k3s is a lightweight Kubernetes distribution “for IoT and Edge Computing”.

Installation

dnf install -y container-selinux selinux-policy-base
rpm -i https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm

curl -sfL https://get.k3s.io | sh -
# wait....
k3s kubectl get node

You’ll need to be root to interact with the cluster:

sudo k3s kubectl get node

Uninstalling

Kill, uninstall:

/usr/local/bin/k3s-killall.sh
/usr/local/bin/k3s-uninstall.sh

Networking

DNS:

  • Uses coredns using image docker.io/rancher/coredns-coredns
  • This runs as a ReplicaSet in namespace kube-system
  • CoreDNS gets settings from the configmap coredns in namespace kube-system - this is mounted as /etc/coredns/Corefile in the container
  • Each container uses CoreDNS for DNS resolution, due to nameserver <kube-dns Service IP> in /etc/resolv.conf

Networking/Ingress:

  • IP addresses:
    • Pod IP addresses are allocated from a default CIDR of 10.42.0.0/16 (this can be configured on startup with the --cluster-cidr option) 1
    • Service IP addresses are allocated from a default CIDR of 10.43.0.0/16
  • ServiceLB (formerly known as Klipper) is used for load balancing. It watches Kubernetes Services with the spec.type field set to LoadBalancer. 2
  • ClusterIP service and Ingress: To expose an app outside the cluster, you can just create a Service of type ClusterIP and expose it with an Ingress.
  • LoadBalancer service: Alternatively, create a Service of type LoadBalancer. This will create a new klipper load balancer DaemonSet (svclb-*) in the namespace kube-system. However, your Service must expose a port which isn’t already in use. For example, Traefik occupies ports 80 and 443, so pick a different port.

Cookbook

Monitoring with Kubernetes Dashboard

Add the Kubernetes Dashboard:

GITHUB_URL=https://github.com/kubernetes/dashboard/releases
VERSION_KUBE_DASHBOARD=$(curl -w '%{url_effective}' -I -L -s -S ${GITHUB_URL}/latest -o /dev/null | sed -e 's|.*/||')
sudo k3s kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/${VERSION_KUBE_DASHBOARD}/aio/deploy/recommended.yaml

Monitoring with k9s

To run k9s you will need to pass the location of the rancher config file:

k9s --kubeconfig /etc/rancher/k3s/k3s.yaml

Misc

Some more info about k3s:

Troubleshooting

metrics-server fails, with error “Failed to scrape node … http://your_ip:10250 no route to host”:

  • Likely firewall is preventing traffic from the pod network to your host.
  • Add a rule: firewall-cmd --permanent --add-port=10250/tcp && firewall-cmd --reload

Can’t seem to use kubectl with any other Kubernetes clusters except k3s: “error: error loading config file “/etc/rancher/k3s/k3s.yaml”: open /etc/rancher/k3s/k3s.yaml: permission denied”:

  • The kubectl that’s distributed with k3s is modified to always load config from /etc/rancher/k3s/k3s.yaml 3
  • But the default behaviour for a regular kubectl binary is to read config from ~/.kube/config.
  • To work with other clusters: install your own kubectl binary (e.g. from the Kubernetes website, or via a package) then symlink it, so that it overrides the k3s kubectl binary in your PATH:
    • sudo dnf install -y kubernetes-client --repo fedora
    • ln -s /usr/bin/kubectl ~/.local/bin/kubectl
  1. https://docs.k3s.io/reference/server-config 

  2. https://docs.k3s.io/networking#service-load-balancer 

  3. https://github.com/k3s-io/k3s/issues/1541#issuecomment-672099924