These notes are taken using an Ubuntu 18.04.5 system with updated repo and latest patch installed.
This is a result of following step by step instructions at https://ubuntu.com/tutorials/install-a-local-kubernetes-with-microk8s#1-overview
bash-4.1$ ssh automata
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-139-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Tue Mar 23 15:33:21 PDT 2021
System load: 2.79 Processes: 267
Usage of /: 52.1% of 18.65GB Users logged in: 0
Memory usage: 6% IP address for eth0: 10.17.14.36
Swap usage: 0%
* Introducing self-healing high availability clusters in MicroK8s.
Simple, hardened, Kubernetes for production, from RaspberryPi to DC.
https://microk8s.io/high-availability
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
0 packages can be updated.
0 of these updates are security updates.
The use of this system is restricted to authorized persons only. All others will be prosecuted to the full extent of the law.
Last login: Mon Mar 22 20:32:29 2021 from 172.19.223.120
$
$
$
$ sudo su -
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
root@automata:~#
root@automata:~#
root@automata:~#
root@automata:~#
root@automata:~# snap install microk8s --classic
2021-03-23T15:37:55-07:00 INFO Waiting for automatic snapd restart...
microk8s (1.20/stable) v1.20.4 from Canonical✓ installed
root@automata:~#
root@automata:~# ps -eaf | grep -i k8
root 4293 1 0 15:42 ? 00:00:00 /bin/bash /snap/microk8s/2074/control-plane-kicker
root 4328 1 0 15:42 ? 00:00:10 /bin/bash /snap/microk8s/2074/apiservice-kicker
root 4422 1 0 15:42 ? 00:00:00 /bin/bash /snap/microk8s/2074/run-cluster-agent-with-args
root 4498 4293 0 15:42 ? 00:00:21 /snap/microk8s/2074/usr/bin/python3 /snap/microk8s/2074/scripts/wrappers/control-plane-kicker.py
root 4575 4422 0 15:42 ? 00:00:04 python3 /snap/microk8s/2074/usr/bin/gunicorn3 cluster.agent:app --bind 0.0.0.0:25000 --keyfile /var/snap/microk8s/2074/certs/server.key --certfile /var/snap/microk8s/2074/certs/server.crt --timeout 240
root 4975 4575 0 15:42 ? 00:00:01 python3 /snap/microk8s/2074/usr/bin/gunicorn3 cluster.agent:app --bind 0.0.0.0:25000 --keyfile /var/snap/microk8s/2074/certs/server.key --certfile /var/snap/microk8s/2074/certs/server.crt --timeout 240
root 6653 1 1 15:43 ? 00:02:05 /snap/microk8s/2074/bin/containerd --config /var/snap/microk8s/2074/args/containerd.toml --root /var/snap/microk8s/common/var/lib/containerd --state /var/snap/microk8s/common/run/containerd --address /var/snap/microk8s/common/run/containerd.sock
root 6793 1 15 15:43 ? 00:26:53 /snap/microk8s/2074/kube-apiserver --cert-dir=/var/snap/microk8s/2074/certs --service-cluster-ip-range=10.152.183.0/24 --authorization-mode=AlwaysAllow --service-account-key-file=/var/snap/microk8s/2074/certs/serviceaccount.key --client-ca-file=/var/snap/microk8s/2074/certs/ca.crt --tls-cert-file=/var/snap/microk8s/2074/certs/server.crt --tls-private-key-file=/var/snap/microk8s/2074/certs/server.key --kubelet-client-certificate=/var/snap/microk8s/2074/certs/server.crt --kubelet-client-key=/var/snap/microk8s/2074/certs/server.key --secure-port=16443 --token-auth-file=/var/snap/microk8s/2074/credentials/known_tokens.csv --insecure-port=0 --storage-backend=dqlite --storage-dir=/var/snap/microk8s/2074/var/kubernetes/backend/ --allow-privileged=true --service-account-issuer=https://kubernetes.default.svc --service-account-signing-key-file=/var/snap/microk8s/2074/certs/serviceaccount.key --feature-gates=RemoveSelfLink=false --requestheader-client-ca-file=/var/snap/microk8s/2074/certs/front-proxy-ca.crt --requestheader-allowed-names=front-proxy-client --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --proxy-client-cert-file=/var/snap/microk8s/2074/certs/front-proxy-client.crt --proxy-client-key-file=/var/snap/microk8s/2074/certs/front-proxy-client.key
root 6894 1 0 15:43 ? 00:00:03 /snap/microk8s/2074/kube-proxy --kubeconfig=/var/snap/microk8s/2074/credentials/proxy.config --cluster-cidr=10.1.0.0/16 --healthz-bind-address=127.0.0.1
root 7017 1 2 15:43 ? 00:05:01 /snap/microk8s/2074/kubelet --kubeconfig=/var/snap/microk8s/2074/credentials/kubelet.config --cert-dir=/var/snap/microk8s/2074/certs --client-ca-file=/var/snap/microk8s/2074/certs/ca.crt --anonymous-auth=false --network-plugin=cni --root-dir=/var/snap/microk8s/common/var/lib/kubelet --fail-swap-on=false --cni-conf-dir=/var/snap/microk8s/2074/args/cni-network/ --cni-bin-dir=/var/snap/microk8s/2074/opt/cni/bin/ --feature-gates=DevicePlugins=true --eviction-hard=memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi --container-runtime=remote --container-runtime-endpoint=/var/snap/microk8s/common/run/containerd.sock --containerd=/var/snap/microk8s/common/run/containerd.sock --node-labels=microk8s.io/cluster=true --authentication-token-webhook=true
root 7304 1 0 15:43 ? 00:00:33 /snap/microk8s/2074/kube-scheduler --kubeconfig=/var/snap/microk8s/2074/credentials/scheduler.config --address=127.0.0.1
root 7351 1 2 15:43 ? 00:03:59 /snap/microk8s/2074/kube-controller-manager --kubeconfig=/var/snap/microk8s/2074/credentials/controller.config --service-account-private-key-file=/var/snap/microk8s/2074/certs/serviceaccount.key --root-ca-file=/var/snap/microk8s/2074/certs/ca.crt --cluster-signing-cert-file=/var/snap/microk8s/2074/certs/ca.crt --cluster-signing-key-file=/var/snap/microk8s/2074/certs/ca.key --address=127.0.0.1 --use-service-account-credentials
root 7565 1 0 15:44 ? 00:00:00 /snap/microk8s/2074/bin/containerd-shim-runc-v1 -namespace k8s.io -id 1ed00a8fc04726723b38d4ec6bb5d8713971dca1d207cad187df52570b7323e8 -address /var/snap/microk8s/common/run/containerd.sock
root 7765 1 0 15:44 ? 00:00:00 /snap/microk8s/2074/bin/containerd-shim-runc-v1 -namespace k8s.io -id 31fff9ce896973c6ff1361d2b4c1e71ef15f5cb9e2e12a9c3ab41709237cff1b -address /var/snap/microk8s/common/run/containerd.sock
root 8088 1 0 15:44 ? 00:00:47 /snap/microk8s/2074/bin/containerd-shim-runc-v1 -namespace k8s.io -id c95e1c0ca506dfc04a75d02bc96b2ad2a3546bfd86eddfa5b0bcfe204d90d068 -address /var/snap/microk8s/common/run/containerd.sock
root 8258 1 0 15:44 ? 00:00:13 /snap/microk8s/2074/bin/containerd-shim-runc-v1 -namespace k8s.io -id c451c511aa4214c9bfa2d482b5344400c8dd70742d643d83b89405b5a23db7bb -address /var/snap/microk8s/common/run/containerd.sock
root 31031 2789 0 18:39 pts/0 00:00:00 grep --color=auto -i k8
root@automata:~#
root@automata:~# snap info microk8s
name: microk8s
summary: Lightweight Kubernetes for workstations and appliances
publisher: Canonical✓
store-url: https://snapcraft.io/microk8s
contact: https://github.com/ubuntu/microk8s
license: unset
description: |
MicroK8s is the smallest, simplest, pure production Kubernetes for clusters, laptops, IoT and
Edge, on Intel and ARM. One command installs a single-node K8s cluster with carefully selected
add-ons on Linux, Windows and macOS. MicroK8s requires no configuration, supports automatic
updates and GPU acceleration. Use it for offline development, prototyping, testing, to build your
CI/CD pipeline or your IoT apps.
commands:
- microk8s.add-node
- microk8s.cilium
- microk8s.config
- microk8s.ctr
- microk8s.dashboard-proxy
- microk8s.dbctl
- microk8s.disable
- microk8s.enable
- microk8s.helm
- microk8s.helm3
- microk8s.inspect
- microk8s.istioctl
- microk8s.join
- microk8s.juju
- microk8s.kubectl
- microk8s.leave
- microk8s.linkerd
- microk8s
- microk8s.refresh-certs
- microk8s.remove-node
- microk8s.reset
- microk8s.start
- microk8s.status
- microk8s.stop
services:
microk8s.daemon-apiserver: simple, enabled, active
microk8s.daemon-apiserver-kicker: simple, enabled, active
microk8s.daemon-cluster-agent: simple, enabled, active
microk8s.daemon-containerd: simple, enabled, active
microk8s.daemon-control-plane-kicker: simple, enabled, active
microk8s.daemon-controller-manager: simple, enabled, active
microk8s.daemon-etcd: simple, enabled, inactive
microk8s.daemon-flanneld: simple, enabled, inactive
microk8s.daemon-kubelet: simple, enabled, active
microk8s.daemon-proxy: simple, enabled, active
microk8s.daemon-scheduler: simple, enabled, active
snap-id: EaXqgt1lyCaxKaQCU349mlodBkDCXRcg
tracking: 1.20/stable
refresh-date: today at 15:41 PDT
channels:
1.20/stable: v1.20.4 2021-03-16 (2074) 218MB classic
1.20/candidate: v1.20.4 2021-03-10 (2074) 218MB classic
1.20/beta: v1.20.4 2021-03-10 (2074) 218MB classic
1.20/edge: v1.20.5 2021-03-22 (2094) 218MB classic
latest/stable: v1.20.4 2021-03-17 (2074) 218MB classic
latest/candidate: v1.20.4 2021-03-09 (2081) 190MB classic
latest/beta: v1.20.4 2021-03-09 (2081) 190MB classic
latest/edge: v1.20.5 2021-03-22 (2093) 189MB classic
dqlite/stable: –
dqlite/candidate: –
dqlite/beta: –
dqlite/edge: v1.16.2 2019-11-07 (1038) 189MB classic
1.21/stable: –
1.21/candidate: –
1.21/beta: v1.21.0-beta.1 2021-03-12 (2085) 191MB classic
1.21/edge: v1.21.0-alpha.3 2021-03-08 (2080) 190MB classic
1.19/stable: v1.19.8 2021-03-16 (2060) 216MB classic
1.19/candidate: v1.19.8 2021-03-10 (2060) 216MB classic
1.19/beta: v1.19.8 2021-03-10 (2060) 216MB classic
1.19/edge: v1.19.9 2021-03-22 (2095) 216MB classic
1.18/stable: v1.18.16 2021-03-16 (2055) 198MB classic
1.18/candidate: v1.18.16 2021-03-09 (2055) 198MB classic
1.18/beta: v1.18.16 2021-03-09 (2055) 198MB classic
1.18/edge: v1.18.16 2021-02-17 (2055) 198MB classic
1.17/stable: v1.17.17 2021-01-15 (1916) 177MB classic
1.17/candidate: v1.17.17 2021-01-14 (1916) 177MB classic
1.17/beta: v1.17.17 2021-01-14 (1916) 177MB classic
1.17/edge: v1.17.17 2021-01-13 (1916) 177MB classic
1.16/stable: v1.16.15 2020-09-12 (1671) 179MB classic
1.16/candidate: v1.16.15 2020-09-04 (1671) 179MB classic
1.16/beta: v1.16.15 2020-09-04 (1671) 179MB classic
1.16/edge: v1.16.15 2020-09-02 (1671) 179MB classic
1.15/stable: v1.15.11 2020-03-27 (1301) 171MB classic
1.15/candidate: v1.15.11 2020-03-27 (1301) 171MB classic
1.15/beta: v1.15.11 2020-03-27 (1301) 171MB classic
1.15/edge: v1.15.11 2020-03-26 (1301) 171MB classic
1.14/stable: v1.14.10 2020-01-06 (1120) 217MB classic
1.14/candidate: ↑
1.14/beta: ↑
1.14/edge: v1.14.10 2020-03-26 (1303) 217MB classic
1.13/stable: v1.13.6 2019-06-06 (581) 237MB classic
1.13/candidate: ↑
1.13/beta: ↑
1.13/edge: ↑
1.12/stable: v1.12.9 2019-06-06 (612) 259MB classic
1.12/candidate: ↑
1.12/beta: ↑
1.12/edge: ↑
1.11/stable: v1.11.10 2019-05-10 (557) 258MB classic
1.11/candidate: ↑
1.11/beta: ↑
1.11/edge: ↑
1.10/stable: v1.10.13 2019-04-22 (546) 222MB classic
1.10/candidate: ↑
1.10/beta: ↑
1.10/edge: ↑
installed: v1.20.4 (2074) 218MB classic
root@automata:~#
root@automata:~# microk8s enable dns dashboard storage
Enabling DNS
Applying manifest
serviceaccount/coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
clusterrole.rbac.authorization.k8s.io/coredns created
clusterrolebinding.rbac.authorization.k8s.io/coredns created
Restarting kubelet
DNS is enabled
Enabling Kubernetes Dashboard
Enabling Metrics-Server
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/microk8s-admin created
Metrics-Server is enabled
Applying manifest
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
If RBAC is not enabled access the dashboard using the default token retrieved with:
token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s kubectl -n kube-system describe secret $token
In an RBAC enabled setup (microk8s enable RBAC) you need to create a user with restricted
permissions as shown in:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
Enabling default storage class
deployment.apps/hostpath-provisioner created
storageclass.storage.k8s.io/microk8s-hostpath created
serviceaccount/microk8s-hostpath created
clusterrole.rbac.authorization.k8s.io/microk8s-hostpath created
clusterrolebinding.rbac.authorization.k8s.io/microk8s-hostpath created
Storage will be available soon
root@automata:~#
root@automata:~# microk8s kubectl get all --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/calico-node-t5lpg 1/1 Running 1 179m
kube-system pod/calico-kube-controllers-847c8c99d-b72lc 1/1 Running 0 179m
kube-system pod/coredns-86f78bb79c-wknf2 0/1 Running 0 28s
kube-system pod/metrics-server-8bbfb4bdb-65vb6 0/1 Pending 0 15s
kube-system pod/kubernetes-dashboard-7ffd448895-wlvw8 0/1 Pending 0 6s
kube-system pod/dashboard-metrics-scraper-6c4568dc68-rgkwt 0/1 Pending 0 6s
kube-system pod/hostpath-provisioner-5c65fbdb4f-q296v 0/1 Pending 0 3s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 179m
kube-system service/kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 28s
kube-system service/metrics-server ClusterIP 10.152.183.116 <none> 443/TCP 15s
kube-system service/kubernetes-dashboard ClusterIP 10.152.183.230 <none> 443/TCP 6s ====> THIS ONE IS MOST IMPORTANT LINK !!!
kube-system service/dashboard-metrics-scraper ClusterIP 10.152.183.103 <none> 8000/TCP 6s
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/calico-node 1 1 1 1 1 kubernetes.io/os=linux 179m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/calico-kube-controllers 1/1 1 1 179m
kube-system deployment.apps/coredns 0/1 1 0 28s
kube-system deployment.apps/metrics-server 0/1 1 0 15s
kube-system deployment.apps/kubernetes-dashboard 0/1 1 0 6s
kube-system deployment.apps/dashboard-metrics-scraper 0/1 1 0 6s
kube-system deployment.apps/hostpath-provisioner 0/1 1 0 4s
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/calico-kube-controllers-847c8c99d 1 1 1 179m
kube-system replicaset.apps/coredns-86f78bb79c 1 1 0 28s
kube-system replicaset.apps/metrics-server-8bbfb4bdb 1 1 0 15s
kube-system replicaset.apps/kubernetes-dashboard-7ffd448895 1 1 0 6s
kube-system replicaset.apps/dashboard-metrics-scraper-6c4568dc68 1 1 0 6s
kube-system replicaset.apps/hostpath-provisioner-5c65fbdb4f 1 1 0 4s
root@automata:~#
root@automata:~#
root@automata:~#
root@automata:~# logout
TIME TO OPEN KUBERNETES WEB INTERFACE:
$ firefox https://10.152.183.230/
ON A DIFFERENT TERMINAL:: (IN order to retrieve token needed to sign-into K8 console)::
root@automata:~# token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
root@automata:~# microk8s kubectl -n kube-system describe secret $token
Name: default-token-tgt6l
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: def37df5-8bda-49ec-9591-fb7a893e2c1b
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1103 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlN4Sk9saWtEc01xX19MUS12bFc3dTJlTU9DVHpfbmwtZEZ3eUJjT1gzVVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXRndDZsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkZWYzN2RmNS04YmRhLTQ5ZWMtOTU5MS1mYjdhODkzZTJjMWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.GctSaD4bAEzMtJAnoMDD2mQKZAZZyd2reL3w3ZqYvQNUl1hlBaM0Cab55qFnp-7fzeHgDJZ4EDqCJFIpMr1ZHsVvtqulPaHMqKObATgilSBmP7hiltC6fq-PpI_wqHGK77BTbE1ScSkaO9IzkQstd0go1aTjVdxy6Nw7HduEvHtWR_wymcJZPM3k6sHByr8M0pZ4MfaQJcZhJhmEvHKbwHiSONN06oauoXzjjzt1Ghqh8XpNGPlWEg223KmEiDpyxJHCqKG2iWntbN-SnnP4akifr6fDcT-E08LqoGr7SkT8Gz3rmTINI2Q1f3lYsssceWbhE5Q32YYmcqJAu4tmOg
root@automata:~#
</pre>
Posts
No comments:
Post a Comment