Create Kubernetes Single Cluster on Azure VM

 

 Microk8s is a ligthweigth implementation of kubernetes it allows you to have a single cluster in you linux, windows or mac with minimal configuration.

To install microk8s on a virtual machine on Azure you must follow the following steps

1. Create a Virtual Machine on Azure

if you don't have a Virtual Machine on Azure yet, just follow this tutorial.

Create a Virtual Machine on Azure 

2. Connect to the virtual machine

ssh -i ~/.ssh/ssh-key-eus2-demo-pem demouser@52.251.32.15 

 3. Install microk8s

sudo snap install microk8s --classic

 add permissions to your user to run commands on the cluster

sudo usermod -a -G microk8s demouser

sudo chown -f -R demouser ~/.kube

You have to close and connect again to the VM for this changes to take effect.

 Get the information of the cluster to know it is running.

microk8s kubectl cluster-info

typing microk8s kubectl every time I need to run a command on the cluster is tedious so I am going to create an alias

alias kctl='microk8s kubectl'

4. Enable the dashboard (non RBAC)

microk8s enable dashboard

then run

microk8s dashboard-proxy

 

  if you open your virtual machine public IP address on port 10443 you will get a timeout, this is because you haven't open this port yet.

go to the network security group (NSG) associated to the virtual machine.

 go to settings and click on Inbound security rules.

  click on add and enable the traffic on port 10443

 do the same in the Outbound security rules option.

 now go again to the public IP address of your VM on port 10443, you might see a warning about certificates, accept the risk and then you will see the kubernetes dashboard asking you for the authentication token.

go to the console and copy the auto generated Token.

now you will see the main dashboard.


 right now the dashboard is running proxied by the cluster itself, you can let that service run and open other console if you want to run some test commands.

Security Tip

in a real world application the cluster must have RBAC enabled thus the permissions and access can be segregated by users and roles.

to enable RBAC yo must run 

microk8s enable rbac

now if you want to connect to the dashboard you must create a service account.

mkdir kube-scripts && cd kube-scripts

kctl create ns kubernetes-dashboard

nano sa-demo-dashboard.yaml

copy the following contents:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dash-user-demo
  namespace: kubernetes-dashboard

now create a Cluster Role Binding

nano crb-demo-dashboard.yaml

copy the following contents:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: demo-dash-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: demo-dash-user
  namespace: kubernetes-dashboard

now add both objects to the cluster

kctl apply -f sa-demo-dashboard.yaml

kctl apply -f crb-demo-dashboard.yaml



now we need to create a Bearer Token to connect to the dashboard

run 

kctl -n kubernetes-dashboard describe secret $(kctl -n kubernetes-dashboard get secret | grep demo-dash-user | awk '{print $1}')

as a result you will see something like this

copy the token and access again to https://${your_VM_ip}:104443, if you have closed the console running the dashboard proxy you can run it again with

microk8s dashboard-proxy

that's it, now you have an up and running single cluster to run your tests and applications.


SHARE

Daniel Sanin

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment