K3s is a free and open-source [Link] fully certified Kubernetes-compliant distribution [Link].

It is offers a simplified Kubernetes deployments and a lightweight single binary (~45MB) that implements Kubernetes APIs.

Popular features of the K3s are:

  • Lightweight (consumes less then 512 MB of RAM),
  • Full ARM architecture support (e.g. Raspberry Pi),
  • Multi-node or single-node cluster,
  • Edge computing and Production ready!

INSTALLATION

Easiest way (takes few seconds and no interaction):

curl -sfL https://get.k3s.io | sh -

Issue the following command to allow any user to issue command to K3s without sudo. It is not recommended to production, just for test environments.

sudo chmod 777 /etc/rancher/k3s/k3s.yaml

Check the newly deployed nodes:

k3s kubectl get nodes

Deploy a test application:

k3s kubectl create deployment hello-node --image=registry.k8s.io/echoserver:1.4

Check the deployment and its pods (objects):

k3s kubectl get deployments
k3s kubectl get pods

Copy the configuration that kubectl uses to interact with the server to another machine on the network to manage it remotely:

scp /etc/rancher/k3s/k3s.yaml userName@10.10.10.10:.

Note: replace the username and IP accordingly to the destination machine where you want to remotely access the K3s from.


JOINING AGENTS TO THE CLUSTER

Copy the token that authorizes Agents to join the server:

cat /var/lib/rancher/k3s/server/node-token

Then, define environment variables on the server that will be configured as a new Agent to the cluster:

export K3S_TOKEN=<paste the node-token here>
export K3S_TOKEN=https://10.10.10.1:6443

Note: replace the commands above with the node token acquired on the first command and the IP address where the K3S server is installed.


CONFIGURING AND ACCESSING THE DASHBOARD

Deploy the dashboard [Link].

GITHUB_URL=https://github.com/kubernetes/dashboard/releases
VERSION_KUBE_DASHBOARD=$(curl -w '%{url_effective}' -I -L -s -S ${GITHUB_URL}/latest -o /dev/null | sed -e 's|.*/||')
k3s kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/${VERSION_KUBE_DASHBOARD}/aio/deploy/recommended.yaml

Create the admin Service Account:

nano dashboard.admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard

Create the RBAC (Role-based access control) for the admin Service Account:

nano dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

Deploy both:

k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml

Get the token for the admin:

k3s kubectl -n kubernetes-dashboard create token admin-user

Start the proxy:

k3s kubectl proxy

Note: the proxy is enabled but cannot be reached from outside the server. Do not try to bind the proxy on 0.0.0.0 because the latest version of the dash board will not allow admin access from outside localhost if not under HTTPS. To work around this and securely connect to the server estabilsh a SSH tunnel as follows.

Establishing an SSH tunnel to the proxy that serves the dashboard.

ssh 190.10.10.1 -L 8001:localhost:8001 -N

Now, with the proxy started and the SSH tunnel listening on local host and port forwarding the traffic to the remote server on the same port, navigate to http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/


OTHER POSTS

Minikube on Ubuntu 22.04 [Link].

K8s Persistent Volumes [Link].

K8s Cheat Sheet [Link].