k0s directories#
This page describes the directories k0s reads and writes on the host, what they are used for, and the permissions k0s expects on them.
Please note that the directory layouts described here are considered an implementation detail and may change without further notice, even between patch releases, unless explicitly stated otherwise, e.g., by other parts of the documentation referencing those paths or files within them.
The two parent directories are configurable via CLI flags:
--data-dir(default/var/lib/k0son Linux,C:\var\lib\k0son Windows)
persistent state--run-dir(default/run/k0son Linux)
runtime state such as PID files and unix sockets
Additionally, on k0s nodes with workloads enabled, you can set the following directories:
--kubelet-root-dir(default<data-dir>/kubelet)
Kubelet root directory
Data directory layout#
Inside <data-dir> (default /var/lib/k0s):
| Path | Purpose | Mode |
|---|---|---|
<data-dir>/ |
Top-level data directory. | 0755 |
<data-dir>/bin/ |
Embedded binaries (kubelet, etcd, containerd, …) extracted on first start. | 0755 |
<data-dir>/pki/ |
Cluster CA and component certificates managed by k0s. | 0751 |
<data-dir>/pki/etcd/ |
etcd-specific certificates. | 0711 |
<data-dir>/etcd/ |
etcd database files if k0s is configured to use the embedded etcd. | 0700 |
<data-dir>/manifests/ |
Manifest Deployer drop-in directory. Files placed here are applied to the cluster. | 0755 |
<data-dir>/images/ |
Image bundles imported into the managed containerd instance | 0755 |
<data-dir>/kine/ |
Kine database files when k0s is configured to use Kine instead of etcd. | 0750 |
Individual certificate files inside pki/ are written with mode 0644
(public certs) or 0640 (private keys), and admin/kubelet config files are
written with mode 0600.
Run directory layout#
Inside <run-dir> (default /run/k0s):
| Path | Purpose | Mode |
|---|---|---|
<run-dir>/ |
Top-level run directory. | 0755 |
<run-dir>/*.pid |
PID files for supervised processes (kubelet, etcd, containerd, …). | 0644 |
<run-dir>/status.sock |
Unix socket exposing local status to k0s status and similar commands. |
(process umask) |
The run directory is intentionally outside the data directory so that on
systems where /run is a tmpfs, runtime state is cleared on reboot while
persistent state under <data-dir> survives.
Notes#
- All paths above are derived from the same
--data-dir/--run-dirflags passed tok0sand propagated to its supervised components, so changing the flags moves the whole tree consistently. - The CSI guide in the Storage section documents the kubelet root
path caveat, since the default differs from upstream Kubernetes
(
<data-dir>/kubeletrather than/var/lib/kubelet). - Backup/restore covers
pki/,manifests/, andimages/, along with the etcd or k0s database files, ik k0s is configured to use them. See Backup/Restore for details.