Skip to content

Latest commit

 

History

History
63 lines (50 loc) · 1.92 KB

File metadata and controls

63 lines (50 loc) · 1.92 KB

k3k - k3s in Kubernetes

This is a Helm chart to deploy k3s controlplanes to Kubernetes clusters.

Features

  • Loadbalancer with fixed IP
  • Persistent Volume for k3s data (Kubeconfig, Certificates, etc)
  • Agent-less Mode: controlplane "Nodes" (Pods in our case) do not run workloads and don't count as "Node" in the Cluster
  • Fully compliant with Cilium + Longhorn

Limitations

  • Currently a cluster can only consist of a single controlplane pod
  • Currently the only valid datasource is sqlite on a local volume
  • Currently the final kubeconfig needs to be copied manually from within the container

Install

helm install k3k oci://cargo.ayedo.cloud/library/k3k

Configuration

The most relevant configuration needs to be done in the loadbalancer and k3s sections of the values. If loadbalancer.enabled is false, the Kubernetes API will not be accessible from outside the host cluster. 99% of the time this is not what you desire.

If the loadbalancer is enabled, an IP Address must be given in loadbalancer.ip. This must be an IP that can be assigned to the Loadbalancer. It's necessary to know this IP in advance so k3s can adjust its TLS certificate and Advertise Address accordingly.

A loadbalancer.className can be given if multiple loadbalancers are availanble in your cluster.

loadbalancer:
  enabled: true
  class_name: ""
  ip: "1.2.3.4"

k3s:
  agent_token: "secret"
  cluster_cidr: "10.42.0.0/16"
  cluster_dns: "10.43.0.10"
  cluster_domain: "cluster.local"
  data_dir: /var/lib/rancher/k3s
  debug: false
  disable:
    agent: true
    flannel: true
    helm_controller: true
    network_policy: true
    traefik: true
    localstorage: true
    servicelb: true
    kube_proxy: true
    cloud_controller: false
  egress_selector_mode: "pod"
  kubeconfig:
    filename: kubeconfig.yaml
    mode: "0644"
  log_level: "0"
  service_cidr: "10.43.0.0/16"
  service_node_port_range: "30000-32767"
  token: "secret"