Skip to content

K3s

Installing k3s on RHEL 10

Install k3s using the quickstart script.
This is the most basic way to get k3s up and running.

Command to install k3s
sudo dnf install -y kernel-modules-extra #(1)!
curl -sfL https://get.k3s.io | sh -
watch sudo kubectl get nodes #(2)!
  1. The kernel-modules-extra package is required for k3s to function properly.
    See k3s requirements
  2. The watch command can be interrupted with Ctrl + C once the node is ready.

Next, configure the local firewall to allow the network used by k3s to communicate properly.
See k3s requirements.

Commands to configure firewall for k3s
firewall-cmd --permanent --add-port=6443/tcp #apiserver
firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 #pods
firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 #services
firewall-cmd --reload

Warning

Skipping this step will result in deployments failing and getting stuck in crashloopbackoff state.

Extra configuration

If additional configuration needs to be done after installation, the /etc/rancher/k3s/config.yaml file can be edited. For example, to add a FQDN to the API server, add the following line:

Example of k3s config.yaml
tls-san:
  - "k3s.lab.internal.packetflow.be" #(1)!

  1. This allows you to access the API server using the FQDN instead of the IP address, which is useful for certificate validation and future IPv6-only deployments.

After making changes to the config file, restart the k3s service:

Command to restart k3s service
sudo systemctl restart k3s

Cert-Manager (in progress)

Setup

Installation

To manage TLS certificates within the cluster, install Cert-Manager.

Command to install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.19.4/cert-manager.yaml

DNS Configuration (CloudFlare)

To allow Cert-Manager to automatically issue certificates for the cluster, configure a DNS provider. In this case, CloudFlare is used as the DNS provider. 1. Create an API token in CloudFlare with permissions to manage DNS records for the relevant zone 1. Go to CloudFlare Dashboard and click on your profile in the top-right corner. 2. Navigate to the "API Tokens" section. 3. Create a new token with the required permissions. 2. Create a Kubernetes secret to store the CloudFlare API token

Command to create Kubernetes secret for CloudFlare API token
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: cloudflare-api-token
  namespace: cert-manager
type: Opaque
stringData:
  api-token: "YOUR_COPIED_TOKEN_HERE"
EOF