Deploying Apica Ascent PaaS on MicroK8s
MicroK8s is a lightweight, pure-upstream Kubernetes aiming to reduce entry barriers for K8s and cloud-native application development. It comes in a single package that installs a single-node (standalone) K8s cluster in under 60 seconds. The lightweight nature of Apica Ascent PaaS enables you to deploy Apica Ascent on lightweight, single-node clusters like MicroK8s. The following guide takes you through deploying Apica Ascent PaaS on MicroK8s.
Prerequisites
Ubuntu OS x64 22.04 LTS or RedHat Enterprise Linux 8/9
32 vCPU
64GB RAM
500GB disk space on the root partition
Installing MicroK8s
The first step in this deployment is to install MicroK8s on your machine.
The following instructions pertain to Debian-based Linux systems.
Update package lists by running the following command.
sudo apt-get -y update
Install
core
using Snap by running the following command.sudo snap install core
Install MicroK8s using Snap by running the following command.
sudo snap install microk8s --classic --channel=1.21/stable
Join the group created by MicroK8s that enables uninterrupted usage of commands that require admin access by running the following command.
sudo usermod -a -G microk8s $USER
Create the .kube directory.
mkdir ~/.kube
Add your current user to the group to gain access to the
.kube
caching directory by running the following command.sudo chown -f -R $USER ~/.kube
Generate your MicroK8s configuration and merge it with your Kubernetes configuration by running the following command.
sudo microk8s config > ~/.kube/config
Check whether MicroK8s is up and running with the following command.
sudo microk8s status
MicroK8s is now installed on your machine.
Enabling add-ons
Now that we have MicroK8s up and running, let’s set up your cluster and enable the add-ons necessary such as Helm, CoreDNS, ingress, storage, and private registry. MicroK8s readily provides these addons and can be enabled and disabled at any time. Most of these add-ons are pre-configured to work without any additional setup.
To enable add-ons on your MicroK8s cluster, run the following commands in succession.
Enable Helm 3.
microk8s enable helm3
If you get a message telling you have insufficient permissions, a few of the commands above which tried to interpolate your current user into the command with the $USER variable did not work. You can easily fix it by adding your user to the microk8s group by specifying the name of the user explicitly:
sudo usermod -a -G microk8s ubuntu
sudo chown -R ubuntu ~/.kube
Enable a default storage class that allocates storage from a host directory.
microk8s enable storage
Enable CoreDNS.
microk8s enable dns
Enable ingress.
To enable the Ingress controller in MicroK8s, run the following command:
microk8s enable ingress
Enable HTTPS (strongly recommended for all production setups)
How to Create a Self-Signed Certificate using OpenSSL:
Create server private key
openssl genrsa -out cert.key 2048
Create certificate signing request (CSR)
openssl req -new -key cert.key -out cert.csr
Sign the certificate using the private key and CSR
openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out cert.crt
To create a TLS secret in MicroK8s using kubectl
, use the following command:
microk8s kubectl create secret tls https --cert=cert.crt --key=cert.key
This command creates a secret named "https" containing the TLS keys for use in your Kubernetes cluster. Ensure you have the cert.crt
and cert.key
files in your current directory or specify full paths.
To enable Ingress on microk8s with a default SSL certificate, issue the following command:
microk8s enable ingress:default-ssl-certificate=secret/https
Enable private registry.
microk8s enable registry
Copy over your MicroK8s configuration to your Kubernetes configuration with the following command.
microk8s.kubectl config view --raw > $HOME/.kube/config
Provisioning an IP address (optional)
In this step, we'll provision an endpoint or an IP address where we access Apica Ascent PaaS after deploying it on MicroK8s. For this, we'll leverage MetalLB which is a load-balancer implementation that uses standard routing protocols for bare metal Kubernetes clusters.
To provision an IP address, do the following:
Check your local machine's IP address by running the
ifconfig
command, as shown below.ifconfig: wlp60s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.27 netmask 255.255.255.0 broadcast 192.168.1.255
Enable MetalLB by running the following command.
microk8s enable metallb Enabling MetalLB Enter each IP address range delimited by comma (e.g. '10.64.140.43-10.64.140.49,192.168.0.105-192.168.0.111'): 192.168.1.27-192.168.1.27
Installing Apica Ascent PaaS
Now that your MicroK8s environment is configured and ready, we can proceed with installing Apica Ascent PaaS on it. To install Apica Ascent PaaS using Helm, do the following:
Add the Apica Ascent PaaS Helm chart to your Helm repository by running the following command.
microk8s helm3 repo add apica-repo https://apicasystem.github.io/apica-ascent-helm
Update your Helm repository by running the following command.
microk8s helm3 repo update
Create a namespace on MicroK8s on which to install Apica Ascent PaaS.
microk8s kubectl create namespace apica-ascent
Prepare your values.microk8s.yaml file. You can use the starter
values.microk8s.yaml
file we've created to configure your Apica Ascent PaaS deployment. If you need to download the file to your own machine, edit, and then transfer to a remote linux server, use this command:
scp -i /path/to/private_key.pem /path/to/local/file username@remote_host:/path/to/remote/directory
Create a namespace on MicroK8s on which to install Apica Ascent PaaS.
microk8s kubectl create namespace apica-ascent
Make sure you have the necessary permissions to copy a file to the specified folder on the Linux machine.
Optionally, if you are provisioning public IP using Metallb, use the values.yaml instead. run the following command.
microk8s enable metallb Enabling MetalLB Enter each IP address range delimited by comma (e.g. '10.64.140.43-10.64.140.49,192.168.0.105-192.168.0.111'): 192.168.1.27-192.168.1.27
In the values file, add the below fields global-> environment section with your own values.
s3_bucket: <your-s3-bucket> AWS_ACCESS_KEY_ID: <your-aws-access-key-id> AWS_SECRET_ACCESS_KEY: <your-aws-secret-access-key-id>
In the global -> chart section, change S3gateway to false.
s3gateway: false
In the global -> persistence section, change storageClass as below.
storageClass: microk8s-hostpath
Install Apica Ascent PaaS using Helm with the storage class set to
microk8s-hostpath
with the following command.
microk8s helm3 install apica-ascent -n apica-ascent --set global.persistence.storageClass=microk8s-hostpath apica-repo/apica-ascent -f values.microk8s.yaml --debug --timeout 10m
If you see a large wall of text listing configuration values, the installation was successful - Ascent PaaS is now installed in your MicroK8s environment!
Spin up an internal S3 bucket using minio - If you are not using S3 cloud related variables in the values.yaml file and want to create an internal S3 bucket, then create a s3-batch.yaml file and execute the below batch job to spin S3 bucket using minio:
Create s3-batch.yaml file and insert the below contents:
apiVersion: batch/v1
kind: Job
metadata:
name: s3-gateway-make-bucket-job
namespace: apica-ascent
labels:
app: s3gateway-make-bucket-job
chart: s3gateway-5.0.20
release: apica-ascent
heritage: Helm
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
metadata:
labels:
app: s3gateway-job
release: apica-ascent
spec:
restartPolicy: OnFailure
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: s3-gateway
- secret:
name: s3-gateway
serviceAccountName: "s3-gateway"
containers:
- name: minio-mc
image: "minio/mc:RELEASE.2020-03-14T01-23-37Z"
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "/config/initialize"]
env:
- name: MINIO_ENDPOINT
value: s3-gateway
- name: MINIO_PORT
value: "9000"
volumeMounts:
- name: minio-configuration
mountPath: /config
resources:
{}
Apply the batch job:
kubectl apply -f s3-batch.yaml
Delete the Thanos pods (apica-ascent-thanos-compactor-XXXXXX and apica-ascent-thanos-storegateway-0) so it can created again after applying the s3-batch.yaml:
kubectl delete pod apica-ascent-thanos-storegateway-0 apica-ascent-thanos-compactor-XXXXXX -n apica-ascent
Accessing Apica Ascent PaaS
Now that Apica Ascent PaaS is installed on your MicroK8s cluster, you can visit the Apica Ascent PaaS UI by either accessing the MetalLB endpoint we defined in the pre-install steps (if you installed/configured MetalLB), or by accessing the public IP address of the instance over HTTP(S) (if you aren't utilizing MetalLB).
If you are load balancing the hosting across multiple IPs using MetalLB, do the following to access the Apica Ascent PaaS UI:
Inspect the pods in your MicroK8s cluster in the
apica-ascent
namespace by running the following command.microk8s kubectl get pod -n apica-ascent
Find the exact MetalLB endpoint that's serving the Apica Ascent PaaS UI by running the following command.
microk8s kubectl get service -n apica-ascent |grep -i loadbalancer
The above command should give you an output similar to the following.
logiq-kubernetes-ingress LoadBalancer 10.152.183.45 192.168.1.27 80:30537/TCP,20514:30222/TCP,24224:30909/TCP,24225:31991/TCP,2514:30800/TCP,3000:32680/TCP,514:32450/ TCP,7514:30267/TCP,8081:30984/TCP,9998:31425/TCP 18m
Using a web browser of your choice, access the IP address shown by the load balancer service above. For example,
http://192.168.1.27:80
.
If you aren't utilizing MetalLB, you can access the Ascent UI simply by accessing the public IP or hostname of your machine over HTTP(S); you can utilize HTTPS by following the "enabling HTTPS" step in the "Enabling Add-Ons" section above.
You can log into Apica Ascent PaaS using the following default credentials.
Username:
[email protected]
Password:
flash-password
MicroK8s Networking Note:
Services default to host IP using NodePort
/ClusterIP
; MetalLB is enabled for explicit LoadBalancer
use only. Automatic MetalLB IP assignment is disabled.
4. Deactivates MetalLB, enabling services of type LoadBalancer
to utilize the host's IP, thereby designating the host as the load
microk8s kubectl disable metallb
Troubleshooting
If we have any issues on injecting the logs are something then we have to add new paths that we need to add as part of upgrade of the image, from cli edit the ingress.
microk8s kubectl get ingress -n<namespace>
microk8s kubectl edit ingress -n<namespace>
Copy the below paths and paste them and save.
- path: /
pathType: Prefix
backend:
service:
name: coffee
port:
number: 80
- backend:
service:
name: logiq-flash
port:
number: 8080
path: /live
pathType: Prefix
- path: /live
pathType: Prefix
backend:
service:
name: logiq-flash
port:
number: 8080
- backend:
service:
name: logiq-flash
port:
number: 8080
path: /ready
pathType: Prefix
- backend:
service:
name: logiq-flash
port:
number: 9999
path: /v1/logs
pathType: Prefix
- backend:
service:
name: logiq-flash
port:
number: 9999
path: /v1/traces
pathType: Prefix
- backend:
service:
name: logiq-flash
port:
number: 9999
path: /v1/metrics
pathType: Prefix
- path: /v1/json_batch
pathType: Prefix
backend:
service:
name: logiq-flash
port:
number: 9999
- path: /v1/json
pathType: Prefix
backend:
service:
name: logiq-flash
port:
number: 9999
- path: /v1/tenant
pathType: Prefix
backend:
service:
name: logiq-flash
port:
number: 9999
- path: /api/traces
pathType: Prefix
backend:
service:
name: logiq-flash
port:
number: 14268
- path: /v1
pathType: Prefix
backend:
service:
name: logiq-flash-ml
port:
number: 9999
- path: /v2
pathType: Prefix
backend:
service:
name: logiq-flash-ml
port:
number: 9999
- path: /dtracing
pathType: Prefix
backend:
service:
name: logiq-flash-ml
port:
number: 16686
- path: /api/v1/receive
pathType: Prefix
backend:
service:
name: apica-ascent-thanos-receive
port:
number: 19291
```
Kubernetes cluster is unreachable
If you see an error message indicating the Kubernetes cluser is unreachable, the Microk8s service has stopped - simply restart it. Error text:
Error: INSTALLATION FAILED: Kubernetes cluster unreachable: Get "https://127.0.0.1:16443/version": dial tcp 127.0.0.1:16443: connect: connection refused
helm.go:84: [debug] Get "https://127.0.0.1:16443/version": dial tcp 127.0.0.1:16443: connect: connection refused
...
Solution:
ubuntu@ip-172-31-31-72:~$ microk8s status
microk8s is not running. Use microk8s inspect for a deeper inspection.
ubuntu@ip-172-31-31-72:~$ microk8s start
Restarting the Ascent installation after a failed installation
If the Ascent installation using the supplied .yaml file fails, you must first remove the name in use. Error text:
Error: INSTALLATION FAILED: cannot re-use a name that is still in use
helm.go:84: [debug] cannot re-use a name that is still in use
helm.sh/helm/v3/pkg/action.(*Install).availableName
...
Solution:
$ microk8s helm3 uninstall apica-ascent -n apica-ascent
release "apica-asent" uninstalled
$ microk8s helm3 install apica-ascent -n apica-ascent --set global.persistence.storageClass=microk8s-hostpath apica-repo/apica-ascent -f values.microk8s.yaml --debug --timeout 10m
Last updated
Was this helpful?