From ca4ee3d036bfad71a4a726ba2930a565b67852cf Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Mon, 1 Apr 2024 13:14:41 +0200
Subject: [PATCH] chore(kb/kubernetes): start articles about k3s and rke2

---
 .vscode/settings.json               |  2 +
 knowledge base/kubernetes/README.md | 65 ++++++++++++++------------
 knowledge base/kubernetes/k3s.md    | 51 ++++++++++++++++-----
 knowledge base/kubernetes/rke2.md   | 71 +++++++++++++++++++++++++++++
 4 files changed, 148 insertions(+), 41 deletions(-)
 create mode 100644 knowledge base/kubernetes/rke2.md

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 7438908..37db396 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -148,6 +148,8 @@
         "kubectx",
         "kubelet",
         "kubens",
+        "kubescape",
+        "kubeswitch",
         "kubeval",
         "kubie",
         "kustomize",
diff --git a/knowledge base/kubernetes/README.md b/knowledge base/kubernetes/README.md
index ed2e175..c37381a 100644
--- a/knowledge base/kubernetes/README.md	
+++ b/knowledge base/kubernetes/README.md	
@@ -568,6 +568,12 @@ Concepts:
 - [Best practices for pod security in Azure Kubernetes Service (AKS)]
 - [Network policies]
 
+Distributions:
+
+- [K3S]
+- [RKE2]
+- [K0S]
+
 Tools:
 
 - [`kubectl`][kubectl]
@@ -580,7 +586,6 @@ Tools:
 - [`kubeswitch`][kubeswitch], alternative to [`kubie`][kubie] and [`kubectx`+`kubens`][kubectx+kubens]
 - [`kube-ps1`][kube-ps1]
 - [`kubie`][kubie], alternative to [`kubeswitch`][kubeswitch], and to [`kubectx`+`kubens`][kubectx+kubens] and [`kube-ps1`][kube-ps1]
-- [K3S]
 - [Minikube]
 - [Kubescape]
 
@@ -622,6 +627,36 @@ Others:
   References
   -->
 
+<!-- In-article sections -->
+[pods]: #pods
+[privileged container vs privilege escalation]: #privileged-container-vs-privilege-escalation
+
+<!-- Knowledge base -->
+[azure kubernetes service]: ../cloud%20computing/azure/aks.md
+[cert-manager]: cert-manager.md
+[connection tracking]: ../connection%20tracking.placeholder
+[create an admission webhook]: ../../examples/kubernetes/create%20an%20admission%20webhook/README.md
+[etcd]: ../etcd.placeholder
+[external-dns]: external-dns.md
+[flux]: flux.md
+[gitops]: ../gitops.md
+[helm]: helm.md
+[helmfile]: helmfile.md
+[istio]: istio.md
+[k0s]: k0s.placeholder
+[k3s]: k3s.md
+[keda]: keda.md
+[kubectl]: kubectl.md
+[kubescape]: kubescape.md
+[kubeval]: kubeval.md
+[kustomize]: kustomize.md
+[minikube]: minikube.md
+[network policies]: network%20policies.md
+[prometheus on kubernetes using helm]: ../../examples/kubernetes/prometheus%20on%20k8s%20using%20helm.md
+[rke2]: rke2.md
+[terraform]: ../terraform.md
+[velero]: velero.md
+
 <!-- Upstream -->
 [addons]: https://kubernetes.io/docs/concepts/cluster-administration/addons/
 [api deprecation policy]: https://kubernetes.io/docs/reference/using-api/deprecation-policy/
@@ -648,34 +683,6 @@ Others:
 [using sysctls in a kubernetes cluster]: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
 [version skew policy]: https://kubernetes.io/releases/version-skew-policy/
 
-<!-- In-article sections -->
-[pods]: #pods
-[privileged container vs privilege escalation]: #privileged-container-vs-privilege-escalation
-
-<!-- Knowledge base -->
-[azure kubernetes service]: ../cloud%20computing/azure/aks.md
-[cert-manager]: cert-manager.md
-[connection tracking]: ../connection%20tracking.placeholder
-[create an admission webhook]: ../../examples/kubernetes/create%20an%20admission%20webhook/README.md
-[etcd]: ../etcd.placeholder
-[external-dns]: external-dns.md
-[flux]: flux.md
-[gitops]: ../gitops.md
-[helm]: helm.md
-[helmfile]: helmfile.md
-[istio]: istio.md
-[k3s]: k3s.md
-[keda]: keda.md
-[kubectl]: kubectl.md
-[kubescape]: kubescape.md
-[kubeval]: kubeval.md
-[kustomize]: kustomize.md
-[minikube]: minikube.md
-[network policies]: network%20policies.md
-[prometheus on kubernetes using helm]: ../../examples/kubernetes/prometheus%20on%20k8s%20using%20helm.md
-[terraform]: ../terraform.md
-[velero]: velero.md
-
 <!-- Others -->
 [best practices for pod security in azure kubernetes service (aks)]: https://learn.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security
 [build your very own self-hosting platform with raspberry pi and kubernetes]: https://kauri.io/build-your-very-own-self-hosting-platform-with-raspberry-pi-and-kubernetes/5e1c3fdc1add0d0001dff534/c
diff --git a/knowledge base/kubernetes/k3s.md b/knowledge base/kubernetes/k3s.md
index 451349d..9478fd0 100644
--- a/knowledge base/kubernetes/k3s.md	
+++ b/knowledge base/kubernetes/k3s.md	
@@ -2,20 +2,49 @@
 
 Lightweight Kubernetes distribution built for IoT and Edge computing.
 
-## Table of contents <!-- omit in toc -->
-
+1. [TL;DR](#tldr)
 1. [Further readings](#further-readings)
-1. [Sources](#sources)
+   1. [Sources](#sources)
+
+## TL;DR
+
+<details>
+  <summary>Installation and configuration</summary>
+
+```sh
+curl -sfL 'https://get.k3s.io' | sudo sh -
+```
+
+</details>
+
+<details>
+  <summary>Usage</summary>
+
+```sh
+# Use the provided `kubectl`.
+k3s kubectl get pods
+
+# Restore clusters from snapshots.
+k3s server --cluster-reset \
+  --cluster-reset-restore-path="/var/lib/rancher/k3s/server/db/etcd-old-${BACKUP_DATE}"
+```
+
+</details>
+
+<!-- Uncomment if needed
+<details>
+  <summary>Real world use cases</summary>
+</details>
+-->
 
 ## Further readings
 
 - [Website]
 - [Documentation]
 - [Kubernetes]
+- [When to use K3s and RKE2]
 
-## Sources
-
-All the references in the [further readings] section, plus the following:
+### Sources
 
 - The [Build your very own self-hosting platform with Raspberry Pi and Kubernetes] series of articles
 - [Run Kubernetes on a Raspberry Pi with k3s]
@@ -24,15 +53,13 @@ All the references in the [further readings] section, plus the following:
   References
   -->
 
+<!-- Knowledge base -->
+[kubernetes]: README.md
+
 <!-- Upstream -->
 [documentation]: https://docs.k3s.io/
 [website]: https://k3s.io/
-
-<!-- In-article sections -->
-[further readings]: #further-readings
-
-<!-- Knowledge base -->
-[kubernetes]: README.md
+[when to use k3s and rke2]: https://www.suse.com/c/rancher_blog/when-to-use-k3s-and-rke2/
 
 <!-- Others -->
 [build your very own self-hosting platform with raspberry pi and kubernetes]: https://kauri.io/build-your-very-own-self-hosting-platform-with-raspberry-pi-and-kubernetes/5e1c3fdc1add0d0001dff534/c
diff --git a/knowledge base/kubernetes/rke2.md b/knowledge base/kubernetes/rke2.md
new file mode 100644
index 0000000..27bd358
--- /dev/null
+++ b/knowledge base/kubernetes/rke2.md	
@@ -0,0 +1,71 @@
+# RKE2
+
+Rancher Kubernetes Engine 2, Rancher's next-generation Kubernetes distribution.
+
+Fully conformant Kubernetes distribution focusing on security and compliance within the U.S. Federal Government sector.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+Keeps in close alignment with upstream Kubernetes.
+
+RKE2 launches control plane components as static pods, managed by the kubelet.<br/>
+It uses `containerd` as the embedded container runtime.
+
+<details>
+  <summary>Installation and configuration</summary>
+
+```sh
+curl -sfL 'https://get.rke2.io' | sudo sh - \
+&& sudo systemctl enable --now 'rke2-server.service'
+```
+
+</details>
+
+<details>
+  <summary>Usage</summary>
+
+```sh
+# Use the provided `kubectl`.
+export KUBECONFIG='/etc/rancher/rke2/rke2.yaml' \
+/var/lib/rancher/rke2/bin/kubectl get pods
+
+# Restore clusters from snapshots.
+rke2 server --cluster-reset \
+  --cluster-reset-restore-path="/var/lib/rancher/rke2/server/db/etcd-old-${BACKUP_DATE}"
+```
+
+</details>
+
+<!-- Uncomment if needed
+<details>
+  <summary>Real world use cases</summary>
+</details>
+-->
+
+## Further readings
+
+- [Website]
+- [K3S]
+
+### Sources
+
+- [When to use K3s and RKE2]
+
+<!--
+  References
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[k3s]: k3s.md
+
+<!-- Files -->
+<!-- Upstream -->
+[website]: https://docs.rke2.io/
+[when to use k3s and rke2]: https://www.suse.com/c/rancher_blog/when-to-use-k3s-and-rke2/
+
+<!-- Others -->