Is microk8s suitable for production environments, or is it just for development?

Question

microk8s appears to be an easy way to install Kubernetes on Ubuntu. Several places refer to it as an alternative to minikube, which is not aimed at production environments, and this post seems to indicate that it's mostly aimed at development environments. However, I don't see a reason why it's not suitable for production environments.

I have two Ubuntu servers and want to install Kubernetes on each while maintaining the legacy applications that also run on these servers. I'm wondering if microk8s is a good choice for this scenario.

They make it pretty obvious that it's for development, and not for production. I'm not sure how it's confusing. But others will probably also be confused, so perhaps they should reword something to make it even more clear. — Michael Hampton, Nov 27 '18 at 17:03
Can you point me to where they make it obvious? The tagline is "Kubernetes in a snap that you can run locally." Am I supposed to infer that "locally" = "for development"? — Travis, Nov 27 '18 at 17:17
It's a wide variety of things all through the github description. — Michael Hampton, Nov 27 '18 at 17:19
While searching for something similar, I just happened across [a post](https://blog.ubuntu.com/2018/08/13/deploying-kubernetes-on-public-clouds-is-hard-or-is-it) where Ubuntu says microk8s is just for development (scroll down to the bottom). — Travis, Nov 27 '18 at 17:54

score 35 · Accepted Answer · answered Jan 09 '20 at 18:59

just to update to 2020 - This is from canonical:

What is MicroK8s? MicroK8s is a powerful, lightweight, reliable production-ready Kubernetes distribution. It is an enterprise grade Kubernetes distribution that has a small disk and memory footprint while offering production grade add-ons out-the-box such as Istio, Knative, Grafana, Cilium and more. Whether you are running a production environment or interested in exploring K8s, MicroK8s serves your needs.

So I think it's pretty clear.

https://ubuntu.com/blog/introduction-to-microk8s-part-1-2

score 28 · Answer 2 · answered Jul 11 '19 at 17:14

28

(full disclosure, I'm a product manager at Canonical, the creators of MicroK8s)

MicroK8s can be used for production. Of course, production requirements vary, so the real answer is "it depends".

If you have a production use case for MicroK8s but find it lacking a feature that is a must have, please let us know. You can do that by filing an issue in the github project - https://github.com/ubuntu/microk8s.

answered Jul 11 '19 at 17:14

Carmine Rimi

281
3
3

5

+1 I am going to take this as an offical statement and going to deploy our auxiliary products on this MicroK8s for production. – VibeeshanRC Aug 23 '19 at 06:43
I have struggled with Microk8s on VMWare Pro so far. Maybe that is just me :) – Thư Sinh Aug 19 '21 at 13:37

score 3 · Answer 3 · answered Feb 18 '21 at 09:09

MicroK8s is a certified Kubernetes distribution, Silver level and may be discovered in the full list here on Cloud Native Computing Foundation: https://www.cncf.io/certification/software-conformance/

I would consider production ready any Kubernetes distribution which is certified, but it totally depends on how you are going to use it.

roguesecurity · Answer 4 · 2022-04-25T13:59:16.360

Any production grade software should be "secure by default".

In case of production ready Kubernetes solutions (e.g. kubeadm), the default service account which is mounted to the pod does not have any privilege.

But as per the microk8s documentation

By default all authenticated requests are authorized as the api-server runs with --authorization-mode=AlwaysAllow.

It means, by default there is no authorization. This will allow any service account (including default) to invoke the kube-apiserver and perform privileged operations (e.g. creating and reading secrets in kube-system namespace). The default service account will have cluster admin privilege on the cluster since there is no RBAC. This is fine for the development environment, but it can be quite dangerous in production.

Suppose an application running inside a pod is vulnerable to issues like remote code execution. It will be possible to break out from the pod and compromise the complete cluster.

RBAC can be enabled using microk8s enable rbac.

Missing such settings might result in misconfigured cluster and several issues down the line. So it is recommended to use the production ready Kubernetes distribution (or in general any software).

So I guess, as long as we `enable rbac`, we are safe to use microk8s? — ch271828n, Apr 24 '22 at 10:25

score 2 · Answer 5 · answered Dec 14 '18 at 16:20

As mentioned in the comments, I eventually came across a couple of places where they say microk8s is only for development:

https://kubernetes.io/docs/setup/pick-right-solution/ - "microk8s provides a single command installation of the latest Kubernetes release on a local machine for development and testing."

https://blog.ubuntu.com/2018/08/13/deploying-kubernetes-on-public-clouds-is-hard-or-is-it - "If you develop software designed to run on Kubernetes, the microk8s snap provides the easiest way to get a fully conformant local Kubernetes up and running in under 30 seconds on your laptop or virtual machine for test and software development purposes."

I just read the one link that works, and there is no answer to the question why not for production. Production with Kubernetes implicitly means clustering and failover, so there is that, but otherwise, running on a single host would be just as production-ready as any docker cointainer running on a single host. — jon martin solaas, Jun 10 '19 at 21:29

Is microk8s suitable for production environments, or is it just for development?

5 Answers5

Linked