In the first part of this series we made sure Hyper-V was up and running and then created our Linux VM running Ubuntu. We also tweaked that VM so that the resolution was better suited to our system, and then went ahead and got SSH up and running....so that we wouldn't need to log into the desktop anyway. π
So lets go ahead and get on with the main part of this, setting up MicroK8s and MySQL.
Setting up MicroK8s
First up, there are several versions of Kubernetes available for us to use, K3s, k3d, Kind, minikube and MicroK8s.
They all use different methods, like VMs, docker or snap for hosting, and they all have their pro's and con's. I settled for MicroK8s because it offered all the functionality I needed and setup was quick and easy, but as you investigate these tools you may settle on using something else, but at least MicroK8s will offer a good introduction.
Installation is simple, and as we just need the terminal lets SSH into our VM via Windows Terminal with the following command.
ssh {username}@{VM name}
Once we're logged in simply run the following to install MicroK8s.
sudo snap install microk8s --classic
This will take a minute or two, depending on your network speed, but you should see an installed tick once it finishes.
To make sure the install completed okay and everything is up and running we can run the following command.
microk8s status --wait-ready
When we do this you'll notice that we don't have permission to access MicroK8s, but luckily you will be provided with the commands you need to fix this, in my case, because my username is pete I need to run the following.
sudo usermod -a -G microk8s pete
sudo chown -f -R pete ~/.kube
newgrp microk8s
After this we can issue our microk8s status --wait-ready command again and hopefully we should see that MicroK8s is running.
If everything is up and running you should see microk8s is running.
Next up we'll install a couple of add-ons, for this simple setup we'll just install DNS, which is often used by other addons so is almost always needed, and then the dashboard so we have a nice web based interface to see what's happening with the cluster.
Run the following command.
microk8s enable dashboard dns
Once that's finished we can check what services are running with the following command, and hopefully you can spot the dashboard and dns services in the list.
microk8s kubectl get all --all-namespaces
The last thing we'll do is check that the dashboard is running by using the following command.
microk8s dashboard-proxy
This will return us a token that we can use for login and also the port number that the dashboard is running on.
As you can see our dashboard is running on port 10443. Let's check this from our Windows host by opening a browser to https://{VM Name}:10443. You'll likely receive a message about the connection not being private but simply carry on to the page, choose to login with a token, paste in the token you were provided above, and hopefully you'll login to dashboard where you can see the status of your install.
Linux Firewall
In later parts we will be enabling connections via the Linux firewall. In preperation for that it will be useful to make sure that access to dashboard is possible when the firewall is running.
To check if the firewall is active run the following.
sudo ufw status
if the status does not come back as active you can enable the firewall with.
sudo ufw enable
You can then allow access to the port the dashboard uses with
sudo ufw allow 10443
Setting up MySQL
Panache Legal is designed to run against SQL Server or MySQL (or MariaDB if you're running on something like a Raspberry Pi) so I could just install the free developer version of SQL server on Windows, or even SQL server for Linux, but I'd prefer to keep things Open Source so lets go with MySQL.
First up, lets update all our packages so we're ready for the install.
sudo apt update
sudo apt upgrade
Once that's done, lets perform the install.
sudo apt install mysql-server
This won't take long to run and once it's finished run the following command to ensure it's all up and running.
sudo systemctl start mysql.service
It's not strictly necessary, but best practice is now to run the security script. By doing this you'll set a new root password as well as disabling certain pre-installed features and configuration that could be used to gain access to the server. In general you should answer Y to all the questions and accept the changes it wants to make.
Run the script with the following command.
sudo mysql_secure_installation
If you receive an error message when trying to change the root password exit it and run the following commands before running the above command again.
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by '{some password}';
The next time you run mysql_secure_installation you'll need to enter the password you supplied in {some password} above when the script starts.
Once this script is finished we'll create a new user that can be used by our microservices to login and create their databases.
Log in to MySQL with the following command
mysql -u root -p
Next create a new user with a username of your choice replacing {username} and also a password of your choice replacing {password} by issuing the following command.
CREATE USER '{username}'@'%' IDENTIFIED BY '{password}';
You'll notice in the above that instead of a hostname we provided % after the username. This will allow us to connect to the MySQL database from an external machine if we want.
For example, in the above I'm using CREATE USER 'pluser'@'%' IDENTIFIED BY '5ecurePassw0rd!';, now don't tell anyone my password, that's between you and me!
The Panache Legal Microservices we'll be running need to be able to create their own database, as they use a code first approach in Entity Framework, so we need to grant appropriate privileges to this new user. In this instance we'll just grant all, but you may want to be more restrictive in your environment, especially if this is a production environment!
GRANT ALL PRIVILEGES ON *.* TO '{username}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
Even though we've configured our user to allow connections from external systems MySQL itself by default will only allow connections from localhost. To change this we need to edit the mysqld.cnf file using the following command.
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Look for a line that says.
bind-address = 127.0.0.1
and change this to.
bind-address = 0.0.0.0
Exit out of nano CTRL+X, Y, ENTER, and then restart MySQL with the following.
sudo systemctl restart mysql
Next Steps
We've got our Linux VM running, we've installed MicroK8s and also MySQL so now lets go ahead and setup phpMyAdmin, along with the NGINX webserver so that we can easily administer our MySQL installation.
This phpMyAdmin setup is optional, and isn't required to get everything else running so if you want to skip that part and head straight to getting the containers running simply skip forward to Part 4.
Pete
Latest comments (0)