Ansible Role for tinc VPN

When setting up Kubernetes clusters, it makes sense for the individual nodes of Kubernetes to live in the same private network. If Kubernetes is set up on bare metal machines from suppliers such as Hetzner, it may not necessarily be possible to set up a common network of this kind natively. This is where tinc comes in: it makes it very easy to set up a virtual network across all participating nodes. To keep the configuration of tinc parallel to that of Kubernetes (I use Kubespray for my Kubernetes setup), I developed an Ansible Role for tinc VPN and made it available on GitHub.


  • Installing and setting up tinc VPN service
  • In-place private key generation (private keys are never copied)
  • Support for additional nodes where host machines are not covered by the playbook
  • Support for custom routes for the VPN interface
  • Support for joining existing bridge interfaces on the host machine
  • Custom scripting for up/down hook scripts


For setup instructions or a tutorial how to use my Ansible Role for tinc VPN please check the README. It always contains the up-to-date instructions for using this role and will be updated, if new features come up.

Raspberry Pi Kubernetes Cluster

In order to gain experience with a Kubernetes cluster or to be able to experiment with it, a functioning cluster is required. Since most conceptual challenges do not require a high performance test cluster, it is also sufficient to build a smaller and therefore more cost-effective one. For this reason I decided to set up a Raspberry Pi Kubernetes Cluster for testing purposes.

Shopping List

If the Raspberry Pis are not to be connected via WLAN but cable, the corresponding network components are also required:

Set up

The website of Hypriot has a very good tutorial how to set up a Kubernetes cluster with Raspberry Pi boards: If you need some configuration examples (executable on a Raspberry Pi Kubernetes Cluster) please check out my GitHub repository with configuration examples: