Support Matrix
KSail supports multiple Kubernetes distributions, providers, and components. This matrix shows compatibility and support status.
Distribution × Provider Matrix
Section titled “Distribution × Provider Matrix”| Distribution | Docker | Hetzner | Omni |
|---|---|---|---|
| Vanilla (Kind) | ✅ | ❌ | ❌ |
| K3s (K3d) | ✅ | ❌ | ❌ |
| Talos | ✅ | ✅ | ✅ |
| VCluster (Vind) | ✅ | ❌ | ❌ |
Notes:
- Docker provider requires Docker Desktop or Docker Engine installed locally
- Hetzner provider requires
HCLOUD_TOKENenvironment variable and Talos ISO in your account - Omni provider requires a Sidero Omni account, an
OMNI_SERVICE_ACCOUNT_KEYenvironment variable, and an Omni API endpoint configured viaspec.cluster.omni.endpointin your KSail configuration — see Omni Provider for setup details - VCluster uses the Vind Docker driver to run the control plane and optional worker nodes directly as Docker containers
Component × Distribution Matrix
Section titled “Component × Distribution Matrix”| Component | Vanilla | K3s | Talos | VCluster |
|---|---|---|---|---|
| CNI | ||||
| Cilium | ✅ | ✅ | ✅ | N/A¹ |
| Calico | ✅ | ✅ | ✅ | N/A¹ |
| CSI | ||||
| Local Path Provisioner | ✅ | Built-in | ✅ (Docker) | N/A² |
| Hetzner CSI Driver | ❌ | ❌ | ✅ (Hetzner) | ❌ |
| LoadBalancer | ||||
| LoadBalancer Support | ✅ | Built-in | ✅ (Docker/Hetzner) | N/A³ |
| Cloud Provider KIND | ✅ | ❌ | ❌ | ❌ |
| MetalLB | ❌ | ❌ | ✅ (Docker) | ❌ |
| Hetzner CCM | ❌ | ❌ | ✅ (Hetzner) | ❌ |
| GitOps | ||||
| Flux | ✅ | ✅ | ✅ | ✅ |
| ArgoCD | ✅ | ✅ | ✅ | ✅ |
| Observability | ||||
| Metrics Server | ✅ | Built-in | ✅ | N/A⁴ |
| Security | ||||
| cert-manager | ✅ | ✅ | ✅ | ✅ |
| Kyverno | ✅ | ✅ | ✅ | ✅ |
| Gatekeeper | ✅ | ✅ | ✅ | ✅ |
| Registry | ||||
| Local Registry | ✅ | ✅ | ✅ | ✅ |
| Mirror Registries | ✅ | ✅ | ✅ | ✅ |
| External Registries with Auth | ✅ | ✅ | ✅ | ✅ |
Notes:
- “Built-in” means the distribution includes this component by default
- K3s includes local-path-provisioner, metrics-server, and ServiceLB (load balancer) out of the box
- Talos CSI support is provider-dependent: Local Path Provisioner for Docker, Hetzner CSI Driver for Hetzner Cloud
- LoadBalancer support by distribution — see LoadBalancer Configuration for full details:
- Vanilla (Kind) on Docker: Uses cloud-provider-kind (runs as external Docker container)
- K3s on Docker: Uses built-in ServiceLB (Klipper-LB)
- Talos on Docker: Uses MetalLB with default IP pool (172.18.255.200-172.18.255.250)
- Talos on Hetzner: Uses Hetzner Cloud Load Balancer (cloud provider integration)
- VCluster footnotes:
- ¹ CNI is managed internally by the vCluster control plane — Vind configures networking within the Docker containers
- ² CSI is managed internally by vCluster — no separate CSI driver needed
- ³ LoadBalancer is delegated to the host cluster by vCluster —
spec.cluster.loadBalancerhas no effect on VCluster and KSail does not install any LoadBalancer controller - ⁴ Metrics Server is managed internally by vCluster
Secret Management × Provider Matrix
Section titled “Secret Management × Provider Matrix”| Provider | Encryption | Decryption | Edit |
|---|---|---|---|
| age | ✅ | ✅ | ✅ |
| PGP | ✅ | ✅ | ✅ |
| AWS KMS | ✅ | ✅ | ✅ |
| GCP KMS | ✅ | ✅ | ✅ |
| Azure Key Vault | ✅ | ✅ | ✅ |
| HashiCorp Vault | ✅ | ✅ | ✅ |
Notes:
- Cloud KMS providers require appropriate credentials configured
- See SOPS documentation for provider-specific setup
CLI Commands
Section titled “CLI Commands”| Command Group | Commands Available |
|---|---|
ksail cluster | init, create, update, delete, start, stop, info, list, connect, backup, restore |
ksail workload | apply, create, delete, describe, edit, exec, explain, export, expose, gen, get, images, import, install, logs, push, reconcile, rollout, scale, validate, wait |
ksail cipher | encrypt, decrypt, edit, import |
Update Behavior
Section titled “Update Behavior”The ksail cluster update command applies configuration changes to a running cluster.
Changes are classified by impact: in-place (no disruption), reboot-required (node restart needed), or recreate-required (full cluster recreation).
| Change | Vanilla (Kind) | K3s (K3d) | Talos | VCluster (Vind) |
|---|---|---|---|---|
| Distribution | Recreate | Recreate | Recreate | Recreate |
| Provider | Recreate | Recreate | Recreate | Recreate |
| CNI | In-place | In-place | In-place | N/A |
| CSI | In-place | In-place | In-place | N/A |
| Metrics Server | In-place | In-place | In-place | N/A |
| Load Balancer | In-place | In-place | N/A¹ | N/A |
| cert-manager | In-place | In-place | In-place | In-place |
| Policy Engine | In-place | In-place | In-place | In-place |
| GitOps Engine | In-place | In-place | In-place | In-place |
| Local Registry | Recreate | In-place | In-place | In-place |
| Mirrors Dir | Recreate | N/A | N/A | N/A |
| Control Planes | Recreate | Recreate | In-place | Recreate |
| Workers | Recreate | In-place | In-place | N/A |
| Hetzner Server Type (CP) | N/A | N/A | Recreate | N/A |
| Hetzner Location | N/A | N/A | Recreate | N/A |
| Hetzner Network | N/A | N/A | Recreate | N/A |
Notes:
- “In-place” changes are applied without cluster downtime via Helm or provider APIs
- “Recreate” changes require
ksail cluster delete && ksail cluster createorksail cluster update --force - If no changes are detected,
ksail cluster updateexits immediately with no modifications (idempotent no-op) - Use
ksail cluster update --dry-runto preview changes before applying - Talos supports the broadest set of in-place updates, including node scaling for both control-plane and worker nodes
- Kind does not support any structural node changes after creation
- VCluster (Vind) runs control-plane and optional worker nodes as Docker containers — CNI, CSI, and metrics-server are managed by the vCluster Helm chart and are N/A for update operations; LoadBalancer services are provided by the host cluster, and
spec.cluster.loadBalanceris ignored for VCluster and will not trigger a cluster update - ¹ Load Balancer for Talos: For Talos, the provider determines which LoadBalancer implementation is used (MetalLB on Docker, Hetzner Cloud Controller Manager on Hetzner). The
spec.cluster.loadBalancersetting controls whether KSail installs LoadBalancer support. See FAQ for details.
Platform Requirements
Section titled “Platform Requirements”| Requirement | Minimum | Recommended |
|---|---|---|
| Docker | Docker Desktop 4.x or Docker Engine 24.x | Latest stable |
| RAM | 4 GB | 8 GB+ |
| CPU | 2 cores | 4 cores+ |
| Disk | 10 GB | 20 GB+ |
Operating System Support:
| OS | Support |
|---|---|
| macOS (Apple Silicon) | ✅ |
| Linux (x86_64) | ✅ |
| Linux (arm64) | ✅ |
| Windows (WSL2) | ✅ |
| Windows (native) | ❌ |
Version Compatibility
Section titled “Version Compatibility”KSail embeds specific versions of Kubernetes tooling:
| Tool | Embedded Version | Purpose |
|---|---|---|
| kubectl | Latest | Kubernetes CLI |
| Helm | v4 (with kstatus) | Package manager |
| Kind | Latest | Vanilla clusters |
| K3d | Latest | K3s clusters |
| vCluster SDK | v0.32.1 | VCluster virtual clusters |
| Flux | Latest | GitOps toolkit |
| ArgoCD | Latest | GitOps continuous delivery |
| SOPS | Latest | Secret encryption |
Notes:
- Kubernetes versions depend on the distribution release
- Component versions (CNI, CSI, etc.) are updated with KSail releases
- See releases for specific version information
Next Steps
Section titled “Next Steps”- Features – Explore what KSail can do
- Concepts – Understand the technologies
- Configuration – Complete configuration reference