k3sair-cli
K3SAIR 🏴☠️️ ('Corsair') is a cli for the installation of k3s in an Air-Gapped environment.
APACHE-2.0 License
K3SAIR 🏴☠️️ ('Corsair')
k3sair is a cli for the installation of k3s in an Air-Gapped environment.
The idea is born, during the installation attempt in my company. So we are using this cli too, for our own
installations. It is build completely on zero-trust, k3sair is not saving anything.
It is inspired by k3sup, which does a great work.
TL;DR 🚀
Install via homebrew:
brew tap dirien/homebrew-dirien
brew install k3sair
Linux or Windows user, can directly download (or use curl/wget) the binary via
the release page.
Known Limitation 😵
k3sair is still under development and supports at the moment only amd64 architecture and no version selection. It is
always the binary you provide.
And there is no HA Setup. The install command is for a single control plane server.
Prerequisite 📚
You should have access to a http server hosting the files from k3s release page. We use Artifactory.
- k3s
- k3s-airgap-images-
<arch>.tar.gz (See Known Limitation)
Usage ⚙️
Install 💾
k3sair install -h
Usage:
k3sair install [flags]
Flags:
--additional-k3s-exec-flags string Add additional k3s exec flags, separate with space
--arch string Enter the target sever os architecture (amd64 supported atm)
--base string Enter the on-site proxy repository url (e.g Artifactory)
-h, --help help for install
--ip string Public ip or FQDN of node
--mirror string Mirrored Registry. (Default: '')
--port uint The ssh port to use (default 22)
--ssh-key string The ssh key to use for remote login
--sudo Use sudo for installation. (Default: true) (default true)
--tls-san string Add additional hostname or IP as a Subject Alternative Name in the TLS cert
--user string Username for SSH login (Default: root (default "root")
Examples:
k3sair install \
--ssh-key /ssh/cluster \
--arch amd64 \
--base "https://repo.local/" \
--ip 127.0.0.1 \
--user core
Join 🚪
k3sair join -h
Usage:
k3sair join [flags]
Flags:
--additional-k3s-exec-flags string Add additional k3s exec flags, separate with space
--arch string Enter the target sever os architecture (amd64 supported atm)
--base string Enter the on site proxy repository url (e.g Artifactory)
--control-plane-ip string Public ip or FQDN of an existing k3s server
--control-plane-port uint The ssh port to use (default 22)
-h, --help help for join
--ip string Public ip or FQDN of node
--k3s-api-port uint The kube api server port. (default 6443)
--mirror string Mirrored Registry. (Default: '')
--port uint The ssh port to use (default 22)
--ssh-key string The ssh key to use for remote login
--sudo Use sudo for installation. (Default: true) (default true)
--user string Username for SSH login (Default: root (default "root")
Examples:
k3sair join \
--ssh-key /ssh/cluster \
--arch amd64 \
--base "https://repo.local/" \
--ip 127.0.0.2 \
--control-plane-ip 127.0.0.1 \
--user core
Kubeconfig
k3sair kubeconfig -h
Get the kubeconfig from the k3s control plane server
Usage:
k3sair kubeconfig [flags]
Flags:
-h, --help help for kubeconfig
--ip string Public ip or FQDN of node
--port uint The ssh port to use (default 22)
--ssh-key string The ssh key to use for remote login
--sudo Use sudo for installation. (Default: true) (default true)
--user string Username for SSH login (Default: root (default "root")
Examples:
k3sair kubeconfig \
--ssh-key ~/.ssh/id_rsa
--ip 127.0.0.1
Contributing 🤝
Contributing via GitHub
TBA
License
Apache License, Version 2.0
Roadmap 🛣️
- K3s private registry support link
- tls-san support
- Kubeconfig: change server address 127.0.0.1 to host ip/name
- INSTALL_K3S_EXEC support
- GitHub Actions
- Release via goreleaser
- Rework codebase
- INSTALL_K3S_EXEC support with additional cli flags
- HA Support
- Tests
- ...