From 664d8be81f771546088c2a4212bdd7665cf65810 Mon Sep 17 00:00:00 2001 From: grok Date: Sun, 31 Aug 2025 23:14:11 +0200 Subject: [PATCH] Add complete MicroK8s cheatsheet with security notes --- microk8s-cheatsheet.md | 77 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 microk8s-cheatsheet.md diff --git a/microk8s-cheatsheet.md b/microk8s-cheatsheet.md new file mode 100644 index 0000000..fb032ff --- /dev/null +++ b/microk8s-cheatsheet.md @@ -0,0 +1,77 @@ +# MicroK8s Cheatsheet + +MicroK8s is a lightweight, single-package Kubernetes distribution developed by Canonical for development, IoT, and edge computing. It runs on Linux and is easy to install via snap. + +## Installation +- Install MicroK8s: `sudo snap install microk8s --classic` +- Add user to group: `sudo usermod -a -G microk8s $USER` (then relogin) +- Alias kubectl: `alias kubectl='microk8s kubectl'` +- Verify: `microk8s status` + +## Basic Operations +- Start MicroK8s: `microk8s start` +- Stop MicroK8s: `microk8s stop` +- Check status: `microk8s status --wait-ready` +- Reset cluster: `microk8s reset` (caution: deletes all data) + +## Add-ons +- List available add-ons: `microk8s status` +- Enable add-on: `microk8s enable ` (e.g., `dns`, `dashboard`, `registry`, `istio`, `storage`) +- Disable add-on: `microk8s disable ` +- Common add-ons: dns (required for pods), dashboard (Kubernetes Dashboard), helm3, ingress, metrics-server + +## Kubectl Commands +- Use `microk8s kubectl` for all kubectl commands +- Get nodes: `microk8s kubectl get nodes` +- Get pods: `microk8s kubectl get pods -A` +- Describe pod: `microk8s kubectl describe pod -n ` +- Logs: `microk8s kubectl logs -n ` +- Exec: `microk8s kubectl exec -it -n -- /bin/bash` +- Apply YAML: `microk8s kubectl apply -f ` +- Delete: `microk8s kubectl delete -f ` + +## Clustering +- Generate join token on master: `microk8s add-node` +- Join from worker: `microk8s join :/` +- Remove node: `microk8s remove-node ` +- Leave cluster: `microk8s leave` (on worker) + +## Dashboard Access +- Enable dashboard: `microk8s enable dashboard` +- Get token: `microk8s kubectl -n kube-system describe secret $(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)` +- Proxy: `microk8s dashboard-proxy` (access at https://127.0.0.1:10443) + +## Helm +- Enable Helm: `microk8s enable helm3` +- Alias: `alias helm='microk8s helm3'` +- Install chart: `microk8s helm3 install ` + +## Networking and Ingress +- Enable ingress: `microk8s enable ingress` +- Create ingress resource for services + +## Storage +- Enable storage: `microk8s enable storage` (provides hostpath storage class) + +## Troubleshooting +- Inspect: `microk8s inspect` +- Refresh certs: `microk8s refresh-certs` +- Debug pod issues: Check logs and describe + +## Security Best Practices +- Run with least privilege: Use snap's confinement. +- Enable RBAC if not default. +- Secure add-ons: Use HTTPS for dashboard, authenticate properly. +- Scan images: Integrate with tools like Trivy for vulnerability scanning. +- Network policies: Use Kubernetes network policies for isolation. +- Secrets management: Use Kubernetes secrets, avoid plaintext. + +## Advanced +- High availability: `microk8s enable ha-cluster` +- Upgrade: `sudo snap refresh microk8s --classic` +- Switch channel: `sudo snap switch microk8s --channel=1.28/stable` +- Export config: `microk8s kubectl config view --raw > kubeconfig.yaml` + +For more details, refer to official docs: https://microk8s.io/docs + +This cheatsheet is compiled from official MicroK8s documentation and community sources. \ No newline at end of file