Microk8s is a ligthweigth implementation of kubernetes it allows you to have a single cluster in you linux, windows or mac with minimal configuration.
To install microk8s on a virtual machine on Azure you must follow the following steps
1. Create a Virtual Machine on Azure
if you don't have a Virtual Machine on Azure yet, just follow this tutorial.
Create a Virtual Machine on Azure
2. Connect to the virtual machine
ssh -i ~/.ssh/ssh-key-eus2-demo-pem demouser@52.251.32.15
3. Install microk8s
sudo snap install microk8s --classic
add permissions to your user to run commands on the cluster
sudo usermod -a -G microk8s demouser
sudo chown -f -R demouser ~/.kube
You have to close and connect again to the VM for this changes to take effect.
Get the information of the cluster to know it is running.
microk8s kubectl cluster-info
typing microk8s kubectl every time I need to run a command on the cluster is tedious so I am going to create an alias
alias kctl='microk8s kubectl'
4. Enable the dashboard (non RBAC)
microk8s enable dashboard
then run
microk8s dashboard-proxy
if you open your virtual machine public IP address on port 10443 you will get a timeout, this is because you haven't open this port yet.
go to the network security group (NSG) associated to the virtual machine.
go to settings and click on Inbound security rules.
click on add and enable the traffic on port 10443
do the same in the Outbound security rules option.
now go again to the public IP address of your VM on port 10443, you might see a warning about certificates, accept the risk and then you will see the kubernetes dashboard asking you for the authentication token.
go to the console and copy the auto generated Token.
now you will see the main dashboard.
right now the dashboard is running proxied by the cluster itself, you can let that service run and open other console if you want to run some test commands.
Security Tip
in a real world application the cluster must have RBAC enabled thus the permissions and access can be segregated by users and roles.
to enable RBAC yo must run
microk8s enable rbac
now if you want to connect to the dashboard you must create a service account.
mkdir kube-scripts && cd kube-scripts
kctl create ns kubernetes-dashboard
nano sa-demo-dashboard.yaml
copy the following contents:
apiVersion: v1
kind: ServiceAccount
metadata:
name: dash-user-demo
namespace: kubernetes-dashboard
now create a Cluster Role Binding
nano crb-demo-dashboard.yaml
copy the following contents:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: demo-dash-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: demo-dash-user
namespace: kubernetes-dashboard
now add both objects to the cluster
kctl apply -f sa-demo-dashboard.yaml
kctl apply -f crb-demo-dashboard.yaml
now we need to create a Bearer Token to connect to the dashboard
run
kctl -n kubernetes-dashboard describe secret $(kctl -n kubernetes-dashboard get secret | grep demo-dash-user | awk '{print $1}')
as a result you will see something like this
copy the token and access again to https://${your_VM_ip}:104443, if you have closed the console running the dashboard proxy you can run it again with
microk8s dashboard-proxy
that's it, now you have an up and running single cluster to run your tests and applications.
0 comments :
Post a Comment