Personal Cloud Lab - Hetzner + K3s

DigitalOcean DOKS is production-grade, but at ~$24+/month minimum, it's expensive for learning and experimentation. Sometimes you want a personal Kubernetes cluster where you can break things, try experimental configurations, and learn without worrying about costs.

Hetzner Cloud offers the most cost-effective path: real cloud servers at ~$5/month for a functional K3s cluster. K3s is a lightweight Kubernetes distribution that runs on smaller instances while remaining fully Kubernetes-compatible. Your kubectl commands, Helm charts, and Dapr configurations work identically.

---

Why Hetzner + K3s for a Personal Lab?

Before diving into setup, understand why this combination works for budget-conscious learning.

The Cost Comparison

Hetzner's CPX11 instances (2 vCPU, 2GB RAM) cost approximately $5.59/month (EUR 4.99). A minimal K3s cluster (1 master + 2 workers) runs around $17/month, or a single-node setup for learning costs under $6/month.

What is K3s?

K3s is Kubernetes, stripped down to essentials:

K3s achieves this by:

• Single binary: All components compiled into one executable
• SQLite by default: No separate etcd cluster needed (optional etcd for HA)
• Containerd only: No Docker dependency
• Reduced features: Removes legacy/alpha features rarely used
• ARM support: Runs on Raspberry Pi and ARM servers

The key insight: K3s is a certified Kubernetes distribution. Your kubectl commands, Helm charts, and YAML manifests work exactly the same. You're learning real Kubernetes, not a simulation.

---

Prerequisites

Before starting, verify you have:

Generate SSH Key (If Missing)

If you don't have an SSH key:

Output:

Accept defaults. This creates ~/.ssh/id_rsa (private) and ~/.ssh/id_rsa.pub (public).

---

Step 1: Create Hetzner Cloud Account

Hetzner is a German cloud provider known for competitive pricing and reliable infrastructure.

1.1 Sign Up

1. Visit console.hetzner.cloud
2. Click "Register" and create an account
3. Verify your email address
4. Complete identity verification (Hetzner requires this for new accounts)

Note: Hetzner's verification process may take 24-48 hours. They manually review accounts to prevent abuse. Plan ahead if you need the cluster immediately.

1.2 Create a Project

After verification:

1. Log into Hetzner Cloud Console
2. Click "New Project"
3. Name it something descriptive (e.g., "k3s-lab")
4. Click "Create Project"

1.3 Generate API Token

The hetzner-k3s CLI needs an API token to provision resources:

1. Select your project in Hetzner Console
2. Click "Security" in the left sidebar
3. Click "API Tokens" tab
4. Click "Generate API Token"
5. Name: hetzner-k3s-cli
6. Permissions: Read & Write
7. Click "Generate API Token"
8. Copy the token immediately (it won't be shown again)

Security warning: This token has full access to create and destroy resources. Store it securely.

1.4 Export Token as Environment Variable

Add to your shell profile (~/.zshrc or ~/.bashrc) for persistence:

---

Step 2: Install hetzner-k3s CLI

The hetzner-k3s CLI automates K3s cluster provisioning on Hetzner Cloud. It handles server creation, K3s installation, and kubeconfig generation.

Option A: Install with Go (Recommended)

If you have Go installed:

Output:

Verify installation:

Output:

Option B: Download Binary

If you don't have Go, download the binary directly:

macOS (Apple Silicon):

macOS (Intel):

Linux (AMD64):

Verify:

---

Step 3: Write cluster.yaml Configuration

The hetzner-k3s CLI uses a YAML configuration file to define your cluster. Create a file named cluster.yaml:

Understanding the Configuration

Hetzner Instance Types

For a learning lab, cpx11 is sufficient. Your Task API and supporting services fit comfortably in 2GB per node.

Hetzner Locations

Choose the location closest to you for lower latency.

---

Step 4: Provision the Cluster

With configuration ready, provision your cluster:

Output:

This process takes 3-5 minutes. The CLI:

1. Creates Hetzner Cloud servers for master and workers
2. Installs K3s on the master node
3. Joins worker nodes to the cluster
4. Downloads kubeconfig to your local machine

---

Step 5: Connect to Your Cluster

Set the KUBECONFIG environment variable to use your new cluster:

Verify connectivity:

Output:

All nodes show Ready status. Your K3s cluster is operational.

Verify Cluster Health

Check that system pods are running:

Output:

K3s includes:

• CoreDNS: Cluster DNS
• Traefik: Ingress controller (built-in)
• Local Path Provisioner: Default storage class
• Metrics Server: Resource metrics for kubectl top

---

Step 6: Understanding Hetzner Cloud Controller Manager

When you create LoadBalancer services on Hetzner, the cluster needs the Hetzner Cloud Controller Manager (CCM) to provision Hetzner Load Balancers automatically.

The hetzner-k3s CLI can install CCM automatically. Add to your cluster.yaml:

If you already created your cluster, install CCM manually:

Output:

With CCM installed, creating a type: LoadBalancer service automatically provisions a Hetzner Load Balancer (~$6/month additional).

---

Step 7: Deploy a Test Application

Verify your cluster works by deploying a simple application:

Output:

Check the deployment:

Output:

Access nginx through any node's public IP:

Output:

Clean up the test:

---

Cost Breakdown: What You're Paying

With the configuration in this chapter:

For a minimal single-node learning cluster:

This costs ~$5.59/month. K3s can run workloads on the control plane node.

Comparison with DOKS

When to choose Hetzner K3s:

• Learning and experimentation
• Budget-conscious projects
• Full control needed
• Non-production workloads

When to choose DOKS:

• Production workloads
• Team environments
• Need managed upgrades
• SLA requirements

---

Cleanup: Destroying Your Cluster

When you're done experimenting, destroy the cluster to stop charges:

Output:

Important: This permanently destroys all servers and data. Export any important configurations first.

---

Try With AI

Now that you have a personal cloud lab, explore K3s and Hetzner further with your AI companion.

Prompt 1: Understand K3s Architecture

What you're learning: Understanding K3s architecture helps you make informed decisions about when lightweight Kubernetes is appropriate versus when you need full enterprise features.

Prompt 2: Compare Cloud Provider Costs

What you're learning: Cloud pricing is complex. Understanding all cost components helps you budget accurately and choose providers based on your actual workload patterns.

Prompt 3: Plan Production Migration

What you're learning: Skill portability is the goal. Understanding what's K3s-specific versus universal Kubernetes ensures your learning applies to any cluster.

Safety Note

Hetzner servers have public IPs by default. Your cluster is internet-accessible. Before deploying sensitive workloads, implement network policies, firewall rules, and authentication. Never expose sensitive services without TLS and proper access controls.

---

Reflect on Your Skill

You built a multi-cloud-deployer skill in an earlier Chapter. Test and improve it based on what you learned about Hetzner and K3s.

Test Your Skill

Does your skill produce valid cluster.yaml? Does it explain K3s versus full Kubernetes tradeoffs?

Identify Gaps

Ask yourself:

• Does my skill include Hetzner-specific patterns (API token, instance types, locations)?
• Can it generate both single-node and multi-node configurations?
• Does it explain K3s architecture and when to choose it?

Improve Your Skill

If you found gaps: