k4s is short for KUTIES, which is Kubernetes plus U-root utiliTIES.
Kubernetes tools (e.g. runc) are integrated via the gobusybox, which converts Go programs to Go packages, and then compiles them as one program (this process takes around 20 seconds).
In standard u-root, this allows over 180 commands to be built into a single binary smaller than 20MiB.
To be used in k4s, Go programs must be Go buildable, statically linked, and hence pure Go.
This will require us to revisit projects, such as k3s and runc, that have evolved over the years and brought in dependencies on external, non-Go libraries (e.g. libpathrs, used in runc); external non-Go programs (e.g. nsenter); systemd; and embedded binaries. These dependencies can be made compile-time dependent.
As described in the architecture overview, Kubernetes consists of multiple
components.
Even projects claiming to be single binary are, in fact, embedding multiple
other binaries. They effectively contain multiple Go runtimes, using
techniques such as the //go embed directive.
However, with u-root, we build file system images, typically cpio, to contain symlinks to one BusyBox-style binary with a single, shared Go runtime.
In the following, we look at what kinds of components we need, what multiple Kubernetes distros use, and which implementations are the best candidates for inclusion in k4s. The main criteria are whether they are pure Go, and how they affect the eventual binary size. As usual, we split between control plane and nodes.
Note that we build minimal systems, so we omit optional components and addons, because we need the binary to fit in a flash part.
| kind | implementations | notes |
|---|---|---|
| front-end (API) | kube-apiserver | |
| backing store | etcd | |
| scheduler | kube-scheduler | |
| supervisor | kube-controller-manager |
| kind | implementations | notes |
|---|---|---|
| runner agent | kubelet | |
| container runtime | CRI-O, containerd |
more tbd
tbd
tbd
tbd
u-root is a core firmware component for 10s of millions of server systems around the world, providing a compact, safe userland for LinuxBoot systems.
It has been part of the standard server firmware at Google since 2021; ByteDance adopted it a few years later. k4s will allow us to integrate Kubernetes capabilities into firmware images, enabling the creation of diskless Kubernetes appliances.