Continental Innovates with Rancher and Kubernetes
The ability to run Kubernetes using a datastore other than etcd sets K3s apart from other Kubernetes distributions. This feature provides flexibility to Kubernetes operators. The available datastore options allow you to select a datastore that best fits your use case. For example:
K3s supports the following datastore options:
If you wish to use an external datastore such as PostgreSQL, MySQL, or etcd you must set the datastore-endpoint parameter so that K3s knows how to connect to it. You may also specify parameters to configure the authentication and encryption of the connection. The below table summarizes these parameters, which can be passed as either CLI flags or environment variables.
datastore-endpoint
--datastore-endpoint
K3S_DATASTORE_ENDPOINT
--datastore-cafile
K3S_DATASTORE_CAFILE
--datastore-certfile
K3S_DATASTORE_CERTFILE
datastore-keyfile
--datastore-keyfile
K3S_DATASTORE_KEYFILE
datastore-certfile
As a best practice we recommend setting these parameters as environment variables rather than command line arguments so that your database credentials or other sensitive information aren’t exposed as part of the process info.
As mentioned, the format of the value passed to the datastore-endpoint parameter is dependent upon the datastore backend. The following details this format and functionality for each supported external datastore.
In its most common form, the datastore-endpoint parameter for PostgreSQL has the following format:
postgres://username:password@hostname:port/database-name
More advanced configuration parameters are available. For more information on these, please see https://godoc.org/github.com/lib/pq.
If you specify a database name and it does not exist, the server will attempt to create it.
If you only supply postgres:// as the endpoint, K3s will attempt to do the following:
postgres://
postgres
kubernetes
In its most common form, the datastore-endpoint parameter for MySQL and MariaDB has the following format:
mysql://username:password@tcp(hostname:3306)/database-name
More advanced configuration parameters are available. For more information on these, please see https://github.com/go-sql-driver/mysql#dsn-data-source-name
Note that due to a known issue in K3s, you cannot set the tls parameter. TLS communication is supported, but you cannot, for example, set this parameter to “skip-verify” to cause K3s to skip certificate verification.
tls
If you only supply mysql:// as the endpoint, K3s will attempt to do the following:
mysql://
/var/run/mysqld/mysqld.sock
root
In its most common form, the datastore-endpoint parameter for etcd has the following format:
https://etcd-host-1:2379,https://etcd-host-2:2379,https://etcd-host-3:2379
The above assumes a typical three node etcd cluster. The parameter can accept one more comma separated etcd URLs.
Based on the above, the following example command could be used to launch a server instance that connects to a PostgresSQL database named k3s:
K3S_DATASTORE_ENDPOINT='postgres://username:password@hostname:5432/k3s' k3s server
And the following example could be used to connect to a MySQL database using client certificate authentication:
K3S_DATASTORE_ENDPOINT='mysql://username:password@tcp(hostname:3306)/k3s' \ K3S_DATASTORE_CERTFILE='/path/to/client.crt' \ K3S_DATASTORE_KEYFILE='/path/to/client.key' \ k3s server
Please see High Availability with Embedded DB for instructions on how to run with this option.