Kubernetes

Security Warning

Running unikernels under kubernetes diminishes some of their security benefits.

Pre-requisites

You need access to hardware virtualization. That means a real computer or nested virtualization but nested virtualization is not recommended. It's unclear if these instructions would work on AWS "metal" instances yet as that has not been tried.

Installing K8s / Initial Setup

Install KubeCtl:

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv kubectl /usr/local/bin/.
sudo mv kubectl /usr/local/bin/.
kubectl version --client

Install Minikube:

curl -Lo minikube
https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
&& chmod +x minikube
minikube start --vm-driver=kvm2

Install KVM tooling:

sudo apt-get install libvirt-daemon-system libvirt-clients bridge-utils

Ensure you are setup for KVM via libvirt and have associated permissions:

virt-host-validate
groups

Install KubeVirt:

export KUBEVIRT_VERSION=$(curl -s
https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name
| grep -v -- - | sort -V | tail -1 | awk -F':' '{print $2}' | sed
's/,//' | xargs)
echo $KUBEVIRT_VERSION
‚Äč
kubectl create -f
https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml

Create a Resource:

kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-cr.yaml

Install Virtctl:

curl -L -o virtctl \
https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/virtctl-${KUBEVIRT_VERSION}-linux-amd64
chmod +x virtctl

Import CDI:

wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/storage-setup.yml
kubectl create -f storage-setup.yml
export VERSION=$(curl -s https://github.com/kubevirt/containerized-data-importer/releases/latest | grep -o "v[0-9]\.[0-9]*\.[0-9]*")
kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-operator.yaml
kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-cr.yaml
kubectl get pods -n cdi

Building / Deploying

If you have the base kubernetes installation up and running you can move on to the final part.

You need to compress the disk image in question to xz format.

cp .ops/images/goweb.img .
xz goweb.img

Now you need to upload that to a url for k8s to import.

Download a sample PVC template:

wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/pvc_fedora.yml

Edit the line to point to your xz'd image:

cdi.kubevirt.io/storage.import.endpoint: "https://storage.googleapis.com/totally-insecure/goweb.img.xz"

Import:

kubectl create -f pvc_fedora.yml
kubectl get pvc fedora -o yaml

Create the Actual VM:

wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/vm1_pvc.yml
kubectl create -f vm1_pvc.yml

If you minikube ssh you should now be able to hit up your instance.