# Installation ``` sudo snap install microk8s --classic --channel=1.25/stable sudo usermod -a -G microk8s fdamstra sudo chown -f -R fdamstra ~/.kube # Logout and back in to get new group, then # Wait for ready microk8s status --wait-ready # Definitely want coredns: microk8s enable dns storage # may want: alias kubectl='microk8s kubectl' ``` # Adding nodes on the master: ``` microk8s add-node ``` on the remote, use the join command provided # Checking status run `microk8s status` and view "high-availability: yes" # To remove : Gracefully: ``` microk8s leave ``` Then from a remaining node: ``` microk8s remove-node ``` Non-gracefully: ``` microk8s remove-node --force ``` # Future stuff: # addons Full list: https://microk8s.io/docs/addons#heading--list ======= # Next Steps ## MetalLB Using the status seems better ``` microk8s enable metallb # Enter IP range: 10.42.42.211-10.42.42.240 ``` ## NFS Provisioning ``` cd ~/monkeybox_kubernetes/Workloads/nfs-provisioning microk8s kubectl apply -f 001* microk8s kubectl apply -f 002* microk8s kubectl apply -f 003* ``` ## ingress-nginx Not clear to me if the addon was the right ingress controller. My stuff uses 'ingress-nginx', and I think the microk8s addon is 'nginx-ingress', and I think these are different things. So I'm just installing 'ingress-nginx' with my stuff: ``` cd ~/monkeybox_kubernetes/Workloads/ingress-nginx htpasswd -c auth fdamstra # create my user as a seccreet for HTTP Basic Auth microk8s kubectl create secret generic basic-auth --from-file=auth microk8s kubectl apply -f ingress-nginx-controller-v0.45.0.yaml ``` ## Cert Manager 1. log into the aws console 2. iam->users->`letsencrypt-wildcard`->security credentials 3. 'create access key' 4. Copy the secret into a file called `password.txt` in `~/monkeybox_kubernetes/Workloads/cert-manager` 5. Copy teh access key id into `~/monkeybox_kubernetes/Workloads/cert-manager/wildcard*` ``` cd ~/monkeybox_kubernetes/Workloads/cert-manager microk8s kubectl create secret generic aws-route53-creds --from-file=password.txt -n default microk8s kubectl apply -f cert-manager.yaml sleep 60 # big pause here microk8s kubectl apply -f staging_issuer.yaml microk8s kubectl apply -f prod_issuer.yaml microk8s kubectl apply -f wildcard_staging_issuer.yaml microk8s kubectl apply -f wildcard_prod_issuer.yaml ``` ## Generate my first workloads ``` cd ~/monkeybox_kubernetes/Workloads vim index.html # change issuer to letsencrypt-staging microk8s kubectl apply -f index.yaml # Validate that `io.monkeybox.org` works ``` Shit. It doesn't. Problem was that 'home.monkeybox.org' was resolving with the wildcard. ## Fix CoreDNS? microk8s kubectl edit configmap -n kube-system coredns set dns servers to use 10.42.42.2 first ## Kube-Vip ``` export VIP=10.42.42.8 export INTERFACE=eth0 alias kube-vip="ctr run --rm --net-host docker.io/plndr/kube-vip:0.3.1 vip" # Notes for future me: # addons These might be better than helm and/or better than installing by hand, methinks. Full list: https://microk8s.io/docs/addons#heading--list Add addons ``` microk8s enable dns storage ``` # If you want to update later sudo snap refresh microk8s --channel=latest/stable # Prometheus microk8s kubectl port-forward -n monitoring service/prometheus-k8s --address 0.0.0.0 9090:9090 microk8s kubectl port-forward -n monitoring service/grafana --address 0.0.0.0 3000:3000