K3s is a certified Kubernetes distribution that runs in 512 MB of RAM. Full K8s (kubeadm) needs 2 GB minimum. Both are 100% conformant β the same workloads run on both. The difference is what is included, what is removed, and where each fits.
Architecture differences
| Component | K8s (kubeadm) | K3s |
|---|---|---|
| Binary | Multiple (kubelet, kube-apiserver, etcd, etc.) | Single binary (~70 MB) |
| Database | etcd (external) | SQLite (default) or etcd, MySQL, PostgreSQL |
| Container runtime | containerd (separate install) | containerd (bundled) |
| CNI | Manual install (Calico, Cilium, etc.) | Flannel (bundled, replaceable) |
| Ingress | Manual install | Traefik (bundled, replaceable) |
| Load balancer | Manual (MetalLB, cloud) | ServiceLB (bundled) |
| Storage | Manual (CSI drivers) | Local-path-provisioner (bundled) |
| Helm controller | Not included | Built-in HelmChart CRD |
| Installation | kubeadm init + join (multi-step) | curl -sfL https://get.k3s.io | sh - |
Resource requirements
| Metric | K8s (kubeadm) | K3s |
|---|---|---|
| Minimum RAM (server) | 2 GB | 512 MB |
| Recommended RAM | 4 GB+ | 1 GB+ |
| Minimum CPU | 2 cores | 1 core |
| Disk | 50 GB+ | 10 GB+ |
| Control plane processes | ~1.5 GB RAM | ~300 MB RAM |
| Binary size | Multiple binaries, ~500 MB+ | Single binary, ~70 MB |
| Install time | 10-20 minutes | 30 seconds |
Installation
K8s (kubeadm)
# Disable swap, load modules, configure sysctl (see full guide)
# Install containerd
sudo apt-get install -y containerd.io
# Install kubeadm
sudo apt-get install -y kubelet kubeadm kubectl
# Initialize
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
# Configure kubectl
mkdir -p ~/.kube && sudo cp /etc/kubernetes/admin.conf ~/.kube/config
# Install CNI
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# Join workers (on each worker node)
sudo kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>Full guide: Install Kubernetes on Rocky Linux 9
K3s
# Server (control plane + worker)
curl -sfL https://get.k3s.io | sh -
# That's it. kubectl works immediately:
sudo k3s kubectl get nodes
# Join workers
curl -sfL https://get.k3s.io | K3S_URL=https://<server-ip>:6443 \
K3S_TOKEN=$(sudo cat /var/lib/rancher/k3s/server/node-token) sh -One command. No prerequisites beyond a Linux machine.
High availability
K8s HA
# 3 control plane nodes with external etcd or stacked etcd
sudo kubeadm init --control-plane-endpoint "load-balancer:6443" --upload-certs
# Join additional control planes
sudo kubeadm join load-balancer:6443 --control-plane --certificate-key <key>Requires external load balancer, etcd cluster management, certificate distribution.
K3s HA
# Server 1 (with embedded etcd)
curl -sfL https://get.k3s.io | sh -s - server --cluster-init
# Server 2 and 3
curl -sfL https://get.k3s.io | sh -s - server \
--server https://server1:6443 \
--token $(cat /var/lib/rancher/k3s/server/node-token)K3s handles embedded etcd, certificate management, and load balancing internally. Three commands for a 3-node HA cluster.
What K3s removes
K3s achieves its small footprint by removing and replacing components:
- Cloud controller manager β removed (not needed for edge/bare-metal)
- Storage drivers β in-tree drivers removed (use CSI)
- Legacy APIs β deprecated alpha APIs removed
- Docker β not supported (containerd only)
- etcd β replaced with SQLite by default (etcd available as option)
Everything removed is either deprecated, cloud-specific, or replaceable. K3s is still 100% CNCF conformant β all standard Kubernetes APIs and behaviors work.
Edge and IoT
K3s was built for edge computing:
# ARM64 (Raspberry Pi 4, NVIDIA Jetson)
curl -sfL https://get.k3s.io | sh -
# ARM (Raspberry Pi 3)
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik" sh -
# Air-gapped install
# Download binary + images, copy to node
sudo cp k3s /usr/local/bin/
sudo cp k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
sudo k3s serverK3s runs on:
- Raspberry Pi (2 GB+ RAM)
- NVIDIA Jetson (AI at the edge)
- Intel NUC
- Industrial PCs
- VMs with 512 MB RAM
Full K8s does not fit on these devices β the control plane alone exceeds their memory.
When K3s matches K8s
| Capability | Works on K3s? |
|---|---|
| Helm charts | Yes |
| Operators (OLM) | Yes |
| Istio / Cilium | Yes |
| Prometheus / Grafana | Yes |
| ArgoCD / Flux | Yes |
| GPU workloads (NVIDIA) | Yes |
| PersistentVolumes (CSI) | Yes |
| NetworkPolicies | Yes |
| RBAC | Yes |
| CRDs | Yes |
K3s is conformant Kubernetes. If it works on K8s, it works on K3s.
Decision guide
Choose K8s (kubeadm) when:
- You need full control over every component (etcd tuning, custom kubelet flags)
- You are running large clusters (100+ nodes) where etcd performance matters
- Cloud provider integration is needed (cloud controller manager)
- Your organization requires the exact upstream Kubernetes distribution
- You have experienced Kubernetes administrators who manage the cluster
Choose K3s when:
- Edge, IoT, or resource-constrained environments (under 4 GB RAM)
- You want the fastest path to a working cluster (30 seconds)
- Development and testing environments (local Kubernetes)
- Small production clusters (3-20 nodes)
- You want batteries-included (Traefik, Flannel, ServiceLB, Helm controller)
- Air-gapped environments where a single binary is easier to distribute
- Managed by Rancher for multi-cluster
