Hi all, I have documented below steps part of my learning , thought of sharing to all.
Installation and configuration in CentOS8
Prerequisites
-
CentOS 8 .x
-
Visit microk8s.io and get basic idea.
-
Resources required: 8GB RAM, 8xCPU and 400 GB storage. If you have more services and/or high data volume, consider increasing RAM and CPU cores
Proxy settings
Note: Do proxy settings only if required, - this depends on network and location of the system. Below is the right proxy per environment required:
System level proxy:
Edit the /etc/environments file and add the proxy to it
http_proxy=http://x.x.x.x:port
https_proxy= http://x.x.x.:port
Snap package manger proxy:
These required only if you are behind a proxy.
sudo snap install microk8s –classic
error: unable to contact snap store , in this case the proxy settings are required
sudo snap set system proxy.http=http://x.x.x.x:8080
sudo snap set system proxy.https=http://x.x.x.x:8080
containers proxy:
sudo vi /var/snap/microk8s/current/args/containerd-env
un comment HTPP_PROXY and update with correct proxy
HTTP_PROXY= http://x.x.x.x:8080
HTTPS_PROXY=http://x.x.x.x:8080
Docker Proxy : vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://x.x.x.x:8080
Installation
Step 1: sudo yum update
Step2: sudo yum install epel-release
Step 3: yum update
Step 4: sudo yum install snapd
Step 5: sudo systemctl enable --now snapd.socket
Step 5: sudo ln -s /var/lib/snapd/snap /snap
Step 6: sudo snap install microk8s –-classic
output
2020-09-14T14:51:21Z INFO Waiting for automatic snapd restart...
Warning: /var/lib/snapd/snap/bin was not found in your $PATH. If you've not
restarted your session since you installed snapd, try doing that. Please
see https://forum.snapcraft.io/t/9469 for more details.
microk8s v1.19.0 from Canonicalâś“ installed
Step7: sudo usermod -a -G microk8s $USER
Step 8: sudo chown -f -R $USER ~/.kub
Step 9: reboot the VM to make sure all the configurations taken effect
Step 10 : check the status of installed microk8s microk8s.status
output
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
ha-cluster # Configure high availability on the current node
disabled:
ambassador # Ambassador API Gateway and Ingress
cilium # SDN, fast with full network policy
dashboard # The Kubernetes dashboard
dns # CoreDNS
fluentd # Elasticsearch-Fluentd-Kibana logging and monitoring
gpu # Automatic enablement of Nvidia CUDA
helm # Helm 2 - the package manager for Kubernetes
helm3 # Helm 3 - Kubernetes package manager
host-access # Allow Pods connecting to Host services smoothly
ingress # Ingress controller for external access
istio # Core Istio service mesh services
jaeger # Kubernetes Jaeger operator with its simple config
knative # The Knative framework on Kubernetes.
kubeflow # Kubeflow for easy ML deployments
linkerd # Linkerd is a service mesh for Kubernetes and other frameworks
metallb # Loadbalancer for your Kubernetes cluster
metrics-server # K8s Metrics Server for API access to service metrics
multus # Multus CNI enables attaching multiple network interfaces to pods
prometheus # Prometheus operator for monitoring and logging
rbac # Role-Based Access Control for authorisation
registry # Private image registry exposed on localhost:32000
Step 11: execute microk8s.kubectl get nodes
Output
NAME STATUS ROLES AGE VERSION
mk8s-dev-as Ready <none> 3m32s v1.19.0-34+1a52fbf0753680
Step 12: execute microk8s enable rbac dns ingress storage helm
Step13 : check status by executing microk8s.status
Output
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dns # CoreDNS
ha-cluster # Configure high availability on the current node
registry # Private image registry exposed on localhost:32000
storage # Storage class; allocates storage from host directory
ingress# ingress controller
helm # helm
**Note: before going forward make sure all of the above are showing in enabled status.**
Step 14: Disable the selenium edit /etc/selinux/config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE= can take one of these three values:
targeted - Targeted processes are protected,
minimum - Modification of targeted policy. Only selected processes are protected.
mls - Multi Level Security protection.
SELINUXTYPE=targeted
Step 15: sudo iptables -P FORWARD ACCEPT
Step16: microk8s helm init
Step 17 : Install docker and make these changes to MK8S to use docker runtime.
In case docket not installed , first follow steps here Install Docker Engine on CentOS | Docker Documentation
Then execute below a & b.
a) vi /var/snap/microk8s/current/args/kubelet
#–container-runtime=remote
#–container-runtime-endpoint=${SNAP_COMMON}/run/containerd.sock
–container-runtime=docker
b) Add the following lines to /etc/docker/daemon.json: and restart docker
{
"insecure-registries" : ["localhost:32000"]
}
Step18: Execute below commands to enable tiller pod access for everyone.
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
Step19 : Stop/start microk8s after above changes using snap stop microk8s and snap start microk8s commands.
Step20 : MK8S health check, execute below three commands and see all running or ready status
microk8s status
microk8s kubectl get node
microk8s kubectl get pod -A
FINALLY do the following to just use kubectl and helm instead of microk8s.kubectl and microk8s.helm How to remove/reduce the prefix microk8s to all k8S and helm commands
**Solution 1** : create aliases by following below commands
cd /var/lib/snapd/snap/bin
ln -s microk8s.kubectl kubectl
ln -s microk8s.helm helm
ln -s microk8s M
**Solution 2:**
In home home directory e.g /home/centos
Create “./bash_aliases” file with below commands
alias kubectl="microk8s kubectl"
alias helm="microk8s helm"
alias M="microk8s"
Make you sure to add an entry in user home directory “.bashrc” file as show below
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific environment
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
export PATH
# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=
# User specific aliases and functions
**if [ -f ~/.bash_aliases ]; then**
**. ~/.bash_aliases**
**fi**
You can run kubectl/helm as normal without prefix microk8s from here
Tips & Tricks
kubectl logs command shows gateway timeout error.
Solution : check /etc/environment has any proxies configured. Comment out all and stop and start microk8s.
Enabling RBAC is causing error when we are bring up the application, Error: configmaps is forbidden: User “system:serviceaccount:kube-system:default” cannot list resource “configmaps” in API group “” in the namespace "kube-system"
Solution : execute below commands
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller