k3s

Run the embedded kubectl command

$ k3s kubectl get nodes

$ k3s etcd-snapshot save

$ k3s certificate rotate-ca

$ k3s token list

$ k3s-uninstall.sh

k3s server|agent|kubectl|crictl|ctr [OPTIONS]

server
    Start Kubernetes server (control plane) node

agent
    Start Kubernetes agent (worker) node

kubectl
    Run kubectl client with K3s kubeconfig

crictl
    Run CRI container runtime CLI

ctr
    Run containerd CLI

--bind-address IP
    IPv4/IPv6 address to bind Kubernetes API server (default: all interfaces)

--https-listen-port PORT
    HTTPS port for API server (default: 6443)

--tls-san hostnames/IPs
    Additional hostnames/IPs for TLS certificate

--token TOKEN
    Node join token (auto-generated if unset)

--cluster-init
    Initialize new HA cluster (first server)

--server URL
    Server URL for agent to join (required for agents)

--datastore-endpoint ENDPOINT
    External datastore (etcd/SQLite; default: embedded SQLite)

--kubelet-arg ARGS
    Additional args passed to kubelet

--disable COMPONENTS
    Disable components like servicelb,traefik,metrics-server

--docker
    Use Docker instead of containerd

--protect-kernel-defaults
    Protect kernel parameters from overrides

--flannel-ifname IFNAME
    Network interface for Flannel

--etcd-expose-metrics
    Expose etcd metrics port

--kubeconfig /path
    Path to kubeconfig (default: /etc/rancher/k3s/k3s.yaml)

--help
    Show help for command or subcommand

--version
    Print version information

K3s is a certified Kubernetes distribution built for production workloads in unattended, remote, or resource-constrained environments such as edge computing and IoT appliances. Packaged as a single <70MB binary, it bundles core components like containerd (or Docker), Flannel networking, Traefik ingress, and CoreDNS into one executable, eliminating dozens of dependencies.

Key features include automatic deployment of embedded etcd or SQLite datastore, support for Helm charts and standard Kubernetes YAML manifests, and zero-config TLS with automatic certificate rotation. It supports both server (control plane) and agent (worker node) modes, enabling single-node clusters or multi-node HA setups via token-based joining. Optimized for ARM64/ARMv7 and x86_64, K3s runs on most Linux distros with minimal privileges (runs as root by default but supports proxy modes).

Ideal for developers, CI/CD pipelines, and production edge use cases, K3s starts in seconds and uses 40-50% fewer resources than vanilla Kubernetes, making it perfect for Raspberry Pi, servers, or air-gapped installs.

Runs as root by default for simplicity; use --rootless mode for non-root. Embedded components may conflict with system services like firewalld or existing kubelet. Not for massive-scale clusters (>100 nodes); prefer full Kubernetes.

curl -sfL https://get.k3s.io | sh -
Installs server on single node. For multi-node: Copy node-token from /var/lib/rancher/k3s/server/node-token, run k3s agent --server https://<server-ip>:6443 --token <token>

/usr/local/bin/k3s-uninstall.sh or /usr/local/bin/k3s-killall.sh to stop services

Copy /etc/rancher/k3s/k3s.yaml to ~/.kube/config and set server to 127.0.0.1 for local use

Developed by Rancher Labs (acquired by SUSE) and first released in April 2019 as a minimal Kubernetes for ARM/IoT. Reached v1.0 in 2020 with CNCF certification. Evolved with Kubernetes upstream (tracks k8s minor releases), adding rootless support in v1.21+, SQLite backend, and longhorn integration. Widely used in edge/ML/AI deployments; over 10M downloads by 2023.

kubectl(1), kubeadm(1), containerd(8), minikube(1)