MicroK8s AWS Appliance Deployment Guide

Version 1.0, October 2022

Introduction

MicroK8s is a minimal, CNCF-certified Kubernetes distribution from Canonical, the company behind Ubuntu. It includes all upstream services in an efficient package along with their dependencies. This form of packaging offers not only stability but also enhanced security, and zero ops. Its goal is to eliminate any friction in your Kubernetes cluster administration experience.

With the current offering you get:

  • CNCF conformant Kubernetes cluster
  • Rich set of commonly used Kubernetes addons you can enable on-demand
  • Automated updates so your cluster is always up-to-date
  • High availability for your workloads and the cluster
  • Autoscaling via your own policies driving AWS autoscaling groups

This guide will detail the steps to deploy the MicroK8s AWS CloudFormation template (CFT) following AWS best practices. This CFT deploys an elastic Kubernetes cluster that can scale based on policies the user sets via an AWS AutoScale group. The deployment uses Ubuntu Pro images to build the host nodes thus accommodating your needs for live updates and official support by Canonical.

Prerequisites and Requirements

In this section, we detail the prerequisites and requirements to run and operate our solution.

AWS Account

You must have an AWS account set-up. If you don’t, we recommend that you visit the following site: https://aws.amazon.com/getting-started/

VPC and subnet

A default VPC with a default network should exist in the AWS region of the deployment.

Knowledge Required

Knowledge of the following AWS services:

Knowledge of Kubernetes services and deployments:

Time

The deployment will take about 10 minutes. Scaling of the cluster is a subject to how many nodes are added and when.

Product License

An AWS Marketplace subscription to Canonical MicroK8s is required for production use of the MicroK8s CloudFormation template and its respective AMI. The product is distributed under the Apache 2.0 license agreement.

Architecture

The purpose of the CloudFormation template is to deliver an elastic Kubernetes cluster via MicroK8s. The figure below shows the main components of this offering along with the entities interacting with it.

Actors

There are two types of actors interacting with the cluster:

  • The Users are the end customers of the services hosted in the cluster. They are consuming the hosted services via over the network ports the admin has set.

  • The Admin ensures

    • the provisioning and availability of the cluster,

    • the setup of the scaling policies,

    • the installation and configuration of the hosted workloads.

Kubernetes Cluster

The Kubernetes cluster is provisioned via MicroK8s. The deployment starts with a single-node MicroK8s cluster. Through the Auto Scale group the administrator can add or remove nodes.

High Availability

High availability (HA) is achieved automatically as soon as the cluster gets three or more nodes. After reaching high availability the cluster can resist failures without downtime. This means that the cluster can drop down to two nodes and still be operational. In case where an HA cluster is left with a single node it will not be operational anymore. The admin could recover one such cluster by following the instructions on how to recover from lost quorum. It is important to note that a cluster that has reached HA should not be shrunk back to a single node as it will not be functional anymore.

Accessing the cluster

To access the cluster the admin has to:

  1. Login into any of the nodes provided, via ssh. Users need to open SSH port by adding SSH (port21) inbound connection to the security group

  2. Use any of the “microk8s” commands describe in the command reference section

Alternatively the administrator can:

  1. Login into any of the nodes provided, via ssh

  2. Get the kubeconfig file via microk8s config

  3. Use the kubeconfig file to remotely manage the cluster. The port the Kubernetes API server listens to is 16443. In this case the administrator may need to add this port to the allowed inbound ports of the security group attached to the VM instances.

Auto Scaling group

Scaling of the cluster is done through an auto scaling group. The auto scaling group enables the administrator to set manual and dynamic policies based on which the cluster would scale. This modular approach allows the deployment to expand based on events that might not be related directly to the Kubernetes cluster and the workload served. Please consult the official documentation on how to configure the group based on your needs.

Joule

The component tasked to scale the Kubernetes cluster based on the directions of the Auto Scale group is called Joule. Joule is an agent that is deployed on all nodes next to MicroK8s and monitors the activity of a AWS message queue. As soon as a new node is added to the Auto Scale group it announces its presence (via the message queue) and waits for some connection information. As all nodes read the message queue one of them will issue a connection join token and send it back to the newly joining node, again through the message queue.

λ-function - cluster bootstrap

The cluster bootstrap is done through a λ-function. The purpose of this function is to mark the first node, if this first node is not marked then all nodes would assume they are just joining an already existing cluster and Joule will never issue a new join token.

Using the CloudFormation template

In this section we show how the CloudFormation template is applied and how the deployment is used.

Deploy the CloudFormation template

Here we show how a user can deploy the CFT through the AWS console. Other means of applying a CFT not covered in this section are also possible.

  1. Login to the AWS services using your credentials

  2. Navigate to the CloudFormation service and select the region you want to deploy to.

  3. Select “Create stack”

  4. In the first step, “Specify template”, upload the CloudFormation template yaml file as shown in the figure below

  1. On step two, “Specify stack details”, provide:

    • a stack name
    • an application name (defaults to MicroK8s)
    • the instance type from the drop down menu
    • a key pair through which you can login to the provisioned nodes
    • the Kubernetes version from the drop down menu

  1. Click next on step three, “Configure stack options”. You do not need to change anything there.

  2. On step four, “Review”, click the agreement checkbox

The deployment should take a few minutes.

Setting the cluster Size

The cluster size is set by the “MicroK8s” Auto Scale group. In order to manually add or remove nodes through the AWS console:

  1. Login to AWS

  2. Navigate to the Auto Scale group

image-05

  1. Locate the “MicroK8s” group

  2. Set the “Desired”, “Minimum” and “Maximum” size as shown in the figures:interface image showing the capacity settings, desired=2, minimum=1, maximum=3

After a few minutes the cluster will scale to the desired capacity.

Accessing the cluster

The administrator must use the ssh key provided during the cluster provisioning to login to any of the nodes. To do so:

  1. Login to AWS

  2. Find the IP or the public endpoint of a node

  1. SSH to the node and use the “microk8s” commands.

The administrators should be able to see the registered nodes as they join the cluster:

image-09

Kubernetes cluster management

In this section we present the main aspects of managing the MicroK8s cluster.

Upgrades

When deploying the CloudFormation template the administrator is asked for the version of Kubernetes to install. With MicroK8s the cluster is always kept on the latest patch release within the Kubernetes version track selected. For example, assuming the Kubernetes version selection is v1.21, the cluster will be upgrading transparently to the latest 1.21 patch releases without any human intervention.

To upgrade to a new ubernetes track (eg from 1.21 to 1.24) the administrator needs to follow the official instructions on the topic. Such non-patch upgrades are not automated since kubernetes APIs may be removed or changed as part of them. The administrator needs to ensure the hosted workloads will not be affected by this kind up upgrade.

Common workloads and Addons

MicroK8s delivers a pure Kubernetes experience with the smallest resource footprint possible. However, in most cases, you may require additional services. MicroK8s caters for this with the concept of “Addons” - extra services which can easily be added to MicroK8s. These addons can be enabled and disabled at any time, and most are pre-configured to ‘just work’ without any further set up.

Addons can be enabled with the “microk8s enable” command. For example:

The command microk8s status reports the enabled and disabled addons. For the full list of addons please consult the official MicroK8s documentation.

Contact Canonical

Online

Ask us about our products, support, training or consulting and we will get in touch with you within one working day.

Technical assistance

If you are looking for help with Ubuntu, our support team can help.

Press enquiries

Journalists or analysts seeking press information should email pr@canonical.com. We regret we cannot respond to non-media or analyst enquiries.

Legal enquiries

Please note that we cannot provide you with legal advice. For any other queries, please contact us on legal@canonical.com.

Trademark enquiries

To request an Ubuntu trademark license, or to make any other trademark enquiry, please submit an enquiry. A member of our trademarks team will be in touch with you shortly.

Data Privacy enquiries

For information about data privacy, please read our Privacy Policy or submit an enquiry. A member of our data privacy team will be in touch with you shortly.

Canonical main office

If you want to speak to someone right away, you can call or write to Canonical.

Canonical Group Limited
The Office Group, St Dunstans House
4th floor, 201 Borough High St
London SE1 1JA,
United Kingdom

Main switchboard number: +44 20 7630 2400