![]() Therefore, as documented in the Kubernetes docs, please set a restricted profile that disables NET_RAW on non-trustable pods. Rogue pods with NET_RAW capabilities can abuse that L2 network to launch attacks such as ARP spoofing. If you plan on achieving high availability with embedded etcd, server nodes must be accessible to each other on ports 23.įlannel relies on the Bridge CNI plugin to create a L2 network that switches traffic. If you wish to utilize the metrics server, all nodes must be accessible to each other on port 10250. However, if you do not use Flannel and provide your own custom CNI, then the ports needed by Flannel are not needed by K3s. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. The node should not listen on any other port. The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used or over UDP ports 5181 (when using IPv6) when Flannel Wireguard backend is used. The K3s server needs port 6443 to be accessible by all nodes. Disk performance will vary on ARM devices utilizing an SD card or eMMC. To ensure optimal speed, we recommend using an SSD when possible. K3s performance depends on the performance of the database. etcd is write intensive, and SD cards cannot handle the IO load. If deploying K3s with embedded etcd on a Raspberry Pi, it is recommended that you use an external SSD. It also contains analysis about what has the biggest impact on K3s server and agent utilization, and how the cluster datastore can be protected from interference from agents and workloads. Resource Profiling captures the results of tests to determine minimum resource requirements for the K3s agent, the K3s server with a workload, and the K3s server with one agent. ![]() Minimum recommendations are outlined here. ![]() Hardware requirements scale based on the size of your deployments. If you are using Raspberry Pi OS, follow these steps to switch to legacy iptables.įor more information on which OSs were tested with Rancher managed K3s clusters, refer to the Rancher support and maintenance terms.If you are using (Red Hat/CentOS) Enterprise Linux, follow these steps for additional setup.K3s is expected to work on most modern Linux systems. RHEL9, Ubuntu, Raspberry PI OS, and SLES all meet this requirement. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |