machine-controller
machine-controller copied to clipboard
kubermatic
[Hetzner Cloud] Support creating private-network-only machines (without public IP)
Hetzner Cloud recently started supporting servers without a public ("primary" in their lingo) IP address, i.e. private-network-only servers.
It would be nice if it were possible to create these using machine-controller.
@sphr2k shouldn't this already be possible? If I understand it correctly then you just need to specify a private network here https://github.com/kubermatic/machine-controller/blob/main/examples/hetzner-machinedeployment.yaml#L54
@ahmedwaleedmalik @ahmedwaleedmalik Adding a private network under networks creates a VM with both a public and a private network interface.
In the past, every Hetzner VM needed a public IP, but that changed a few months ago, so it is now possible to create machines without a public interface.
However, I just realised that this is probably not very useful for most use cases, since Hetzner does not provide a NAT gateway, so these VMs will only be able to serve incoming requests via a load balancer, but not pull any images, unless a private registry on the same subnet is used.
You need a NAT gateway if you will go this way. Your apps need to be able to connect to outside, like maybe backends connecting to other 3rd party services. If nodes are not started with a default gateway with internet connection, this will not work. I think the AWS deployment has some tips on how to proceed with this, but on AWS is easy as they offer a manager nat gateway. On hetzner it will bring another layer in this. Manually using kubeadm I did this kind of setup, works, but when u go this way, ensure that all you will deploy there it is good to have one single IP to communicate to outside.
