Highly-Available K3s Platform on Hetzner (OpenTofu + FluxCD GitOps)

Overview

The infrastructure-as-code foundation for the entire platform: a highly available K3s Kubernetes cluster on Hetzner Cloud, provisioned with OpenTofu and managed via FluxCD GitOps.

The Challenge

Running a multi-service media-intelligence platform reliably and cost-effectively demands a resilient, reproducible Kubernetes platform with automated provisioning, GitOps delivery, managed databases, autoscaling and full observability, without relying on an expensive managed cloud.

What We Built

A complete IaC setup: OpenTofu (main.tf, variables.tf, providers.tf) provisions a 3-master HA K3s cluster with multiple worker pools on openSUSE MicroOS (built via a Packer .pkr.hcl snapshot), behind dedicated load balancers. FluxCD (flux/ with apps/, clusters/, infrastructure/, sources/) drives GitOps delivery. Core components include the Hetzner Cloud Controller Manager and CSI driver, Cluster Autoscaler, cert-manager, a Redis Operator and CloudNativePG. Applications include the ingestion service, n8n and Trigger.dev. Observability is provided by Prometheus, Grafana, Loki and Promtail. Documented under docs/architecture.md.

Technologies & Approach

OpenTofu for declarative provisioning, FluxCD for GitOps so the cluster state is git-driven, MicroOS for transactional/atomic updates, and Kubernetes operators for stateful services. Hetzner keeps it cost-efficient while staying HA.

Outcome / Impact

A resilient, self-hosted, fully GitOps-managed platform underpinning every platform service, with autoscaling, managed Postgres/Redis, automated TLS and a complete monitoring/logging stack.

Capabilities Demonstrated

• Provisioning highly-available Kubernetes from scratch with OpenTofu
• GitOps delivery with FluxCD
• Running stateful workloads via operators (CloudNativePG, Redis)
• Building cost-efficient self-hosted cloud platforms with full observability