sudo apt-get update
sudo apt-get upgrade -y
sudo snap install microk8s --classic --channel=1.25/stable
sudo microk8s status --wait-ready
sudo microk8s enable dns ingress rbac hostpath-storage
sudo snap install kubectl helm --classic
mkdir ~/.kube
sudo microk8s config > ~/.kube/config
chmod 600 ~/.kube/config
sudo microk8s enable community
sudo microk8s enable cert-manager
kubectl apply -f - <<EOF
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: [email protected]
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-account-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: public
EOF
Sample Ingress for your service
kubectl create ingress my-ingress --annotation cert-manager.io/cluster-issuer=letsencrypt --rule 'my-service.example.com/*=my-service:80,tls=my-service-tls'
sudo sed -i '/DNS.5/a \
DNS.6 = api.yourdomain.com' /var/snap/microk8s/current/certs/csr.conf.template
- A-Record : yourdomain.com > <YOUR_IP_ADDRESS>
- Alias (CNAME) : api.yourdomain.com > yourdomain.com
- Alias (CNAME) : *.apps.yourdomain.com > yourdomain.com
- 80
- 443
- 16443
- Kubernetes cluster name :
microk8s-cluster
- API URL :
https://api.yourdomain.com:16443
- Base Domain :
apps.yourdomain.com
sudo cat /var/snap/microk8s/current/certs/ca.crt
kubectl -n kube-system create serviceaccount gitlab
kubectl create clusterrolebinding gitlab-admin --clusterrole=cluster-admin --serviceaccount=kube-system:gitlab
kubectl apply -n kube-system -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: gitlab-token
annotations:
kubernetes.io/service-account.name: gitlab
type: kubernetes.io/service-account-token
EOF
kubectl -n kube-system describe secret gitlab-token
sudo microk8s reset
sudo snap remove microk8s
@PhMakowski this only needed if you running your server through a NAT router.