Deploying a Kubernetes environment with MicroK8S and Rancher

After securely connected to VPS, Mostly of development and deployment can be done with traditional stuffs, something likes install nginx/apache, build source code and upload to the server via SFTP or git. To make it easy for deloyment task, using Docker images and for self-practice in DevOps field, I decided to use Kubernetes and begining from the scratch.

I explored various single-node Kubernetes installation options and came across microk8s with my friend – Tung Le. Given that my VPS has limited resources, microk8s seems to be the best option for me at the moment.

TS;DR

MicroK8s is a CNCF certified upstream Kubernetes deployment that runs entirely on your workstation or edge device. Being a snap it runs all Kubernetes services natively (i.e. no virtual machines) while packing the entire set of libraries and binaries needed. Installation is limited by how fast you can download a couple of hundred megabytes and the removal of MicroK8s leaves nothing behind.
-microk8s.io

The first part is that Ubuntu Server offers an option to install microk8s, making the installation process practically effortless.

The second part I need to add some GUIs for easily managing K8S, and I’ve opted for Rancher as the appropriate tool for deploying and managing K8S. However, you might also consider other tools like Lens, MobaXterm, or just a Terminal.

The blog will do two main parts:

Deploying K8s environment with Microk8s and…
Rancher

on a single node VPS Linux running Ubuntu 20.04.

Install Kubernetes

May your VPS doesn’t ship snapd so we have to install snapd. Do not forget to update the system first.

# 1 Update your system
sudo apt update
sudo apt upgrade -y

Then install the snapd and heml3

# 2 Install snap and helm3:
sudo apt install snapd
snap install helm3

At the time of writing this blog, there exists a compatibility matrix between Rancher and Kubernetes. Therefore, for proper compatibility, it is recommended to install Kubernetes (microk8s) version 1.26 alongside Rancher version 2.7.5.

# 3 Install MicroK8s (using snap)
sudo snap install microk8s --classic --channel=1.26
microk8s helm3 repo update

Microk8s is installed, we have access to the microk8s commands through the shell. Before we can use it, we need to give our userprofile permissions to access the command. Give yourself permissions by Joining your user to microk8s Linux group:

# 4 Add your user to the 'microk8s' group to access the cluster:
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube

Enable required services and some optional services:

# 5 Enable required services
sudo microk8s enable dns hostpath-storage
sudo microk8s enable helm3 ingress dashboard cert-manager

List of the most important addons

dns: Deploy DNS. This addon may be required by others, thus we recommend you always enable it.

dashboard: Deploy kubernetes dashboard.

storage: Create a default storage class. This storage class makes use of the hostpath-provisioner pointing to a directory on the host.

ingress: Create an ingress controller.

gpu: Expose GPU(s) to MicroK8s by enabling the nvidia-docker runtime and nvidia-device-plugin-daemonset. Requires NVIDIA drivers to be already installed on the host system.

istio: Deploy the core Istio services. You can use the microk8s istioctl command to manage your deployments.

registry: Deploy a docker private registry and expose it on localhost:32000. The storage addon will be enabled as part of this addon.

(Source: https://ubuntu.com/tutorials/install-a-local-kubernetes-with-microk8s#3-enable-addons)

You can verify the status of MicroK8s cluster:

sudo microk8s status --wait-ready

Open firewall for Kubernetes pods to communicate with each other and the internet:

# 9 Enable firewall
sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed

Allow containers to run in priviliged

sudo sh -c 'echo "--allow-privileged=true" >> /var/snap/microk8s/current/args/kube-apiserver'
sudo systemctl restart snap.microk8s.daemon-apiserver.service

Waiting for all of the pods to come up. If ingress does not go up properly, reboot the server.

watch -n 1 microk8s kubectl get all --all-namespaces

Installation of Rancher

Install cert-manager

Firstly, let’s install cert-manager, a prerequisite for Rancher. You can enable cert-manager in step #5 mentioned above. Following this, the next step involves creating a ClusterIssuer for Let’s Encrypt using the provided resource:

# 10 Creating a ClusterIssuer
microk8s kubectl apply -f - <<EOF
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource that will be used to store the account's private key.
      name: letsencrypt-account-key
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
    - http01:
        ingress:
          class: public
EOF

Once you’ve installed cert-manager, you can verify it is deployed correctly by checking the cert-manager namespace for running pods:

kubectl get pods --namespace cert-manager

Install Rancher

Rancher can be installed on any Kubernetes cluster. This cluster can use upstream Kubernetes, or it can use one of Rancher’s Kubernetes distributions, or it can be a managed Kubernetes cluster from a provider.

The Rancher UI and API are exposed through an Ingress. This means the Kubernetes cluster that you install Rancher in must contain an Ingress controller.

# 11 Create namespace for Rancher
sudo microk8s kubectl create namespace cattle-system
sudo microk8s kubectl label namespace cattle-system cattle-system.k8s.io/disable-validation=true

# 12 Adding Helm Chart Repository
microk8s helm3 repo add rancher-stable https://releases.rancher.com/server-charts/stable

Performing the install with ingress nginx and rancher:

# 13 Install Rancher with Ingress and Lets Encrypt
microk8s helm3 install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=YOUR_DOMAIN \
  --set ingress.tls.source=letsEncrypt \
  --set [email protected] \
  --set letsEncrypt.ingress.class=nginx \
  --set replicas=2 \
  --version 2.7.5

Replace YOUR_DOMAIN with your domain.
You can choose another SSL Configuration by reading this guide.

Watch all namespace:

watch -n 1 microk8s kubectl get all --all-namespaces

Navigate to https://YOUR_DOMAIN from browser, a kubectl will be shown on screen, run it in cluster to get the temporary password, change it in the Rancher interface.

In the next post, we will integrate Microsoft Entra ID (a.k.a Azure AD) to the Rancher.

Tips

Use Alias instead for the microk8s kubectl and microk8s heml3 command:

echo "alias kubectl='microk8s kubectl'" >> ~/.bashrc
echo "alias heml3='microk8s heml3'" >> ~/.bashrc
source ~/.bashrc

Ref:

HCM, 29 Nov 2023
@Nam Le, https://nready.net

Last modified on April 5th, 2024 at 1:03 am

devops k8s microk8s rancher vps

Nam Le
lequocnam