docs(cos-lite): revise juju and microk8s installation instructions#334
docs(cos-lite): revise juju and microk8s installation instructions#334iamsharduld wants to merge 1 commit intotrack/2from
Conversation
Updated installation instructions for Juju and MicroK8s to specify the use of strictly confined MicroK8s and added steps for installing jq Signed-off-by: Shardul Deshpande <iamsharduld@users.noreply.github.com>
|
@YanisaHS Hello, please review if possible :) I couldn't add you to list of reviewers for some reason! |
mmkay
left a comment
mmkay
left a comment
There was a problem hiding this comment.
A few notes from me, but I'd be curious to hear @MichaelThamm and @YanisaHS 's thoughts there too. I think the main question is whether we want to guide our users through setting up the prerequisites in the tutorials. What do you think on that?
|
|
||
| Follow the instructions there to install Juju and MicroK8s. | ||
| Juju 3.x is a strictly confined snap and can only bootstrap a **strictly confined** MicroK8s, so install | ||
| MicroK8s from a strict channel (not `--classic`). Strict channels follow the pattern |
There was a problem hiding this comment.
I don't know if that isn't going slightly too far away from observability itself. Is there a Juju documentation piece we could be referring to here?
There was a problem hiding this comment.
I tend to agree with Mateusz here.
We have turned the Prerequisites section into a tutorial on its own. I think we can get away with a small statement or note about using --classic and having jq installed and move on.
There was a problem hiding this comment.
On second review: the user can follow the links accordingly:
- https://documentation.ubuntu.com/observability/track-2/tutorial/installation/cos-lite-microk8s-sandbox/#getting-started-with-cos-lite-on-microk8s
- https://documentation.ubuntu.com/juju/3.6/howto/manage-your-deployment/
- https://documentation.ubuntu.com/juju/3.6/howto/manage-your-juju-deployment/set-up-your-juju-deployment/#set-up-your-deployment
- https://documentation.ubuntu.com/juju/3.6/reference/cloud/list-of-supported-clouds/#list-of-supported-clouds
- https://documentation.ubuntu.com/juju/3.6/reference/cloud/list-of-supported-clouds/the-microk8s-cloud-and-juju/#cloud-kubernetes-microk8s
- https://canonical.com/microk8s/docs/getting-started
@iamsharduld I think the latter doc is exactly what you were looking for? This explains:
sudo snap install microk8s --classic --channel=1.35
and
MicroK8s creates a group to enable seamless usage of commands which require admin privilege. To add your current user to the group and gain access to the .kube caching directory, run the following three commands:
sudo usermod -a -G microk8s $USER
mkdir -p ~/.kube
chmod 0700 ~/.kube
You will also need to re-enter the session for the group update to take place:
su - $USER
If your argument is that these instructions for groups is incorrect given that we should use snap_microk8s instead. Please raise an issue with the maintainers there:
| ``` | ||
|
|
||
| ```{note} | ||
| Strict MicroK8s uses the group `snap_microk8s` (older guides referencing the unprefixed `microk8s` |
There was a problem hiding this comment.
I think that as long as we have the right group, we don't necessarily need to explain that. IMO this explanation might fit the microk8s documentation more.
3 participants
Issue
Following the cos-lite tutorial as written from a fresh Ubuntu environment (e.g. a default Multipass VM) fails at two points:
juju bootstrap microk8serrors out withjuju "3.6.x" can only work with strictly confined microk8s. The tutorial defers to a "Typical setup using snaps" link that, in practice, leads users to install MicroK8s with--classic, which Juju 3.x cannot read the kubeconfig of.metallbenable step depends onjq, which is not preinstalled on Ubuntu.IPADDRends up empty andmicrok8s enable metallb:-fails with an unclear error.A smaller related issue: older guides tell users to add themselves to the
microk8sgroup, but strict MicroK8s createssnap_microk8sinstead, so the old instruction silently does nothing.Solution
Rewrite the Prerequisites section of the cos-lite tutorial to be explicit and copy-pastable instead of linking out:
<k8s-version>-strict/stablerather than pinning a version that goes stale.snap_microk8s, with a short note flagging the group name change for readers coming from older guides.jqup front so the metallb step works.Bundle deployment, overlays, Terraform, and the rest of the tutorial are unchanged.
Checklist
Context
Snap confinement is the underlying reason for the bootstrap failure. Strict snaps run in a sandboxed view of the filesystem and can only see paths granted via snap interfaces; classic snaps are unconfined. Juju 3.x ships strict, so it can only resolve a MicroK8s kubeconfig when MicroK8s is also strict and the relevant interfaces (
kubernetes-supportand credential content-sharing) are wired between them. There is no generic strict↔classic bridge, which is why the failure surfaces as a missing-file error rather than a permissions error.The
snap_microk8sgroup name follows the standard Canonical convention of prefixing system groups created by strict snaps withsnap_.References:
Testing Instructions
On a fresh Ubuntu environment (Multipass VM with 4 CPU / 8 GB RAM / 40 GB disk recommended):
snap info microk8s | grep strict/stablestep to pick a channel.juju bootstrap microk8ssucceeds without the strict-confinement error.IPADDRis non-empty andmicrok8s enable metallb:$IPADDR-$IPADDRsucceeds.juju deploy cos-lite --trustand wait forjuju statusto show all unitsactive/idle.juju run traefik/0 show-proxied-endpointsand confirm proxied URLs are returned.Upgrade Notes
Users with an existing classic MicroK8s installation must reinstall from a strict channel before the tutorial will work with Juju 3.x:
Any existing Juju controllers bootstrapped against the classic MicroK8s will need to be re-bootstrapped against the new strict installation. Workloads deployed under the old controller are not migrated automatically.