Fri. Dec 13th, 2019

k3OS v0.8.0-rc3 releases: the first Kubernetes operating system

2 min read

Rancher Labs introduced k3OS, the industry’s first extremely lightweight operating system for Kubernetes. It has extremely low resource consumption, minimal operation, and second-level boot, which greatly simplifies in low-resource computing environments. Kubernetes operation, improve the security of Kubernetes operation and maintenance and fully enable edge computing scenarios.

k3OS is a linux distribution designed to remove as much as possible OS maintaince in a Kubernetes cluster. It is specifically designed to only have what is need to run k3s. Additionally the OS is designed to be managed by kubectl once a cluster is bootstrapped. Nodes only need to join a cluster and then all aspects of the OS can be managed from Kubernetes. Both k3OS and k3s upgrades are handled by k3OS.

k3OS can be used for public clouds and virtualized clusters, but in addition, it is of great value in environments where computing resources represented by edge computing are extremely limited. The main features include:

  • supports multiple architectures: k3OS runs on x86 and ARM processors to give you maximum flexibility.
  • runs only the minimum required services: Fewer services means a tiny attack surface, for greater security.
  • doesn’t require a package manager: The required services are built into the distribution image.
  • models infrastructure as code: This makes sure there are no surprises, and that systems come up the same way every time. You can manage system configuration with version control systems, and carry out reliable, repeatable cluster deployments.

Changelog v0.8.0-rc3

Security Fixes

  • Bump LTS Kernel 4.15.0-72.81 #320
  • Disable Password Auth in SSH #321
    This addresses a security concern, #262 brought to our attention by @majkrzak.
    If you need to override this secure default, a write_files to /var/lib/rancher/k3os/ssh/sshd_config should do the trick.

Documentation Fixes

  • HTTPS_PROXY Typo http_proxys what? #311

Features and Enhancements

  • Updated Tooling #292 htoprng-toolsqemu-guest-agent
    Additionally, the parametrizable toolbox script to pull down an arbitrary container to twiddle some bits contributed by @bhale
    The services for rng-tools (aka rngd) and qemu-guest-agent are not enabled unless a corresponding entry in /etc/conf.d is present.
  • Refactored Usage of LinuxKit Bits #297 metadata is now built directly from LinuxKit source
  • Refactored k3OS Commands Into Multi-call Binary #303
    • os-config is now k3os install
    • ccapply is now k3os config
    • rc.init is now k3os rc with code from fork of LinuxKit rolled into the project (invoked early during boot, may be replaced eventually with bash scripts)
  • Build with go 1.13 #312
  • Publish Container Images #323
    Yet another key bit of functionality supporting the forthcoming operator (upgrades).