Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
Cloud Native Ecosystem / Kubernetes

Install Korifi to Manage K3s at the Edge

Enabling Kubernetes on edge and IoT devices is made simpler by installing the Cloud Foundry Korifi abstraction.
Jun 29th, 2023 6:00am by
Featued image for: Install Korifi to Manage K3s at the Edge

Cloud Foundry Korifi is the familiar Cloud Foundry abstraction ported over to Kubernetes clusters. It brings a multitenant experience to Kubernetes and helps app developers consume clusters with ease. It presents an answer to a question that many people in the community are asking: “What’s the best way for Cloud Foundry users to move to Kubernetes?”

Korifi works by being installed in a Kubernetes cluster. While vanilla Kubernetes is the ideal, each managed-cloud provider meets the market with their small variations on Kubernetes. For this reason, we are creating tutorials that are specific to each cloud provider. While this can mean yet another open source project getting fragmented, each cloud provider is preferred for specific purposes such as for use in production, for use by internal teams, etc. Therefore, it does make sense to have guides that enable teams to install and use Korifi on each provider.

So, with that, we introduce our first tutorial about deploying Korifi on the popular, lightweight K3s for edge and IoT applications.

K3s is a lightweight Kubernetes distribution designed for resource-constrained environments such as edge computing or IoT devices. K3s was initially developed by Rancher Labs, a company specializing in Kubernetes management solutions. In the year 2020, Rancher Labs was acquired by SUSE, and the development and maintenance of K3s are now driven by the open source community. K3s has gained significant traction and a growing community of contributors. It has evolved into a mature and stable project with regular releases, the latest one being version 25.10-rc1+k3s1.

K3s’ small footprint allows it to run on devices with lower computational power, making it useful for IoT deployments. K3s is also well-suited for edge computing scenarios where resources are limited and connectivity may be intermittent. It enables developers to deploy Kubernetes clusters closer to the edge devices, reducing latency and enhancing data processing capabilities.

In this tutorial, we will cover how to install Cloud Foundry Korifi on a K3s cluster. We will first install Kubernetes — in the form of K3s — and then install Korifi CRDs to the cluster. The final steps of the tutorial will be an example of an app deployed to the cluster.

But first, some more background on Cloud Foundry Korifi. Korifi is open source software built by the Cloud Foundry community. It was born out of the need for internal development platforms to be built over Kubernetes. Korifi’s purpose is to deliver an inherently higher-order abstraction over Kubernetes, ultimately enabling developers to focus on building applications. It is a fully open source tool, built to serve as a means to deploy applications on Kubernetes while providing automated networking, security, availability, and much more. Now, let’s get started.

Prerequisites: Please install the following tools to start.

Step 1: Install K3s.

The instructions for this are quite clear in the quick start guide. However, we have to configure a couple additional parameters to suit our installation. The –disable traefik argument is passed to the installation script to disable the installation of the Traefik ingress controller. This is because we will install Contour for ingress control at a later step and the two will conflict with each other.

The second argument passed to the script is –write-kubeconfig-mode 644. This sets the file permission mode of the generated kubeconfig file to 644 which means the owner will have read and write access, while others have only read access. This is not done by default during a K3s install. Skipping this step means that we will be unable to make use of kubectl to connect with the cluster, which is required to proceed further.

Step 2: Set Environment Variables

This is merely a step for convenience. We could make use of the environment variables in later steps.

Step 3: Install Cert Manager

Cert Manager is installed with a single kubectl apply command, with the latest release referenced in the path to the yaml definition.

Cert Manager is an open source certificate-management solution designed specifically for Kubernetes clusters. It helps automate the management and issuance of X.509 certificates, which are used for securing communications between various components and services within a Kubernetes environment.

The Cert Manager project extends Kubernetes with custom resource definitions (CRDs) to define certificate-related objects, such as Certificate, CertificateRequest and ClusterIssuer. By using Cert Manager, Kubernetes users can simplify the management of TLS certificates within their clusters. It ensures that all the necessary components, such as ingress controllers, pods and services, have valid and up-to-date certificates, thereby enhancing the security and reliability of the Kubernetes environment.

Step 4: Install kpack

Kpack is an open source project that integrates with Kubernetes to provide a container-native build process. It consumes Cloud Native Buildpacks to export OCI-compatible containers. By using kpack, developers can adopt a cloud native approach to building and packaging applications to deploy on Kubernetes clusters.

kpack is installed with a single kubectl apply command, with the latest release referenced in the path to the yaml definition.

Step 5: Create Root Namespaces

In this step, we create the cf and korifi namespaces.

Step 6: Install Contour

Contour is an open source Ingress controller for Kubernetes that is built on top of the Envoy proxy. An Ingress controller is a Kubernetes resource that manages the inbound network traffic to services within a cluster. It acts as a gateway and provides external access to the services running inside the cluster. Contour specifically focuses on providing advanced features and capabilities for managing Ingress in Kubernetes.

Step 7: Create a Secret to Help Access the Container Registry

A container registry is used to manage all the containers built for deployment on the cluster. At the end of the build workflow, packages are uploaded to it and the start of a run workflow pulls containers from there for deployment. In this case, we are using Google Artifact Registry for pushing and pulling images.

Alternate container registries (such as Docker Hub, Github Container Registry, etc.) can be used. Please see the installation documents for specific information.

Step 8: Install Korifi

Korifi is installed using the official helm chart. Each release has a corresponding helm chart which is updated by the community. All the options available for customizing the helm chart are available here.

Step 9: Authenticate with the Cloud Foundry API

There are two steps to be taken for authenticating with the Cloud Foundry API. The first is to set the URL for the API. The second is the login command. The output for this will ask which of the different user identities you would like to use. Select the default one to proceed.

Step 9: Create and Org and Space

In Cloud Foundry parlance,

  • The target refers to setting the active organization and space within a Cloud Foundry instance.
  • An organization (org) is a logical grouping of users, applications and services, providing administrative and collaborative control.
  • A space is a subdivision within an organization, offering isolation and independence for different teams or projects to develop and manage their applications and services.

Step 10: Deploy the Application

The single cf push command is used to deploy an application to the K3s instance that has Korifi installed on it.


The Cloud Foundry community has a goal to make Korifi a tool of choice for operators who work with large volumes of application developers and would like a tool to help them manage their Kubernetes clusters at scale. Korifi has been built based on principles gleaned from decades of production excellence with Cloud Foundry. With Korifi running on a K3s instance, it becomes simpler to deploy to the edge and IoT devices running Kubernetes.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.