After securely connected to VPS, Mostly of development and deployment can be done with traditional stuffs, something likes install nginx/apache, build source code and upload to the server via SFTP or git. To make it easy for deloyment task, using Docker images and for self-practice in DevOps field, I decided to use Kubernetes and begining from the scratch.
I explored various single-node Kubernetes installation options and came across
microk8s. Given that my VPS has limited resources, microk8s seems to be the best option for me at the moment.
MicroK8sis a CNCF certified upstream Kubernetes deployment that runs entirely on your workstation or edge device. Being a snap it runs all Kubernetes services natively (i.e. no virtual machines) while packing the entire set of libraries and binaries needed. Installation is limited by how fast you can download a couple of hundred megabytes and the removal of MicroK8s leaves nothing behind.
The first part is that Ubuntu Server offers an option to install
microk8s, making the installation process practically effortless.
The second part I need to add some GUIs for easily managing K8S, and I’ve opted for Rancher as the appropriate tool for deploying and managing K8S. However, you might also consider other tools like Lens, MobaXterm, or just a Terminal.
The blog will do two main parts:
- Deploying K8s environment with Microk8s and…
on a single node VPS Linux running Ubuntu 20.04.
May your VPS doesn’t ship
snapd so we have to install
snapd. Do not forget to update the system first.
# 1 Update your system
sudo apt update
sudo apt upgrade -y
Then install the snapd and heml3
# 2 Install snap and helm3:
sudo apt install snapd
snap install helm3
At the time of writing this blog, there exists a compatibility matrix between Rancher and Kubernetes. Therefore, for proper compatibility, it is recommended to install Kubernetes (microk8s) version 1.26 alongside Rancher version 2.7.5.
# 3 Install MicroK8s (using snap)
sudo snap install microk8s --classic --channel=1.26
microk8s helm3 repo update
Microk8s is installed, we have access to the microk8s commands through the shell. Before we can use it, we need to give our userprofile permissions to access the command. Give yourself permissions by Joining your user to
microk8s Linux group:
# 4 Add your user to the 'microk8s' group to access the cluster:
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
Enable required services and some optional services:
# 5 Enable required services
sudo microk8s enable dns hostpath-storage
sudo microk8s enable helm3 ingress dashboard cert-manager
List of the most important addons
- dns: Deploy DNS. This addon may be required by others, thus we recommend you always enable it.
- dashboard: Deploy kubernetes dashboard.
- storage: Create a default storage class. This storage class makes use of the hostpath-provisioner pointing to a directory on the host.
- ingress: Create an ingress controller.
- gpu: Expose GPU(s) to MicroK8s by enabling the nvidia-docker runtime and nvidia-device-plugin-daemonset. Requires NVIDIA drivers to be already installed on the host system.
- istio: Deploy the core Istio services. You can use the microk8s istioctl command to manage your deployments.
- registry: Deploy a docker private registry and expose it on localhost:32000. The storage addon will be enabled as part of this addon.
You can verify the status of
sudo microk8s status --wait-ready
Open firewall for Kubernetes pods to communicate with each other and the internet:
# 9 Enable firewall
sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed
Allow containers to run in priviliged
sudo sh -c 'echo "--allow-privileged=true" >> /var/snap/microk8s/current/args/kube-apiserver'
sudo systemctl restart snap.microk8s.daemon-apiserver.service
Waiting for all of the pods to come up. If ingress does not go up properly, reboot the server.
watch -n 1 microk8s kubectl get all --all-namespaces
Installation of Rancher
Firstly, let’s install cert-manager, a prerequisite for Rancher. You can enable cert-manager in step
#5 mentioned above. Following this, the next step involves creating a ClusterIssuer for Let’s Encrypt using the provided resource:
# 10 Creating a ClusterIssuer
microk8s kubectl apply -f - <<EOF
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: [email protected]
# Secret resource that will be used to store the account's private key.
# Add a single challenge solver, HTTP01 using nginx
Once you’ve installed cert-manager, you can verify it is deployed correctly by checking the cert-manager namespace for running pods:
kubectl get pods --namespace cert-manager
Rancher can be installed on any Kubernetes cluster. This cluster can use upstream Kubernetes, or it can use one of Rancher’s Kubernetes distributions, or it can be a managed Kubernetes cluster from a provider.
The Rancher UI and API are exposed through an
Ingress. This means the Kubernetes cluster that you install Rancher in must contain an Ingress controller.
# 11 Create namespace for Rancher
sudo microk8s kubectl create namespace cattle-system
sudo microk8s kubectl label namespace cattle-system cattle-system.k8s.io/disable-validation=true
# 12 Adding Helm Chart Repository
microk8s helm3 repo add rancher-stable https://releases.rancher.com/server-charts/stable
Performing the install with ingress nginx and rancher:
# 13 Install Rancher with Ingress and Lets Encrypt
microk8s helm3 install rancher rancher-stable/rancher \
--namespace cattle-system \
--set hostname=YOUR_DOMAIN \
--set ingress.tls.source=letsEncrypt \
--set [email protected] \
--set letsEncrypt.ingress.class=nginx \
--set replicas=2 \
YOUR_DOMAIN with your domain.
You can choose another SSL Configuration by reading this guide.
Watch all namespace:
watch -n 1 microk8s kubectl get all --all-namespaces
https://YOUR_DOMAIN from browser, a kubectl will be shown on screen, run it in cluster to get the temporary password, change it in the Rancher interface.
In the next post, we will integrate Microsoft Entra ID (a.k.a Azure AD) to the Rancher.
Use Alias instead for the
microk8s kubectl and
microk8s heml3 command:
echo "alias kubectl='microk8s kubectl'" >> ~/.bashrc
echo "alias heml3='microk8s heml3'" >> ~/.bashrc
HCM, 29 Nov 2023
@Nam Le, https://nready.net
Last modified on February 24th, 2024 at 5:38 pm