Helm Deployment

The Helm chart installs the A3S Box CRI path for Kubernetes. As of v2.0.5 the CRI server is reachable by crictl and the kubelet over its Unix domain socket, and the core pod sandbox + container lifecycle and exec (over the Kubernetes SPDY/3.1 remotecommand protocol) work end to end — verified on /dev/kvm hosts. CRI attach and full critest conformance are not yet complete, so it is not the primary local-runtime path and should not be treated as a drop-in production Kubernetes runtime without host-specific validation.

Prerequisites

• Kubernetes node that can run the A3S Box CRI pod with the required privileges.
• Linux host virtualization support, typically KVM-accessible nodes.
• A container image or locally built image for the CRI server.
• RuntimeClass and kubelet/container-runtime wiring that matches your cluster setup.

Install from the Repository

helm install a3s-box deploy/helm/a3s-box/ \
  -n a3s-box-system --create-namespace

This path assumes you are working from the Box repository. Values depend on your local image publishing flow.

What the Chart Represents

• A DaemonSet for the CRI server.
• A RuntimeClass handler name.
• RBAC and configuration needed for the server pod.
• Host mounts needed for VM/runtime operation.

Validation

After deployment, validate with crictl first, then with a small RuntimeClass pod. Keep the test image simple, for example Alpine with sleep 3600.

crictl --runtime-endpoint unix:///run/a3s-box-cri.sock info

Boundaries

• The CRI server supports the core pod sandbox + container lifecycle and exec end to end (verified on /dev/kvm hosts via crictl/kubelet); CRI attach and full critest conformance are not yet complete.
• It is Linux-focused; Windows CRI is unsupported.
• Full Kubernetes conformance is not claimed.
• Node security, image distribution, CNI integration, and operational hardening remain deployment-specific work.