3.5 KiB
K3S
Lightweight Kubernetes. Production ready, easy to install, half the memory, all in a binary less than 100 MB.
Project Homepage: K3s.io Documentation: K3s Documentation
Installation
To install k3s, you can follow different approaches like setting up k3s with an external database, embedded database, or as a single node.
K3s with external DB
Set up an HA K3s cluster backed by an external datastore such as MySQL, PostgreSQL, or etcd.
Install Database
Install MariaDB.
Install Servers
curl -sfL https://get.k3s.io | sh -s - server \
--token=YOUR-SECRET \
--datastore-endpoint='mysql://user:pass@tcp(ipaddress:3306)/dbname' \
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san your-dns-name --tls-san your-lb-ip-address
Node-Taint
By default, server nodes will be schedulable and thus your workloads can get launched on them. If you wish to have a dedicated control plane where no user workloads will run, you can use taints. The node-taint parameter will allow you to configure nodes with taints, for example --node-taint CriticalAddonsOnly=true:NoExecute.
SSL Certificates
To avoid certificate errors in such a configuration, you should install the server with the --tls-san YOUR_IP_OR_HOSTNAME_HERE option. This option adds an additional hostname or IP as a Subject Alternative Name in the TLS cert, and it can be specified multiple times if you would like to access via both the IP and the hostname.
Get a registered Address
TODO: WIP
Install Agents
TODO: WIP
curl -sfL https://get.k3s.io | sh -s - agent \
--server https://your-lb-ip-address:6443 \
--token YOUR-SECRET
K3s with embedded DB
Set up an HA K3s cluster that leverages a built-in distributed database.
TODO: WIP
Install first Server
TODO: WIP
curl -sfL https://get.k3s.io | sh -s - server \
--token=YOUR-SECRET \
--tls-san your-dns-name --tls-san your-lb-ip-address \
--cluster-init
To avoid certificate errors in such a configuration, you should install the server with the --tls-san YOUR_IP_OR_HOSTNAME_HERE option. This option adds an additional hostname or IP as a Subject Alternative Name in the TLS cert, and it can be specified multiple times if you would like to access via both the IP and the hostname.
Install additional Servers
TODO: WIP
curl -sfL https://get.k3s.io | sh -s - server \
--token=YOUR-SECRET \
--tls-san your-dns-name --tls-san your-lb-ip-address \
--server https://IP-OF-THE-FIRST-SERVER:6443
The --cluster-init initializes an HA Cluster with an embedded etcd database. The fault tolerance requires an odd number, minimum three, nodes to function.
| Total Number of nodes | Failed Node Tolerance |
|---|---|
| 1 | 0 |
| 2 | 0 |
| 3 | 1 |
| 4 | 1 |
| 5 | 2 |
| 6 | 2 |
| ... | ... |
Get a registered Address
To achieve a high-available scenario you also need to load balance incoming connections between the server nodes.
TODO: WIP
Install Agents
You can still add additional nodes without a server function to this cluster.
curl -sfL https://get.k3s.io | sh -s - agent \
--server https://your-lb-ip-address:6443 \
--token YOUR-SECRET
K3s single node
Set up K3s as a single node installation.
TODO: WIP
Manage K3S
Management on Server Nodes
k3s kubectl
Download Kube Config
/etc/rancher/k3s/k3s.yaml
Database Backups
etcd snapshots
Stored in /var/lib/rancher/k3s/server/db/snapshots.