How do I access api controller config in lightweight K3s

Question

Normally found in /etc/kubernetes/manifests/kube-apiserver.yaml in regular Kubernetes .

In rancher / K3s , this is all I can find. I'm trying to tweak some settings so I can enable custom autoscaling (eg https://docs.bitnami.com/kubernetes/how-to/configure-autoscaling-custom-metrics/ ) . Is there another way I can affect these settings?

$ sudo tree /var/lib/rancher/k3s/server/manifests
/var/lib/rancher/k3s/server/manifests
├── coredns.yaml
├── rolebindings.yaml
└── traefik.yaml

0 directories, 3 files

Answer 1

K3s bundles the Kubernetes components (kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, kube-proxy) into combined processes that are presented as a simple server and agent model. Running k3s server will start the Kubernetes server and automatically register the local host as an agent. k3s supports multi-node model where users can use the ‘node-token’ generated while the process startup. By default k3s installs both server and agent (combined the Kubelet, kubeproxy and flannel agent processes), the same can be controlled using ‘ — disable-agent’ where server and agent (master and node in Kubernetes terminology) can be separated.

As per I see - all configuration files for k3s can be fount under /var/lib/rancher/k3s directory:

Running kube-apiserver --advertise-port=6443 --allow-privileged=true 
--api-audiences=unknown --authorization-mode=Node,RBAC --basic-auth-file=/var/lib/ranch
er/k3s/server/cred/passwd 
--bind-address=127.0.0.1 --cert-dir=/var/lib/rancher/k3s/server/tls/temporary-certs --client-ca-file=/var/lib/rancher/k3s/server/tls/client-ca.crt 
--enable-admission-p
lugins=NodeRestriction --insecure-port=0 
--kubelet-client-certificate=/var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt 
--kubelet-client-key=/var/lib/rancher/k3s/server/tls/client-kube-
apiserver.key 
--proxy-client-cert-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.crt
 --proxy-client-key-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.key --requestheader-allowe
d-names=system:auth-proxy 
--requestheader-client-ca-file=/var/lib/rancher/k3s/server/tls/request-header-ca.crt 
--requestheader-extra-headers-prefix=X-Remote-Extra- 
--requestheader-group-headers
=X-Remote-Group --requestheader-username-headers=X-Remote-User
 --secure-port=6444 --service-account-issuer=k3s --service-account-key-file=/var/lib/rancher/k3s/server/tls/service.key 
--service-a
ccount-signing-key-file=/var/lib/rancher/k3s/server/tls/service.key 
--service-cluster-ip-range=10.43.0.0/16 --tls-cert-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt --tls-priv
ate-key-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.key

You can also specify needed values by using --kube-apiserver-arg option