Instalasi Kubernetes dengan K3s
Pengenalanβ
K3s adalah distribusi Kubernetes yang lightweight dan certified oleh CNCF (Cloud Native Computing Foundation). K3s dirancang untuk production workloads di resource-constrained environments, edge computing, IoT, dan CI/CD pipelines.
Apa itu K3s?β
K3s adalah "five less than K8s" - versi ringan dari Kubernetes (K8s) yang:
- π¦ Single Binary: Kurang dari 100MB
- π Fast: Setup dalam hitungan detik
- πΎ Low Memory: Minimal 512MB RAM
- π§ Easy: Simple installation dan management
- β Production Ready: Full Kubernetes features
- π Auto-Updates: Built-in update management
Perbedaan K3s dengan K8sβ
| Feature | K8s (Standard) | K3s |
|---|---|---|
| Binary Size | ~1.5GB | ~100MB |
| Memory Usage | 2GB+ | 512MB+ |
| Installation | Complex | Single command |
| Storage | External | SQLite built-in |
| Container Runtime | containerd/Docker | containerd built-in |
| Load Balancer | External | ServiceLB built-in |
Keuntungan K3sβ
- β Lightweight: Perfect untuk development dan testing
- β Edge Computing: Ideal untuk IoT dan edge devices
- β Resource Efficient: Minimal CPU dan RAM usage
- β Quick Setup: Production cluster dalam minutes
- β Full K8s API: 100% compatible dengan Kubernetes
- β Single Binary: Easy backup dan restore
- β Auto-Updates: Built-in upgrade mechanism
System Requirementsβ
Minimum Requirementsβ
Single Node (Server):
- CPU: 1 core
- RAM: 512 MB
- Storage: 5 GB
- OS: Linux (Ubuntu 20.04+, Debian 11+, CentOS 8+)
Multi-Node Cluster:
- Server Node: 2 cores, 2GB RAM
- Agent Node: 1 core, 1GB RAM
- Network: Stable connectivity between nodes
Recommended for Productionβ
- Server Node: 4 cores, 4GB RAM, 50GB storage
- Agent Node: 2 cores, 2GB RAM, 20GB storage
- High Availability: 3+ server nodes (odd number)
- Backup Storage: External storage untuk etcd backup
Port Requirementsβ
Server Node:
6443: Kubernetes API Server10250: Kubelet metrics2379-2380: etcd (HA setup)
Agent Node:
10250: Kubelet metrics30000-32767: NodePort Services
Instalasi K3sβ
Arsitektur Deploymentβ
1. Single Node (Development)β
βββββββββββββββββββββββββββ
β K3s Server Node β
β (Control Plane + β
β Worker Node) β
βββββββββββββββββββββββββββ
2. Multi-Node (Production)β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β K3s Server 1 β β K3s Server 2 β β K3s Server 3 β
β (Control β β (Control β β (Control β
β Plane) β β Plane) β β Plane) β
ββββββββ¬ββββββββ ββββββββ¬ββββββββ ββββββββ¬ββββββββ
β β β
βββββββββββββββββββ΄ββββββββββββββββββ
β
βββββββββββββββββββ΄ββββββββββββββββββ
β β
ββββββββ΄ββββββββ ββββββββββββββββ ββββββββββββββββ
β K3s Agent 1 β β K3s Agent 2 β β K3s Agent 3 β
β (Worker) β β (Worker) β β (Worker) β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
Method 1: Single Server Installationβ
Quick Installβ
Ini adalah cara tercepat untuk setup K3s development environment:
# Install K3s server
curl -sfL https://get.k3s.io | sh -
# Check installation
sudo systemctl status k3s
# Verify nodes
sudo k3s kubectl get nodes
Detailed Installation Stepsβ
1. Persiapan Systemβ
# Update system
sudo apt update && sudo apt upgrade -y
# Install dependencies
sudo apt install -y curl wget git
# Disable swap (required for Kubernetes)
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab
# Enable IP forwarding
sudo tee /etc/sysctl.d/k3s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
2. Install K3s Serverβ
# Install dengan options
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server" sh -s - \
--write-kubeconfig-mode 644 \
--disable traefik \
--disable servicelb
# Penjelasan options:
# --write-kubeconfig-mode 644: Make kubeconfig readable
# --disable traefik: Disable default ingress (we'll use nginx)
# --disable servicelb: Disable default LB (for custom setup)
3. Verify Installationβ
# Check service status
sudo systemctl status k3s
# Check nodes
sudo k3s kubectl get nodes
# Expected output:
# NAME STATUS ROLES AGE VERSION
# server-1 Ready control-plane,master 30s v1.28.x+k3s1
# Check pods
sudo k3s kubectl get pods -A
4. Configure kubectl Accessβ
# Copy kubeconfig untuk user
mkdir -p ~/.kube
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo chown $(id -u):$(id -g) ~/.kube/config
# Set proper permissions
chmod 600 ~/.kube/config
# Test kubectl
kubectl get nodes
kubectl cluster-info
5. Install kubectl (Optional)β
# Install kubectl binary
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
# Make executable
chmod +x kubectl
# Move to PATH
sudo mv kubectl /usr/local/bin/
# Verify
kubectl version --client
Method 2: High Availability (HA) Setupβ
Prerequisitesβ
- 3 server nodes (odd number for quorum)
- External database (PostgreSQL atau MySQL) atau embedded etcd
- Load balancer (optional)
Architectureβ
βββββββββββββββ
β Load β
β Balancer β
ββββββββ¬βββββββ
β
βββββββββββββΌββββββββββββ
β β β
βββββββΌβββ ββββββΌββββ ββββββΌββββ
βServer 1β βServer 2β βServer 3β
β (etcd) β β (etcd) β β (etcd) β
ββββββββββ ββββββββββ ββββββββββ
Setup First Serverβ
# On server-1
curl -sfL https://get.k3s.io | sh -s - server \
--cluster-init \
--write-kubeconfig-mode 644 \
--tls-san your-loadbalancer-ip-or-domain \
--disable traefik
# Save token for other servers
sudo cat /var/lib/rancher/k3s/server/node-token
Add Additional Serversβ
# On server-2 and server-3
curl -sfL https://get.k3s.io | sh -s - server \
--server https://server-1-ip:6443 \
--token YOUR_NODE_TOKEN \
--write-kubeconfig-mode 644 \
--tls-san your-loadbalancer-ip-or-domain
# Replace:
# - server-1-ip: IP dari first server
# - YOUR_NODE_TOKEN: Token dari first server
Verify HA Clusterβ
# Check nodes
kubectl get nodes
# Should show all 3 servers:
# NAME STATUS ROLES AGE VERSION
# server-1 Ready control-plane,master 5m v1.28.x+k3s1
# server-2 Ready control-plane,master 3m v1.28.x+k3s1
# server-3 Ready control-plane,master 2m v1.28.x+k3s1
Method 3: Multi-Node Cluster (Server + Agent)β
Setup Server Nodeβ
# On server node
curl -sfL https://get.k3s.io | sh -s - server \
--write-kubeconfig-mode 644 \
--node-taint CriticalAddonsOnly=true:NoExecute
# Get token
sudo cat /var/lib/rancher/k3s/server/node-token
Add Agent Nodesβ
# On agent nodes (worker nodes)
curl -sfL https://get.k3s.io | K3S_URL=https://server-ip:6443 \
K3S_TOKEN=YOUR_NODE_TOKEN sh -
# Replace:
# - server-ip: IP dari server node
# - YOUR_NODE_TOKEN: Token dari server
Verify Clusterβ
kubectl get nodes
# Expected output:
# NAME STATUS ROLES AGE VERSION
# server Ready control-plane,master 5m v1.28.x+k3s1
# agent-1 Ready <none> 3m v1.28.x+k3s1
# agent-2 Ready <none> 2m v1.28.x+k3s1
Configuration Optionsβ
Installation Environment Variablesβ
# Custom installation examples:
# 1. Specify K3s version
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.28.5+k3s1 sh -
# 2. Custom data directory
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--data-dir /opt/k3s" sh -
# 3. Disable components
curl -sfL https://get.k3s.io | sh -s - \
--disable traefik \
--disable servicelb \
--disable metrics-server
# 4. Custom cluster CIDR
curl -sfL https://get.k3s.io | sh -s - \
--cluster-cidr 10.42.0.0/16 \
--service-cidr 10.43.0.0/16
# 5. With Docker runtime
curl -sfL https://get.k3s.io | sh -s - --docker
# 6. Custom node labels
curl -sfL https://get.k3s.io | sh -s - \
--node-label environment=production \
--node-label region=us-east
Configuration Fileβ
Create /etc/rancher/k3s/config.yaml:
# K3s server configuration
write-kubeconfig-mode: "0644"
tls-san:
- "k3s.example.com"
- "192.168.1.100"
# Disable default components
disable:
- traefik
- servicelb
# Cluster networking
cluster-cidr: "10.42.0.0/16"
service-cidr: "10.43.0.0/16"
cluster-dns: "10.43.0.10"
# Node configuration
node-name: "k3s-server-01"
node-label:
- "environment=production"
- "zone=az1"
# Kubelet configuration
kubelet-arg:
- "max-pods=150"
- "eviction-hard=memory.available<200Mi"
Then install:
curl -sfL https://get.k3s.io | sh -
Post-Installation Setupβ
1. Install Helmβ
Helm adalah package manager untuk Kubernetes:
# Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# Verify installation
helm version
# Add common repositories
helm repo add stable https://charts.helm.sh/stable
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
2. Install Nginx Ingress Controllerβ
# Install via Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
# Install ingress-nginx
kubectl create namespace ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--set controller.service.type=LoadBalancer
# Verify installation
kubectl get pods -n ingress-nginx
kubectl get svc -n ingress-nginx
3. Install Cert-Manager (SSL/TLS)β
# Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
# Verify installation
kubectl get pods -n cert-manager
# Create ClusterIssuer for Let's Encrypt
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
EOF
4. Install Metrics Serverβ
# K3s includes metrics-server by default
# To verify:
kubectl top nodes
kubectl top pods -A
5. Setup Storage Classβ
K3s includes local-path-provisioner by default:
# Check storage class
kubectl get storageclass
# Test PVC
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: test-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 1Gi
EOF
# Verify
kubectl get pvc
kubectl Essentialsβ
Basic Commandsβ
# Cluster info
kubectl cluster-info
kubectl version
# Nodes
kubectl get nodes
kubectl describe node <node-name>
# Pods
kubectl get pods -A
kubectl get pods -n default
kubectl describe pod <pod-name>
kubectl logs <pod-name>
kubectl logs <pod-name> -f # Follow logs
# Deployments
kubectl get deployments
kubectl describe deployment <deployment-name>
kubectl scale deployment <name> --replicas=3
# Services
kubectl get services
kubectl describe service <service-name>
# Namespaces
kubectl get namespaces
kubectl create namespace my-namespace
kubectl delete namespace my-namespace
Deploy Test Applicationβ
# Create deployment
kubectl create deployment nginx --image=nginx:latest
# Expose as service
kubectl expose deployment nginx --port=80 --type=NodePort
# Get service details
kubectl get svc nginx
# Access application
NODE_PORT=$(kubectl get svc nginx -o jsonpath='{.spec.ports[0].nodePort}')
curl http://localhost:$NODE_PORT
Complete Example: Deploy Nginxβ
# nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25-alpine
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- nginx.example.com
secretName: nginx-tls
rules:
- host: nginx.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80
Apply:
kubectl apply -f nginx-deployment.yaml
kubectl get all
kubectl get ingress
Maintenance & Managementβ
Update K3sβ
# Check current version
k3s --version
# Update to latest
curl -sfL https://get.k3s.io | sh -
# Update to specific version
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.28.5+k3s1 sh -
# Restart service
sudo systemctl restart k3s
Backup & Restoreβ
Backup etcdβ
# For embedded etcd (default)
sudo k3s etcd-snapshot save --name backup-$(date +%Y%m%d-%H%M%S)
# List snapshots
sudo k3s etcd-snapshot ls
# Snapshots stored in: /var/lib/rancher/k3s/server/db/snapshots/
Restore from Backupβ
# Stop K3s
sudo systemctl stop k3s
# Restore snapshot
sudo k3s server \
--cluster-reset \
--cluster-reset-restore-path=/var/lib/rancher/k3s/server/db/snapshots/backup-20240101-120000
# Restart K3s
sudo systemctl start k3s
Uninstall K3sβ
# Server node
/usr/local/bin/k3s-uninstall.sh
# Agent node
/usr/local/bin/k3s-agent-uninstall.sh
# Clean up (if needed)
sudo rm -rf /var/lib/rancher/k3s
sudo rm -rf /etc/rancher/k3s
Troubleshootingβ
Check Service Statusβ
# Service status
sudo systemctl status k3s
# View logs
sudo journalctl -u k3s -f
# Or
sudo tail -f /var/log/syslog | grep k3s
Network Issuesβ
# Check iptables
sudo iptables -L -n -v
# Check network connectivity
kubectl run test --image=busybox --rm -it -- /bin/sh
# Inside pod:
# ping 8.8.8.8
# nslookup kubernetes.default
# Check CoreDNS
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns
Resource Issuesβ
# Check node resources
kubectl top nodes
kubectl describe node <node-name>
# Check pod resources
kubectl top pods -A
# Check events
kubectl get events -A --sort-by='.lastTimestamp'
Pod Not Startingβ
# Describe pod
kubectl describe pod <pod-name>
# Check logs
kubectl logs <pod-name>
kubectl logs <pod-name> --previous
# Check events
kubectl get events --field-selector involvedObject.name=<pod-name>
Reset Clusterβ
# Stop K3s
sudo systemctl stop k3s
# Remove data
sudo rm -rf /var/lib/rancher/k3s/server/db
# Restart
sudo systemctl start k3s
Security Best Practicesβ
1. Network Policiesβ
# default-deny.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: default
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
2. RBACβ
# Create service account
kubectl create serviceaccount my-app-sa
# Create role
kubectl create role pod-reader \
--verb=get,list,watch \
--resource=pods
# Bind role
kubectl create rolebinding my-app-binding \
--role=pod-reader \
--serviceaccount=default:my-app-sa
3. Pod Securityβ
# pod-security.yaml
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
image: myapp:latest
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
4. Firewall Configurationβ
# UFW (Ubuntu)
sudo ufw allow 6443/tcp # Kubernetes API
sudo ufw allow 10250/tcp # Kubelet
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw enable
Monitoring & Loggingβ
Install Prometheus & Grafanaβ
# Add helm repo
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# Install kube-prometheus-stack
kubectl create namespace monitoring
helm install prometheus prometheus-community/kube-prometheus-stack \
--namespace monitoring \
--set grafana.adminPassword=admin123
# Get Grafana URL
kubectl get svc -n monitoring prometheus-grafana
# Port forward to access
kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80
# Access: http://localhost:3000
# Username: admin
# Password: admin123
Next Stepsβ
Setelah K3s berhasil terinstall:
- β CI/CD Integration - Integrate with Gitea
- β Workflow Implementation - Create pipelines
- β Best Practices - Production guidelines
- β Case Study - Real-world examples
Selamat! K3s cluster Anda sudah siap digunakan! π