What is K3s?

K3s is a certified Kubernetes distribution designed for production workloads in resource-constrained environments. It’s packaged as a single binary less than 100 MB, making it significantly lighter than standard Kubernetes. Key features include:

• Lightweight and easy to install
• Reduced dependencies (only requires a kernel and cgroup mounts)
• Built-in support for SQLite3 as the default storage backend
• Automatic certificate rotation and encrypted communication
• Integrated network policy controller

Prerequisites

Before we begin, ensure you have:

• A Linux machine (Ubuntu/CentOS/RHEL recommended)
• At least 1GB RAM and 2 CPU cores
• Root or sudo access
• Internet connectivity
• Ports 6443 (API server) and 8472 (Flannel) available

Step 1: Installing K3s

Method 1: Using the Installation Script (Recommended)

The easiest way to install K3s is using the official installation script:

curl -sfL https://get.k3s.io | sh -

This command downloads and runs the K3s installer, which: - Downloads the latest stable K3s release - Installs it as a systemd service - Starts the service automatically - Creates necessary configuration files

Method 2: Manual Installation

If you prefer more control, you can download and install manually:

# Download the latest release
wget https://github.com/k3s-io/k3s/releases/latest/download/k3s

# Make it executable
chmod +x k3s

# Install as a service
sudo ./k3s server --write-kubeconfig-mode 644

Verifying the Installation

After installation, verify that K3s is running:

# Check if the service is active
sudo systemctl status k3s

# Verify cluster status
kubectl get nodes

You should see output similar to:

NAME      STATUS   ROLES                       AGE   VERSION
server    Ready    control-plane,master   2m    v1.28+k3s1

Accessing Kubectl

K3s automatically installs kubectl at /usr/local/bin/kubectl. The kubeconfig file is located at /etc/rancher/k3s/k3s.yaml.

To use kubectl from your user account:

export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl get nodes

Or copy the config to your home directory:

mkdir -p ~/.kube
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo chown $USER:$USER ~/.kube/config
chmod 600 ~/.kube/config

Step 2: Configuring K3s (Optional)

For most single-node setups, the default configuration works perfectly. However, you might want to customize certain aspects:

Custom Configuration File

Create a configuration file at /etc/rancher/k3s/config.yaml:

write-kubeconfig-mode: "0644"
tls-san:
  - "your-server-ip"
node-label:
  - "node-role.kubernetes.io/control-plane=true"
disable:
  - traefik

Then restart the service:

sudo systemctl restart k3s

Step 3: Deploying Kubernetes Dashboard

The Kubernetes Dashboard provides a web-based UI to manage and troubleshoot applications running in your cluster.

Installing the Dashboard

Deploy the Kubernetes Dashboard using the official manifest:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

Creating an Admin User

By default, the dashboard doesn’t have authentication. Create a service account with cluster-admin privileges using the provided YAML files.

First, create the service account:

# dashboard-service-account.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f dashboard-service-account.yml

Next, create the cluster role binding:

# cluster-role-binding.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f cluster-role-binding.yml

Exposing the Dashboard via NodePort

Create a NodePort service to make the dashboard accessible:

# dashboard-service-nodeport.yml
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
spec:
  type: NodePort
  ports:
  - port: 443
    targetPort: 8443
    nodePort: 30443
    protocol: TCP
  selector:
    k8s-app: kubernetes-dashboard

kubectl apply -f dashboard-service-nodeport.yml

Getting the Authentication Token

Retrieve the token needed to log into the dashboard:

kubectl create token admin-user -n kubernetes-dashboard

Save this token as you’ll need it to log into the dashboard.

Step 4: Accessing the Dashboard

With the NodePort service configured, you can now access the dashboard:

1. Get your server’s external IP address
2. Navigate to https://<your-server-ip>:30443
3. When prompted for authentication, select “Token”
4. Enter the token you retrieved earlier

Step 5: Securing Your Dashboard (Important!)

For security reasons, avoid exposing the dashboard publicly. Consider these best practices:

Disable Dashboard in Production

For production clusters, consider disabling the dashboard:

kubectl delete ns kubernetes-dashboard

Use CLI tools like kubectl instead of the web interface.

Enable HTTPS and Authentication

If you must use the dashboard, ensure:

1. Use HTTPS connections only
2. Implement proper authentication
3. Regularly rotate tokens
4. Limit access to trusted networks

Managing Your K3s Cluster

Starting and Stopping K3s

# Start K3s
sudo systemctl start k3s

# Stop K3s
sudo systemctl stop k3s

# Restart K3s
sudo systemctl restart k3s

Checking Logs

sudo journalctl -u k3s -f

Uninstalling K3s

To completely remove K3s:

# On the server
/usr/local/bin/k3s-uninstall.sh

Performance Considerations

Resource Allocation

K3s is optimized for lower resource consumption:

• CPU: Minimum 1 core, recommended 2+ cores
• RAM: Minimum 512MB, recommended 1GB+
• Storage: 20GB+ free space

Monitoring Resources

Monitor your cluster resources:

# Check resource usage
kubectl top nodes
kubectl top pods

# Get detailed node information
kubectl describe nodes

Troubleshooting Common Issues

Issue 1: Permission Denied

If you encounter permission issues with kubectl:

sudo chown $USER:$USER ~/.kube/config
chmod 600 ~/.kube/config

Issue 2: Dashboard Not Accessible

Check if the dashboard pods are running:

kubectl get pods -n kubernetes-dashboard

Issue 3: Service Unavailable

Verify that required ports are open and services are running:

sudo netstat -tlnp | grep :6443
kubectl get pods --all-namespaces

Conclusion

Congratulations! You’ve successfully deployed a single-node Kubernetes cluster using K3s and set up the Kubernetes Dashboard. This lightweight setup is perfect for:

• Development and testing environments
• Edge computing scenarios
• Small production workloads
• Learning Kubernetes concepts
• CI/CD pipelines

Happy containerizing!