How to control MicroK8s upgrades using a Snap Store Proxy

Details

  • Control revisions and upgrade rollouts.
  • Cache snaps in local network, limiting external bandwidth requirements.

Requirements

  • PostgreSQL database. This guide includes instructions to deploy and configure a single-node PostgreSQL instance. For production environments, a PostgreSQL cluster is recommended.
  • An Ubuntu 18.04 or 20.04 instance, where the snap store proxy will be deployed.
  • An Ubuntu SSO account.

Installation

These instructions will install a single-node Snap Store Proxy in your own infrastructure. For a more complete set of instructions, see the official Snap Store Proxy documentation.

  1. Start in a fresh Ubuntu 18.04 or 20.04 instance, where the Snap Store Proxy is going to be installed.

  2. (If not using an external PostgreSQL database), setup a single-node PostgreSQL instance:

    sudo apt-get update
    sudo apt-get install postgresql
    
  3. Create a user and a database for the Snap Store proxy.

    echo "
    CREATE ROLE \"snapproxy-user\" LOGIN CREATEROLE PASSWORD 'snapproxy-password';
    CREATE DATABASE \"snapproxy-db\" OWNER \"snapproxy-user\";
    \connect \"snapproxy-db\"
    CREATE EXTENSION \"btree_gist\";
    " | sudo -u postgres psql
    
  4. Install snap store proxy.

    sudo snap refresh snapd
    sudo snap install snap-store-proxy
    
  5. Connect to the database. Replace postgres://snapstore-username:snapstore-password@localhost:5432/snapproxy-db if using an external PostgreSQL database.

    export POSTGRESQL_CONNECTION_STRING="postgresql://snapproxy-user:snapproxy-password@localhost:5432/snapproxy-db"
    sudo snap-proxy config proxy.db.connection="${POSTGRESQL_CONNECTION_STRING}"
    
  6. Ensure network connectivity.

    sudo snap-proxy check-connections
    

    This should produce output similar to:

    http: https://dashboard.snapcraft.io: OK
    http: https://login.ubuntu.com: OK
    http: https://api.snapcraft.io: OK
    postgres: localhost: OK
    All connections appear to be accessible
    
  7. Configure a domain name for the Snap Store Proxy. The proxy should be reachable as http://proxy.internal.

    sudo snap-proxy config proxy.domain=proxy.internal
    
  8. Configure the maximum size of the proxy cache, in MBs. The default value is 2GB, and it should be enough for most cases. We will increase this to 10GB.
    Running the config command without specifying a value…

    sudo snap-proxy config proxy.cache.size
    

    … will return the current config setting:

    2048
    

    You can set the cache size by specifting a value:

    sudo snap-proxy config proxy.cache.size=10240
    
  9. Register the Snap Store Proxy. You will be asked to log in with your Ubuntu SSO account and answer a few simple questions.

    sudo snap-proxy generate-keys
    sudo snap-proxy register
    
  10. Verify the Snap Store Proxy has been configured properly by running the command:

    sudo snap-proxy status
    

    This should produce output like:

     Store ID: YKNdvTH4IZfIFGtyaS7DSn6QCwgpgNfh
     Status: pending
     Connected Devices (updated daily): 0
     Device Limit: None
     Internal Service Status:
       memcached: running
       nginx: running
       snapauth: running
       snapdevicegw: running
       snapdevicegw-local: running
       snapproxy: running
       snaprevs: running
    

Connect to the proxy

Connecting instances such as one or more MicroK8s nodes is as simple as pointing snap to the Snap store proxy instance we just deployed. The $STORE_ID can be retrieved from the output of the sudo snap-proxy status command, shown just above. This step is required for each server that needs to use our snap store proxy.

ubuntu@my-server:~$ export STORE_ID="YKNdvTH4IZfIFGtyaS7DSn6QCwgpgNfh"
ubuntu@my-server:~$ curl http://proxy.internal/v2/auth/store/assertions | sudo snap ack /dev/stdin
ubuntu@my-server:~$ sudo snap set core proxy.store="${STORE_ID}"

Install MicroK8s

After configuring your server to use your snap store proxy instance, you can proceed with installing MicroK8s.

sudo snap install microk8s --classic

The first time, the MicroK8s snap will be fetched from the snap store. Subsequent installations (e.g. from other servers) will be much faster, since the snap is cached on the snap store proxy instance.

Control upgrades

When using a snap store proxy, it is possible to pin the snap revision that will be installed by each channel. This allows infrastructure administrators to gracefully control how (and when) upgrades are performed.

  1. List available channels and the revision that each channel installs. We see that the 1.22/stable channel installs (at the time of this writing) snap revision 2645.

    ubuntu@proxy:~$ sudo snap list microk8s
    ...
    channels:
      1.22/stable:      v1.22.3         2021-11-14 (2645) 194MB classic
      1.22/candidate:   v1.22.4         2021-11-22 (2695) 194MB classic
      1.22/beta:        v1.22.4         2021-11-22 (2695) 194MB classic
      1.22/edge:        v1.22.4         2021-11-17 (2695) 194MB classic
      latest/stable:    v1.22.3         2021-11-15 (2645) 194MB classic
      latest/candidate: v1.22.4         2021-11-18 (2693) 198MB classic
      latest/beta:      v1.22.4         2021-11-18 (2693) 198MB classic
      latest/edge:      v1.22.4         2021-11-23 (2727) 217MB classic
    ...
    
  2. Pin latest/stable to revision 2645 with the following command. As an example to verify that everything is working as it should, we also pin the latest/edge and 1.22/edge channels.

    ubuntu@proxy:~$ sudo snap-proxy override microk8s stable=2645
    microk8s stable amd64 2645
    ubuntu@proxy:~$ sudo snap-proxy override microk8s edge=2645
    microk8s edge amd64 2645
    ubuntu@proxy:~$ sudo snap-proxy override microk8s 1.22/edge=2645
    microk8s 1.22/edge amd64 2645
    
    ubuntu@proxy:~$ sudo snap-proxy list-overrides microk8s
    microk8s stable amd64 2645 (upstream 2645)
    microk8s edge amd64 2645 (upstream 2727)
    microk8s 1.22/edge amd64 2645 (upstream 2695)
    
  3. From your server that uses the snap store proxy, verify that the revisions have been pinned as they should (note the difference with the output we received above):

    ubuntu@my-server:~$ sudo snap info microk8s
    ...
    channels:
      1.22/stable:      v1.22.3         2021-11-14 (2645) 194MB classic
      1.22/candidate:   v1.22.4         2021-11-22 (2695) 194MB classic
      1.22/beta:        v1.22.4         2021-11-22 (2695) 194MB classic
      1.22/edge:        v1.22.3         2021-11-24 (2645) 194MB classic
      latest/stable:    v1.22.3         2021-11-24 (2645) 194MB classic
      latest/candidate: v1.22.4         2021-11-18 (2693) 198MB classic
      latest/beta:      v1.22.4         2021-11-18 (2693) 198MB classic
      latest/edge:      v1.22.3         2021-11-24 (2645) 194MB classic
    ...
    
  4. Proceed with installing MicroK8s from the edge channel. We see that revision 2645 is installed, instead of the upstream version (2727).

    ubuntu@my-server:~$ sudo snap install microk8s --classic --channel=edge
    microk8s (edge) v1.22.3 from Canonical✓ installed
    ubuntu@my-server:~$ snap info microk8s | grep installed
    installed:          v1.22.3                    (2645) 194MB classic
    
  5. Deleting an override is also possible using a single command:

    ubuntu@proxy:~$ sudo snap-proxy delete-override microk8s 1.22/edge
    microk8s 1.22/edge amd64 is tracking upstream (revision 2695)