k0smotron: Open-source Kubernetes cluster management

Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options.

Kubernetes cluster management

Management and worker planes do not have to run on the same infrastructure provider, making k0smotron ideal for consolidating Kubernetes control planes for edge, hybrid, and multi-cloud deployments. Also, this makes it possible to set up Kubernetes control planes as ephemeral pods that can be spun up or down as workload requirements change.

The k0smotron operator is deployed onto an existing Kubernetes cluster, designated as the management cluster similar to a “mothership,” that orchestrates and provides control plane services on demand. Within this framework, the control planes are virtualized and treated as any other workload while managing multiple “child clusters”. This streamlines management, improves security and reliability while reducing operational costs by enabling rapid large-scale provisioning of Kubernetes with standardized configurations.

“In an era where application complexity is skyrocketing, managing multiple Kubernetes clusters efficiently is a significant hurdle,” said Miska Kaipiainen, VP of Engineering at Mirantis. “k0smotron simplifies this by allowing Kubernetes control planes to operate as individual pods within a single overarching Kubernetes environment. This ‘Kubernetes within Kubernetes’ approach is resource-efficient and tailor-made for organizations with diverse development teams needing their own specialized clusters. With k0smotron now enterprise-ready and backed up by Mirantis’ official support, we’re redefining the benchmarks of Kubernetes cluster management.”

Clusters

The separation between control planes and workers — along with Cluster API integration and the ability to provision bare metal — also makes it possible to provision remote worker nodes, supporting a wider range of use cases, including smaller footprint edge, branch offices, and the IoT.

For software development and continuous integration (CI/CD), temporary clusters can be created and integrated with existing processes. Also, k0smotron supports multi-cloud deployments with the control plane management cluster in a public or private cloud provider and worker nodes in various clouds with unified cluster management.

Behind the scenes

To find out more, we reached out to Jussi Nummelin, Senior Principal Engineer at Mirantis.

Why did you create k0smotron?

We started with k0s, which is a CNCF-validated, single-binary Kubernetes distro. And our goal with k0s was that it should install and run basically anywhere, with zero outside dependencies beyond ‘a Linux kernel.’ That it should be resource-efficient enough to work on IoT devices — and it does, down to single CPU ARM machines with 512MB RAM. But that it also be robust enough to build really big clusters — and it does that too… we’ve tested it up to thousands of nodes. And flexible to easily incorporate new CNI, CRI, CSI and other components.

But most of all, we wanted it to be simple to use: which means install with one command on a Linux node, SCP a config file over to the node if you want to customize. Provide a join token if this is worker. Then start the service with one command and a few optional arguments. Done. k0s installs with its own local CLI, which brings along a built-in kubectl. So install, configure, start, manage very quickly and easily — even in primitive situations where you need to work manually. And for more advanced setups, we have simple utilities like k0sctl that let you configure and deploy clusters. k0s also provides standard Kubernetes APIs, so works remotely with tools like Lens, with kubectl (of course), and all the other stuff you’d expect.

Most CPUs out there, any popular Linux, and k0s just works. It also uses robust and tolerant community-developed protocols like Konnectivity to enable control plane vs. worker separation, and let you connect worker nodes to control planes securely across even pretty-feeble networks. Like you can connect IoT mobile workers via 5G and internet to control planes hosted in a datacenter or on a cloud, and they work and don’t break.

Of course, k0s control plane components can run as bare processes, but also in containers. And we thought: “Dang, that would work at scale. We could solve the multi-cluster Kubernetes challenge in a new way: launch, host, scale, and manage containerized control planes on any Kubernetes, using an operator. The control planes are Kubernetes applications, so Kubernetes can manage and support and fix them, and restart them in new places when nodes fail, and so on.”

“And then we can provision workers and attach them. The workers can be running anywhere: alongside the host cluster on VMs on a public or private cloud, or a thousand miles away at a branch office, on a desktop, in a mobile IoT device. We can make Kubernetes multi-cluster — even for wild use cases — simple and obvious and Kubernetes-native!”

This kind of robust control-plane vs worker separation is very important for many interesting use-cases. Edge, IoT and in similar situations, you’re dealing with devices that are too tiny and potentially insecure to try running a control plane there. With k0smotron, you don’t need to.

Then, there was another motivation, which was that our k0s community kept asking us to create a ClustAPI operator for k0s – this is a Kubernetes project that lets a cluster manage infrastructure. And we thought: “Well, if we can manage infrastructure, multi-cluster is a great application that really needs that kind of ability to keep things simple.” And so k0smotron and our k0s CAPI operator were sort of born from the same community wellspring of inspiration.

What differentiates k0smotron from other solutions on the market?

As you probably know, multi-cluster Kubernetes normally gets solved in a completely different way: by infra-as-code, itself requiring infrastructure for production, deploying complex stuff onto who-knows-what servers and wiring them up to talk. And you have to manage that infrastructure somehow — often with another whole layer of infra-as-code specialized to the task, like Terraform, which is complicated. The process of marshaling infrastructure and deploying new clusters takes minutes at best, sometimes much longer. And it doesn’t always complete correctly. The whole deal is complicated and painful.

But when we use Kubernetes as the base layer, we end up solving all the infra problems at one time. Get the host cluster running – especially with the CAPI operator – and it abstracts away the VMs and virtual networks and so on. So we can create a new control plane in literally seconds, using nice simple Kubernetes-native mechanics. Everything in k0smotron is managed as Kubernetes resources, so experienced Kubernetes users, in a sense, already know everything they need to know. And it avoids people needing to learn or manage separate deployment tooling, plus operations codebases written in system-specific languages and YAML dialects. Users can just talk to the operator via kubectl (or some UI they create) and they’re in business: create, scale, delete. Ephemeral or long-running clusters made simple.

What are your plans for the future?

More like ‘plans for the present.’ k0smotron dovetails really nicely with some of our other current projects around k0s. For example, we’ve developed and are continually enhancing another Kubernetes operator called Autopilot, which lets a user configure and then automatically executes cluster updates in a non-disruptive way. And Autopilot now installs by default with k0s. So it can work in a k0smotron environment to keep a k0s host cluster updated. Updating the child clusters is done even more simply, but changing the container version in the k0smotron manifest – magic! This all really cuts back on operations overhead, which would otherwise be very scary — especially for, say, distributed IoT applications with many control planes and hundreds of thousands of remote workers.

We also have a k0s CAPI operator — ClusterAPI — which is a Kubernetes project that lets a cluster manage all kinds of cloud infrastructures. We’re enhancing it to marshal bare metal as well. So we’ve laid the groundwork for letting k0smotron completely abstract all the underlying infra mechanics needed for whatever use-case someone is interested in pursuing.

Download and getting started

k0smotron is available for free download on GitHub.

Getting started with k0smotron is easy. Install the controller into an existing cluster:

kubectl apply -f https://docs.k0smotron.io/stable/install.yaml

See the Getting Started with k0smotron tutorial for an easy recipe.

Must read: 15 open-source cybersecurity tools you’ll wish you’d known earlier

More open-source tools to consider:

• SOAPHound: Open-source tool to collect Active Directory data via ADWS
• Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure
• Latio Application Security Tester: Use AI to scan your code
• CVEMap: Open-source tool to query, browse and search CVEs
• Faction: Open-source pentesting report generation and collaboration framework
• Adalanche: Open-source Active Directory ACL visualizer, explorer
• AuthLogParser: Open-source tool for analyzing Linux authentication logs
• DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts
• Subdominator: Open-source tool for detecting subdomain takeovers
• EMBA: Open-source security analyzer for embedded devices