K3s
Contents
Installing k3s
To install k3s directly:
$ curl -sfL https://get.k3s.io | sh -
To install k3s from source:
$ git clone https://github.com/rancher/k3s.git $ cd k3s $ ./install.sh
To verify the installation:
$ kubectl get nodes NAME STATUS ROLES AGE VERSION localhost.localdomain Ready master 4m6s v1.17.3+k3s1
The admin password is stored in /etc/rancher/k3s/k3s.yaml:
users: - name: default user: password: <password> username: admin
To verify with a browser, open https://localhost.localdomain:6443/version.
To troubleshoot issues:
$ kubectl run -i -t busybox --image=radial/busyboxplus:curl --restart=Never
To uninstall k3s:
$ /usr/local/bin/k3s-uninstall.sh
k3s Configuration
The configuration file is located at /etc/rancher/k3s/k3s.yaml.
Shell Container
To run a shell container:
$ kubectl apply -f https://k8s.io/examples/application/shell-demo.yaml $ kubectl exec -it shell-demo -- /bin/bash
Kubernetes Dashboard
To install Kubernetes Dashboard:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml
To create an admin user, prepare the following file (e.g. dashboard-adminuser.yaml):
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
then execute:
$ kubectl apply -f dashboard-adminuser.yaml
To get the access token:
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
To access the dashboard:
$ kubectl proxy
then open http://127.0.0.1:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ and enter the access token.
See also Kubernetes Dashboard.
k3s Systemd Service
The k3s service is started automatically on installation. To check the status of k3s service:
$ systemctl status k3s
Installing cert-manager
To install cert-manager:
$ kubectl create namespace cert-manager $ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml
To verify the installation:
$ kubectl get pods --namespace cert-manager NAME READY STATUS RESTARTS AGE cert-manager-cainjector-75b6bc7b8b-9595c 1/1 Running 0 12s cert-manager-6f578f4565-wqtnm 1/1 Running 0 12s cert-manager-webhook-8444c4bc77-k2ffg 0/1 Running 0 12s
Creating Certificate Issuer
To create an issuer, prepare the following file (e.g. acme.yaml):
apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: acme spec: acme: email: admin@example.com privateKeySecretRef: name: acme-account-key server: https://acme-staging-v02.api.letsencrypt.org/directory solvers: - http01: ingress: class: traefik selector: {}
Then execute the following:
$ kubectl apply -f acme.yaml
To verify the issuer:
$ kubectl describe clusterissuer acme
To see the logs:
$ kubectl logs <cert-manager pod> --namespace cert-manager
To remove the issuer:
$ kubectl delete clusterissuer acme