Version 1.0, October 2022
Introduction
MicroK8s is a minimal, CNCF-certified Kubernetes distribution from Canonical, the company behind Ubuntu. It includes all upstream services in an efficient package along with their dependencies. This form of packaging offers not only stability but also enhanced security, and zero ops. Its goal is to eliminate any friction in your Kubernetes cluster administration experience.
With the current offering you get:
- CNCF conformant Kubernetes cluster
- Rich set of commonly used Kubernetes addons you can enable on-demand
- Automated updates so your cluster is always up-to-date
- High availability for your workloads and the cluster
- Autoscaling via your own policies driving AWS autoscaling groups
This guide will detail the steps to deploy the MicroK8s AWS CloudFormation template (CFT) following AWS best practices. This CFT deploys an elastic Kubernetes cluster that can scale based on policies the user sets via an AWS AutoScale group. The deployment uses Ubuntu Pro images to build the host nodes thus accommodating your needs for live updates and official support by Canonical.
Prerequisites and Requirements
In this section, we detail the prerequisites and requirements to run and operate our solution.
AWS Account
You must have an AWS account set-up. If you donât, we recommend that you visit the following site: https://aws.amazon.com/getting-started/
VPC and subnet
A default VPC with a default network should exist in the AWS region of the deployment.
Knowledge Required
Knowledge of the following AWS services:
- Amazon EC2 Auto Scaling
- Amazon Elastic Compute Cloud (Amazon EC2)
- AWS CloudFormation
- AWS Key Management Service (AWS KMS)
Knowledge of Kubernetes services and deployments:
Time
The deployment will take about 10 minutes. Scaling of the cluster is a subject to how many nodes are added and when.
Product License
An AWS Marketplace subscription to Canonical MicroK8s is required for production use of the MicroK8s CloudFormation template and its respective AMI. The product is distributed under the Apache 2.0 license agreement.
Architecture
The purpose of the CloudFormation template is to deliver an elastic Kubernetes cluster via MicroK8s. The figure below shows the main components of this offering along with the entities interacting with it.
Actors
There are two types of actors interacting with the cluster:
-
The Users are the end customers of the services hosted in the cluster. They are consuming the hosted services via over the network ports the admin has set.
-
The Admin ensures
-
the provisioning and availability of the cluster,
-
the setup of the scaling policies,
-
the installation and configuration of the hosted workloads.
-
Kubernetes Cluster
The Kubernetes cluster is provisioned via MicroK8s. The deployment starts with a single-node MicroK8s cluster. Through the Auto Scale group the administrator can add or remove nodes.
High Availability
High availability (HA) is achieved automatically as soon as the cluster gets three or more nodes. After reaching high availability the cluster can resist failures without downtime. This means that the cluster can drop down to two nodes and still be operational. In case where an HA cluster is left with a single node it will not be operational anymore. The admin could recover one such cluster by following the instructions on how to recover from lost quorum. It is important to note that a cluster that has reached HA should not be shrunk back to a single node as it will not be functional anymore.
Accessing the cluster
To access the cluster the admin has to:
-
Login into any of the nodes provided, via ssh. Users need to open SSH port by adding SSH (port21) inbound connection to the security group
-
Use any of the âmicrok8sâ commands describe in the command reference section
Alternatively the administrator can:
-
Login into any of the nodes provided, via ssh
-
Get the kubeconfig file via
microk8s config
-
Use the kubeconfig file to remotely manage the cluster. The port the Kubernetes API server listens to is 16443. In this case the administrator may need to add this port to the allowed inbound ports of the security group attached to the VM instances.
Auto Scaling group
Scaling of the cluster is done through an auto scaling group. The auto scaling group enables the administrator to set manual and dynamic policies based on which the cluster would scale. This modular approach allows the deployment to expand based on events that might not be related directly to the Kubernetes cluster and the workload served. Please consult the official documentation on how to configure the group based on your needs.
Joule
The component tasked to scale the Kubernetes cluster based on the directions of the Auto Scale group is called Joule. Joule is an agent that is deployed on all nodes next to MicroK8s and monitors the activity of a AWS message queue. As soon as a new node is added to the Auto Scale group it announces its presence (via the message queue) and waits for some connection information. As all nodes read the message queue one of them will issue a connection join token and send it back to the newly joining node, again through the message queue.
λ-function - cluster bootstrap
The cluster bootstrap is done through a λ-function. The purpose of this function is to mark the first node, if this first node is not marked then all nodes would assume they are just joining an already existing cluster and Joule will never issue a new join token.
Using the CloudFormation template
In this section we show how the CloudFormation template is applied and how the deployment is used.
Deploy the CloudFormation template
Here we show how a user can deploy the CFT through the AWS console. Other means of applying a CFT not covered in this section are also possible.
-
Login to the AWS services using your credentials
-
Navigate to the CloudFormation service and select the region you want to deploy to.
-
Select âCreate stackâ
-
In the first step, âSpecify templateâ, upload the CloudFormation template yaml file as shown in the figure below
-
On step two, âSpecify stack detailsâ, provide:
- a stack name
- an application name (defaults to MicroK8s)
- the instance type from the drop down menu
- a key pair through which you can login to the provisioned nodes
- the Kubernetes version from the drop down menu
-
Click next on step three, âConfigure stack optionsâ. You do not need to change anything there.
-
On step four, âReviewâ, click the agreement checkbox
The deployment should take a few minutes.
Setting the cluster Size
The cluster size is set by the âMicroK8sâ Auto Scale group. In order to manually add or remove nodes through the AWS console:
-
Login to AWS
-
Navigate to the Auto Scale group
-
Locate the âMicroK8sâ group
-
Set the âDesiredâ, âMinimumâ and âMaximumâ size as shown in the figures:
After a few minutes the cluster will scale to the desired capacity.
Accessing the cluster
The administrator must use the ssh key provided during the cluster provisioning to login to any of the nodes. To do so:
-
Login to AWS
-
Find the IP or the public endpoint of a node
- SSH to the node and use the âmicrok8sâ commands.
The administrators should be able to see the registered nodes as they join the cluster:
Kubernetes cluster management
In this section we present the main aspects of managing the MicroK8s cluster.
Upgrades
When deploying the CloudFormation template the administrator is asked for the version of Kubernetes to install. With MicroK8s the cluster is always kept on the latest patch release within the Kubernetes version track selected. For example, assuming the Kubernetes version selection is v1.21, the cluster will be upgrading transparently to the latest 1.21 patch releases without any human intervention.
To upgrade to a new Kubernetes track (e.g. from 1.21 to 1.24) the administrator needs to follow the official instructions from this page. Such non-patch upgrades are not automated since Kubernetes APIs may be removed or changed as part of them. The administrator needs to ensure the hosted workloads will not be affected by this kind up upgrade.
Common workloads and Addons
MicroK8s delivers a pure Kubernetes experience with the smallest resource footprint possible. However, in most cases, you may require additional services. MicroK8s caters for this with the concept of âAddonsâ - extra services which can easily be added to MicroK8s. These addons can be enabled and disabled at any time, and most are pre-configured to âjust workâ without any further set up.
Addons can be enabled with the âmicrok8s enableâ command. For example:
The command microk8s status
reports the enabled and disabled addons. For the full list of addons please consult the official MicroK8s documentation.
Contact Canonical
Online
Ask us about our products, support, training or consulting and we will get in touch with you within one working day.
Technical assistance
If you are looking for help with Ubuntu, our support team can help.
Press enquiries
Journalists or analysts seeking press information should email pr@canonical.com. We regret we cannot respond to non-media or analyst enquiries.
Legal enquiries
Please note that we cannot provide you with legal advice. For any other queries, please contact us on legal@canonical.com.
Trademark enquiries
To request an Ubuntu trademark license, or to make any other trademark enquiry, please submit an enquiry. A member of our trademarks team will be in touch with you shortly.
Data Privacy enquiries
For information about data privacy, please read our Privacy Policy or submit an enquiry. A member of our data privacy team will be in touch with you shortly.
Canonical main office
If you want to speak to someone right away, you can call or write to Canonical.
Canonical Group Limited
The Office Group, St Dunstans House
4th floor, 201 Borough High St
London SE1 1JA,
United Kingdom
Main switchboard number: +44 20 7630 2400