Container Runtime and Life cycle Management Using K3S
Overview
K3S is a lightweight Kubernetes distribution integrated into OcNOS, turning switch/router into a Edge Compute Platform. It allows the network device to natively host and manage containerized third-party applications, such as NetConf servers or telemetry collectors and running Kubernetes Pods directly inside the Network OS environment.
K3s uses its built-in runtime, containerd, to handle all low-level container tasks like pulling images. The K3s system actively manages the container's lifecycle, ensuring the application always runs. This orchestration creates the containers, monitor the health, and scaling or healing failed containers and keeps the service running smoothly on the node.
Feature Characteristics
|
•
|
Core Integration & Purpose
|
|
•
|
Built-in Orchestration: Integrates a lightweight Kubernetes (K3s) engine directly into the Network OS.
|
|
•
|
Third-Party Hosting: Enables the system (switch/router) to host, manage, and run third-party containerized applications (Pods).
|
|
•
|
Eliminates External Servers: Allows services like NetConf servers, SNMP daemons, or telemetry collectors to run as local Pods, removing the need for dedicated external compute servers. |
|
•
|
Networking & Connectivity
|
|
•
|
Pod Networking: Utilizes Linux networking primitives: Linux namespaces (zebosfib0 & zebosfib1), veth pairs (fib0veth–fib1veth), and a CNI bridge (cni0) for internal Pod communication.
|
|
•
|
External Access (NAT): External clients access Pods via the OcNOS management IP using NAT/port-forwarding.
|
|
•
|
Internal Communication (Direct): OcNOS internal processes communicate with Pods directly using IPv4 routes. |
|
•
|
Resource Control: Provides fine-grained resource control (CPU, memory, storage) for hosted Pods.
|
|
•
|
Observability: Supports standard K3s metrics for monitoring and health checks.
|
|
•
|
Security: Features auto-managed certificates for securing communications.
|
|
•
|
Operational Model: Effectively turns OcNOS into a network OS with built-in container orchestration. |
Benefits
The K3s feature lets users run third-party or custom applications directly on the network device, eliminating the need for external servers.
|
•
|
Integration: Deploy NetConf, SNMP, telemetry, or RCA tools as local Pods on OcNOS.
|
|
•
|
Efficiency: Saves hardware, power, and maintenance by consolidating services on one platform.
|
|
•
|
Automation: Uses Kubernetes orchestration for easy Pod life cycle management.
|
|
•
|
Flexibility: Supports any containerized app with defined CPU, memory, and storage limits.
|
|
•
|
Visibility: Built-in metrics for resource usage and health monitoring.
|
|
•
|
Scalability: Simplifies adding or upgrading services without OS modification.
|
Prerequisites
The following conditions must be satisfied before enabling and using K3s on OcNOS:
|
•
|
Ensure OcNOS has K3s-enabled image, configured namespaces/veth pair, Network Address Translation (NAT) rules, and required YAML/image files before enabling the feature. |
|
•
|
OcNOS image must include K3s support (from version supporting container integration).
|
|
•
|
Should be sufficient CPU (≥ 2 cores) and Memory (≥ 2 GB) available for K3s and Pods.
|
|
•
|
Required adequate storage in /cfg or /var/lib/rancher/k3s for images and manifests.
|
|
•
|
Properly configured management (eth0) interface in zebosfib1 namespace. |
Limitations
|
•
|
Single-node only: K3s runs locally on OcNOS; no multi-node cluster support.
|
|
•
|
Resource-bound: Limited by device CPU, memory, and storage — heavy containers may impact NOS performance. |
|
•
|
No Internet registry access: Images must be loaded manually (offline).
|
|
•
|
Limited Pod count: Only a few Pods can run reliably due to hardware constraints.
|
|
•
|
Static NAT/ports: External access requires predefined or manually added port-forwarding rules.
|
|
•
|
No GUI dashboard: Management via CLI (kubectl, k3s ctr) only.
|
|
•
|
Basic persistence: Storage limited to host paths (e.g., /cfg) — no dynamic storage provisioning. |