Microk8s: installation and configuration in CentOS 8

General Discussions microk8s
1

Hi all, I have documented below steps part of my learning , thought of sharing to all.

Installation and configuration in CentOS8

Prerequisites

  1. CentOS 8 .x

  2. Visit microk8s.io and get basic idea.

  3. Resources required: 8GB RAM, 8xCPU and 400 GB storage. If you have more services and/or high data volume, consider increasing RAM and CPU cores

Proxy settings

Note: Do proxy settings only if required, - this depends on network and location of the system. Below is the right proxy per environment required:

System level proxy:

Edit the /etc/environments file and add the proxy to it
http_proxy=http://x.x.x.x:port

https_proxy= http://x.x.x.:port

Snap package manger proxy:

These required only if you are behind a proxy.
sudo snap install microk8s –classic
error: unable to contact snap store , in this case the proxy settings are required

sudo snap set system proxy.http=http://x.x.x.x:8080
sudo snap set system proxy.https=http://x.x.x.x:8080

containers proxy:

sudo vi /var/snap/microk8s/current/args/containerd-env
un comment HTPP_PROXY and update with correct proxy
HTTP_PROXY= http://x.x.x.x:8080
HTTPS_PROXY=http://x.x.x.x:8080

Docker Proxy : vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://x.x.x.x:8080

Installation

Step 1: sudo yum update
Step2: sudo yum install epel-release
Step 3: yum update
Step 4: sudo yum install snapd

Step 5: sudo systemctl enable --now snapd.socket
Step 5: sudo ln -s /var/lib/snapd/snap /snap
Step 6: sudo snap install microk8s –-classic

 output

2020-09-14T14:51:21Z INFO Waiting for automatic snapd restart...

Warning: /var/lib/snapd/snap/bin was not found in your $PATH. If you've not

restarted your session since you installed snapd, try doing that. Please

see https://forum.snapcraft.io/t/9469 for more details.

microk8s v1.19.0 from Canonicalâś“ installed

Step7: sudo usermod -a -G microk8s $USER
Step 8: sudo chown -f -R $USER ~/.kub
Step 9: reboot the VM to make sure all the configurations taken effect
Step 10 : check the status of installed microk8s microk8s.status

output

microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
ha-cluster # Configure high availability on the current node
disabled:
ambassador # Ambassador API Gateway and Ingress
cilium # SDN, fast with full network policy
dashboard # The Kubernetes dashboard
dns # CoreDNS
fluentd # Elasticsearch-Fluentd-Kibana logging and monitoring
gpu # Automatic enablement of Nvidia CUDA
helm # Helm 2 - the package manager for Kubernetes
helm3 # Helm 3 - Kubernetes package manager
host-access # Allow Pods connecting to Host services smoothly
ingress # Ingress controller for external access
istio # Core Istio service mesh services
jaeger # Kubernetes Jaeger operator with its simple config
knative # The Knative framework on Kubernetes.
kubeflow # Kubeflow for easy ML deployments
linkerd # Linkerd is a service mesh for Kubernetes and other frameworks
metallb # Loadbalancer for your Kubernetes cluster
metrics-server # K8s Metrics Server for API access to service metrics
multus # Multus CNI enables attaching multiple network interfaces to pods
prometheus # Prometheus operator for monitoring and logging
rbac # Role-Based Access Control for authorisation
registry # Private image registry exposed on localhost:32000

Step 11: execute microk8s.kubectl get nodes

Output

NAME STATUS ROLES AGE VERSION
mk8s-dev-as Ready <none> 3m32s v1.19.0-34+1a52fbf0753680

Step 12: execute microk8s enable rbac dns ingress storage helm
Step13 : check status by executing microk8s.status

Output

microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dns # CoreDNS
ha-cluster # Configure high availability on the current node
registry # Private image registry exposed on localhost:32000
storage # Storage class; allocates storage from host directory
ingress# ingress controller
helm # helm

**Note: before going forward make sure all of the above are showing in enabled status.**

Step 14: Disable the selenium edit /etc/selinux/config

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.

disabled - No SELinux policy is loaded.

SELINUX=disabled

SELINUXTYPE= can take one of these three values:

targeted - Targeted processes are protected,

minimum - Modification of targeted policy. Only selected processes are protected.

mls - Multi Level Security protection.

SELINUXTYPE=targeted

Step 15: sudo iptables -P FORWARD ACCEPT

Step16: microk8s helm init
Step 17 : Install docker and make these changes to MK8S to use docker runtime.
In case docket not installed , first follow steps here Install Docker Engine on CentOS | Docker Documentation

Then execute below a & b.

a) vi /var/snap/microk8s/current/args/kubelet

#–container-runtime=remote

#–container-runtime-endpoint=${SNAP_COMMON}/run/containerd.sock

–container-runtime=docker

b) Add the following lines to /etc/docker/daemon.json: and restart docker

{

"insecure-registries" : ["localhost:32000"]

}

Step18: Execute below commands to enable tiller pod access for everyone.

kubectl create serviceaccount --namespace kube-system tiller

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

Step19 : Stop/start microk8s after above changes using snap stop microk8s and snap start microk8s commands.

Step20 : MK8S health check, execute below three commands and see all running or ready status

microk8s status

microk8s  kubectl get node

microk8s  kubectl get pod -A

FINALLY do the following to just use kubectl and helm instead of microk8s.kubectl and microk8s.helm How to remove/reduce the prefix microk8s to all k8S and helm commands

**Solution 1** : create aliases by following below commands

cd /var/lib/snapd/snap/bin

ln -s microk8s.kubectl kubectl

ln -s microk8s.helm helm

ln -s microk8s M

**Solution 2:**

In home home directory e.g /home/centos

Create “./bash_aliases” file with below commands

alias kubectl="microk8s kubectl"

alias helm="microk8s helm"

alias M="microk8s"

Make you sure to add an entry in user home directory “.bashrc” file as show below

# .bashrc

# Source global definitions

if [ -f /etc/bashrc ]; then

. /etc/bashrc

fi

# User specific environment

PATH="$HOME/.local/bin:$HOME/bin:$PATH"

export PATH

# Uncomment the following line if you don't like systemctl's auto-paging feature:

# export SYSTEMD_PAGER=

# User specific aliases and functions

**if [ -f ~/.bash_aliases ]; then**

**. ~/.bash_aliases**

**fi**

You can run kubectl/helm as normal without prefix microk8s from here

Tips & Tricks
kubectl logs command shows gateway timeout error.

Solution : check /etc/environment has any proxies configured. Comment out all and stop and start microk8s.

Enabling RBAC is causing error when we are bring up the application, Error: configmaps is forbidden: User “system:serviceaccount:kube-system:default” cannot list resource “configmaps” in API group “” in the namespace "kube-system"

Solution : execute below commands

kubectl create serviceaccount --namespace kube-system tiller

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
1 Like