version: '3'
services:
  server:
    image: "rancher/k3s"
    restart: always
    command: server --no-deploy traefik --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
    tmpfs:
    - /run
    - /var/run
    privileged: true
    environment:
    - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
    - K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml
    - K3S_KUBECONFIG_MODE=666
    volumes:
    - k3s_data:/var/lib/rancher/k3s
    - .:/host
    ports:
      - 80:30080
      - 443:30443
      - 6443:6443
  agent:
    image: "rancher/k3s"
    restart: always
    command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
    tmpfs:
    - /run
    - /var/run
    privileged: true
    environment:
    - K3S_URL=https://server:6443
    - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}

volumes:
  k3s_data: