| 10 Nov 2025 |
 lillecarl | I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
https://github.com/Lillecarl/hetzkube/commit/f35b8fadfe17d5cc7054ae6f6cf187879272d2ba Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either | 02:58:48 |
| lillecarl | * I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
https://github.com/Lillecarl/hetzkube/commit/f35b8fadfe17d5cc7054ae6f6cf187879272d2ba Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either
Disclaimer: The Python script is a collaboration with AI | 02:59:28 |
| lillecarl | * I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
commit Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄) Here's the [nix-csi magic](https://github.com/Lillecarl/hetzkube/commit/f35b8fadfe17d5cc7054ae6f6cf187879272d2ba#diff-4c88f6039362165e9d0e418fce1c757befb04cf659d7738a89807fc7504ccadcR5-R113
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either
Disclaimer: The Python script is a collaboration with AI | 03:00:13 |
| lillecarl | * I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
commit Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄) Here's the [nix-csi magic](https://github.com/Lillecarl/hetzkube/commit/f35b8fadfe17d5cc7054ae6f6cf187879272d2ba#diff-4c88f6039362165e9d0e418fce1c757befb04cf659d7738a89807fc7504ccadcR5-R113)
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either
Disclaimer: The Python script is a collaboration with AI | 03:00:27 |
| lillecarl | * I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
commit Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄) Here's the nix-csi magic
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either
Disclaimer: The Python script is a collaboration with AI | 03:00:49 |
| lillecarl | I felt it was time to build an actual "production-ish" cluster to eventually host something real. Ofc it should run both DualStack IP and dual architectures to make it a little challenging | 03:03:36 |
 Arian | Does Hetzner do BGP any cast? | 18:11:00 |
| 11 Nov 2025 |
|  Robert Rose changed their display name from Robert Rose - 🏝️ bis 10.11.25 to Robert Rose. | 09:22:17 |
|  xentec joined the room. | 14:05:12 |
 Erik | @lillecarl:matrix.org: I didnt have enought time to check nix-csi yet, sorry | 19:32:22 |
| Erik | In reply to @lillecarl:matrix.org
I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
commit Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄) Here's the nix-csi magic
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either
Disclaimer: The Python script is a collaboration with AI About this, pretty amazing! | 19:32:35 |
| lillecarl | Nop | 19:59:24 |
| 12 Nov 2025 |
|  Inayet changed their display name from inayet to Inayet. | 12:38:46 |
| 13 Nov 2025 |
|  devusb joined the room. | 21:55:51 |
| 17 Nov 2025 |
|  insipx joined the room. | 01:54:18 |
| 19 Nov 2025 |
|  josqu4red joined the room. | 22:02:20 |
| 20 Nov 2025 |
|  John joined the room. | 06:09:48 |
| 22 Nov 2025 |
|  cameronraysmith joined the room. | 18:11:19 |
|  easel joined the room. | 19:10:28 |
| 24 Nov 2025 |
|  Robert joined the room. | 13:22:19 |
| Robert changed their display name from bpub to Robert. | 13:32:01 |
| Robert set a profile picture. | 13:34:23 |
|  Vinetos joined the room. | 16:50:03 |
| 4 Dec 2025 |
|  onur-ozkan joined the room. | 04:20:23 |
| 6 Dec 2025 |
|  P J joined the room. | 07:43:09 |
| 7 Dec 2025 |
|  W changed their display name from William Sewell to W. | 00:30:02 |
| 11 Dec 2025 |
|  suua joined the room. | 16:09:32 |
|  TG × ⊙ joined the room. | 19:53:02 |
| 15 Dec 2025 |
 Sandro 🐧 | Would be nice if someone could look at https://github.com/NixOS/nixpkgs/pull/427694 | 16:07:34 |
| 19 Dec 2025 |
| Arian | I dont think this does what you think it does? If a derivation could leak this information from the host builder we have a vulnerability -- not a feature | 09:58:00 |
