Stop Overpaying for Cloud: High-Availability Kubernetes on Hetzner with Talos 1.11
If you are running production workloads like Mastodon, Odoo, or a fleet of WordPress sites, you might think you need to stick with the major hyperscalers. However, you don’t need to burn money on AWS or Google Cloud just to get reliability. In fact, you can build a massive, enterprise-grade Kubernetes cluster on Hetzner Cloud for a fraction of the cost.
Specifically, in this guide, we will deploy two different architectures using Talos Linux 1.11 and Cilium (managed via OpenTofu). Whether you need a beast of a cluster for databases or a cost-effective setup for static sites, we have you covered.
Grab your €20 Free Credit on Hetzner Cloud here to follow along.
The “Business Powerhouse”: 3x CX53 Converged
Best for: Production Apps, Mastodon Instances, Odoo ERP, High-Traffic WordPress Networks.
First and foremost, this is the serious setup. We are using the CX53 nodes, which are absolute monsters for the price. By running a “Converged” setup (where every node is both a control plane and a worker), we get high availability (HA). Consequently, we can use every ounce of RAM for our applications without wasting resources on idle management nodes.
The Hardware Specs
- Nodes: 3x CX53 (16 vCPU, 32GB RAM, 320GB NVMe)
- Networking: 1x Load Balancer (LB11) for the API and 1x Failover IP for the Gateway.
- Storage: Hetzner Object Storage (S3 Compatible) for media assets.
Monthly Cost Breakdown
- 3x CX53 Nodes (@ €17.49/mo): €52.47
- 1x Load Balancer (LB11): €5.39
- 1x Floating IP (IPv4) for Gateway: €3.60
- 1x Object Storage (1TB included): ~€5.00
- TOTAL: ~€66.46 / month
As a result, for roughly €66 a month, you are getting 48 vCPUs and 96GB of RAM. In comparison, if you tried getting that on AWS, you would be paying over €400.
Real-World Use Case: Mastodon & Odoo
With this much power, you can easily host a large Mastodon instance. However, the trick is to configure Mastodon to use Hetzner’s S3-compatible Object Storage for all media files. This ensures your local NVMe usage stays low. Simultaneously, you could run an Odoo ERP system with a replicated PostgreSQL cluster and still have room for 10-20 heavy WordPress sites.
Sign up now to get your €20 credit and build this beast.
The “Indie Hacker”: 1 CP + 3 Workers (CX23)
Best for: Single Page Apps (SPA), Static Sites, Dev Environments, Low-Traffic APIs.
Alternatively, if you don’t need HA for the control plane and just want a cheap place to host React/Vue apps or static sites, this tiered setup offers unbeatable value. Here, we use one node to manage the cluster while three nodes handle the actual work.
The Hardware Specs
- Control Plane: 1x CX23 (2 vCPU, 4GB RAM)
- Workers: 3x CX23 (2 vCPU, 4GB RAM)
- Networking: Direct ingress (No Load Balancer needed for simple setups; instead, just point DNS to a worker or use a Floating IP).
Monthly Cost Breakdown
- 4x CX23 Nodes (@ €3.49/mo): €13.96
- 1x Floating IP (IPv4): €3.60
- TOTAL: ~€17.56 / month
Therefore, for less than the price of Netflix, you have a 4-node Kubernetes cluster capable of hosting hundreds of static sites or SPAs.
Start your Indie Hacker journey with €20 free credit.
Infrastructure as Code: OpenTofu & Cilium
For deployment, we use OpenTofu (the open-source fork of Terraform) to provision the infrastructure. Additionally, we will enable the Gateway API feature in Cilium 1.16+ to handle traffic routing efficiently.
main.tf (Converged CX53 Example)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
terraform { required_providers { hcloud = { source = "hetznercloud/hcloud", version = "~> 1.45" } } } variable "hcloud_token" { sensitive = true } provider "hcloud" { token = var.hcloud_token } # Private Network resource "hcloud_network" "talos_net" { name = "talos-net" ip_range = "10.0.0.0/16" } resource "hcloud_network_subnet" "talos_subnet" { network_id = hcloud_network.talos_net.id type = "cloud" network_zone = "nbg1" ip_range = "10.0.1.0/24" } # Load Balancer for Control Plane (API) resource "hcloud_load_balancer" "cp_lb" { name = "k8s-api" load_balancer_type = "lb11" location = "nbg1" } # The Powerhouse Nodes (CX53) resource "hcloud_server" "node" { count = 3 name = "talos-cx53-${count.index + 1}" server_type = "cx53" image = "debian-12" # Boot Talos ISO via user_data or manual ISO mount location = "nbg1" network { network_id = hcloud_network.talos_net.id ip = "10.0.1.1${count.index}" } } # Floating IP for Cilium Gateway resource "hcloud_floating_ip" "gateway_ip" { type = "ipv4" home_location = "nbg1" } |
Setting up Cilium & Gateway API
Once Talos 1.11 is bootstrapped, you should install Cilium with Gateway API enabled. This step effectively replaces the legacy Ingress Controller.
|
1 2 3 4 5 |
helm install cilium cilium/cilium --version 1.16.0 \ --namespace kube-system \ --set gatewayAPI.enabled=true \ --set kubeProxyReplacement=true \ --set hcloud.enabled=true |
Finally, you then configure the Hetzner Cloud Controller Manager to bind your Floating IP to the Cilium Gateway LoadBalancer service. This ensures that if one of your massive CX53 nodes reboots, traffic instantly shifts to another node without downtime.
Conclusion
To summarize, Hetzner Cloud combined with Talos Linux is a cheat code for infrastructure. You get the performance of bare metal with the flexibility of the cloud, and all at prices that make the hyperscalers look ridiculous.
Ready to deploy? Then don’t forget to claim your startup credits below.
Get €20 Cloud Credits & Start Building
(Valid for all Hetzner Cloud products)