Created
November 16, 2020 05:28
-
-
Save didier-durand/5b4049c6a3910ebd4fb1fd57fb3c077b to your computer and use it in GitHub Desktop.
Initial install of MicroK8s on Groovy Gorilla
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Related to Reddit post : https://www.reddit.com/r/kubernetes/comments/ju90m6/microk8s_and_rbac/ | |
| Hi there, | |
| I did a trial on a fresh Ubuntu 20.10 : never tried Groovy Gorilla before. | |
| Everything looks fine : see below. All pods up & runnning after doing what you describe. | |
| ddurand@base-instance:~$ lsb_release -a | |
| No LSB modules are available. | |
| Distributor ID: Ubuntu | |
| Description: Ubuntu 20.10 | |
| Release: 20.10 | |
| Codename: groovy | |
| Best | |
| Didier | |
| ddurand@base-instance:~$ sudo snap install 'microk8s' --classic --channel='1.19' | |
| microk8s (1.19/stable) v1.19.3 from Canonical✓ installed | |
| ddurand@base-instance:~$ sudo snap list | |
| Name Version Rev Tracking Publisher Notes | |
| core 16-2.47.1 10185 latest/stable canonical✓ core | |
| core18 20200929 1932 latest/stable canonical✓ base | |
| google-cloud-sdk 318.0.0 159 latest/stable/… google-cloud-sdk✓ classic | |
| lxd 4.7 18137 latest/stable/… canonical✓ - | |
| microk8s v1.19.3 1791 1.19/stable canonical✓ classic | |
| snapd 2.47.1 9721 latest/stable canonical✓ snapd | |
| ddurand@base-instance:~$ sudo microk8s status --wait-ready | |
| microk8s is running | |
| high-availability: no | |
| datastore master nodes: 127.0.0.1:19001 | |
| datastore standby nodes: none | |
| addons: | |
| enabled: | |
| ha-cluster # Configure high availability on the current node | |
| disabled: | |
| ambassador # Ambassador API Gateway and Ingress | |
| cilium # SDN, fast with full network policy | |
| dashboard # The Kubernetes dashboard | |
| dns # CoreDNS | |
| fluentd # Elasticsearch-Fluentd-Kibana logging and monitoring | |
| gpu # Automatic enablement of Nvidia CUDA | |
| helm # Helm 2 - the package manager for Kubernetes | |
| helm3 # Helm 3 - Kubernetes package manager | |
| host-access # Allow Pods connecting to Host services smoothly | |
| ingress # Ingress controller for external access | |
| istio # Core Istio service mesh services | |
| jaeger # Kubernetes Jaeger operator with its simple config | |
| knative # The Knative framework on Kubernetes. | |
| kubeflow # Kubeflow for easy ML deployments | |
| linkerd # Linkerd is a service mesh for Kubernetes and other frameworks | |
| metallb # Loadbalancer for your Kubernetes cluster | |
| metrics-server # K8s Metrics Server for API access to service metrics | |
| multus # Multus CNI enables attaching multiple network interfaces to pods | |
| prometheus # Prometheus operator for monitoring and logging | |
| rbac # Role-Based Access Control for authorisation | |
| registry # Private image registry exposed on localhost:32000 | |
| storage # Storage class; allocates storage from host directory | |
| ddurand@base-instance:~$ sudo microk8s enable dns | |
| Enabling DNS | |
| Applying manifest | |
| serviceaccount/coredns created | |
| configmap/coredns created | |
| deployment.apps/coredns created | |
| service/kube-dns created | |
| clusterrole.rbac.authorization.k8s.io/coredns created | |
| clusterrolebinding.rbac.authorization.k8s.io/coredns created | |
| Restarting kubelet | |
| DNS is enabled | |
| ddurand@base-instance:~$ sudo microk8s enable dashboard | |
| Enabling Kubernetes Dashboard | |
| Enabling Metrics-Server | |
| clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created | |
| clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created | |
| rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created | |
| Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService | |
| apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created | |
| serviceaccount/metrics-server created | |
| deployment.apps/metrics-server created | |
| service/metrics-server created | |
| clusterrole.rbac.authorization.k8s.io/system:metrics-server created | |
| clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created | |
| clusterrolebinding.rbac.authorization.k8s.io/microk8s-admin created | |
| Metrics-Server is enabled | |
| Applying manifest | |
| serviceaccount/kubernetes-dashboard created | |
| service/kubernetes-dashboard created | |
| secret/kubernetes-dashboard-certs created | |
| secret/kubernetes-dashboard-csrf created | |
| secret/kubernetes-dashboard-key-holder created | |
| configmap/kubernetes-dashboard-settings created | |
| role.rbac.authorization.k8s.io/kubernetes-dashboard created | |
| clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created | |
| rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created | |
| clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created | |
| deployment.apps/kubernetes-dashboard created | |
| service/dashboard-metrics-scraper created | |
| deployment.apps/dashboard-metrics-scraper created | |
| If RBAC is not enabled access the dashboard using the default token retrieved with: | |
| token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1) | |
| microk8s kubectl -n kube-system describe secret $token | |
| In an RBAC enabled setup (microk8s enable RBAC) you need to create a user with restricted | |
| permissions as shown in: | |
| https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md | |
| ddurand@base-instance:~$ sudo microk8s enable rbac | |
| Enabling RBAC | |
| Reconfiguring apiserver | |
| RBAC is enabled | |
| ddurand@base-instance:~$ sudo microk8s kubectl get all --all-namespaces | |
| NAMESPACE NAME READY STATUS RESTARTS AGE | |
| kube-system pod/metrics-server-8bbfb4bdb-25hqr 1/1 Running 0 86s | |
| kube-system pod/calico-node-9s2k4 1/1 Running 1 4m51s | |
| kube-system pod/calico-kube-controllers-847c8c99d-qmnq4 1/1 Running 1 4m51s | |
| kube-system pod/coredns-86f78bb79c-cpp2b 1/1 Running 0 2m1s | |
| kube-system pod/dashboard-metrics-scraper-6c4568dc68-lzt4v 1/1 Running 0 83s | |
| kube-system pod/kubernetes-dashboard-7ffd448895-w94wp 1/1 Running 2 84s | |
| NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
| default service/kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 5m1s | |
| kube-system service/kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 2m1s | |
| kube-system service/metrics-server ClusterIP 10.152.183.117 <none> 443/TCP 86s | |
| kube-system service/kubernetes-dashboard ClusterIP 10.152.183.37 <none> 443/TCP 84s | |
| kube-system service/dashboard-metrics-scraper ClusterIP 10.152.183.18 <none> 8000/TCP 84s | |
| NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE | |
| kube-system daemonset.apps/calico-node 1 1 1 1 1 kubernetes.io/os=linux 4m59s | |
| NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE | |
| kube-system deployment.apps/metrics-server 1/1 1 1 86s | |
| kube-system deployment.apps/calico-kube-controllers 1/1 1 1 4m59s | |
| kube-system deployment.apps/coredns 1/1 1 1 2m1s | |
| kube-system deployment.apps/kubernetes-dashboard 1/1 1 1 84s | |
| kube-system deployment.apps/dashboard-metrics-scraper 1/1 1 1 84s | |
| NAMESPACE NAME DESIRED CURRENT READY AGE | |
| kube-system replicaset.apps/metrics-server-8bbfb4bdb 1 1 1 86s | |
| kube-system replicaset.apps/calico-kube-controllers-847c8c99d 1 1 1 4m51s | |
| kube-system replicaset.apps/coredns-86f78bb79c 1 1 1 2m1s | |
| kube-system replicaset.apps/kubernetes-dashboard-7ffd448895 1 1 1 84s | |
| kube-system replicaset.apps/dashboard-metrics-scraper-6c4568dc68 1 1 1 83s | |
| ddurand@base-instance:~$ D |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment