Deployment Overview of MicroK8s on Server¶

Prerequisites and Basic Requirements¶

The deployment requires a server running an Ubuntu-based operating system. The following conditions must be met before proceeding:

• The server must have sudo privileges or root access.
• The snapd package must be installed to manage MicroK8s.
• The user executing the installation must be added to the microk8s group to access cluster commands.
• Network connectivity is required for downloading the MicroK8s snap package and enabling addons.
• Port 10443 must be available on the host for accessing the Kubernetes Dashboard.

File and Directory Structure¶

The application utilizes the following directory structure for configuration and data storage:

• /data/nginx/user_conf.d: Stores custom Nginx configuration files.
• /etc/letsencrypt: Stores SSL certificates managed by Certbot (mounted from the nginx_secrets volume).
• /snap/bin: Contains the MicroK8s binaries and the kubectl alias.

Application Installation Process¶

MicroK8s is installed as a snap package. The installation process involves the following steps:

1. Update the apt package index.
2. Install the snapd package.
3. Install MicroK8s using the snap command with the classic confinement.
4. Add the current user to the microk8s group to grant necessary permissions.
5. Enable the following MicroK8s addons:
6. dns
7. hostpath-storage
8. dashboard
9. Wait for the MicroK8s cluster to become ready.
10. Create an alias for microk8s.kubectl to kubectl for simplified command usage.

The specific command to install MicroK8s is:

snap install microk8s --classic

Access Rights and Security¶

Access to the MicroK8s cluster is restricted to users within the microk8s group. The following security measures are implemented:

• The user is explicitly added to the microk8s group using the user command.
• The Kubernetes Dashboard is accessed via a port-forwarding mechanism on port 10443.
• Access to the Dashboard requires a generated token. The token is created using the command:

  microk8s kubectl create token default
  

• The Dashboard is exposed locally by forwarding the kubernetes-dashboard service from the kube-system namespace:

  microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443
  

Docker Containers and Their Deployment¶

A Docker container for Nginx is deployed using Docker Compose. The container is configured with the following specifications:

• Image: jonasal/nginx-certbot:latest
• Restart Policy: unless-stopped
• Network Mode: host
• Environment Variables:
• CERTBOT_EMAIL: Set to [email protected]
• Additional variables are loaded from the file /data/nginx/nginx-certbot.env.
• Volumes:
• nginx_secrets: An external volume mounted to /etc/letsencrypt for SSL certificate storage.
• /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d for custom configurations.

The deployment is managed via the compose.yml file located in the project directory.

Proxy Servers¶

The Nginx container acts as a reverse proxy and handles SSL certificate management via Certbot. The configuration includes:

• SSL Certificates: Managed by Certbot and stored in the nginx_secrets volume at /etc/letsencrypt.
• Custom Domains: Configured within the files located in /data/nginx/user_conf.d.
• Email Notification: Certificate renewal notifications are sent to [email protected].

Starting, Stopping, and Updating¶

MicroK8s services are managed using the microk8s command-line interface. The following commands are used for cluster management:

• Check Cluster Status:

  microk8s status --wait-ready
  

• Enable Addons:

  microk8s enable dns hostpath-storage dashboard
  

• Manage Kubernetes Resources: Use the kubectl alias (linked to microk8s.kubectl) for standard Kubernetes operations.
• Docker Container Management: The Nginx container is managed via Docker Compose commands (e.g., docker compose up, docker compose down) based on the compose.yml configuration.