Startseite Erkunden Hilfe
Registrieren Anmelden
Containers
/
monkeybox_kubernetes
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: ee73d451ca
Branches Tags
monkeybox_kuber...
/
microk8s_notes.md

microk8s_notes.md 3.3 KB
Verlauf Originalformat

Installation

sudo snap install microk8s --classic --channel=1.25/stable
sudo usermod -a -G microk8s fdamstra
sudo chown -f -R fdamstra ~/.kube

# Logout and back in to get new group, then
# Wait for ready
microk8s status --wait-ready

# Definitely want coredns:
microk8s enable dns storage

# may want:
alias kubectl='microk8s kubectl'

Adding nodes

on the master:

microk8s add-node

on the remote, use the join command provided

Checking status

run microk8s status and view "high-availability: yes"

To remove :

Gracefully:

microk8s leave

Then from a remaining node:

microk8s remove-node <node>

Non-gracefully:

microk8s remove-node <node> --force

Future stuff:

addons

Full list: https://microk8s.io/docs/addons#heading--list

=======

Next Steps

MetalLB

Using the status seems better

microk8s enable metallb
# Enter IP range: 10.42.42.211-10.42.42.240

NFS Provisioning

cd ~/monkeybox_kubernetes/Workloads/nfs-provisioning
microk8s kubectl apply -f 001*
microk8s kubectl apply -f 002*
microk8s kubectl apply -f 003*

ingress-nginx

Not clear to me if the addon was the right ingress controller. My stuff uses 'ingress-nginx', and I think the microk8s addon is 'nginx-ingress', and I think these are different things. So I'm just installing 'ingress-nginx' with my stuff:

cd ~/monkeybox_kubernetes/Workloads/ingress-nginx
htpasswd -c auth fdamstra # create my user as a seccreet for HTTP Basic Auth
microk8s kubectl create secret generic basic-auth --from-file=auth
microk8s kubectl apply -f ingress-nginx-controller-v0.45.0.yaml

Cert Manager

  1. log into the aws console
  2. iam->users->letsencrypt-wildcard->security credentials
  3. 'create access key'
  4. Copy the secret into a file called password.txt in ~/monkeybox_kubernetes/Workloads/cert-manager

  5. Copy teh access key id into ~/monkeybox_kubernetes/Workloads/cert-manager/wildcard*

    cd ~/monkeybox_kubernetes/Workloads/cert-manager
microk8s kubectl create secret generic aws-route53-creds --from-file=password.txt -n default
microk8s kubectl apply -f cert-manager.yaml
sleep 60 # big pause here
microk8s kubectl apply -f staging_issuer.yaml
microk8s kubectl apply -f prod_issuer.yaml
microk8s kubectl apply -f wildcard_staging_issuer.yaml
microk8s kubectl apply -f wildcard_prod_issuer.yaml

Generate my first workloads

cd ~/monkeybox_kubernetes/Workloads
vim index.html
# change issuer to letsencrypt-staging
microk8s kubectl apply -f index.yaml
# Validate that `io.monkeybox.org` works

Shit. It doesn't. Problem was that 'home.monkeybox.org' was resolving with the wildcard.

Fix CoreDNS?

microk8s kubectl edit configmap -n kube-system coredns set dns servers to use 10.42.42.2 first

Kube-Vip

export VIP=10.42.42.8
export INTERFACE=eth0
alias kube-vip="ctr run --rm --net-host docker.io/plndr/kube-vip:0.3.1 vip"


# Notes for future me:

# addons

These might be better than helm and/or better than installing by hand, methinks.

Full list: https://microk8s.io/docs/addons#heading--list

Add addons

microk8s enable dns storage ```

If you want to update later

sudo snap refresh microk8s --channel=latest/stable

Prometheus

microk8s kubectl port-forward -n monitoring service/prometheus-k8s --address 0.0.0.0 9090:9090 microk8s kubectl port-forward -n monitoring service/grafana --address 0.0.0.0 3000:3000