Migrated from k3s to RKE2 on Hetzner, published a free guide and looking for feedback
Hi r/kubernetes, I'm back with another fully free guide and this time it's about how I migrated my cluster of 4 Hetzner dedicated servers from k3s to RKE2.
The original k3s cluster started as a experimental setup for containerized CI/CD workloads, but as we moved more services off EKS, the single control plane node and storage limitations started to encountering issues. RKE2 stood out as a more enterprise-grade option from Rancher (the same folks as behind k3s), so I decided to make the jump and document every step along the way.
The guide walks through the full migration of bootstrapping RKE2 on a new node, migrating the existing nodes one-by-one to become control plane members, and finally decommissioning k3s and rejoining the last node as a worker.
I tried to cover as much as possible with regards to production-readiness:
- Dual-stack IPv4/IPv6 networking on Hetzner vSwitch
- Canal CNI with WireGuard encryption, MTU/MSS clamping, and default-deny NetworkPolicies
- Longhorn for replicated storage + local-path for fast local volumes
- Traefik DaemonSet behind a Hetzner Cloud Load Balancer for HA ingress
- cert-manager with Let's Encrypt
- HA verification by actually killing each control plane node in turn
- GitHub OIDC for CI/CD authentication using Structured Authentication Configuration
The cluster has been running for a while now and everything works fairly well, but I'd love feedback from more experienced engineers:
- if I missed anything important
- if something is not clear enough
- if you have ideas for additional chapters
Thank you for your time! 😊
Disclaimer: I used LLMs to generate and edit parts of the guide, but most of the content was actually collected during the manual setup and debugging of the cluster.