Version 1.0, October 2022
MicroK8s is a minimal, CNCF-certified Kubernetes distribution from Canonical, the company behind Ubuntu. It includes all upstream services in an efficient package along with their dependencies. This form of packaging offers not only stability but also enhanced security, and zero ops. Its goal is to eliminate any friction in your Kubernetes cluster administration experience.
With the current offering you get:
- CNCF conformant Kubernetes cluster
- Rich set of commonly used Kubernetes addons you can enable on-demand
- Automated updates so your cluster is always up-to-date
- High availability for your workloads and the cluster
- Autoscaling via your own policies driving AWS autoscaling groups
This guide will detail the steps to deploy the MicroK8s AWS CloudFormation template (CFT) following AWS best practices. This CFT deploys an elastic Kubernetes cluster that can scale based on policies the user sets via an AWS AutoScale group. The deployment uses Ubuntu Pro images to build the host nodes thus accommodating your needs for live updates and official support by Canonical.
In this section, we detail the prerequisites and requirements to run and operate our solution.
You must have an AWS account set-up. If you don’t, we recommend that you visit the following site: https://aws.amazon.com/getting-started/
A default VPC with a default network should exist in the AWS region of the deployment.
Knowledge of the following AWS services:
- Amazon EC2 Auto Scaling
- Amazon Elastic Compute Cloud (Amazon EC2)
- AWS CloudFormation
- AWS Key Management Service (AWS KMS)
Knowledge of Kubernetes services and deployments:
The deployment will take about 10 minutes. Scaling of the cluster is a subject to how many nodes are added and when.
An AWS Marketplace subscription to Canonical MicroK8s is required for production use of the MicroK8s CloudFormation template and its respective AMI. The product is distributed under the Apache 2.0 license agreement.
The purpose of the CloudFormation template is to deliver an elastic Kubernetes cluster via MicroK8s. The figure below shows the main components of this offering along with the entities interacting with it.
There are two types of actors interacting with the cluster:
The Users are the end customers of the services hosted in the cluster. They are consuming the hosted services via over the network ports the admin has set.
The Admin ensures
the provisioning and availability of the cluster,
the setup of the scaling policies,
the installation and configuration of the hosted workloads.
The Kubernetes cluster is provisioned via MicroK8s. The deployment starts with a single-node MicroK8s cluster. Through the Auto Scale group the administrator can add or remove nodes.
High availability (HA) is achieved automatically as soon as the cluster gets three or more nodes. After reaching high availability the cluster can resist failures without downtime. This means that the cluster can drop down to two nodes and still be operational. In case where an HA cluster is left with a single node it will not be operational anymore. The admin could recover one such cluster by following the instructions on how to recover from lost quorum. It is important to note that a cluster that has reached HA should not be shrunk back to a single node as it will not be functional anymore.
To access the cluster the admin has to:
Login into any of the nodes provided, via ssh. Users need to open SSH port by adding SSH (port21) inbound connection to the security group
Use any of the “microk8s” commands describe in the command reference section
Alternatively the administrator can:
Login into any of the nodes provided, via ssh
Get the kubeconfig file via
Use the kubeconfig file to remotely manage the cluster. The port the Kubernetes API server listens to is 16443. In this case the administrator may need to add this port to the allowed inbound ports of the security group attached to the VM instances.
Scaling of the cluster is done through an auto scaling group. The auto scaling group enables the administrator to set manual and dynamic policies based on which the cluster would scale. This modular approach allows the deployment to expand based on events that might not be related directly to the Kubernetes cluster and the workload served. Please consult the official documentation on how to configure the group based on your needs.
The component tasked to scale the Kubernetes cluster based on the directions of the Auto Scale group is called Joule. Joule is an agent that is deployed on all nodes next to MicroK8s and monitors the activity of a AWS message queue. As soon as a new node is added to the Auto Scale group it announces its presence (via the message queue) and waits for some connection information. As all nodes read the message queue one of them will issue a connection join token and send it back to the newly joining node, again through the message queue.
The cluster bootstrap is done through a λ-function. The purpose of this function is to mark the first node, if this first node is not marked then all nodes would assume they are just joining an already existing cluster and Joule will never issue a new join token.
In this section we show how the CloudFormation template is applied and how the deployment is used.
Here we show how a user can deploy the CFT through the AWS console. Other means of applying a CFT not covered in this section are also possible.
Login to the AWS services using your credentials
Navigate to the CloudFormation service and select the region you want to deploy to.
Select “Create stack”
In the first step, “Specify template”, upload the CloudFormation template yaml file as shown in the figure below
On step two, “Specify stack details”, provide:
- a stack name
- an application name (defaults to MicroK8s)
- the instance type from the drop down menu
- a key pair through which you can login to the provisioned nodes
- the Kubernetes version from the drop down menu
Click next on step three, “Configure stack options”. You do not need to change anything there.
On step four, “Review”, click the agreement checkbox
The deployment should take a few minutes.
The cluster size is set by the “MicroK8s” Auto Scale group. In order to manually add or remove nodes through the AWS console:
Login to AWS
Navigate to the Auto Scale group
Locate the “MicroK8s” group
Set the “Desired”, “Minimum” and “Maximum” size as shown in the figures:
After a few minutes the cluster will scale to the desired capacity.
The administrator must use the ssh key provided during the cluster provisioning to login to any of the nodes. To do so:
Login to AWS
Find the IP or the public endpoint of a node
- SSH to the node and use the “microk8s” commands.
The administrators should be able to see the registered nodes as they join the cluster:
In this section we present the main aspects of managing the MicroK8s cluster.
When deploying the CloudFormation template the administrator is asked for the version of Kubernetes to install. With MicroK8s the cluster is always kept on the latest patch release within the Kubernetes version track selected. For example, assuming the Kubernetes version selection is v1.21, the cluster will be upgrading transparently to the latest 1.21 patch releases without any human intervention.
To upgrade to a new Kubernetes track (e.g. from 1.21 to 1.24) the administrator needs to follow the official instructions from this page. Such non-patch upgrades are not automated since Kubernetes APIs may be removed or changed as part of them. The administrator needs to ensure the hosted workloads will not be affected by this kind up upgrade.
MicroK8s delivers a pure Kubernetes experience with the smallest resource footprint possible. However, in most cases, you may require additional services. MicroK8s caters for this with the concept of “Addons” - extra services which can easily be added to MicroK8s. These addons can be enabled and disabled at any time, and most are pre-configured to ‘just work’ without any further set up.
Addons can be enabled with the “microk8s enable” command. For example:
microk8s status reports the enabled and disabled addons. For the full list of addons please consult the official MicroK8s documentation.
Ask us about our products, support, training or consulting and we will get in touch with you within one working day.
If you are looking for help with Ubuntu, our support team can help.
Journalists or analysts seeking press information should email firstname.lastname@example.org. We regret we cannot respond to non-media or analyst enquiries.
Please note that we cannot provide you with legal advice. For any other queries, please contact us on email@example.com.
To request an Ubuntu trademark license, or to make any other trademark enquiry, please submit an enquiry. A member of our trademarks team will be in touch with you shortly.
Data Privacy enquiries
Canonical main office
If you want to speak to someone right away, you can call or write to Canonical.
Canonical Group Limited
The Office Group, St Dunstans House
4th floor, 201 Borough High St
London SE1 1JA,
Main switchboard number: +44 20 7630 2400