New
- Added some new features to significantly improve support for large clusters using the public network. Hetzner's private networks can only handle up to 100 servers, so using the public network solves this problem. All traffic is encrypted with Wireguard at the CNI level, and a custom firewall is now added on each node to manage communication between them. A custom firewall is better for large clusters because Hetzner's firewalls can get slow to update, especially when you're creating a large cluster with many nodes all at once. To make the custom firewall work smoothly, an "IP query server" was implemented as a simple container. This server checks the Hetzner API every 30 seconds to get the list of all node IPs. Then, the custom firewall on each node asks the server for the updated list, keeping the firewall config up to date automatically. This setup means we don't need to manually manage the firewall, and it works well with autoscaling too, since we can't predict the IPs of autoscaled nodes in advance. Check out this page for more details.
- Added support for labels and taints in autoscaled node pools
Fixes
- Fixed support for labels and taints in static node pools when autoscaled node pools are also present
- Fixed a cloud-init schema validation error that occurred when
{{ growpart_str }}is not empty - by @EnDjeee - Fixed an unhandled exception that occurred when trying to create a cluster on microOS - by @EnDjeee
Updates
- Upgraded Cluster Autoscaler, Hetzner CSI Driver, Hetzner Cloud Controller Manager, Rancher System Upgrade Controller
- Defaulted the k3s upgrade concurrency for worker nodes to 1. This helps reduce the risks that might come up when upgrading multiple nodes at the same time. If you want to change this setting, you can do so using the top-level
k3s_upgrade_concurrencyconfiguration option.
Contributors
EnDjeee