DEV Community

Cover image for Making a local MicroK8s environment available externally (Part 2 - Installing MicroK8s and MySQL)
Peter Davis
Peter Davis

Posted on

Making a local MicroK8s environment available externally (Part 2 - Installing MicroK8s and MySQL)

In the first part of this series we made sure Hyper-V was up and running and then created our Linux VM running Ubuntu. We also tweaked that VM so that the resolution was better suited to our system, and then went ahead and got SSH up and running....so that we wouldn't need to log into the desktop anyway. ๐Ÿ˜‰

So lets go ahead and get on with the main part of this, setting up MicroK8s and MySQL.

Setting up MicroK8s

First up, there are several versions of Kubernetes available for us to use, K3s, k3d, Kind, minikube and MicroK8s.

They all use different methods, like VMs, docker or snap for hosting, and they all have their pro's and con's. I settled for MicroK8s because it offered all the functionality I needed and setup was quick and easy, but as you investigate these tools you may settle on using something else, but at least MicroK8s will offer a good introduction.

Installation is simple, and as we just need the terminal lets SSH into our VM via Windows Terminal with the following command.

ssh {username}@{VM name}
Enter fullscreen mode Exit fullscreen mode

Once we're logged in simply run the following to install MicroK8s.

sudo snap install microk8s --classic
Enter fullscreen mode Exit fullscreen mode

This will take a minute or two, depending on your network speed, but you should see an installed tick once it finishes.

MicroK8s Install

To make sure the install completed okay and everything is up and running we can run the following command.

microk8s status --wait-ready
Enter fullscreen mode Exit fullscreen mode

When we do this you'll notice that we don't have permission to access MicroK8s, but luckily you will be provided with the commands you need to fix this, in my case, because my username is pete I need to run the following.

sudo usermod -a -G microk8s pete
sudo chown -f -R pete ~/.kube
newgrp microk8s
Enter fullscreen mode Exit fullscreen mode

After this we can issue our microk8s status --wait-ready command again and hopefully we should see that MicroK8s is running.

MicroK8s Running

If everything is up and running you should see microk8s is running.

Next up we'll install a couple of add-ons, for this simple setup we'll just install DNS, which is often used by other addons so is almost always needed, and then the dashboard so we have a nice web based interface to see what's happening with the cluster.

Run the following command.

microk8s enable dashboard dns
Enter fullscreen mode Exit fullscreen mode

Once that's finished we can check what services are running with the following command, and hopefully you can spot the dashboard and dns services in the list.

microk8s kubectl get all --all-namespaces
Enter fullscreen mode Exit fullscreen mode

The last thing we'll do is check that the dashboard is running by using the following command.

microk8s dashboard-proxy
Enter fullscreen mode Exit fullscreen mode

This will return us a token that we can use for login and also the port number that the dashboard is running on.

MicroK8s Dashboard Token

As you can see our dashboard is running on port 10443. Let's check this from our Windows host by opening a browser to https://{VM Name}:10443. You'll likely receive a message about the connection not being private but simply carry on to the page, choose to login with a token, paste in the token you were provided above, and hopefully you'll login to dashboard where you can see the status of your install.

MicroK8s Dashboard

Linux Firewall

In later parts we will be enabling connections via the Linux firewall. In preperation for that it will be useful to make sure that access to dashboard is possible when the firewall is running.

To check if the firewall is active run the following.

sudo ufw status
Enter fullscreen mode Exit fullscreen mode

if the status does not come back as active you can enable the firewall with.

sudo ufw enable
Enter fullscreen mode Exit fullscreen mode

You can then allow access to the port the dashboard uses with

sudo ufw allow 10443
Enter fullscreen mode Exit fullscreen mode

Setting up MySQL

Panache Legal is designed to run against SQL Server or MySQL (or MariaDB if you're running on something like a Raspberry Pi) so I could just install the free developer version of SQL server on Windows, or even SQL server for Linux, but I'd prefer to keep things Open Source so lets go with MySQL.

First up, lets update all our packages so we're ready for the install.

sudo apt update
sudo apt upgrade
Enter fullscreen mode Exit fullscreen mode

Once that's done, lets perform the install.

sudo apt install mysql-server
Enter fullscreen mode Exit fullscreen mode

This won't take long to run and once it's finished run the following command to ensure it's all up and running.

sudo systemctl start mysql.service
Enter fullscreen mode Exit fullscreen mode

It's not strictly necessary, but best practice is now to run the security script. By doing this you'll set a new root password as well as disabling certain pre-installed features and configuration that could be used to gain access to the server. In general you should answer Y to all the questions and accept the changes it wants to make.

Run the script with the following command.

sudo mysql_secure_installation
Enter fullscreen mode Exit fullscreen mode

If you receive an error message when trying to change the root password exit it and run the following commands before running the above command again.

sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by '{some password}';
Enter fullscreen mode Exit fullscreen mode

The next time you run mysql_secure_installation you'll need to enter the password you supplied in {some password} above when the script starts.

Once this script is finished we'll create a new user that can be used by our microservices to login and create their databases.

Log in to MySQL with the following command

mysql -u root -p
Enter fullscreen mode Exit fullscreen mode

Next create a new user with a username of your choice replacing {username} and also a password of your choice replacing {password} by issuing the following command.

CREATE USER '{username}'@'%' IDENTIFIED BY '{password}';
Enter fullscreen mode Exit fullscreen mode

You'll notice in the above that instead of a hostname we provided % after the username. This will allow us to connect to the MySQL database from an external machine if we want.

For example, in the above I'm using CREATE USER 'pluser'@'%' IDENTIFIED BY '5ecurePassw0rd!';, now don't tell anyone my password, that's between you and me!

The Panache Legal Microservices we'll be running need to be able to create their own database, as they use a code first approach in Entity Framework, so we need to grant appropriate privileges to this new user. In this instance we'll just grant all, but you may want to be more restrictive in your environment, especially if this is a production environment!

GRANT ALL PRIVILEGES ON *.* TO '{username}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
Enter fullscreen mode Exit fullscreen mode

Even though we've configured our user to allow connections from external systems MySQL itself by default will only allow connections from localhost. To change this we need to edit the mysqld.cnf file using the following command.

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Enter fullscreen mode Exit fullscreen mode

Look for a line that says.

bind-address            = 127.0.0.1
Enter fullscreen mode Exit fullscreen mode

and change this to.

bind-address            = 0.0.0.0
Enter fullscreen mode Exit fullscreen mode

MySQL Bind Address
Exit out of nano CTRL+X, Y, ENTER, and then restart MySQL with the following.

sudo systemctl restart mysql
Enter fullscreen mode Exit fullscreen mode

Next Steps

We've got our Linux VM running, we've installed MicroK8s and also MySQL so now lets go ahead and setup phpMyAdmin, along with the NGINX webserver so that we can easily administer our MySQL installation.

This phpMyAdmin setup is optional, and isn't required to get everything else running so if you want to skip that part and head straight to getting the containers running simply skip forward to Part 4.

Pete

Buy Me A Coffee

Top comments (0)