Slide 1 / 22

☸️

K3s

Lightweight Kubernetes

2 Weeks - Complete Guide

Kubernetes production-ready dalam ~40MB - hanya 512MB RAM!

Overview

Tujuan Pembelajaran

Memahami apa itu k3s dan perbedaannya dengan Kubernetes
Mampu install k3s di berbagai environment
Mengerti arsitektur k3s
Menggunakan kubectl untuk manajemen cluster
Deploy aplikasi ke k3s
Mengerti storage dan networking

Kenapa k3s?

Ringan - Hanya ~40MB, 512MB RAM minimal
Simple - Single binary install
Fast - Start dalam 5 detik
Compliant - 100% Kubernetes API
IoT/Edge - Untuk resource-limited environments

Minggu 1

Apa itu K3s?

K3s adalah certified Kubernetes dari Rancher/SUSE. Dirancang untuk edge devices, IoT, dan embedded systems.

Fitur Utama

CNCF Certified Kubernetes
100% Kubernetes API compatible
Single binary (~40MB)
Built-in Traefik, CoreDNS, Service LB
SQLite instead of etcd

Use Cases

Edge Computing
IoT / Raspberry Pi clusters
Homelab
CI/CD runners
Development environments

Minggu 1

k3s vs Kubernetes

☸️ K8s

Size: ~1.5GB
RAM: 1-2GB minimal
Multiple processes
Etcd cluster

☸️ K3s

Size: ~40MB
RAM: 512MB minimal
Single binary
Embedded SQLite

Yang Dihapus

Non-essential features
Cloud provider integrations
Legacy features

Yang Tetap Work

Pods, Deployments, Services
Ingress, ConfigMaps, Secrets
RBAC, Network Policies
Helm charts

Minggu 1

Arsitektur k3s

Single Node

┌─────────────────────────────────┐
│         k3s Server               │
│  API Server, Scheduler           │
│  Controller Manager             │
│  Kubelet, Kube-proxy            │
│  CoreDNS, Traefik, Service LB  │
│  SQLite (embedded)              │
└─────────────────────────────────┘

Multi-Node

k3s server ──► k3s agent ──► k3s agent
   (master)      (worker)       (worker)

Included Components

Traefik (Ingress)
CoreDNS
Service LB (klipper-lb)
Local-path-provisioner

Minggu 1 - Install

Install k3s di Linux

Quick Install

# Install dan start
curl -sfL https://get.k3s.io | sh -

# Cek status
sudo k3s kubectl get nodes

# Semua pods
sudo k3s kubectl get pods -A

Specific Version

curl -sfL https://get.k3s.io | \
  INSTALL_K3S_VERSION=v1.28.4+k3s1 sh -

Uninstall

/usr/local/bin/k3s-uninstall.sh

Sudah include Traefik, CoreDNS, Service LB!

Minggu 1 - Install

Install k3s di Raspberry Pi

Persiapan

Raspberry Pi 4 (4GB+ RAM recommended)
SD Card 16GB+
Raspberry Pi OS 64-bit

Install ARM64

curl -sfL https://get.k3s.io | \
  K3S_KUBECONFIG_MODE="644" sh -

Install ARM32 (Pi 3)

curl -sfL https://get.k3s.io | \
  INSTALL_K3S_ARCH=armhf sh -

Tips

Gunakan Pi 4 dengan 8GB RAM
Gunakan SSD via USB untuk storage
Disable swap

Minggu 1 - Install

k3d - k3s in Docker

Install k3d

curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash

Create Cluster

# Create cluster
k3d cluster create mycluster

# With options
k3d cluster create mycluster \
  --servers 1 \
  --agents 3 \
  --port "8080:80"

# List clusters
k3d cluster list

# Delete cluster
k3d cluster delete mycluster

Docker Run

docker run -d --name k3s \
  --privileged \
  rancher/k3s:latest server

Minggu 1

Kubeconfig

Default Location

~/.kube/config

Export dari k3s

# Export kubeconfig
sudo k3s kubeconfig cluster-wide > ~/.kube/config

# Dengan mode
sudo k3s server --write-kubeconfig-mode 644

Environment Variable

export KUBECONFIG=/path/to/kubeconfig
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

Setelah dapat kubeconfig, pakai kubectl biasa!

Minggu 1

kubectl Basics

# Alias
alias k=kubectl

# Nodes
kubectl get nodes
kubectl get nodes -o wide

# Pods
kubectl get pods -A
kubectl get pods -n namespace

# Describe
kubectl describe pod nginx -n namespace

# Logs
kubectl logs pod-name -n namespace

# Exec
kubectl exec -it pod-name -n namespace -- /bin/sh

Namespace

kubectl create ns myapp
kubectl get ns
kubectl config set-context --current --namespace=myapp

Minggu 1

Pods & Deployments

Create Pod

kubectl run nginx --image=nginx --restart=Never

Create Deployment

kubectl create deployment nginx --image=nginx --replicas=3

# Atau YAML
kubectl apply -f deployment.yaml

Scale

kubectl scale deployment nginx --replicas=5

# Auto-scale
kubectl autoscale deployment nginx --min=2 --max=10

Expose

kubectl expose deployment nginx --port=80

Minggu 1

Services

Type	Description
ClusterIP	Internal only
NodePort	Expose via node port
LoadBalancer	External LB
ExternalName	CNAME alias

Create Service

# ClusterIP
kubectl expose deployment nginx --port=80

# NodePort
kubectl expose deployment nginx --type=NodePort --port=80

# LoadBalancer
kubectl expose deployment nginx --type=LoadBalancer --port=80

k3s menggunakan ServiceLB (klipper) untuk LoadBalancer!

Minggu 2

Ingress

Traefik sudah terinstall otomatis di k3s!

Cek Traefik

kubectl get pods -n kube-system | grep traefik

Create Ingress

kubectl apply -f - <


            Edit hosts
            # /etc/hosts
127.0.0.1 myapp.local



        
        
            Minggu 2
            ConfigMaps & Secrets
            ConfigMap
            kubectl create configmap myconfig \
  --from-literal=key1=value1

# Use in Pod
env:
- name: KEY1
  valueFrom:
    configMapKeyRef:
      name: myconfig
      key: key1
            Secrets
            kubectl create secret generic mysecret \
  --from-literal=password=secret123

# Use in Pod
env:
- name: PASSWORD
  valueFrom:
    secretKeyRef:
      name: mysecret
      key: password
            
                
                
            
        

        
        
            Minggu 2
            Helm
            Helm = package manager untuk Kubernetes
            Install Helm
            curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
            Commands
            # Add repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

# Install chart
helm install my-nginx bitnami/nginx

# List releases
helm list

# Upgrade
helm upgrade my-nginx bitnami/nginx

# Uninstall
helm uninstall my-nginx
            
                
                
            
        

        
        
            Minggu 2
            Storage - PVC
            Storage Classes
            kubectl get sc
            Create PVC
            kubectl apply -f - <

            Use in Pod
            volumes:
- name: data
  persistentVolumeClaim:
    claimName: mypvc
            k3s includes local-path-provisioner untuk storage!
            
                
                
            
        


        
        
            Minggu 2
            k3s Multi-Node
            Join Workers
            # Di master: ambil token
sudo cat /var/lib/rancher/k3s/server/node-token

# Di worker:
curl -sfL https://get.k3s.io | \
  K3S_URL=https://master-ip:6443 \
  K3S_TOKEN=TOKEN_HERE \
  sh -
            High Availability
            # 3 servers minimum untuk HA
curl -sfL https://get.k3s.io | \
  K3S_URL=https://server-ip:6443 \
  K3S_TOKEN=TOKEN \
  K3S_FLAGS="server --cluster-init" \
  sh -
            HA butuh odd number of servers (3, 5, 7)
            
                
                
            
        

        
        
            Troubleshooting
            Troubleshooting
            Common Commands
            kubectl describe pod nginx
kubectl logs nginx -f
kubectl get events --sort-by='.lastTimestamp'
kubectl cluster-info
kubectl top nodes
            Common Issues
            Cek image name
Issue Solution
Pod Pending Cek resources
ImagePullBackOff
CrashLoopBackOff kubectl logs
Service unreachable Cek endpoints
            
                
                
            
        

        
        
            Tools
            k3sup
            k3sup = provision k3s clusters dengan mudah
            Install
            curl -sSL https://get.k3sup.dev | sh -
brew install k3sup
            Usage
            # Create server
k3sup server --ip 192.168.1.100 --user root

# Join workers
k3sup join --ip 192.168.1.101 \
  --server-ip 192.168.1.100 --user root
            
                
                
            
        

        
        
            Best Practices
            Resource Limits
            Resource Requests
            resources:
  requests:
    memory: "64Mi"
    cpu: "250m"
  limits:
    memory: "128Mi"
    cpu: "500m"
            健康检查 (Liveness/Readiness)
            livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 30
  periodSeconds: 10

readinessProbe:
  httpGet:
    path: /ready
    port: 8080
  initialDelaySeconds: 5
  periodSeconds: 5
            
                
                
            
        

        
        
            Summary
            Ringkasan Perintah Penting
            # Install
curl -sfL https://get.k3s.io | sh -

# Nodes
kubectl get nodes

# Deploy
kubectl create deployment nginx --image=nginx

# Expose
kubectl expose deployment nginx --port=80

# Scale
kubectl scale deployment nginx --replicas=3

# Logs
kubectl logs -f deployment/nginx

# Delete
kubectl delete deployment nginx
            
                
                
            
        

        
        
            
                🎉 Selesai!
                Next Steps
                
                    1. Install k3s: curl -sfL https://get.k3s.io | sh -
                    2. Coba deploy aplikasi sederhana
                    3. Eksperimen dengan k3d untuk testing
                    4. Build homelab cluster dengan Raspberry Pi
                
            
            
                
                
            
        

        
        
            Advanced
            Ingress Controller Deep Dive

            Apa itu Ingress?
            Ingress adalah resource Kubernetes untuk expose HTTP/HTTPS routes dari luar cluster ke services di dalam cluster

            Traefik di K3s
            # Traefik sudah include di K3s
kubectl get pods -n kube-system | grep traefik

# Cek ingressclass
kubectl get ingressclass

            Ingress dengan TLS
            kubectl apply -f - <


            Create TLS Secret
            # Dari certificate files
kubectl create secret tls myapp-tls \
  --cert=fullchain.pem \
  --key=privkey.pem

# Atau dari Let's Encrypt (CertManager)
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: traefik

            Tips: Cert-Manager otomatis request & renew TLS certificates!
        


        
        
            Advanced
            Persistent Storage Deep Dive

            Longhorn untuk K3s
            # Install Longhorn
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml

# Cek Longhorn pods
kubectl get pods -n longhorn-system

# Buka Longhorn UI
kubectl expose service longhorn-frontend -n longhorn-system --type=NodePort --port=80

            PersistentVolumeClaim (PVC)
            kubectl apply -f - <


            Use PVC di Pod
            apiVersion: v1
kind: Pod
metadata:
  name: app-with-storage
spec:
  containers:
  - name: app
    image: myapp
    volumeMounts:
    - name: data
      mountPath: /data
  volumes:
  - name: data
    persistentVolumeClaim:
      claimName: my-data-pvc

            StorageClass
            # List storage classes
kubectl get sc

# Default storage class
kubectl patch storageclass longhorn \
  -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

            Volume Snapshot & Restore
            # Create snapshot
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
  name: my-snapshot
spec:
  volumeSnapshotClassName: longhorn
  source:
    persistentVolumeClaimName: my-data-pvc

# Restore from snapshot
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: restored-pvc
spec:
  dataSource:
    name: my-snapshot
    kind: VolumeSnapshot
    apiGroup: snapshot.storage.k8s.io
  storageClassName: longhorn
  resources:
    requests:
      storage: 5Gi

            Best Practice: Selalu gunakan PVC untuk data penting, jangan simpan di container filesystem!

Issue	Solution
Pod Pending	Cek resources
ImagePullBackOff
CrashLoopBackOff	kubectl logs
Service unreachable	Cek endpoints