Ops
Search…
Kubernetes

Security Warning

Running unikernels under kubernetes diminishes some of their security benefits.

Pre-requisites

You need access to hardware virtualization. That means a real computer or nested virtualization but nested virtualization is not recommended. It's unclear if these instructions would work on AWS "metal" instances yet as that has not been tried.

Installing K8s / Initial Setup

Install KubeCtl:
1
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
2
chmod +x ./kubectl
3
mv kubectl /usr/local/bin/.
4
sudo mv kubectl /usr/local/bin/.
5
kubectl version --client
Copied!
Install Minikube:
1
curl -Lo minikube
2
https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
3
&& chmod +x minikube
4
minikube start --vm-driver=kvm2
Copied!
Install KVM tooling:
1
sudo apt-get install libvirt-daemon-system libvirt-clients bridge-utils
Copied!
Ensure you are setup for KVM via libvirt and have associated permissions:
1
virt-host-validate
Copied!
1
groups
Copied!
Install KubeVirt:
1
export KUBEVIRT_VERSION=$(curl -s
2
https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name
3
| grep -v -- - | sort -V | tail -1 | awk -F':' '{print $2}' | sed
4
's/,//' | xargs)
5
echo $KUBEVIRT_VERSION
6
7
kubectl create -f
8
https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml
Copied!
Create a Resource:
1
kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-cr.yaml
Copied!
Install Virtctl:
1
curl -L -o virtctl \
2
https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/virtctl-${KUBEVIRT_VERSION}-linux-amd64
3
chmod +x virtctl
Copied!
Import CDI:
1
wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/storage-setup.yml
2
kubectl create -f storage-setup.yml
3
export VERSION=$(curl -s https://github.com/kubevirt/containerized-data-importer/releases/latest | grep -o "v[0-9]\.[0-9]*\.[0-9]*")
4
kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-operator.yaml
5
kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-cr.yaml
6
kubectl get pods -n cdi
Copied!

Building / Deploying

If you have the base kubernetes installation up and running you can move on to the final part.
You need to compress the disk image in question to xz format.
1
cp .ops/images/goweb.img .
2
xz goweb.img
Copied!
Now you need to upload that to a url for k8s to import.
Download a sample PVC template:
1
wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/pvc_fedora.yml
Copied!
Edit the line to point to your xz'd image:
1
cdi.kubevirt.io/storage.import.endpoint: "https://storage.googleapis.com/totally-insecure/goweb.img.xz"
Copied!
Import:
1
kubectl create -f pvc_fedora.yml
2
kubectl get pvc fedora -o yaml
Copied!
Create the Actual VM:
1
wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/vm1_pvc.yml
2
kubectl create -f vm1_pvc.yml
Copied!
If you minikube ssh you should now be able to hit up your instance.
Last modified 1yr ago