Create a kubernetes cluster all-in-one virtual machine for kubernetes learning/experimentation.
Note: There is a little video on https://microk8s.io/ if that is more of your cup of tea.
- Virtual Machine (e.g. AWS EC2 instance)
- Ubuntu 18.04 LTS (or any linux distribution with snap support)
Create cluster using microk8s
sudo snap install microk8s --classic
You can confirm it is running with:
…and you should get something like:
Kubernetes master is running at http://127.0.0.1:8080 To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
Create an alias for microk8s.kubectl so you can save a lot of typing:
sudo snap alias microk8s.kubectl kubectl
Enable auto completion for kubectl (current session):
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
Expose management UI (Dashboard).
microk8s.enable dns dashboard ingress
You can change the firewall to only allow access to this host on port 8001 but this is unsafe and will allow anybody access to the kubernetes dashboard.
If using AWS EC2 you can configure the “Security Group” used by this host to only allow incoming requests only from your IP.
Another (better) option is to, from your development machine, use ssh with port forwarding to connect to this host. On your development machine:
ssh -L 8081:localhost:8081 <user>@<host>
Now start the dashboard proxy
On the microk8s host:
microk8s.kubectl proxy --accept-hosts=.* --address=0.0.0.0 &
On the browser in your desktop navigate to:
Usage: microk8s.enable ADDON... Enable one or more ADDON included with microk8s Example: microk8s.enable dns storage Available addons: dashboard dns gpu ingress istio metrics-server registry storage
On a ubuntu 18 AWS ec2 instance (without any changes) pods couldn’t access “the internet”. Turns out it was the iptables configuration.
I got some help by running (on microk8s host):
and got some useful feedback:
WARNING: IPtables FORWARD policy is DROP.
Consider enabling traffic forwarding with:
sudo iptables -P FORWARD ACCEPT
and running it did resolved the problem with my pods accessing anything outside the pod.
Check this follow up post to setup your private docker registry.