K3s — Hottest new entry in CNCF Sandbox to change how you look at K8s
Rancher Labs recently announced the acceptance of k3s in the CNCF Sandbox. Being the most lightweight distribution of Kubernetes, it came as a shock that it passed through all the conformance tests defined by CNCF to qualify as a certified Kubernetes distribution. As stated in CNCF software conformance,
Software conformance ensures that every vendor’s version of Kubernetes supports the required APIs, as do open source community versions. For organizations using Kubernetes, conformance enables interoperability from one Kubernetes installation to the next.
and k3s offers that under a single <40MB binary.
It might seem like just another project joining the league of Flux, Longhorn and OpenMetrics, but this entry can change a lot. K3s is going to widen the scope of Kubernetes and how it is imagined.
K3s will open new doors
Being so light, k3s clusters can run on minimal spec devices (~300mb memory size combined for control plane and worker) like Raspberry Pi Zero and so open its way to the IoT world. Without adding much to the hardware of IoT devices, the architecture can now be shifted to Kubernetes and enjoy the perks that come with it.
To cover up the wide scale of machines and microprocessors, k3s is made compatible for AMD64, ARM64 and ARMHF.
Another door it opens is towards edge computing. Now clusters can be hosted closer to the location where it is needed, which will greatly improve response times and save bandwidth.
With installation as minimal as curl -sfL https://get.k3s.io | sh -, your cluster will be ready within 30 seconds to serve production workloads in unattended, resource-constrained, remote locations. This quick setup ability can help architects in using Kubernetes in ways that weren’t thought of earlier.
Moreover, Rancher is working on extending the k3s compatibility further and plans on bringing the Kubernetes distribution to Windows and WSL2 too. So, with the scale already broadened, it is still expanding.
Within a short amount of time, k3s has gathered many admirers and as a result, there are offerings of managed k3s available through Civo.
Get started
K3s, as mentioned earlier, comes in a single tiny binary which can directly be downloaded by just curling the binary from the release you need and placing it in /usr/local/bin .
Once done, you can just set up the cluster with
k3s serverThat’s it! Your cluster is ready within a few seconds.
If you want to add a secret token which can be used to join the cluster, then set up the server (server and agents will be explained further down this article) like
k3s server -t ${TOKEN}And join agent nodes using
k3s agent -s https://server:6443 -t ${TOKEN}Or you can even add more server nodes using
k3s server -s https://server:6443 -t ${TOKEN}Once the cluster is setup, you can use the regular kubectl cli commands by typing them as k3s kubectl commands.
Tip: Create an alias using the command
alias k=”k3s kubectl”to make your life easier.
What changed from k8s to k3s?
You might feel that k8s would’ve been greatly changed to make it so light, but rather it was optimized. Processes were clubbed and below mentioned Server-Agent model is what it looks like now
Starting from Server side, the first change is that instead of etcd, we can see SQLite. Rancher’s Kine, an etcd shim capable of translating etcd APIs to SQLite, is used to run a subset of etcd APIs.
Next change that we can see is the tunnel proxy. Instead of using a bidirectional communication between kubelet and API server, a reverse tunnel proxy is used which only allows outbound from kubelet onto API server and response gets tunnelled back. This method also makes it easier to add firewalls.
Another big change visible in this diagram is the addition of flannel, which comes with support for VXLAN, IPSEC and WireGuard.
What’s extra that you don’t see up there
Apart from this, there are a lot more changes that you can’t see in this diagram.
A fast, embedded, persistent SQL database with Raft consensus, DQLite has been integrated for secure transport, discovery and handle failure scenarios.
To ensure k3s have zero dependencies, necessary packages like iptables, du, find, socat, ipset etc. are available through an added busybox userspace.
The process of certificate generation, management and rotation is automated which takes a massive amount of effort from your hands.
A whole server bootstrap process is added that copies certificates and keys between servers securely.
To get external IPs, the only way is to have a cloud provider so that was written into it as well. Another point to note here is that now loadbalancers service works with host ports.
And wait, there’s more…
Making a lightweight distribution does not mean minimizing features. It’s hard to believe, but k3s comes with some additional features built over standard Kubernetes.
One such amazing feature is the introduction of a manifest directory and an image directory where you can store your files needed to deploy your application. Once you spin up k3s, your app will get automatically deployed using these files.
Apart from this, many necessary utilities come standard with k3s including
1. Built-in Helm controller
2. Local storage provider
3. Network policy controller (picked from KubeRouter)
4. containerd
5. runc
6. CNI binaries
7. StrongSwan
8. Traefik for Ingress
9. CoreDNS
10. Metric Server
And many more…
Parting note
K3s is one of the most exciting new entry in the CNCF Sandbox and will surely bring more opportunities and new possibilities in the world or Edge Computing and IoT. By making a production-ready Kubernetes distribution so versatile, it is going to change the way people are going to look at and implement Kubernetes. And moreover to this, all these additional features just come as a bonus!
