Starting here I’ll outline my steps to getting to a working, usable K3S setup.
I’ll be brief, so all of the following posts assume some experience with setting up, configuring, and using linux systems.
First, we need some hardware. In my case I took one of my spare HP MicroServers, and added the Harddisk from the other spare to it.
- Memory: RAM: total: 7.67 GiB used: 2.65 GiB (34.6%)
- CPU: Topology: Dual Core model: AMD Turion II Neo N54L bits: 64 type: MCP L2 cache: 2048 KiB
Speed: 800 MHz min/max: 800/2200 MHz Core speeds (MHz): 1: 800 2: 800
- Drives: Local Storage: total: 465.77 GiB used: 13.43 GiB (2.9%)
ID-1: /dev/sda model: VB0250EAVER size: 232.89 GiB
ID-2: /dev/sdb model: VB0250EAVER size: 232.89 GiB
I installed debian buster on it (Hey, why only learn one thing at a time – I’ve hardly ever touched debian before), using LVM to set up the local storage. During install I created LVs for /, /tmp, /home and /var, and after setup I created a volume from most of the remaining storage which mounts as /var/lib/rancher/k3s since that is where k3s will keep all its data.
The final setup for the storage looks like this:
root@appsrv:~# df -h -t ext4
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/appsrv–vg-root 32G 1.5G 29G 5% /
/dev/mapper/appsrv–vg-tmp 1.8G 5.6M 1.7G 1% /tmp
/dev/mapper/appsrv–vg-home 15G 50M 14G 1% /home
/dev/mapper/appsrv–vg-var 9.2G 1.2G 7.6G 13% /var
/dev/mapper/appsrv–vg-k3s 251G 5.4G 233G 3% /var/lib/rancher/k3s
Then I configured the system to use a fixed IP address. In my case I did that in my DHCP server, so that I don’t have to do it over and over in case I decide to wipe&reinstall the server, but you can just do that locally as well. I also set up an entry in my nameserver pointing to that IP.
The next step was to go into my nameserver and create a subdomain to your local domain, in my case I used “apps.my.lan” for the subdomain, and “appsrv.my.lan” as the hostname for the actual system.
The important step in your nameserver is this: Create a WILDCARD entry in your apps subdomain pointing at the IP of your K3S host. So in my case, “*.apps.my.lan” always points at the K3S host – which will come in useful as soon as we deploy traefik, later on.
Last but not least I created a ssl certificate for my host, and that certificate also has *.apps.my.lan as an alternative DNS name… so with a browser that has my own private CA certificate installed I can access any containerized web app inside my K3S with https and not get certificate warnings.
Sidenote: I use XCA for managing ssl certificates, it’s a great tool for it.