</p> </blockquote> <h3> Step 4.3 - Bootstrap the Cluster </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Configure talosctl endpoint</span> talosctl <span class="nt">--talosconfig</span> talosconfig config endpoint <span class="nv">$LOAD_BALANCER_IP</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Bootstrap the cluster (only run this once!)</span> talosctl <span class="nt">--talosconfig</span> talosconfig bootstrap <span class="nt">-n</span> <span class="nv">$LOAD_BALANCER_IP</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate kubeconfig</span> talosctl <span class="nt">--talosconfig</span> talosconfig kubeconfig <span class="nb">.</span> <span class="nt">-n</span> <span class="nv">$LOAD_BALANCER_IP</span> </code></pre> </div> <p>Verify Kubernetes nodes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">--kubeconfig</span> kubeconfig get nodes </code></pre> </div> <p>You should see all nodes in "NotReady" state - this is normal until we install Cilium CNI.</p> <h2> Step 5 - Install Cilium CNI </h2> <p>Install Cilium using Helm for pod networking with kube-proxy replacement mode:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add cilium https://helm.cilium.io/ <span class="nt">--force-update</span> helm <span class="nb">install </span>cilium cilium/cilium <span class="se">\</span> <span class="nt">--namespace</span> kube-system <span class="se">\</span> <span class="nt">--kubeconfig</span> kubeconfig <span class="se">\</span> <span class="nt">--set</span> ipam.mode<span class="o">=</span>kubernetes <span class="se">\</span> <span class="nt">--set</span> <span class="nv">kubeProxyReplacement</span><span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> securityContext.capabilities.ciliumAgent<span class="o">=</span><span class="s2">"{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"</span> <span class="se">\</span> <span class="nt">--set</span> securityContext.capabilities.cleanCiliumState<span class="o">=</span><span class="s2">"{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"</span> <span class="se">\</span> <span class="nt">--set</span> cgroup.autoMount.enabled<span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--set</span> cgroup.hostRoot<span class="o">=</span>/sys/fs/cgroup <span class="se">\</span> <span class="nt">--set</span> <span class="nv">k8sServiceHost</span><span class="o">=</span>localhost <span class="se">\</span> <span class="nt">--set</span> <span class="nv">k8sServicePort</span><span class="o">=</span>7445 <span class="se">\</span> <span class="nt">--set</span> envoy.enabled<span class="o">=</span><span class="nb">false</span> </code></pre> </div> <p>Wait for nodes to become ready:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">--kubeconfig</span> kubeconfig get nodes </code></pre> </div> <h2> Step 6 - Essential Components Installation (optional) </h2> <p>Create secret with Hetzner API token and Network ID:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">-n</span> kube-system create secret generic hcloud <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">token</span><span class="o">=</span><span class="s2">"</span><span class="nv">$HCLOUD_TOKEN</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">network</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>hcloud network describe <span class="s2">"</span><span class="nv">$PROJECT_NAME</span><span class="s2">"</span> <span class="nt">-o</span> <span class="nv">format</span><span class="o">=</span><span class="s1">'{{.ID}}'</span><span class="si">)</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--kubeconfig</span><span class="o">=</span>kubeconfig </code></pre> </div> <h3> Step 6.1 - Hetzner Cloud Controller Manager </h3> <p>The Hetzner CCM integrates your cluster with Hetzner Cloud, enabling automatic provisioning of load balancers for Services of type <code>LoadBalancer</code>. This is required for exposing the Ingress Nginx Controller, which we'll install in Step 6.2.</p> <p>Create values directory and value file containing Hetzner API Token and Network ID:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>values </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; values/hccm.yaml env: - name: HCLOUD_NETWORK valueFrom: secretKeyRef: name: hcloud key: network - name: HCLOUD_NETWORK_ROUTES_ENABLED value: "false" - name: HCLOUD_TOKEN valueFrom: secretKeyRef: name: hcloud key: token </span><span class="no">EOF </span></code></pre> </div> <p>Install Hetzner CCM:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add hcloud https://charts.hetzner.cloud <span class="nt">--force-update</span> helm <span class="nb">install </span>hccm hcloud/hcloud-cloud-controller-manager <span class="se">\</span> <span class="nt">-n</span> kube-system <span class="se">\</span> <span class="nt">--kubeconfig</span> kubeconfig <span class="se">\</span> <span class="nt">--values</span> values/hccm.yaml </code></pre> </div> <h3> Step 6.2 - Ingress Nginx Controller </h3> <p>Install the Ingress Nginx Controller to handle external web traffic to your services. It will be exposed via a LoadBalancer Service, with the actual load balancer automatically created by the Hetzner CCM.</p> <p>Create value file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; values/ingress-nginx.yaml controller: service: annotations: load-balancer.hetzner.cloud/location: "hel1" load-balancer.hetzner.cloud/name: "ingress-nginx" load-balancer.hetzner.cloud/type: "lb11" load-balancer.hetzner.cloud/use-private-ip: "true" # # Redirect from HTTP to HTTPS. # load-balancer.hetzner.cloud/http-redirect-http: "true" </span><span class="no">EOF </span></code></pre> </div> <p>Install Ingress Nginx Controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx <span class="nt">--force-update</span> helm <span class="nb">install </span>ingress-nginx ingress-nginx/ingress-nginx <span class="se">\</span> <span class="nt">--namespace</span> ingress-nginx <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--kubeconfig</span> kubeconfig <span class="se">\</span> <span class="nt">--values</span> values/ingress-nginx.yaml </code></pre> </div> <h3> Step 6.3 - Hetzner CSI Driver </h3> <p>Install the Hetzner CSI driver to enable dynamic provisioning and management of persistent volumes backed by Hetzner Cloud:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm <span class="nb">install </span>hcloud-csi hcloud/hcloud-csi <span class="se">\</span> <span class="nt">-n</span> kube-system <span class="se">\</span> <span class="nt">--kubeconfig</span> kubeconfig </code></pre> </div> <h3> Step 6.4 - Create an example application </h3> <p>Create manifest file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nano test-app.yaml </code></pre> </div> <p>Paste manifest:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-pvc</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ReadWriteOnce</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">10Gi</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-deployment</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:alpine-slim</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/bin/sh</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s">echo '&lt;html&gt;&lt;head&gt;&lt;style&gt;body { font-size: 40px; font-family: Arial, sans-serif; }&lt;/style&gt;&lt;/head&gt;&lt;body&gt;&lt;h1&gt;Hello from Hetzner Cloud!&lt;/h1&gt;&lt;/body&gt;&lt;/html&gt;' &gt; /usr/share/nginx/html/index.html &amp;&amp; nginx -g 'daemon off;'</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-storage</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/usr/share/nginx/html</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-storage</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">nginx-pvc</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIP</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/rewrite-target</span><span class="pi">:</span> <span class="s">/</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">yourdomain.com</span> <span class="c1">## Replace with your own domain</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-service</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <p>Deploy application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> test-app.yaml <span class="nt">--kubeconfig</span> kubeconfig </code></pre> </div> <h2> Conclusion </h2> <p>Your Talos Linux based Kubernetes infrastructure is now fully operational and ready for production workloads.</p> <h3> License: MIT </h3> taloslinux kubernetes hetzner cloud