Lightweight Kubernetes
Go to file
Euan Kemp 4808c4e7d5 Listen insecurely on localhost only
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.

These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344),
so there shouldn't be any downside to switching them to listen only on
localhost.
2020-08-05 10:28:11 -07:00
.github Merge pull request #1754 from briandowns/add_pr_template 2020-08-03 09:25:39 -07:00
cmd Add config file support 2020-07-10 10:34:00 -07:00
contrib Remove trailing whitespaces 2020-05-27 17:27:30 +02:00
e2e Add e2e tests 2019-02-28 10:31:59 -07:00
manifests Update coredns version to 1.6.9 for master 2020-07-21 11:06:44 -07:00
package Update base image version in Dockerfiles 2020-07-28 00:23:46 -07:00
pkg Listen insecurely on localhost only 2020-08-05 10:28:11 -07:00
scripts Bump k3s-root to v0.6.0-rc3 for https://github.com/rancher/k3s/issues/1812 2020-07-24 11:16:50 -07:00
tests/perf Merge pull request #1494 from joakimr-axis/joakimr-axis_backticks 2020-03-25 12:15:41 -07:00
vendor Update dynamiclistener 2020-08-04 13:05:37 -07:00
.dockerignore Add rpm build & repo publish 2020-03-10 11:48:14 -07:00
.drone.yml Use curl to send dispatch event to k3s-upgrade repo 2020-03-16 19:30:40 +02:00
.gitignore Check for changes in the airgap image list 2020-03-09 19:58:00 -07:00
.golangci.json Upgrade to golangci-lint 2019-03-25 16:04:28 -07:00
BUILDING.md add pull request template 2020-05-05 15:07:50 -07:00
channel.yaml Set v1.18.6 as stable in channel server 2020-07-14 11:55:48 -07:00
CODE_OF_CONDUCT.md add code of conduct 2020-05-11 06:12:16 -07:00
CODEOWNERS Add CODEOWNERS file 2020-06-26 09:19:19 -07:00
CONTRIBUTING.md update contribution doc 2020-06-24 19:19:55 -07:00
DCO Simplify CONTRIBUTING.md 2020-06-23 10:41:15 -07:00
docker-compose.yml Remove docker-compose default token 2019-12-12 18:02:54 -07:00
Dockerfile.dapper Update base image version in Dockerfiles 2020-07-28 00:23:46 -07:00
Dockerfile.manifest Update base image version in Dockerfiles 2020-07-28 00:23:46 -07:00
Dockerfile.test.dapper Update base image version in Dockerfiles 2020-07-28 00:23:46 -07:00
go.mod Update dynamiclistener 2020-08-04 13:05:37 -07:00
go.sum Update dynamiclistener 2020-08-04 13:05:37 -07:00
install.sh Always validate K3S_URL. 2020-07-23 17:21:55 -04:00
k3s.service [systemd] Add value to LimitNOFILE due to performance problems 2020-05-03 09:37:00 +02:00
LICENSE Initial Commit 2019-01-01 01:23:01 -07:00
main.go Fix cli in main.go (#2043) 2020-07-21 00:06:21 +02:00
Makefile $ must be escaped in Makefile 2020-04-27 12:09:07 -07:00
README.md Move docs contributing to contributing guide 2020-06-24 17:52:05 -07:00
Vagrantfile Update Vagrant dev environment 2020-07-10 15:36:46 -07:00
vendor.go Update k3s for k8s 1.17.0 2019-12-15 23:28:19 -07:00

k3s - Lightweight Kubernetes

Lightweight Kubernetes. Easy to install, half the memory, all in a binary less than 100 MB.

Great for:

  • Edge
  • IoT
  • CI
  • Development
  • ARM
  • Embedding k8s
  • Situations where a PhD in k8s clusterology is infeasible

What is this?

k3s is a fully compliant Kubernetes distribution with the following changes:

  1. Packaged as a single binary.
  2. Lightweight storage backend based on sqlite3 as the default storage mechanism. etcd3, MySQL, Postgres also still available.
  3. Wrapped in simple launcher that handles a lot of the complexity of TLS and options.
  4. Secure by default with reasonable defaults for lightweight environments.
  5. Minimal to no OS dependencies (just a sane kernel and cgroup mounts needed). k3s packages required dependencies
    • containerd
    • Flannel
    • CoreDNS
    • CNI
    • Host utilities (iptables, socat, etc)
    • Ingress controller (traefik)
    • Embedded service loadbalancer
    • Embedded network policy controller

What's with the name?

We wanted an installation of Kubernetes that was half the size in terms of memory footprint. Kubernetes is a 10 letter word stylized as k8s. So something half as big as Kubernetes would be a 5 letter word stylized as k3s. There is no long form of k3s and no official pronunciation.

Documentation

Please see the official docs site for complete documentation on k3s.

Quick-Start - Install Script

The k3s install.sh script provides a convenient way for installing to systemd or openrc, to install k3s as a service just run:

curl -sfL https://get.k3s.io | sh -

A kubeconfig file is written to /etc/rancher/k3s/k3s.yaml and the service is automatically started or restarted. The install script will install k3s and additional utilities, such as kubectl, crictl, k3s-killall.sh, and k3s-uninstall.sh, for example:

sudo kubectl get nodes

K3S_TOKEN is created at /var/lib/rancher/k3s/server/node-token on your server. To install on worker nodes we should pass K3S_URL along with K3S_TOKEN or K3S_CLUSTER_SECRET environment variables, for example:

curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -

Manual Download

  1. Download k3s from latest release, x86_64, armhf, and arm64 are supported.
  2. Run server.
sudo k3s server &
# Kubeconfig is written to /etc/rancher/k3s/k3s.yaml
sudo k3s kubectl get nodes

# On a different node run the below. NODE_TOKEN comes from
# /var/lib/rancher/k3s/server/node-token on your server
sudo k3s agent --server https://myserver:6443 --token ${NODE_TOKEN}

Contributing

Please check out our contributing guide if you're interesting in contributing to k3s.