Changing Microk8s' default hostpath addon storage location

Hello everyone, This is a short guide on how to change Microk8s’ default storage path for the hostpath addon. First, ensure the addon is enabled: 1 microk8s enable hostpath-storage Then create a new directory in which you want to store volumes created in the Microk8s instance. 1 mkdir -p /var/microk8s-volumes Then create and apply the storage class yaml file: 1 2 3 4 5 6 7 8 9 kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: custom-storageclass provisioner: microk8s.io/hostpath reclaimPolicy: Retain parameters: pvDir: /var/microk8s-volumes volumeBindingMode: WaitForFirstConsumer To change the default storage class for Microk8s you need to run these commands: ...

August 9, 2024 · 1 min · Denis Nutiu

Working with Volumes in Microk8s

Introduction Hello 👋, In this quick tutorial 💻 we’ll explore how to use Volumes and PersistentVolumes with hostpath storage in Microk8s. We will deploy a simple nginx instance and mount a volume inside it that points to the ~/Downloads folder. Let’s get started! Note: The following image was generated with Stable Diffusion How-To You can follow along if you want to setup a quick deployment with a host path volume. ...

April 13, 2023 · 3 min · Denis Nuțiu

How to create a ServiceMonitor in Microk8s: Observability Tutorial

Hello, In this quick tutorial we will explore how to create a ServiceMonitor in microk8s when you have the observability addon enabled. When you enable the observability addon with: 1 microk8s enable observability It will create the obserability namespace and install the Kubernetes Prometheus Stack. 1 2 3 4 5 6 7 8 9 10 11 k get pods -n observability NAME READY STATUS RESTARTS AGE kube-prom-stack-prometheus-node-exporter-htzw9 1/1 tempo-0 2/2 Running 4 (16h ago) 27h alertmanager-kube-prom-stack-kube-prome-alertmanager-0 2/2 kube-prom-stack-kube-prome-operator-cbf896985-fb5fc 1/1 kube-prom-stack-kube-state-metrics-57c8c84df6-hflgj 1/1 kube-prom-stack-grafana-74d8979894-sjv77 3/3 prometheus-kube-prom-stack-kube-prome-prometheus-0 2/2 loki-0 1/1 loki-promtail-sg8bv 1/1 Running You will get a Grafana configured with a Prometheus data source and other data sources as well. ...

March 29, 2023 · 2 min · Denis Nuțiu

Exec as root user in Kubernetes

Hi 👋, In this short tutorial I will show you a way of getting a root shell in containers running inside a modern Kubernetes cluster. Prerequisites: Root access to the cluster node in which the container is running. Problem Statement We wan’t root access into a running container, exec gives us non-root user. 1 2 3 4 5 6 7 8 9 10 ➜ Downloads k get pods NAME READY STATUS RESTARTS AGE my-release-cassandra-0 1/1 Running 0 2m9s ➜ Downloads k exec -it pod/my-release-cassandra-0 -- /bin/bash I have no name!@my-release-cassandra-0:/$ whoami whoami: cannot find name for user ID 1001 I have no name!@my-release-cassandra-0:/$ touch test touch: cannot touch 'test': Permission denied I have no name!@my-release-cassandra-0:/$ Solution To obtain root access. First grab the Container ID from inside the pod. ...

November 19, 2022 · 2 min · Denis Nuțiu

Container log monitoring on Microk8s with Loki, Grafana and Promtail

Hi 👋 This is a short tutorial describing how to monitor your Kubernetes cluster container logs using Loki stack. But why? Because it is easier to view, filter your logs in Grafana and to store them persistently in Loki rather than viewing them in a terminal. Let’s get started! Assuming you already have Microk8s installed, enable the following addons: You can enable an add-on by running microk8s enable. Ex: microk8s enable dns ...

February 17, 2022 · 3 min · Denis Nuțiu

Kubernetes service account for pod

Hi 🙋‍♂️, In this article I will talk about how to authenticate your applications to the Kubernetes API via the service accounts feature. Citing the Kubernetes docs, a service account for a pod: “provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).” 💡 ...

June 5, 2021 · 4 min · Denis Nuțiu