Revert "Revert "WIP: Misc changes and improvements to K3s docs""

This reverts commit f698b97.

Author: catherineluse

content/k3s/latest/en/installation/install-options/_index.md

@@ -28,23 +28,24 @@ When using this method to install K3s, the following environment variables can b
 | Environment Variable | Description |
 |-----------------------------|---------------------------------------------|
 | `INSTALL_K3S_SKIP_DOWNLOAD` | If set to true will not download K3s hash or binary. |
-| `INSTALL_K3S_SYMLINK` | If set to 'skip' will not create symlinks, 'force' will overwrite, default will symlink if command does not exist in path. |
+| `INSTALL_K3S_SYMLINK` | By default will create symlinks for the kubectl, crictl, and ctr binaries if the commands do not already exist in path. If set to 'skip' will not create symlinks and 'force' will overwrite. |
 | `INSTALL_K3S_SKIP_START` | If set to true will not start K3s service. |
-| `INSTALL_K3S_VERSION` | Version of K3s to download from github. Will attempt to download the latest version if not specified. |
+| `INSTALL_K3S_VERSION` | Version of K3s to download from Github. Will attempt to download the latest version if not specified. |
 | `INSTALL_K3S_BIN_DIR` | Directory to install K3s binary, links, and uninstall script to, or use `/usr/local/bin` as the default. |
 | `INSTALL_K3S_BIN_DIR_READ_ONLY` | If set to true will not write files to `INSTALL_K3S_BIN_DIR`, forces setting `INSTALL_K3S_SKIP_DOWNLOAD=true`. |
 | `INSTALL_K3S_SYSTEMD_DIR` | Directory to install systemd service and environment files to, or use `/etc/systemd/system` as the default. |
 | `INSTALL_K3S_EXEC` | Command with flags to use for launching K3s in the service. If the command is not specified, and the `K3S_URL` is set, it will default to "agent." If `K3S_URL` not set, it will default to "server." For help, refer to [this example.]({{<baseurl>}}/k3s/latest/en/installation/install-options/how-to-flags/#example-b-install-k3s-exec) |
-| `INSTALL_K3S_NAME` | Name of systemd service to create, will default from the K3s exec command if not specified. If specified the name will be prefixed with 'k3s-'. |
+| `INSTALL_K3S_NAME` | Name of systemd service to create, will default to 'k3s' if running k3s as a server and 'k3s-agent' if running k3s as an agent. If specified the name will be prefixed with 'k3s-'. |
 | `INSTALL_K3S_TYPE` | Type of systemd service to create, will default from the K3s exec command if not specified.
 
+
 Environment variables which begin with `K3S_` will be preserved for the systemd and openrc services to use.
 
 Setting `K3S_URL` without explicitly setting an exec command will default the command to "agent".
 
 When running the agent `K3S_TOKEN` must also be set.
 
-### Options for Installation from Binary
+# Installing K3s from the Binary
 
 As stated, the installation script is primarily concerned with configuring K3s to run as a service. If you choose to not use the script, you can run K3s simply by downloading the binary from our [release page](https://github.com/rancher/k3s/releases/latest), placing it on your path, and executing it. The K3s binary supports the following commands:
 

content/k3s/latest/en/installation/installation-requirements/_index.md

@@ -37,12 +37,24 @@ K3s performance depends on the performance of the database. To ensure optimal sp
 
 ## Networking
 
-The K3s server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach other nodes over UDP port 8472 (Flannel VXLAN). If you do not use Flannel and provide your own custom CNI, then port 8472 is not needed by K3s. The node should not listen on any other port. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel.
+The K3s server needs port 6443 to be accessible by the nodes.
 
-IMPORTANT: The VXLAN port on nodes should not be exposed to the world as it opens up your cluster network to be accessed by anyone. Run your nodes behind a firewall/security group that disabled access to port 8472.
+The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used. The node should not listen on any other port. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. However, if you do not use Flannel and provide your own custom CNI, then port 8472 is not needed by K3s.
 
 If you wish to utilize the metrics server, you will need to open port 10250 on each node.
 
+> **Important:** The VXLAN port on nodes should not be exposed to the world as it opens up your cluster network to be accessed by anyone. Run your nodes behind a firewall/security group that disables access to port 8472.
+
+<figcaption>Inbound Rules for K3s Server Nodes</figcaption>
+
+| Protocol | Port | Source | Description
+|-----|-----|----------------|---|
+| TCP | 6443 | K3s server nodes | Kubernetes API
+| UDP | 8472 | K3s server and agent nodes | Required only for Flannel VXLAN
+| TCP | 10250 | K3s server and agent nodes | kubelet
+
+Typically all outbound traffic is allowed.
+
 ## Large Clusters
 
 Hardware requirements are based on the size of your K3s cluster. For production and large clusters, we recommend using a high-availability setup with an external database. The following options are recommended for the external database in production: