4808c4e7d5
Before this change, k3s configured the scheduler and controller's insecure ports to listen on 0.0.0.0. Those ports include pprof, which provides a DoS vector at the very least. These ports are only enabled for componentstatus checks in the first place, and componentstatus is hardcoded to only do the check on localhost anyway (see https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344), so there shouldn't be any downside to switching them to listen only on localhost. |
||
|---|---|---|
| .github | ||
| cmd | ||
| contrib | ||
| e2e | ||
| manifests | ||
| package | ||
| pkg | ||
| scripts | ||
| tests/perf | ||
| vendor | ||
| .dockerignore | ||
| .drone.yml | ||
| .gitignore | ||
| .golangci.json | ||
| BUILDING.md | ||
| channel.yaml | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| DCO | ||
| docker-compose.yml | ||
| Dockerfile.dapper | ||
| Dockerfile.manifest | ||
| Dockerfile.test.dapper | ||
| go.mod | ||
| go.sum | ||
| install.sh | ||
| k3s.service | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| README.md | ||
| Vagrantfile | ||
| vendor.go | ||
k3s - Lightweight Kubernetes
Lightweight Kubernetes. Easy to install, half the memory, all in a binary less than 100 MB.
Great for:
- Edge
- IoT
- CI
- Development
- ARM
- Embedding k8s
- Situations where a PhD in k8s clusterology is infeasible
What is this?
k3s is a fully compliant Kubernetes distribution with the following changes:
- Packaged as a single binary.
- Lightweight storage backend based on sqlite3 as the default storage mechanism. etcd3, MySQL, Postgres also still available.
- Wrapped in simple launcher that handles a lot of the complexity of TLS and options.
- Secure by default with reasonable defaults for lightweight environments.
- Minimal to no OS dependencies (just a sane kernel and cgroup mounts needed). k3s packages required
dependencies
- containerd
- Flannel
- CoreDNS
- CNI
- Host utilities (iptables, socat, etc)
- Ingress controller (traefik)
- Embedded service loadbalancer
- Embedded network policy controller
What's with the name?
We wanted an installation of Kubernetes that was half the size in terms of memory footprint. Kubernetes is a 10 letter word stylized as k8s. So something half as big as Kubernetes would be a 5 letter word stylized as k3s. There is no long form of k3s and no official pronunciation.
Documentation
Please see the official docs site for complete documentation on k3s.
Quick-Start - Install Script
The k3s install.sh script provides a convenient way for installing to systemd or openrc,
to install k3s as a service just run:
curl -sfL https://get.k3s.io | sh -
A kubeconfig file is written to /etc/rancher/k3s/k3s.yaml and the service is automatically started or restarted.
The install script will install k3s and additional utilities, such as kubectl, crictl, k3s-killall.sh, and k3s-uninstall.sh, for example:
sudo kubectl get nodes
K3S_TOKEN is created at /var/lib/rancher/k3s/server/node-token on your server.
To install on worker nodes we should pass K3S_URL along with
K3S_TOKEN or K3S_CLUSTER_SECRET environment variables, for example:
curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -
Manual Download
- Download
k3sfrom latest release, x86_64, armhf, and arm64 are supported. - Run server.
sudo k3s server &
# Kubeconfig is written to /etc/rancher/k3s/k3s.yaml
sudo k3s kubectl get nodes
# On a different node run the below. NODE_TOKEN comes from
# /var/lib/rancher/k3s/server/node-token on your server
sudo k3s agent --server https://myserver:6443 --token ${NODE_TOKEN}
Contributing
Please check out our contributing guide if you're interesting in contributing to k3s.