K3OS: A Kubernetes OS Distro for Edge Computing

On the heels of its release of k3s, a lightweight Kubernetes distribution designed for the edge, Rancher Labs has announced an accompanying operating system called k3OS.
The k3OS preview release is available with support for x86 and ARM64. With k3OS, Kubernetes cluster configuration and the underlying OS configuration are defined with the same declarative syntax as other Kubernetes resources, meaning both can be managed together.
Rancher has been working with a number of customers including wind turbine company Goldwind Smart Energy on using Kubernetes in resource-constrained environments.
“These customers view Kubernetes less as an application layer, more of a foundational layer,” said Sheng Liang, CEO and co-founder of Rancher Labs.
“Some of them came from Linux, but many of them actually came from embedded Windows, like Windows XP. They’d have Windows XP running some of these applications sort of like an embedded sort of thing. Running in energy platforms and that sort of thing … If you walk up to an ATM machine or a subway station.
“They sort of look at the two things as one: ‘If you want to give a Kubernetes distro, you’d better take care of the operating system,” he said.
In December, the company announced a partnership with Arm to provide enterprises a single way to manage Kubernetes in x86 clusters as well as their IoT deployments.
Edge nodes of 5 to 8GB process data in the field to reduce the amount of data sent back to the data center. Users update applications on these nodes fairly frequently.
The impetus for k3OS was the problem that the operating system was not tightly integrated with Kubernetes, he said.
“What people tend to do is just deploy the operating system and leave it as is. Then they’d upgrade Kubernetes, patch Kubernetes, but the operating system didn’t change. So over time, there were all kinds of CVEs (Common Vulnerabilities and Exposures). We started running agents on Kubernetes clusters and we’d detect all kinds of security holes in the underlying node, then we’d say, ‘You’ve got to patch the underlying operating system.’”
This turned out to not be easy. …it actually requires a fair bit of coordination between the operating system and Kubernetes.
“This is not a problem if you’re Google or Uber running these things by an SRE (site reliability engineer), but [with edge] we’re talking about the field technician doing these things,” he said.
“The whole thing just needed to be a lot simpler and a lot more resilient.”
K3s is a certified, production-grade Kubernetes distribution weighing in at less than 40 MB. It only needs 512 MB of RAM to run. It’s packaged as a single binary with legacy, alpha and non-default features removed. It uses sqlite3 as the default storage mechanism with etcd3 as an option, but not the default.
“K3s is really a Linux distro and Kubernetes distro combined in one,” Liang said.
“There’s really not much Linux distro left — it’s really just the kernel, plus a few utilities. Most of the stuff is Kubernetes. Now when people want to update, they just go to Kubernetes issue some commands, and Kubernetes will orchestrate the entire upgrade of a cluster. Not just the cluster itself, but also the underlying operating system. …
“K3s already made Kubernetes really easy; we just extended that down to the OS so you don’t have to worry about it. The OS also becomes part of your immutable infrastructure. You just manage this thing all in one shot. It’s almost like hands-off operations, and it improves security. People [used to] leave these operating systems for years, not touching them….You’re not just patching Kubernetes CVEs, you’re also patching operating system CVEs.”
Rancher Labs plans a production-ready GA release of k3OS later this year.
Several years ago, the company launched RancherOS, a lightweight operating system for managing Docker containers. But in a Kubernetes world, “you don’t actually need that Docker layer anymore,” Liang said.