dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 08:43:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a2e9a3c7453b9b7d762408d83ed1e413befa1fbb
site/blog/running-k3s-in-lxc-on-proxmox/index.html
davegallant a2e9a3c745 deploy: c200552255
2025-06-23 01:39:27 +00:00

51 lines
32 KiB
HTML
Raw Blame History

<!doctype html><html lang=en data-theme=dark><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link rel=preload as=font type=font/woff2 href=/fonts/roboto-slab-latin-400.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/roboto-slab-latin-700.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/fira-code-latin-300.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/fira-code-latin-400.woff2 crossorigin=anonymous><link rel=preload as=font type=font/woff2 href=/fonts/fira-code-latin-700.woff2 crossorigin=anonymous><meta name=robots content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1"><title>Running K3s in LXC on Proxmox</title>
<meta name=description content="It has been a while since I&amp;rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&amp;rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&amp;rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment."><link rel=canonical href=/blog/running-k3s-in-lxc-on-proxmox/><meta name=twitter:card content="summary"><meta name=twitter:title content="Running K3s in LXC on Proxmox"><meta name=twitter:description content="It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment."><meta property="og:title" content="Running K3s in LXC on Proxmox"><meta property="og:description" content="It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment."><meta property="og:type" content="article"><meta property="og:url" content="/blog/running-k3s-in-lxc-on-proxmox/"><meta property="article:section" content="blog"><meta property="article:published_time" content="2021-11-14T10:07:03-05:00"><meta property="article:modified_time" content="2024-01-07T22:42:41-05:00"><meta itemprop=name content="Running K3s in LXC on Proxmox"><meta itemprop=description content="It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment."><meta itemprop=datePublished content="2021-11-14T10:07:03-05:00"><meta itemprop=dateModified content="2024-01-07T22:42:41-05:00"><meta itemprop=wordCount content="649"><meta itemprop=keywords content="k3s,proxmox,lxc,self-hosted,"><style>@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:100;src:local("Roboto Slab Thin "),local("Roboto Slab-Thin"),url(/fonts/roboto-slab-latin-100.woff2) format("woff2"),url(/fonts/roboto-slab-latin-100.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:200;src:local("Roboto Slab Extra Light "),local("Roboto Slab-Extra Light"),url(/fonts/roboto-slab-latin-200.woff2) format("woff2"),url(/fonts/roboto-slab-latin-200.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:300;src:local("Roboto Slab Light "),local("Roboto Slab-Light"),url(/fonts/roboto-slab-latin-300.woff2) format("woff2"),url(/fonts/roboto-slab-latin-300.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:400;src:local("Roboto Slab Regular "),local("Roboto Slab-Regular"),url(/fonts/roboto-slab-latin-400.woff2) format("woff2"),url(/fonts/roboto-slab-latin-400.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:500;src:local("Roboto Slab Medium "),local("Roboto Slab-Medium"),url(/fonts/roboto-slab-latin-500.woff2) format("woff2"),url(/fonts/roboto-slab-latin-500.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:600;src:local("Roboto Slab SemiBold "),local("Roboto Slab-SemiBold"),url(/fonts/roboto-slab-latin-600.woff2) format("woff2"),url(/fonts/roboto-slab-latin-600.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:700;src:local("Roboto Slab Bold "),local("Roboto Slab-Bold"),url(/fonts/roboto-slab-latin-700.woff2) format("woff2"),url(/fonts/roboto-slab-latin-700.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:800;src:local("Roboto Slab ExtraBold "),local("Roboto Slab-ExtraBold"),url(/fonts/roboto-slab-latin-800.woff2) format("woff2"),url(/fonts/roboto-slab-latin-800.woff) format("woff")}@font-face{font-display:swap;font-family:Roboto Slab;font-style:normal;font-weight:900;src:local("Roboto Slab Black "),local("Roboto Slab-Black"),url(/fonts/roboto-slab-latin-900.woff2) format("woff2"),url(/fonts/roboto-slab-latin-900.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:300;src:local("Fira Code Light "),local("Fira Code-Light"),url(/fonts/fira-code-latin-300.woff2) format("woff2"),url(/fonts/fira-code-latin-300.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:400;src:local("Fira Code Regular "),local("Fira Code-Regular"),url(/fonts/fira-code-latin-400.woff2) format("woff2"),url(/fonts/fira-code-latin-400.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:500;src:local("Fira Code Medium "),local("Fira Code-Medium"),url(/fonts/fira-code-latin-500.woff2) format("woff2"),url(/fonts/fira-code-latin-500.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:600;src:local("Fira Code SemiBold "),local("Fira Code-SemiBold"),url(/fonts/fira-code-latin-600.woff2) format("woff2"),url(/fonts/fira-code-latin-600.woff) format("woff")}@font-face{font-display:swap;font-family:Fira Code;font-style:normal;font-weight:700;src:local("Fira Code Bold "),local("Fira Code-Bold"),url(/fonts/fira-code-latin-700.woff2) format("woff2"),url(/fonts/fira-code-latin-700.woff) format("woff")}
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;-webkit-text-decoration:underline;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}[hidden],template{display:none}
/*! CC BY-SA 3.0 License | https://stackoverflow.com/a/36118384/1154965 */@keyframes blink{50%{opacity:0}to{opacity:1}}
/*! MIT License | github.com/schnerring/hugo-theme-gruvbox */:root[data-theme=dark]{--bg:var(--bg0);--bg0:#1a1b26;--bg0_h:#1d2021;--bg0_s:#32302f;--bg1:#181922;--bg2:#32344a;--bg3:#665c54;--bg4:#32344a;--fg:var(--fg1);--fg0:#a1a1a1;--fg1:#dddfeb;--fg2:#7da6ff;--fg3:#6a6c67;--fg4:#32344a;--gray1:var(--fg4);--gray2:#444b6a;--red1:#f7768e;--red2:#ff7a93;--green1:#9ece6a;--green2:#b9f27c;--yellow1:#e0af68;--yellow2:#ff9e64;--blue1:#63a8d3;--blue2:#63a8d3;--purple1:#ad8ee6;--purple2:#bb9af7;--aqua1:#449dab;--aqua2:#0db9d7;--orange1:#d65d0e;--orange2:#fe8019}:root{--primary:var(--blue1);--primary-alt:var(--blue2);--font-monospace:"Fira Code","Lucida Console",Monaco,monospace;--font-sans-serif:Verdana,Helvetica,sans-serif;--font-serif:"Roboto Slab",Georgia,serif}html{font-family:Roboto Slab,Georgia,serif;font-family:var(--font-serif);font-size:1rem;scroll-behavior:smooth}body{background:var(--bg);color:var(--fg);line-height:1.675;word-wrap:break-word}strong{letter-spacing:.35px}a{color:inherit;-webkit-text-decoration:none;text-decoration:none}a.link--external:after{content:"\2009↗"}img{border:2px solid var(--bg1);height:auto;max-width:100%}::-moz-selection{background:var(--bg4);color:var(--fg0)}::selection{background:var(--bg4);color:var(--fg0)}h1,h2,h3{color:var(--fg0);font-family:Fira Code,Lucida Console,Monaco,monospace;font-family:var(--font-monospace);font-weight:300;line-height:1.4}h1 code,h2 code,h3 code{font-size:1em}h2,h3{border-bottom:1px solid var(--bg1)}h1,h2{font-weight:400}h1{font-size:1.875rem}h2{font-size:1.75rem}h3{font-size:1.625rem}@media (min-width:768px){h1{font-size:2.375rem}h2{font-size:2rem}h3{font-size:1.75rem}}blockquote,code,pre{border-radius:.2rem;padding:0 .2em}pre code{padding:0}blockquote,code,pre{background:var(--bg1)}code,pre{font-family:Fira Code,Lucida Console,Monaco,monospace;font-family:var(--font-monospace)}code code{background:var(--bg2)}blockquote,pre{padding:1rem}pre{background:var(--bg1)!important;overflow:auto}pre code{background:none}blockquote,blockquote.twitter-tweet{border-left:5px solid var(--primary-alt);margin:.5rem 0}blockquote.twitter-tweet code,blockquote:not(.does-not-exist) code{background:var(--bg2)}blockquote.twitter-tweet p:first-of-type,blockquote:not(.does-not-exist) p:first-of-type{margin-top:0}blockquote.twitter-tweet p:last-of-type,blockquote:not(.does-not-exist) p:last-of-type{margin-bottom:0}blockquote.twitter-tweet{border-color:var(--blue2);color:inherit;font:inherit;font-size:inherit;line-height:inherit}blockquote.twitter-tweet a{color:var(--blue2)}blockquote.twitter-tweet a:hover{color:var(--blue1);-webkit-text-decoration:none!important;text-decoration:none!important}pre::-webkit-scrollbar{height:.5rem;scrollbar-width:auto}pre::-webkit-scrollbar-track{background:var(--bg2);border-radius:.2rem}pre::-webkit-scrollbar-thumb{background:var(--bg4);border-radius:.2rem}.layout{display:grid;grid-template-areas:"header" "main" "footer";grid-template-rows:auto 1fr auto;height:100vh}main{align-items:start;display:grid;grid-area:main;grid-template-areas:"empty content sidebar";grid-template-columns:2fr minmax(0,860px) 2fr}header{background:var(--bg1);grid-area:header}footer{grid-area:footer}footer,main{margin:.5em 1.1em}.content{grid-area:content}.sidebar{display:none;flex-direction:column;grid-area:sidebar;margin-top:3rem;position:sticky;top:2rem}@media (min-width:992px){.sidebar{display:flex}}header{display:grid;font-family:Fira Code,Lucida Console,Monaco,monospace;font-family:var(--font-monospace);font-size:1.125rem;grid-template-areas:"heading search nav theme-toggle";grid-template-columns:auto auto 1fr auto;padding:.75rem}.logo{color:var(--fg0);display:flex;font-weight:700;grid-area:heading}.logo:hover .logo__cursor{animation:blink 1s infinite;opacity:1}.logo__chevron,.logo__cursor{margin-left:.5rem}.logo__cursor{opacity:0}.logo__text{display:none}@media (min-width:768px){.logo__text{display:block}}.search{display:flex;grid-area:search;margin:0 1rem}#search__text{background:var(--bg2);border:1px solid var(--bg2);border-radius:.2rem;caret-color:var(--fg);color:var(--fg);outline:none;padding:0 .5rem;width:100%}#search__text:hover{border-color:var(--bg3)}#search__text:focus{border-color:var(--bg4)}#search__text::-moz-placeholder{color:var(--fg1)}#search__text::placeholder{color:var(--fg1)}#search__text[type=search]::-webkit-search-cancel-button{-webkit-appearance:none;appearance:none}#search__suggestions{background:var(--bg);border-radius:.2rem;box-shadow:0 .5rem 1rem var(--bg1);font-family:Roboto Slab,Georgia,serif;font-family:var(--font-serif);left:0;margin-top:2rem;position:absolute;width:95vw;z-index:1000}@media (min-width:768px){.search{position:relative}#search__suggestions{width:60vw}}.search__suggestions--hidden{display:none}.search__suggestion-item{border-bottom:1px dashed var(--bg2);display:grid;grid-template-columns:1fr 2fr}.search__suggestion-item:focus,.search__suggestion-item:focus-visible,.search__suggestion-item:hover{background:var(--bg1);cursor:pointer;outline:none}.search__suggestion-item:last-child{border:none}.search__suggestion-description,.search__suggestion-title{margin:1rem 0;padding:0 1rem}.search__suggestion-title{font-weight:700}.search__suggestion-description{border-left:1px solid var(--bg2)}.search__no-results{padding:.75rem}nav#menu{align-items:center;display:flex;grid-area:nav;justify-content:flex-end}nav#menu .menu__item{color:var(--fg)}nav#menu .menu__item:hover{color:var(--fg3);cursor:pointer}nav#menu ul{list-style:none;margin:0;padding:0}nav#menu ul.menu--horizontal{align-items:center;display:none}nav#menu ul.menu--horizontal li{display:inline-block;margin:0 .75rem}@media (min-width:768px){nav#menu ul.menu--horizontal{display:flex}}nav#menu ul.menu--vertical{background:var(--bg1);bottom:0;margin:0;padding:3rem;position:fixed;right:0;top:0;transform:translate(100%);transition:transform .5s cubic-bezier(.9,0,.1,1);width:50%;z-index:10}nav#menu ul.menu--vertical .menu__item{color:var(--fg1)}nav#menu ul.menu--vertical .menu__item:hover{color:var(--fg3)}nav#menu .menu__burger{display:flex;height:24px;width:24px}nav#menu .menu__burger>*{position:absolute}nav#menu .menu__burger svg{height:inherit;width:inherit;z-index:20}nav#menu .menu__burger input{height:inherit;opacity:0;width:inherit;z-index:30}nav#menu .menu__burger input:checked~ul.menu--vertical{transform:none}nav#menu .menu__burger input:checked~svg{stroke:var(--fg1)}@media (min-width:768px){nav#menu .menu__burger{display:none}}.sidebar{font-family:Fira Code,Lucida Console,Monaco,monospace;font-family:var(--font-monospace);margin-left:auto;margin-right:auto;max-width:350px;padding-left:2.5rem}.sidebar svg{fill:var(--fg)}.content-section,.post{border-bottom:2px dotted var(--bg1);padding:0}.post img:not(figure img){box-sizing:border-box;margin:.5rem 0}.post-header{font-family:Fira Code,Lucida Console,Monaco,monospace;font-family:var(--font-monospace)}.post-content{margin:1.3rem 0}.content-section a,.post-content a,.post-header a{color:var(--blue2);color:var(--primary-alt)}.content-section a:hover,.post-content a:hover,.post-header a:hover{color:var(--blue1);color:var(--primary)}.post-heading__anchor{display:none}h1:hover .post-heading__anchor,h2:hover .post-heading__anchor,h3:hover .post-heading__anchor{display:inline-block}</style><link rel=preload href="/css/non-critical.337c8f4cb58340e40be13eb232f89e4e12c02a13f92b6cd3c29a31c1397a0b150922b6cf8f80cd3037768bdcf919626d3205923713ad33f8c502a973337d3d63.css" as=style onload='this.onload=null,this.rel="stylesheet"'><link id=prism-dark rel=preload href=/prism-themes/prism-coldark-dark.min.5d581efbbe2b412b3b07c80ec0bc2ed68e36e559e8c6e1403b7179e099aec8354a8af1b894c53dd2539979e531625066b76efebf5dfbb5bf5ea0438872c28d54.css as=style onload='this.onload=null,this.rel="stylesheet"'><link id=prism-light rel=preload href=/prism-themes/prism-coldark-dark.min.5d581efbbe2b412b3b07c80ec0bc2ed68e36e559e8c6e1403b7179e099aec8354a8af1b894c53dd2539979e531625066b76efebf5dfbb5bf5ea0438872c28d54.css as=style onload='this.onload=null,this.rel="stylesheet"' disabled><noscript><link rel=stylesheet href=/prism-themes/prism-coldark-dark.min.5d581efbbe2b412b3b07c80ec0bc2ed68e36e559e8c6e1403b7179e099aec8354a8af1b894c53dd2539979e531625066b76efebf5dfbb5bf5ea0438872c28d54.css><link rel=stylesheet href="/css/non-critical.337c8f4cb58340e40be13eb232f89e4e12c02a13f92b6cd3c29a31c1397a0b150922b6cf8f80cd3037768bdcf919626d3205923713ad33f8c502a973337d3d63.css"></noscript><script>(()=>{function e(e){let t=document.getElementById("prism-dark"),n=document.getElementById("prism-light");t.toggleAttribute("disabled",e==="light"),n.toggleAttribute("disabled",e==="dark")}function t(e){if(document.querySelector(".utterances-frame")){let n=document.querySelector(".utterances-frame");var t={type:"set-theme",theme:e=="dark"?"gruvbox-dark":"github-light"};n.contentWindow.postMessage(t,"https://utteranc.es")}}function n(n){document.documentElement.setAttribute("data-theme",n),e(n),t(n)}n("dark"),document.addEventListener("DOMContentLoaded",function(){document.querySelectorAll(".theme__toggle").forEach(e=>{e.addEventListener("click",toggleTheme)})})})()</script><link rel=apple-touch-icon sizes=180x180 href=/apple-touch-icon.png><link rel=icon type=image/png sizes=32x32 href=/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/favicon-16x16.png><link rel=manifest href=/site.webmanifest><link rel=mask-icon href=/safari-pinned-tab.svg color=#282828><meta name=msapplication-TileColor content="#282828"><meta name=theme-color content="#282828"><script defer src=https://umami.snake-cloud.ts.net/script.js data-website-id=e8adafba-b892-4dad-a139-2bd61fe5fab9></script></head><body><div class=layout><header><a class=logo href=/><div class=logo__text>davegallant.ca</div><div class=logo__chevron>></div><div class=logo__cursor></div></a><div class=search><input id=search__text type=search placeholder=Search... aria-label=Search autocomplete=off><div id=search__suggestions class=search__suggestions--hidden></div></div><nav id=menu><ul class=menu--horizontal><li class=menu__item><a href=/>Home</a></li><li class=menu__item><a href=/blog>Blog</a></li></ul><div class=menu__burger><input class=menu__item type=checkbox aria-label="Open main menu"><svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-menu-2" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentcolor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M4 6h16"/><path d="M4 12h16"/><path d="M4 18h16"/></svg><ul class=menu--vertical><li><a class=menu__item href=/>Home</a></li><li><a class=menu__item href=/blog>Blog</a></li></ul></div></nav></header><main><div class=content><article class=post><div class=post-header><h1>Running K3s in LXC on Proxmox</h1><div class=post-meta><span>2021-11-14</span></div></div><div class=post-content><p>It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as <a href=https://helm.sh class=link--external target=_blank rel=noreferrer>Helm</a> and <a href=https://tekton.dev class=link--external target=_blank rel=noreferrer>Tekton</a>. I decided to deploy <a href=https://k3s.io class=link--external target=_blank rel=noreferrer>K3s</a>, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine&rsquo;s resources.</p><h2 id=what-is-k3s>What is K3s?<a href=#what-is-k3s class=post-heading__anchor aria-hidden=true>#</a></h2><p>K3s is a Kubernetes distro that advertises itself as a lightweight binary with a much smaller memory-footprint than traditional k8s. K3s is not a fork of k8s as it seeks to remain as close to upstream as it possibly can.</p><h2 id=configure-proxmox>Configure Proxmox<a href=#configure-proxmox class=post-heading__anchor aria-hidden=true>#</a></h2><p>This <a href=https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185 class=link--external target=_blank rel=noreferrer>gist</a> contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that <code>bridge-nf-call-iptables</code> should be loaded, but I did not understand the benefit of doing this.</p><h2 id=disable-swap>Disable swap<a href=#disable-swap class=post-heading__anchor aria-hidden=true>#</a></h2><p>There is an issue on Kubernetes regarding swap <a href=https://github.com/kubernetes/kubernetes/issues/53533 class=link--external target=_blank rel=noreferrer>here</a>. There claims to be support for swap in 1.22, but for now let&rsquo;s disable it:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-shell data-lang=shell><span style=display:flex><span>sudo sysctl vm.swappiness<span style=color:#f92672>=</span><span style=color:#ae81ff>0</span>
</span></span><span style=display:flex><span>sudo swapoff -a
</span></span></code></pre></div><p>It might be worth experimenting with swap enabled in the future to see how that might affect performance.</p><h3 id=enable-ip-forwarding>Enable IP Forwarding<a href=#enable-ip-forwarding class=post-heading__anchor aria-hidden=true>#</a></h3><p>To avoid IP Forwarding issues with Traefik, run the following on the host:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-shell data-lang=shell><span style=display:flex><span>sudo sysctl net.ipv4.ip_forward<span style=color:#f92672>=</span><span style=color:#ae81ff>1</span>
</span></span><span style=display:flex><span>sudo sysctl net.ipv6.conf.all.forwarding<span style=color:#f92672>=</span><span style=color:#ae81ff>1</span>
</span></span><span style=display:flex><span>sudo sed -i <span style=color:#e6db74>&#39;s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g&#39;</span> /etc/sysctl.conf
</span></span><span style=display:flex><span>sudo sed -i <span style=color:#e6db74>&#39;s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g&#39;</span> /etc/sysctl.conf
</span></span></code></pre></div><h2 id=create-lxc-container>Create LXC container<a href=#create-lxc-container class=post-heading__anchor aria-hidden=true>#</a></h2><p>Create an LXC container in the Proxmox interface as you normally would. Remember to:</p><ul><li>Uncheck <code>unprivileged container</code></li><li>Use a LXC template (I chose a debian 11 template downloaded with <a href=https://pve.proxmox.com/wiki/Linux_Container#Create_container class=link--external target=_blank rel=noreferrer>pveam</a>)</li><li>In memory, set swap to 0</li><li>Create and start the container</li></ul><h3 id=modify-container-config>Modify container config<a href=#modify-container-config class=post-heading__anchor aria-hidden=true>#</a></h3><p>Now back on the host run <code>pct list</code> to determine what VMID it was given.</p><p>Open <code>/etc/pve/lxc/$VMID.conf</code> and append:</p><pre tabindex=0><code>lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.mount.auto: &#34;proc:rw sys:rw&#34;
lxc.cgroup2.devices.allow: c 10:200 rwm
</code></pre><p>All of the above configurations are described in the <a href=https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html class=link--external target=_blank rel=noreferrer>manpages</a>.
Notice that <code>cgroup2</code> is used since Proxmox VE 7.0 has switched to a <a href=https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_cgroup class=link--external target=_blank rel=noreferrer>pure cgroupv2 environment</a>.</p><p>Thankfully cgroup v2 support has been supported in k3s with these contributions:</p><ul><li><a href=https://github.com/k3s-io/k3s/pull/2584 class=link--external target=_blank rel=noreferrer>https://github.com/k3s-io/k3s/pull/2584</a></li><li><a href=https://github.com/k3s-io/k3s/pull/2844 class=link--external target=_blank rel=noreferrer>https://github.com/k3s-io/k3s/pull/2844</a></li></ul><h2 id=enable-shared-host-mounts>Enable shared host mounts<a href=#enable-shared-host-mounts class=post-heading__anchor aria-hidden=true>#</a></h2><p>From within the container, run:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-shell data-lang=shell><span style=display:flex><span>echo <span style=color:#e6db74>&#39;#!/bin/sh -e
</span></span></span><span style=display:flex><span><span style=color:#e6db74>ln -s /dev/console /dev/kmsg
</span></span></span><span style=display:flex><span><span style=color:#e6db74>mount --make-rshared /&#39;</span> &gt; /etc/rc.local
</span></span><span style=display:flex><span>chmod +x /etc/rc.local
</span></span><span style=display:flex><span>reboot
</span></span></code></pre></div><h2 id=install-k3s>Install K3s<a href=#install-k3s class=post-heading__anchor aria-hidden=true>#</a></h2><p>One of the simplest ways to install K3s on a remote host is to use <a href=https://github.com/alexellis/k3sup class=link--external target=_blank rel=noreferrer>k3sup</a>.
Ensure that you supply a valid <code>CONTAINER_IP</code> and choose the <code>k3s-version</code> you prefer.
As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases <a href=https://github.com/k3s-io/k3s/releases class=link--external target=_blank rel=noreferrer>here</a>.</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-shell data-lang=shell><span style=display:flex><span>ssh-copy-id root@$CONTAINER_IP
</span></span><span style=display:flex><span>k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1
</span></span></code></pre></div><p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p><h2 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h2><p>Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton&rsquo;s <a href=https://tekton.dev/docs/getting-started/ class=link--external target=_blank rel=noreferrer>Getting Started</a> guide and was able to deploy it in a few commands.</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-console data-lang=console><span style=display:flex><span>$ kubectl get all --namespace tekton-pipelines
</span></span><span style=display:flex><span>NAME READY STATUS RESTARTS AGE
</span></span><span style=display:flex><span>pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
</span></span><span style=display:flex><span>pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
</span></span><span style=display:flex><span>pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
</span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010>
</span></span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010></span>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
</span></span><span style=display:flex><span>service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
</span></span><span style=display:flex><span>service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
</span></span><span style=display:flex><span>service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
</span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010>
</span></span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010></span>NAME READY UP-TO-DATE AVAILABLE AGE
</span></span><span style=display:flex><span>deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
</span></span><span style=display:flex><span>deployment.apps/tekton-dashboard 1/1 1 1 11h
</span></span><span style=display:flex><span>deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
</span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010>
</span></span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010></span>NAME DESIRED CURRENT READY AGE
</span></span><span style=display:flex><span>replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
</span></span><span style=display:flex><span>replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
</span></span><span style=display:flex><span>replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
</span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010>
</span></span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010></span>NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
</span></span><span style=display:flex><span>horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p><p>If I&rsquo;m feeling adventurous, I might experiment with <a href=https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental class=link--external target=_blank rel=noreferrer>K3s rootless</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.d6270d7508c402a6bbcd4bb19216ce2f2d7cfda08b4056a7dd0a2afedf1ca63bf3857d98a837c741587ec6e83a7aa91e1041f16036aabad04afa4cdbd9e44266.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
Reference in New Issue View Git Blame Copy Permalink