How to Install k3s Lightweight Kubernetes on RHEL 8

December 15, 2025
Linux
Comment off

k3s is a lightweight, CNCF-certified Kubernetes distribution built for resource-constrained environments, edge deployments, and developer laptops, yet it is fully production-capable. It ships as a single binary under 100 MB, bundles its own SQLite datastore, and eliminates the need for a separate etcd cluster on small installations. RHEL 8 is an excellent host for k3s because its long support lifecycle and SELinux integration make it a trusted enterprise base. This tutorial covers installing k3s on a RHEL 8 server, configuring firewall rules, adding worker nodes, and understanding the basics of cluster management through the bundled kubectl.

Prerequisites

A RHEL 8 server with at least 1 vCPU and 512 MB RAM (1 GB+ recommended)
Root or sudo access
Outbound internet access on port 443
A static IP address on the server
curl installed (dnf install -y curl)

Step 1 — Prepare RHEL 8

Before installing k3s, disable swap and set SELinux to permissive. k3s can work with SELinux enforcing if the k3s-selinux policy package is installed, but permissive mode simplifies initial setup.

swapoff -a
sed -i '/sswaps/d' /etc/fstab

setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config

# Enable IP forwarding
echo "net.ipv4.ip_forward = 1" | tee /etc/sysctl.d/99-k3s.conf
sysctl --system

Step 2 — Open Firewall Ports

Open the ports used by the k3s API server and the Flannel VXLAN overlay network that k3s bundles by default.

firewall-cmd --permanent --add-port=6443/tcp   # API server
firewall-cmd --permanent --add-port=8472/udp   # Flannel VXLAN
firewall-cmd --permanent --add-port=10250/tcp  # Kubelet metrics
firewall-cmd --permanent --add-port=51820/udp  # WireGuard (optional)
firewall-cmd --reload

Step 3 — Install k3s on the Server Node

The official k3s install script downloads the binary, creates a systemd unit file, and starts the service in a single command.

curl -sfL https://get.k3s.io | sh -

# Check service status
systemctl status k3s

# Verify the node is Ready
k3s kubectl get nodes

The kubeconfig file is written to /etc/rancher/k3s/k3s.yaml. Copy it to your user’s home directory so standard kubectl commands work without sudo.

mkdir -p $HOME/.kube
cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
chmod 600 $HOME/.kube/config
kubectl get nodes

Step 4 — Retrieve the Node Token and Join Worker Nodes

Each agent node needs the server’s IP address and the cluster join token. Retrieve the token from the server, then run the install script on each worker with the appropriate environment variables set.

# On the SERVER node — print the join token
cat /var/lib/rancher/k3s/server/node-token

# On each WORKER node — replace SERVER_IP and TOKEN with real values
curl -sfL https://get.k3s.io | 
  K3S_URL=https://SERVER_IP:6443 
  K3S_TOKEN=TOKEN 
  sh -

# Back on the server — verify all nodes appear
kubectl get nodes -o wide

Step 5 — Basic Cluster Operations with k3s kubectl

k3s bundles its own kubectl alias. Use it directly or install a standalone kubectl binary pointing at the same kubeconfig.

# List all pods across all namespaces
kubectl get pods -A

# View cluster info
kubectl cluster-info

# Check node resource usage (requires metrics-server)
kubectl top nodes

# Drain a worker node for maintenance
kubectl drain  --ignore-daemonsets --delete-emptydir-data

# Re-enable the node after maintenance
kubectl uncordon

Step 6 — Uninstalling k3s

The install script places an uninstall helper at a fixed path on both server and agent nodes.

# On the server node
/usr/local/bin/k3s-uninstall.sh

# On each agent/worker node
/usr/local/bin/k3s-agent-uninstall.sh

Conclusion

You now have a working k3s Kubernetes cluster running on RHEL 8. The lightweight footprint of k3s makes it ideal for development clusters, CI pipelines, and edge locations where full kubeadm-managed clusters would be over-engineered. The bundled Flannel CNI, integrated load balancer (ServiceLB), and local-path storage provisioner mean you get a batteries-included experience without additional configuration. As your requirements grow you can replace the default components with alternatives such as Cilium for networking or Longhorn for distributed storage.

Next steps: Install Helm on RHEL 8, Deploy an application to Kubernetes on RHEL 8, and Configure Kubernetes Persistent Volumes on RHEL 8.