Installing k3s#

To install k3s directly:

$ curl -sfL https://get.k3s.io | sh -

To install k3s from source:

$ git clone https://github.com/rancher/k3s.git
$ cd k3s
$ ./install.sh

To verify the installation:

$ kubectl get nodes
NAME                    STATUS   ROLES    AGE    VERSION
localhost.localdomain   Ready    master   4m6s   v1.17.3+k3s1

The admin password is stored in /etc/rancher/k3s/k3s.yaml:

users:
- name: default
  user:
    password: <password>
    username: admin

To verify with a browser, open https://localhost.localdomain:6443/version.

To troubleshoot issues:

$ kubectl run -i -t busybox --image=radial/busyboxplus:curl --restart=Never

To uninstall k3s:

$ /usr/local/bin/k3s-uninstall.sh

k3s Configuration#

The configuration file is located at /etc/rancher/k3s/k3s.yaml.

Shell Container#

To run a shell container:

$ kubectl apply -f https://k8s.io/examples/application/shell-demo.yaml
$ kubectl exec -it shell-demo -- /bin/bash

Kubernetes Dashboard#

To install Kubernetes Dashboard:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml

To create an admin user, prepare the following file (e.g. dashboard-adminuser.yaml):

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

then execute:

$ kubectl apply -f dashboard-adminuser.yaml

To get the access token:

$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

To access the dashboard:

$ kubectl proxy

then open http://127.0.0.1:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ and enter the access token.

See also Kubernetes Dashboard.

k3s Systemd Service#

The k3s service is started automatically on installation. To check the status of k3s service:

$ systemctl status k3s

Installing cert-manager#

To install cert-manager:

$ kubectl create namespace cert-manager
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml

To verify the installation:

$ kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-75b6bc7b8b-9595c   1/1     Running   0          12s
cert-manager-6f578f4565-wqtnm              1/1     Running   0          12s
cert-manager-webhook-8444c4bc77-k2ffg      0/1     Running   0          12s

Creating Certificate Issuer#

To create an issuer, prepare the following file (e.g. acme.yaml):

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: acme
spec:
  acme:
    email: admin@example.com
    privateKeySecretRef:
      name: acme-account-key
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    solvers:
      - http01:
          ingress:
            class: traefik
        selector: {}

Then execute the following:

$ kubectl apply -f acme.yaml

To verify the issuer:

$ kubectl describe clusterissuer acme

To see the logs:

$ kubectl logs <cert-manager pod> --namespace cert-manager

To remove the issuer:

$ kubectl delete clusterissuer acme

See Also#