Kubernetes in seconds: MicroK8s

Published by Felipe Crochik on

Create a kubernetes cluster all-in-one virtual machine for kubernetes learning/experimentation.

Note: There is a little video on https://microk8s.io/ if that is more of your cup of tea.

Ingredients

  • Virtual Machine (e.g. AWS EC2 instance) 
  • Ubuntu 18.04 LTS (or any linux distribution with snap support)

Create cluster using microk8s

Like Magic:

sudo snap install microk8s --classic

You can confirm it is running with:

microk8s.kubectl cluster-info

…and you should get something like:

Kubernetes master is running at http://127.0.0.1:8080 
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

Create an alias for microk8s.kubectl so you can save a lot of typing:

sudo snap alias microk8s.kubectl kubectl

Enable auto completion for kubectl (current session):

source <(kubectl completion bash)

Configure bash:

echo "source <(kubectl completion bash)" >> ~/.bashrc

UI (Dashboard)

Expose management UI (Dashboard).

microk8s.enable dns dashboard ingress

Start Proxy

You can change the firewall to only allow access to this host on port 8001 but this is unsafe and will allow anybody access to the kubernetes dashboard.

If using AWS EC2 you can configure the “Security Group” used by this host to only allow incoming requests only from your IP. 

Another (better) option is to, from your development machine, use ssh with port forwarding to connect to this host. On your development machine:

ssh -L 8081:localhost:8081 <user>@<host>

Now start the dashboard proxy

On the microk8s host:

microk8s.kubectl proxy --accept-hosts=.* --address=0.0.0.0 &

On the browser in your desktop navigate to:

http://{your_micro8ks_host_name}:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Microk8s Add-ons

microk8s.enable --help
Usage: microk8s.enable ADDON...
Enable one or more ADDON included with microk8s
Example: microk8s.enable dns storage

Available addons:

  dashboard
  dns
  gpu
  ingress
  istio
  metrics-server
  registry
  storage

Troubleshooting

On a ubuntu 18 AWS ec2 instance (without any changes) pods couldn’t access “the internet”. Turns out it was the iptables configuration. 

I got some help by running (on microk8s host):

microk8s.inspect

and got some useful feedback:

...
WARNING:  IPtables FORWARD policy is DROP. 
Consider enabling traffic forwarding with: 
sudo iptables -P FORWARD ACCEPT 
...

and running it did resolved the problem with my pods accessing anything outside the pod.

What’s next?

Check this follow up post to setup your private docker registry.

References:

Categories: TL;DR
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Related Posts

TL;DR

Grafana – reset admin password

If you have deployed grafana to your k8s cluster using the helm chart and for some reason can’t login using the password stored in the secret, this is how you reset it. The password is Read more…

TL;DR

Multipass – Remote-SSH development environment on your Mac

This is a little experiment to run ubuntu linux on your Mac using multipass to develop SPAs using a vscode Remote-SSH development environment. This is not the quickest way to setup a remote development environment Read more…

TL;DR

AWS Credentials

Get the role name wget http://169.254.169.254/latest/meta-data/iam/info will get something like: { "Code" : "Success", "LastUpdated" : "2020-03-06T20:34:08Z", "InstanceProfileArn" : "arn:aws:iam::3940394039403:instance-profile/ProfileName", "InstanceProfileId" : "kasdjaksjakjsa" } or better yet, get the role name from: wget http://169.254.169.254/latest/meta-data/iam/security-credentials It Read more…