alt.hn

5/1/2026 at 2:16:38 PM

K3sup – bootstrap K3s over SSH in < 60s

 https://github.com/alexellis/k3sup

by rickcarlino

5/4/2026 at 11:30:58 AM

I do think the Talos model has kinda superseded this when it comes to repeatable deployment tbh

by Havoc

5/4/2026 at 11:49:11 AM

My primary use case for K3s is small machines, cheap VPS, Pi, etc. Would love to hear from folks who have had success with Talos in those spaces but last time I gave it a shot the welded shut hood prevented me from doing the little tweaks necessary to get running in those environments.

In the cloud or on prem I suspect folks are having better luck than I did, but also open to being wrong about this.

by phrotoma

5/4/2026 at 11:58:40 AM

I'm early on in my Kubernetes journey and have opted to focus on Talos. Would you be able to share a bit more about the issues and limitations you encountered?

by modderation

5/4/2026 at 1:32:24 PM

SRE here who has dealt with both. Talos is operating system and Kubernetes management system without a ton of batteries included.

K3s runs on existing operating systems with batteries included.

by stackskipton

5/4/2026 at 11:39:29 AM

What is the talos model?

by powerbook5300CS

5/4/2026 at 11:43:03 AM

It's basically a k8s operating system of sorts. One that basically boots up as a k8s node and that's all it does. You can't log in to it or interact with it other than as a k8s node. That reduces complexity, attack surface and makes things very repeatable

by Havoc

5/4/2026 at 4:07:45 AM

I went RKE2, k3s is nice, but a little too minimal for my tastes. With a few hundred MB ram used, I've got an internal container registry, openbao for secrets, caddy for edge TLS, rabbitmq, and powerdns for exposing k8s ingress. Plus all the standard network policies, which while verbose, gets me nearly all the way there of traditional firewalls and networking.

by skullone

5/4/2026 at 1:07:24 PM

K3s is so easy to install, that k3sup feels like an increase in complexity. Feels like an abstraction that provides negative value.

by nhumrich

5/4/2026 at 8:18:51 AM

I'm trying to understand why people are spinning up so many k8s clusters that they need a tool to do it for them?

I have one. And it's managed. I don't think there's significant cost savings to going unmanaged, but maybe. Even so, why would I need a ton of them?

by 8n4vidtmkvmk

5/4/2026 at 10:09:13 AM

> And it's managed.

Can’t use cloud stuff on-prem and also if your clients have a server room of their own. Same for homelab.

Also it’s nice not to shift the pets attitude from servers to clusters and instead treat everything as cattle - provided you have backups of persistent data and the config versioned in a Git repo and there’s maybe some Ansible in the mix, being able to recreate an environment in the case of a fuckup is nice and also helps against bit rot.

Disclaimer: I actually prefer Docker Swarm/Compose over K8s due to simplicity (which matches my deployments and scale), but in the cases where I had to use a variety of K8s, going for K3s was pretty okay.

by KronisLV

5/4/2026 at 10:51:06 AM

If you peel off all the layers in Docker Swarm and K8s, technically it has the same level of complexity. In k8s there are a lot of concepts. I would argue you have the same network, storage, and compute complexities as an operator.

by debarshri

5/4/2026 at 11:31:00 AM

Because they are selling a “pro” version as part of their commercial product SlicerVM. It has more features for operating a k3s cluster.

by threecheese

5/4/2026 at 1:05:55 PM

I implemented a system that included the OP functionality (plus a whole lot more.) It was for on-premise deployment at customers. It can also be used to spin up stand-alone instances of our system in the cloud, for development, testing, etc. While you could, in theory, do many deployments on a single k8s cluster, there are some benefits to the automatic isolation you get from deploying on a standalone VM.

by antonvs

5/4/2026 at 8:20:29 AM

You're cool if you manage your own K8S cluster.

by krisknez

5/4/2026 at 8:40:07 AM

It's applied big brain memetics. k8s turned pet servers into cattle. People then do the next step and want to treat their clusters as cattle as well. Also it has a bit of the "can it run DOOM" vibe to treat whole k8s clusters like this.

by vasco

5/4/2026 at 4:40:58 AM

I used this for a bit a few years ago but eventually needed something that was hard or impossible in k3sup and just went to using the k3s tools directly. My deployment script actually got simpler after removing k3sup.

Also, fun fact, k3sup is pronounced "ketchup" according to the README[0]

[0]: https://github.com/alexellis/k3sup/blob/master/README.md

by doctoboggan

5/4/2026 at 1:08:51 PM

I was reading the description trying to figure out what it actually does. I built remote k3s deployment over ssh into a product I worked on, and there really was very little to it. Shell into the machine, run the installer, set the config - and that last part is going to be unique to your situation anyway. It makes perfect sense that your setup got simpler after removing this.

by antonvs

5/4/2026 at 6:49:01 AM

The pronunciation ketchup is somewhat unfortunate as a popular backup operator for k8s, k8up, also claims this.

by thilog

5/4/2026 at 4:48:04 AM

What's the point? You can bootstrap k3s with "curl -sfL https://get.k3s.io | sh -". If you need to do that over ssh it works just fine. If you're doing it on multiple hosts, you should be using Ansible.

by caymanjim

5/4/2026 at 4:56:03 AM

I can bootstrap an entire RKE2 VM (VM + RKE2 + join cluster) in like 5 mins with Salt (although I have no reason to think you couldn't do it with Ansible).

It's a cool project, but I didn't think the K3s part was the hard part.

by ggiesen

5/4/2026 at 3:53:47 AM

You can pretty install it without ssh under 60s. The fun starts after it has been installed.

We have been running into lot of issues at production with k3s. There I embarked on journey to writing a kubernetes compliant and equivalent platform in rust with the help of claude [1]. It is a fun little project for now, still figuring out stuff, idea is to keep it minimal and single binary every embedded including CNI, and support various runtimes like docker, containerd etc but also wasm, vms and also jvm.

[1] https://github.com/debarshibasak/superkube

by debarshri

5/4/2026 at 9:42:35 AM

Very interesting!

Architecturally - where do you run Postgres ? I assume it would be external to the cluster ? (doing it internally would create a circular dependency ?)

by ay

5/4/2026 at 10:39:20 AM

Yes, it is external to the cluster.

If you want to do a quick setup, it creates a SQLite DB for the metadata.

by debarshri

5/4/2026 at 11:22:00 AM

You have to be careful trying to do this kind of thing. The problems you describe having below are problems with peripheral components, not k3s itself. The runtime handles garbage collection and image pinning. Your embedded runtime is using libcontainer, the same thing containerd uses, so the behavior should be identical. Since you support other runtimes, how they handle image pinning, if they support it at all, will vary. Whether or not you embed the CNI plugins and networking controllers, you're seemingly still using CNI since that's how container runtimes attach containers to a network, so whatever problems you had with CNI before would still happen. The DR VM not wanting to join sounds like it was probably due to etcd storing node IPs in the cluster member metadata. If you transfer that to a new host and it doesn't have the same IP, you need to first correct that metadata out of band, which no Kubernetes distro I'm aware of handles automatically but it's a simple etcdctl one-liner. You also need to make sure the client certificate you're using to authenticate with etcd is reissued with the new host IP in its IP SANs, which k3s does do automatically. If you're not using etcd, well, good in a way because it has a lot of cruft and I'm not a fan, but that will be difficult to support because the entire Kubernetes API and many third-party controllers are all designed around how etcd works. k3s doesn't actually require etcd and can use any SQL-based RDBMS thanks to its kine compatibility shim.

With all respect, "building it because I want to" and "working toward making (it) production grade" doesn't inspire a ton of confidence. k3s has been part of the CNCF for many years and its developer Darren Shepherd was the founding CTO for both cloud.com and Rancher Labs, which were acquired by Citrix and SUSE. It looks like you're running your own B2B company and hoping to swap out k3s as the underlying engine for multitenancy. That's very risky. Surely Claude can help you understand and use k3s just as readily as help you write a replacement, and I'm sure SUSE sells professional services. I have no clue what they charge but typically you're talking like $300 an hour and you'd probably only need 40 hours.

by nonameiguess

5/4/2026 at 1:10:51 PM

Sure, with full disclosure i dont expect anyone to run in production until i have. Absolutely understand your trust deficit.

Once i have embarked on the journey building this from scratch, there are new innovative ideas i can implement not bound to any foundation nor org.

Ps. We do not sell as product it is 100% free and opensource with MIT license.

by debarshri

5/4/2026 at 3:58:52 AM

Do you have a writeup what problems you ran into?

by pinkgolem

5/4/2026 at 4:08:12 AM

We do, let me check with my team and post it here.

There were many issues. On top of my mind was, after a DR drill where in a VM was booted, node did not join the cluster. Apart from that bunch of issues due to etcd, longhorn.

Another major one was the CNI stopped work for a particular node. Garbage collection for images was another, we labelled the images, it would still remove then from the node.

Bunch of these kind of issues when our requirement is fairly straightforward. Therefore we are working towards a strip down version.

There is lot of operation complexity in general and most of us can do without.

by debarshri

5/4/2026 at 11:21:25 AM

I've found a lot of issues come through somewhat naive networking setup - which is encouraged by the "just yolo it" installation instruction in the documentation. If you want to start understanding what's going on you'll end up in very weird corners very quickly. Also, if you don't want the API endpoints available to the world the documentation is not much help.

I've found things more stable if you can give a dedicated interface just for internal k3s communication. It can be a bridge interface on top of a vlan interface - but not the vlan interface itself, or some things will break in very interesting ways. Also, even when using IPv6, just stick with internal IPs and nat everything - touching internal IP ranges is no fun. Plus, if there's a chance you'd ever want to use dual stack, set it up with internal v6 addresses, and just don't use the v6 addresses for now. There's also a lot of unintuitive behaviour around dual stack networking - and lots of areas where documentation is just plain wrong.

I'm scripting our stuff with ansible - one of the more useful things was the realisation that in some areas changes which shouldn't break anything can lead to cluster communication being interrupted, which is a very interesting thing to deal with, especially when you can't pin it to that change that didn't touch anything close to that, and therefore should not be responsible. I've learned, and sprinkled checks to make sure all members can still reach each other in there now, so that at least when I break it on changes I directly know why.

by finaard

5/4/2026 at 5:50:20 AM

Meanwhile our architecture team that surely supported 0 real life k8s went with no vendor, on premises deployments, claiming it was as easy as booting a VM, after 2y, there is 2 apps running and supposedly all future apps will be deployed on that cluster.

I cannot wait for the end of this month to leave that place.

by Foobar8568

5/4/2026 at 6:40:06 AM

Anything real world tech is hard.

We are hiring, btw.

by debarshri

5/4/2026 at 2:57:18 AM

the best part of k8s is network, most of agentic systems presume no network , since it's a security concern, what are scenarios when you'd like to spin up k3sup?

by maxdo

5/4/2026 at 1:52:53 AM

I use official ‘ansible-playbook k3s.orchestration.site -i inventory.yml’ and it installs k3s over SSH and adds it into my kubectl context, all under 60s too.

by tgrowazay

5/4/2026 at 11:41:59 AM

Why not just curl to bash with the official instructions?

by powerbook5300CS

5/4/2026 at 3:00:15 AM

I have just been `ssh ... -- k3s.sh ...`, been meaning to ansible my homelab

by verdverm

5/4/2026 at 6:53:37 AM

[flagged]

by cieulyyy