The latest articles on DEV Community by kamlesh merugu (@kamlesh_merugu). https://dev.to/kamlesh_merugu https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3179646%2F3faeb929-1dc9-48bb-af7a-fd8fe863b2f8.jpg https://dev.to/kamlesh_merugu en kamlesh merugu Wed, 14 Jan 2026 23:06:38 +0000 https://dev.to/kamlesh_merugu/part-4-automated-backups-restore-procedures-4dp6 https://dev.to/kamlesh_merugu/part-4-automated-backups-restore-procedures-4dp6 <p>We will implement a <strong>robust, atomic backup strategy</strong> that protects your n8n workflows, credentials, Redis queues, and custom nodes.</p> <p><strong>Stack:</strong></p> <ul> <li> <strong>Target:</strong> PostgreSQL (n8n data), Redis (Queue state), N8N (Custom nodes &amp; config)</li> <li> <strong>Storage:</strong> Central Backup PVC (PG/Redis) + Direct Upload (N8N)</li> <li> <strong>Cloud:</strong> Mega.nz (Off-site with 15-day retention)</li> <li> <strong>Encryption:</strong> Optional GPG encryption</li> </ul> <h2> 📋 Overview </h2> <ol> <li> <strong>Architecture:</strong> Central Jobs (DB) + Direct Job (N8N).</li> <li> <strong>Atomic Staging:</strong> Jobs write to a <code>staging</code> folder first, then move to <code>ready</code> only when complete.</li> <li> <strong>Destination:</strong> All backups go to <code>k8s-backups</code> on Mega (N8N goes into <code>k8s-backups/n8n</code>).</li> <li> <strong>Encryption:</strong> Backups are encrypted before syncing to the cloud.</li> </ol> <h2> 🧩 Step 1: Prepare Secrets </h2> <p>We need secrets in <strong>BOTH</strong> <code>backup</code> and <code>prod</code> namespaces.</p> <h3> 1. Configure Rclone </h3> <p>On your local machine (or server), generate the config.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rclone config <span class="c"># Name: mega</span> <span class="c"># Type: mega</span> <span class="c"># Account: Enter your Mega email/pass</span> </code></pre> </div> <h3> 2. Create Rclone Secrets </h3> <p>Create the secret in both namespaces.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># In Prod (for N8N Backup)</span> kubectl create secret generic rclone-secret <span class="se">\</span> <span class="nt">--from-file</span><span class="o">=</span>rclone.conf<span class="o">=</span><span class="nv">$HOME</span>/.config/rclone/rclone.conf <span class="se">\</span> <span class="nt">-n</span> prod <span class="c"># In Backup (for Sync Job)</span> kubectl create secret generic rclone-secret <span class="se">\</span> <span class="nt">--from-file</span><span class="o">=</span>rclone.conf<span class="o">=</span><span class="nv">$HOME</span>/.config/rclone/rclone.conf <span class="se">\</span> <span class="nt">-n</span> backup </code></pre> </div> <h3> 3. Create Encryption Secret (Backup NS) </h3> <p>Generates a key to encrypt database dumps.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl rand <span class="nt">-base64</span> 32 <span class="o">&gt;</span> backup-passphrase.txt kubectl create secret generic backup-encryption-secret <span class="se">\</span> <span class="nt">--from-file</span><span class="o">=</span><span class="nv">passphrase</span><span class="o">=</span>backup-passphrase.txt <span class="se">\</span> <span class="nt">-n</span> backup <span class="c"># **Save this passphrase in a password manager!**</span> <span class="nb">rm </span>backup-passphrase.txt </code></pre> </div> <h3> 4. Copy Database Password </h3> <p>The database secret is in <code>prod</code>, but the backup job runs in <code>backup</code>. We copy it while stripping internal IDs to prevent conflicts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get secret postgres-secret <span class="nt">-n</span> prod <span class="nt">-o</span> yaml | <span class="se">\</span> <span class="nb">sed</span> <span class="nt">-e</span> <span class="s1">'s/namespace: prod/namespace: backup/'</span> <span class="se">\</span> <span class="nt">-e</span> <span class="s1">'/uid:/d'</span> <span class="se">\</span> <span class="nt">-e</span> <span class="s1">'/resourceVersion:/d'</span> <span class="se">\</span> <span class="nt">-e</span> <span class="s1">'/creationTimestamp:/d'</span> | <span class="se">\</span> kubectl apply <span class="nt">-f</span> - </code></pre> </div> <h2> 🧩 Step 2: Infrastructure </h2> <p><strong>File:</strong> <code>backups/01-infrastructure.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Namespace</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-pvc</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">backup</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ReadWriteOnce</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">30Gi</span> </code></pre> </div> <p><strong>Apply:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> backups/01-infrastructure.yaml </code></pre> </div> <h2> 🧩 Step 3: Job 1 — PostgreSQL Backup </h2> <p>Dumps to <code>staging</code>, encrypts, moves to <code>ready</code>.</p> <p><strong>File:</strong> <code>backups/02-postgres-backup.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres-backup</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">backup</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-client</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:17-alpine</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/bin/sh</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s">set -e</span> <span class="s">TIMESTAMP=$(date +%Y%m%d_%H%M%S)</span> <span class="s">STAGING_DIR="/backup/staging/postgres"</span> <span class="s">READY_DIR="/backup/ready/postgres"</span> <span class="s">mkdir -p $STAGING_DIR $READY_DIR</span> <span class="s">FILENAME="n8n_db_${TIMESTAMP}.dump"</span> <span class="s">STAGING_FILE="${STAGING_DIR}/${FILENAME}"</span> <span class="s">PGPASSWORD=$POSTGRES_PASSWORD pg_dump \</span> <span class="s">-h postgres.prod.svc.cluster.local -U n8n -d n8n \</span> <span class="s">-F c -b -f $STAGING_FILE</span> <span class="s">if [ ! -s $STAGING_FILE ]; then exit 1; fi</span> <span class="s"># Encrypt if key exists</span> <span class="s">if [ -f /etc/backup/passphrase ]; then</span> <span class="s">apk add --no-cache gnupg &gt; /dev/null 2&gt;&amp;1</span> <span class="s">cat $STAGING_FILE | gpg --batch --yes \</span> <span class="s">--passphrase-file /etc/backup/passphrase \</span> <span class="s">--symmetric --cipher-algo AES256 \</span> <span class="s">--output ${STAGING_FILE}.gpg</span> <span class="s">mv ${STAGING_FILE}.gpg ${READY_DIR}.gpg</span> <span class="s">rm $STAGING_FILE</span> <span class="s">else</span> <span class="s">mv $STAGING_FILE $READY_DIR</span> <span class="s">fi</span> <span class="s">find $READY_DIR -name "*.dump*" -mtime +7 -delete</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">POSTGRES_PASSWORD</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">password</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-storage</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/backup</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">encryption-key</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/backup</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-storage</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">backup-pvc</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">encryption-key</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">backup-encryption-secret</span> <span class="na">optional</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">OnFailure</span> </code></pre> </div> <p><strong>Apply:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> backups/02-postgres-backup.yaml </code></pre> </div> <h2> 🧩 Step 4: Job 2 — Redis Backup </h2> <p>Non-blocking backup (<code>BGSAVE</code>).</p> <p><strong>File:</strong> <code>backups/03-redis-backup.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">redis-backup</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">backup</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">redis-client</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:8.0-alpine</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/bin/sh</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s">set -e</span> <span class="s">TIMESTAMP=$(date +%Y%m%d_%H%M%S)</span> <span class="s">STAGING_DIR="/backup/staging/redis"</span> <span class="s">READY_DIR="/backup/ready/redis"</span> <span class="s">mkdir -p $STAGING_DIR $READY_DIR</span> <span class="s">redis-cli -h redis.prod.svc.cluster.local BGSAVE</span> <span class="s">LAST_SAVE=$(redis-cli -h redis.prod.svc.cluster.local LASTSAVE)</span> <span class="s">while [ "$(redis-cli -h redis.prod.svc.cluster.local LASTSAVE)" -le "$LAST_SAVE" ]; do sleep 2; done</span> <span class="s">redis-cli -h redis.prod.svc.cluster.local --rdb - &gt; ${STAGING_DIR}/redis_${TIMESTAMP}.rdb</span> <span class="s">if [ -s ${STAGING_DIR}/redis_${TIMESTAMP}.rdb ]; then</span> <span class="s">mv ${STAGING_DIR}/redis_${TIMESTAMP}.rdb ${READY_DIR}/</span> <span class="s">find $READY_DIR -name "*.rdb" -mtime +7 -delete</span> <span class="s">fi</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-storage</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/backup</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-storage</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">backup-pvc</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">OnFailure</span> </code></pre> </div> <p><strong>Apply:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> backups/03-redis-backup.yaml </code></pre> </div> <h2> 🧩 Step 5: Job 3 — N8N Backup (Direct Upload) </h2> <p>Runs in <code>prod</code>, uploads to <code>mega:k8s-backups/n8n</code>.</p> <p><strong>File:</strong> <code>backups/04-n8n-backup.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-backup</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">15</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-client</span> <span class="na">image</span><span class="pi">:</span> <span class="s">rclone/rclone:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/bin/sh</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s">set -e</span> <span class="s">TIMESTAMP=$(date +%Y%m%d_%H%M%S)</span> <span class="s"># Copy config to temp to prevent read-only errors</span> <span class="s">cat /config/rclone.conf &gt; /tmp/rclone.conf</span> <span class="s">STAGING_DIR="/tmp/staging/n8n"</span> <span class="s">READY_DIR="/tmp/ready/n8n"</span> <span class="s">mkdir -p $STAGING_DIR $READY_DIR</span> <span class="s">FILENAME="n8n_data_${TIMESTAMP}.tar.gz"</span> <span class="s">tar -czf ${STAGING_DIR}/${FILENAME} -C /n8n_data .</span> <span class="s">if [ -s ${STAGING_DIR}/${FILENAME} ]; then</span> <span class="s">mv ${STAGING_DIR}/${FILENAME} $READY_DIR</span> <span class="s">rclone copy $READY_DIR mega:k8s-backups/n8n \</span> <span class="s">--config=/tmp/rclone.conf</span> <span class="s">rclone delete mega:k8s-backups/n8n --min-age 15d \</span> <span class="s">--config=/tmp/rclone.conf</span> <span class="s">fi</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-pvc</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/n8n_data</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">rclone-config</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/config</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-pvc</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">n8n-pvc</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">rclone-config</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">rclone-secret</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">OnFailure</span> </code></pre> </div> <p><strong>Apply:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> backups/04-n8n-backup.yaml </code></pre> </div> <h2> 🧩 Step 6: Job 4 — Mega.nz Sync (Central) </h2> <p>Uploads <code>postgres</code> and <code>redis</code> from local PVC to <code>mega:k8s-backups</code>.</p> <p><strong>File:</strong> <code>backups/05-mega-sync.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mega-sync</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">backup</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">30</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">rclone-sync</span> <span class="na">image</span><span class="pi">:</span> <span class="s">rclone/rclone:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/bin/sh</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s"># Copy config to temp to prevent read-only errors</span> <span class="s">cat /secret/rclone.conf &gt; /tmp/rclone.conf</span> <span class="s">rclone sync /backup/ready mega:k8s-backups \</span> <span class="s">--config=/tmp/rclone.conf \</span> <span class="s">--transfers 4</span> <span class="s">rclone delete mega:k8s-backups --min-age 15d \</span> <span class="s">--config=/tmp/rclone.conf</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-storage</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/backup</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">rclone-secret</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/secret</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backup-storage</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">backup-pvc</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">rclone-secret</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">rclone-secret</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">OnFailure</span> </code></pre> </div> <p><strong>Apply:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> backups/05-mega-sync.yaml </code></pre> </div> <h2> 🧩 Step 7: Kubernetes Dashboard </h2> <h3> 1. Enable &amp; Expose Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>dashboard microk8s kubectl expose deployment kubernetes-dashboard <span class="nt">-n</span> kube-system <span class="se">\</span> <span class="nt">--name</span><span class="o">=</span>kubernetes-dashboard <span class="nt">--port</span><span class="o">=</span>443 <span class="nt">--target-port</span><span class="o">=</span>8443 </code></pre> </div> <h3> 2. Ingress (Valid SSL) </h3> <p>Access at <code>https://kube.kamleshmerugu.me</code>.</p> <p><strong>File:</strong> <code>k8s-stack/ingress/dashboard-ingress.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">dashboard-ingress</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">kube-system</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">cert-manager.io/cluster-issuer</span><span class="pi">:</span> <span class="s2">"</span><span class="s">letsencrypt-prod"</span> <span class="na">nginx.ingress.kubernetes.io/backend-protocol</span><span class="pi">:</span> <span class="s2">"</span><span class="s">HTTPS"</span> <span class="na">nginx.ingress.kubernetes.io/proxy-ssl-verify</span><span class="pi">:</span> <span class="s2">"</span><span class="s">false"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">public</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">kube.kamleshmerugu.me</span><span class="pi">]</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">dashboard-tls-secret</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">kube.kamleshmerugu.me</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">kubernetes-dashboard</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">443</span> </code></pre> </div> <p><strong>Apply:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> k8s-stack/ingress/dashboard-ingress.yaml </code></pre> </div> <h3> 3. Get Token </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s kubectl describe secret <span class="nt">-n</span> kube-system microk8s-dashboard-token </code></pre> </div> <h2> 🧩 Step 8: Verification </h2> <p>Test the jobs immediately.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Run backups</span> kubectl create job <span class="nt">--from</span><span class="o">=</span>cronjob/postgres-backup manual-pg <span class="nt">-n</span> backup kubectl create job <span class="nt">--from</span><span class="o">=</span>cronjob/redis-backup manual-redis <span class="nt">-n</span> backup kubectl create job <span class="nt">--from</span><span class="o">=</span>cronjob/n8n-backup manual-n8n <span class="nt">-n</span> prod kubectl create job <span class="nt">--from</span><span class="o">=</span>cronjob/mega-sync manual-sync <span class="nt">-n</span> backup <span class="c"># 2. Check Mega.nz</span> <span class="c"># You should see folder: k8s-backups</span> <span class="c"># Inside: postgres/, redis/, n8n/</span> </code></pre> </div> <h2> 🧩 Step 9: Restore Procedures </h2> <h3> Restore PostgreSQL </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Download</span> kubectl run pg-download <span class="nt">--image</span><span class="o">=</span>rclone/rclone:latest <span class="nt">--rm</span> <span class="nt">-it</span> <span class="nt">-n</span> backup <span class="nt">--restart</span><span class="o">=</span>Never <span class="se">\</span> <span class="nt">--overrides</span><span class="o">=</span><span class="s1">'{"spec":{"containers":[{"name":"d","image":"rclone/rclone:latest","command":["sh","-c","sleep 3600"],"volumeMounts":[{"name":"v","mountPath":"/b"},{"name":"c","mountPath":"/s","readOnly":true}]}],"volumes":[{"name":"v","persistentVolumeClaim":{"claimName":"backup-pvc"}},{"name":"c","secret":{"secretName":"rclone-secret"}}]}}'</span> <span class="nt">--</span> sh <span class="c"># Inside shell:</span> rclone copy mega:k8s-backups /b/ready <span class="nt">--config</span><span class="o">=</span>/s/rclone.conf <span class="nb">exit</span> <span class="c"># 2. Restore</span> kubectl run pg-restore <span class="nt">--image</span><span class="o">=</span>postgres:17-alpine <span class="nt">--rm</span> <span class="nt">-it</span> <span class="nt">-n</span> backup <span class="nt">--restart</span><span class="o">=</span>Never <span class="se">\</span> <span class="nt">--overrides</span><span class="o">=</span><span class="s1">'{"spec":{"containers":[{"name":"r","image":"postgres:17-alpine","command":["sh"],"env":[{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"name":"postgres-secret","namespace":"backup","key":"password"}}}],"volumeMounts":[{"name":"v","mountPath":"/d"}]}],"volumes":[{"name":"v","persistentVolumeClaim":{"claimName":"backup-pvc"}}]}}'</span> <span class="nt">--</span> sh <span class="c"># Inside shell:</span> gpg <span class="nt">--batch</span> <span class="nt">--passphrase</span> <span class="s2">"YOUR_PASS"</span> <span class="se">\</span> <span class="nt">--decrypt</span> /d/ready/postgres/n8n_db_DATE.dump.gpg <span class="se">\</span> <span class="nt">--output</span> /d/ready/restore.dump psql <span class="nt">-h</span> postgres.prod.svc.cluster.local <span class="nt">-U</span> n8n <span class="nt">-d</span> postgres <span class="nt">-c</span> <span class="s2">"DROP DATABASE n8n;"</span> psql <span class="nt">-h</span> postgres.prod.svc.cluster.local <span class="nt">-U</span> n8n <span class="nt">-d</span> postgres <span class="nt">-c</span> <span class="s2">"CREATE DATABASE n8n;"</span> pg_restore <span class="nt">-h</span> postgres.prod.svc.cluster.local <span class="nt">-U</span> n8n <span class="nt">-d</span> n8n /d/ready/restore.dump </code></pre> </div> <h3> Restore Redis </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Pull to local from backup PVC</span> kubectl run redis-helper <span class="nt">-n</span> backup <span class="nt">--image</span><span class="o">=</span>busybox <span class="nt">--rm</span> <span class="nt">-i</span> <span class="nt">--restart</span><span class="o">=</span>Never <span class="nt">--</span> <span class="nb">cat</span> /backup/ready/redis/redis_DATE.rdb <span class="o">&gt;</span> /tmp/redis.rdb <span class="c"># 2. Push to Redis Pod</span> <span class="nv">REDIS_POD</span><span class="o">=</span><span class="si">$(</span>kubectl get pod <span class="nt">-n</span> prod <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span>redis <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[0].metadata.name}'</span><span class="si">)</span> kubectl <span class="nb">cp</span> /tmp/redis.rdb <span class="k">${</span><span class="nv">REDIS_POD</span><span class="k">}</span>:/data/dump.rdb <span class="nt">-n</span> prod <span class="c"># 3. Restart</span> kubectl delete pod <span class="nt">-n</span> prod <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span>redis </code></pre> </div> <h3> Restore N8N </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl run n8n-restore <span class="nt">--image</span><span class="o">=</span>rclone/rclone:latest <span class="nt">--rm</span> <span class="nt">-it</span> <span class="nt">-n</span> prod <span class="nt">--restart</span><span class="o">=</span>Never <span class="se">\</span> <span class="nt">--overrides</span><span class="o">=</span><span class="s1">'{"spec":{"containers":[{"name":"r","image":"rclone/rclone:latest","command":["sh","-c","sleep 3600"],"volumeMounts":[{"name":"n","mountPath":"/n8n_data"},{"name":"c","mountPath":"/s","readOnly":true}]}],"volumes":[{"name":"n","persistentVolumeClaim":{"claimName":"n8n-pvc"}},{"name":"c","secret":{"secretName":"rclone-secret"}}]}}'</span> <span class="nt">--</span> sh <span class="c"># Inside shell:</span> rclone copy mega:k8s-backups/n8n /tmp/r <span class="nt">--config</span><span class="o">=</span>/s/rclone.conf <span class="nb">tar</span> <span class="nt">-xzf</span> /tmp/r/n8n_data_DATE.tar.gz <span class="nt">-C</span> /tmp/r <span class="nb">mv</span> /n8n_data/.n8n /n8n_data/.n8n_old <span class="nb">cp</span> <span class="nt">-r</span> /tmp/r/.n8n /n8n_data/ <span class="nb">exit </span>kubectl delete pod <span class="nt">-n</span> prod <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span>n8n </code></pre> </div> <h2> 🎉 Checklist </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Strategy</th> </tr> </thead> <tbody> <tr> <td><strong>Postgres</strong></td> <td>Staging -&gt; Encrypt -&gt; Ready -&gt; Sync</td> </tr> <tr> <td><strong>Redis</strong></td> <td>BGSAVE -&gt; Ready -&gt; Sync</td> </tr> <tr> <td><strong>N8N</strong></td> <td>Direct Upload to <code>k8s-backups/n8n</code> </td> </tr> <tr> <td><strong>Retention</strong></td> <td>7 Days Local, 15 Days Cloud</td> </tr> <tr> <td><strong>Dashboard</strong></td> <td>Accessible at <code>https://kube.kamleshmerugu.me</code> </td> </tr> </tbody> </table></div> <p><strong>You now have a bulletproof, production-ready backup system that is Simple, Modular, and RBAC-Free!</strong> 🛡️</p> backup kubernetes container kamlesh merugu Tue, 13 Jan 2026 14:23:58 +0000 https://dev.to/kamlesh_merugu/part-3-production-namespace-app-deployment-backups-restore-step-by-step-guide-2ff5 https://dev.to/kamlesh_merugu/part-3-production-namespace-app-deployment-backups-restore-step-by-step-guide-2ff5 <p>In this part, we move from a basic MicroK8s cluster to a <strong>real production stack</strong> with:</p> <ul> <li>PostgreSQL database</li> <li>Redis cache</li> <li>n8n workflow automation</li> <li>HTTPS using Let’s Encrypt</li> <li>Kubernetes Dashboard on its own domain</li> </ul> <p>All deployed using <strong>proper namespaces and ingress rules</strong>.</p> <h2> ✅ Prerequisites </h2> <p>From previous parts, you must already have:</p> <ul> <li>✅ MicroK8s installed and running</li> <li>✅ <code>kubectl</code> alias working</li> <li>✅ DNS records created:</li> </ul> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Domain</th> <th>Points To</th> </tr> </thead> <tbody> <tr> <td><code>n8n.domain.com</code></td> <td>Your server public IP</td> </tr> <tr> <td><code>kube.domain.com</code></td> <td>Your server public IP</td> </tr> </tbody> </table></div> <h2> 🔌 Step 1 — Enable Required MicroK8s Add-ons </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>dns storage ingress cert-manager dashboard metrics-server </code></pre> </div> <p>Wait for everything:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-A</span> </code></pre> </div> <p>All pods should be <strong>Running</strong>.</p> <h2> 🧱 Step 2 — Project Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> k8s-project/<span class="o">{</span>03-postgres,04-redis,05-n8n,07-ingress<span class="o">}</span> <span class="nb">cd </span>k8s-project </code></pre> </div> <h2> 🧩 Step 3 — Create Production Namespace </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create namespace prod </code></pre> </div> <h2> 🔐 Step 4 — Create Secrets </h2> <h3> PostgreSQL Password </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create secret generic postgres-secret <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">password</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 24<span class="si">)</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-n</span> prod </code></pre> </div> <h3> n8n Encryption Key </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create secret generic n8n-secret <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>encryption-key<span class="o">=</span><span class="s2">"</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 32<span class="si">)</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-n</span> prod </code></pre> </div> <h2> 🐘 Step 5 — Deploy PostgreSQL </h2> <p>📁 <code>03-postgres/postgres.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres-pvc</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">ReadWriteOnce</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">10Gi</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">POSTGRES_DB</span> <span class="na">value</span><span class="pi">:</span> <span class="s">n8n</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">POSTGRES_USER</span> <span class="na">value</span><span class="pi">:</span> <span class="s">n8n</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">POSTGRES_PASSWORD</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">password</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">5432</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/var/lib/postgresql/data</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">postgres-pvc</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">5432</span> </code></pre> </div> <p>Apply:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> 03-postgres/postgres.yaml </code></pre> </div> <h2> 🔴 Step 6 — Deploy Redis </h2> <p>📁 <code>04-redis/redis.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7-alpine</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">6379</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">6379</span> </code></pre> </div> <p>Apply:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> 04-redis/redis.yaml </code></pre> </div> <h2> 🔁 Step 7 — Deploy n8n </h2> <p>📁 <code>05-n8n/n8n.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-pvc</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">ReadWriteOnce</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">5Gi</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">image</span><span class="pi">:</span> <span class="s">n8nio/n8n:latest</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_TYPE</span> <span class="na">value</span><span class="pi">:</span> <span class="s">postgresdb</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_POSTGRESDB_HOST</span> <span class="na">value</span><span class="pi">:</span> <span class="s">postgres</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_POSTGRESDB_DATABASE</span> <span class="na">value</span><span class="pi">:</span> <span class="s">n8n</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_POSTGRESDB_USER</span> <span class="na">value</span><span class="pi">:</span> <span class="s">n8n</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_POSTGRESDB_PASSWORD</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">password</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">N8N_ENCRYPTION_KEY</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">encryption-key</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">N8N_HOST</span> <span class="na">value</span><span class="pi">:</span> <span class="s">n8n.domain.com</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">N8N_PROTOCOL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">https</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">WEBHOOK_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">https://n8n.domain.com/</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">5678</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/home/node/.n8n</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">n8n-pvc</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">5678</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">5678</span> </code></pre> </div> <p>Apply:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> 05-n8n/n8n.yaml </code></pre> </div> <h2> 🔐 Step 8 — Create Let’s Encrypt Issuer </h2> <p>📁 <code>07-ingress/issuer.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">cert-manager.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterIssuer</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">acme</span><span class="pi">:</span> <span class="na">email</span><span class="pi">:</span> <span class="s">your-email@domain.com</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://acme-v02.api.letsencrypt.org/directory</span> <span class="na">privateKeySecretRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">solvers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">http01</span><span class="pi">:</span> <span class="na">ingress</span><span class="pi">:</span> <span class="na">class</span><span class="pi">:</span> <span class="s">public</span> </code></pre> </div> <p>Apply:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> 07-ingress/issuer.yaml </code></pre> </div> <h2> 🌍 Step 9 — Ingress for n8n </h2> <p>📁 <code>07-ingress/n8n-ingress.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n-ingress</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">cert-manager.io/cluster-issuer</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">public</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">n8n.domain.com</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">5678</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">n8n.domain.com</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">n8n-tls</span> </code></pre> </div> <p>Apply:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> 07-ingress/n8n-ingress.yaml </code></pre> </div> <h2> 📊 Step 10 — Ingress for Kubernetes Dashboard </h2> <p>📁 <code>07-ingress/dashboard-ingress.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">dashboard-ingress</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">kube-system</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">cert-manager.io/cluster-issuer</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">nginx.ingress.kubernetes.io/backend-protocol</span><span class="pi">:</span> <span class="s2">"</span><span class="s">HTTPS"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">public</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">kube.domain.com</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">kubernetes-dashboard</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">443</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">kube.domain.com</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">kube-dashboard-tls</span> </code></pre> </div> <p>Apply:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> 07-ingress/dashboard-ingress.yaml </code></pre> </div> <h2> ✅ Step 11 — Verify Everything </h2> <h3> Pods </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-A</span> </code></pre> </div> <h3> Certificates </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get certificate <span class="nt">-A</span> </code></pre> </div> <h3> Services </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc <span class="nt">-n</span> prod kubectl get svc <span class="nt">-n</span> kube-system | <span class="nb">grep </span>dashboard </code></pre> </div> <h2> 🎉 Result </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>URL</th> <th>What You Get</th> </tr> </thead> <tbody> <tr> <td><a href="https://n8n.domain.com" rel="noopener noreferrer">https://n8n.domain.com</a></td> <td>n8n UI</td> </tr> <tr> <td><a href="https://kube.domain.com" rel="noopener noreferrer">https://kube.domain.com</a></td> <td>Kubernetes Dashboard</td> </tr> </tbody> </table></div> <h2> 🔜 Coming Next </h2> <h4> 👉 Part 4 — Centralized Secrets with Doppler + External Secrets Operator </h4> <h4> 👉 Part 5 — Observability (Prometheus, Grafana, Loki) </h4> <h4> 👉 Part 6 — Automated Backups &amp; Disaster Recovery (Velero + DB dumps) </h4> containers kubernetes kamlesh merugu Tue, 13 Jan 2026 12:39:52 +0000 https://dev.to/kamlesh_merugu/installing-microk8s-on-ubuntu-2404-a-lightweight-kubernetes-setup-guide-d1n https://dev.to/kamlesh_merugu/installing-microk8s-on-ubuntu-2404-a-lightweight-kubernetes-setup-guide-d1n <p>This guide sets up a <strong>secure, production-grade MicroK8s Kubernetes cluster</strong> on Debian 12, ready for deploying:</p> <ul> <li>n8n workflows</li> <li>Postgres &amp; Redis</li> <li>Observabilit y stack (Prometheus, Grafana, Loki)</li> <li>Centralized secrets (Doppler, in Part 2)</li> </ul> <blockquote> <p>⚠️ Follow every step carefully—skipping steps can break the cluster.</p> </blockquote> <h2> ✅ Supported Systems </h2> <ul> <li>Debian 12 (Bookworm) LTS</li> <li>VPS, VM, or bare-metal</li> <li>Minimum: 2 vCPU, 4 GB RAM</li> </ul> <h2> 🔧 Step 1 — Update &amp; Prepare the Server </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt full-upgrade <span class="nt">-y</span> <span class="nb">sudo </span>reboot </code></pre> </div> <p>Reconnect after reboot. Install essential tools:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> <span class="se">\</span> curl wget git vim htop neofetch <span class="se">\</span> apt-transport-https ca-certificates gnupg lsb-release </code></pre> </div> <blockquote> <p>✅ System updated and ready for Kubernetes.</p> </blockquote> <h2> 👤 Step 2 — Create a Deployment User (Optional but Recommended) </h2> <blockquote> <p>Kubernetes should <strong>never run as root</strong>.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>adduser deploy <span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="nb">sudo </span>deploy <span class="nb">echo</span> <span class="s2">"deploy ALL=(ALL) NOPASSWD: ALL"</span> | <span class="nb">sudo tee</span> /etc/sudoers.d/deploy <span class="nb">sudo chmod </span>440 /etc/sudoers.d/deploy su - deploy </code></pre> </div> <h2> 🔁 Step 3 — Disable Swap </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>swapoff <span class="nt">-a</span> <span class="nb">sudo sed</span> <span class="nt">-i</span> <span class="s1">'/\sswap\s/s/^/#/'</span> /etc/fstab free <span class="nt">-h</span> </code></pre> </div> <blockquote> <p>Swap should show <code>0B</code>.</p> </blockquote> <h2> 🌐 Step 4 — Kernel Modules &amp; Networking </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo tee</span> /etc/modules-load.d/k8s.conf <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> br_netfilter </span><span class="no">EOF </span><span class="nb">sudo </span>modprobe br_netfilter <span class="nb">sudo tee</span> /etc/sysctl.d/99-k8s.conf <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 </span><span class="no">EOF </span><span class="nb">sudo </span>sysctl <span class="nt">--system</span> sysctl net.ipv4.ip_forward </code></pre> </div> <h2> 📦 Step 5 — Install snapd </h2> <p>MicroK8s is distributed as a Snap package.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> snapd <span class="nb">sudo </span>systemctl <span class="nb">enable</span> <span class="nt">--now</span> snapd <span class="nb">sudo </span>systemctl <span class="nb">enable</span> <span class="nt">--now</span> snapd.socket </code></pre> </div> <p>Verify snap:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>snap version </code></pre> </div> <h2> 🚀 Step 6 — Install Latest MicroK8s </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>snap <span class="nb">install </span>microk8s <span class="nt">--classic</span> </code></pre> </div> <blockquote> <p>Adjust the channel to the desired stable version.</p> </blockquote> <h2> 🧠 Step 7 — Add Deploy User to MicroK8s Group </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>usermod <span class="nt">-aG</span> microk8s <span class="nv">$USER</span> <span class="nb">sudo chown</span> <span class="nt">-f</span> <span class="nt">-R</span> <span class="nv">$USER</span> ~/.kube </code></pre> </div> <blockquote> <p><strong>Important:</strong> Log out and back in, or use:<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>newgrp microk8s </code></pre> </div> <h2> 🔹 Step 8 — Enable Core Addons </h2> <p>MicroK8s includes essential production addons:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s status <span class="nt">--wait-ready</span> microk8s <span class="nb">enable </span>dns storage ingress metrics-server </code></pre> </div> <blockquote> <ul> <li> <code>dns</code> — service discovery</li> <li> <code>storage</code> — dynamic persistent volumes</li> <li> <code>ingress</code> — NGINX ingress controller</li> <li> <code>metrics-server</code> — node &amp; pod metrics</li> </ul> </blockquote> <h2> 🧰 Step 9 — Setup kubectl for Deploy User </h2> <p>MicroK8s ships its own kubectl. To avoid typing <code>microk8s.kubectl</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>snap <span class="nb">alias </span>microk8s.kubectl kubectl </code></pre> </div> <p>Optional: export kubeconfig for scripts/CI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="nv">$HOME</span>/.kube microk8s config <span class="o">&gt;</span> <span class="nv">$HOME</span>/.kube/config <span class="nb">chmod </span>600 <span class="nv">$HOME</span>/.kube/config <span class="nb">export </span><span class="nv">KUBECONFIG</span><span class="o">=</span><span class="nv">$HOME</span>/.kube/config <span class="nb">echo</span> <span class="s1">'export KUBECONFIG=$HOME/.kube/config'</span> <span class="o">&gt;&gt;</span> ~/.bashrc <span class="nb">source</span> ~/.bashrc </code></pre> </div> <h2> 🌍 Step 10 — Optional: Remote kubectl Access </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s config <span class="o">&gt;</span> kubeconfig.yaml scp kubeconfig.yaml user@localmachine:~/.kube/config </code></pre> </div> <blockquote> <p>Adjust <code>server:</code> IP if needed for external access.</p> </blockquote> <h2> ➕ Step 11 — Add Worker Nodes (Optional) </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s add-node </code></pre> </div> <p>Follow instructions on worker nodes. Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get nodes </code></pre> </div> <h2> 🔎 Step 12 — Verify Cluster Health </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s status <span class="nt">--wait-ready</span> kubectl get nodes kubectl get pods <span class="nt">-A</span> kubectl cluster-info </code></pre> </div> <p>All <code>kube-system</code> pods should be <strong>Running</strong>.</p> <h2> ✅ What You’ve Achieved </h2> <ul> <li>MicroK8s installed via Snap on Debian 12</li> <li>Deploy user configured with group membership</li> <li>Kernel &amp; networking configured for Kubernetes</li> <li>Swap disabled, core addons enabled</li> <li> <code>kubectl</code> working for non-root deploy user</li> <li>Ready for <strong>n8n, Postgres, Redis, observability, and secrets</strong> </li> </ul> <h2> 🚀 Next Steps (Part 2) </h2> <ul> <li>Setup <strong>centralized secrets with Doppler</strong> </li> <li>Install <strong>External Secrets Operator</strong> </li> <li>Prepare namespaces &amp; secret sync for workloads</li> </ul> kubernetes container programming ai kamlesh merugu Tue, 13 Jan 2026 11:54:57 +0000 https://dev.to/kamlesh_merugu/prerequisites-basic-ubuntu-setup-creating-a-user-adding-sudo-access-setting-up-ssh-keys-38f8 https://dev.to/kamlesh_merugu/prerequisites-basic-ubuntu-setup-creating-a-user-adding-sudo-access-setting-up-ssh-keys-38f8 <p>MicroK8s is a powerful yet lightweight Kubernetes distribution perfect for:</p> <ul> <li>🚀 Developers testing Kubernetes locally</li> <li>🧪 CI/CD environments</li> <li>🏠 Homelabs</li> <li>🛠️ Edge and IoT systems</li> <li>🧩 Single-node or small clusters</li> </ul> <p>This configuration is ideal for running MicroK8s with multiple workloads, monitoring tools, and CI/CD pipelines.</p> <h2> 📋 What You'll Learn </h2> <p>In this guide, you will:</p> <ul> <li>✨ Install MicroK8s</li> <li>🔒 Configure user permissions</li> <li>🧰 Enable essential add-ons</li> <li>🧪 Verify the cluster is running</li> <li>🎉 Deploy a test application</li> <li>🔄 Ensure services autostart on boot</li> </ul> <h2> ❓ Why MicroK8s? </h2> <p>MicroK8s is:</p> <ul> <li> <strong>Lightweight</strong> 🪶 — Minimal resource footprint</li> <li> <strong>Easy to install</strong> ⚡ — One command setup</li> <li> <strong>Zero external dependencies</strong> 🎯 — Everything bundled</li> <li> <strong>Production-ready</strong> 🔥 — Enterprise-grade</li> <li> <strong>Beginner-friendly and pro-friendly</strong> 👨‍💻 — Great for learning and production</li> </ul> <p>It includes core Kubernetes components and plug-and-play add-ons like DNS, Ingress, Helm, and the Dashboard.</p> <h2> 📦 Install MicroK8s </h2> <h3> Update your system </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt upgrade <span class="nt">-y</span> </code></pre> </div> <h3> Install MicroK8s via Snap </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>snap <span class="nb">install </span>microk8s <span class="nt">--classic</span> </code></pre> </div> <p>This will take a few minutes. MicroK8s installs the latest stable Kubernetes release.</p> <h3> Verify installation </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>microk8s status <span class="nt">--wait-ready</span> </code></pre> </div> <p>Expected output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>microk8s is running high-availability: no datastore master nodes: 127.0.0.1:19001 datastore standby nodes: none </code></pre> </div> <p>🎉 Kubernetes is up and running!</p> <h2> 👥 Add Your User to the MicroK8s Group </h2> <p>MicroK8s creates its own Unix group to manage access. Add your user to avoid using <code>sudo</code> every time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> microk8s <span class="nv">$USER</span> </code></pre> </div> <p>Apply group changes immediately without logging out:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>newgrp microk8s </code></pre> </div> <p>Now you can run <code>microk8s</code> commands without <code>sudo</code>!</p> <h2> 💡 Pro Tip: Create a Kubectl Alias </h2> <p>Typing <code>microk8s kubectl</code> every time is tedious. Let's create an alias so you can just type <code>kubectl</code>.</p> <p>Add the alias to your bash configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s1">'alias kubectl="microk8s kubectl"'</span> <span class="o">&gt;&gt;</span> ~/.bashrc </code></pre> </div> <p>Apply the changes to your current session:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">source</span> ~/.bashrc </code></pre> </div> <p><strong>Test it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl version <span class="nt">--client</span> </code></pre> </div> <p><em>From this point forward, all commands in this guide will use <code>kubectl</code> for brevity, but remember it is running the MicroK8s version.</em></p> <h2> 🔧 Enable Essential Kubernetes Add-ons </h2> <h3> Recommended add-ons </h3> <p>Enable DNS for internal service discovery:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>dns </code></pre> </div> <p>Enable storage for persistent volumes (databases, file storage):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>storage </code></pre> </div> <p>Enable Ingress for external access (domain routing, SSL):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>ingress </code></pre> </div> <h3> Optional but useful add-ons </h3> <p>Enable Helm 3 package manager:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>helm3 </code></pre> </div> <p>Enable Kubernetes Dashboard (UI):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>dashboard </code></pre> </div> <p>Enable Metrics Server (for monitoring CPU/RAM usage):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s <span class="nb">enable </span>metrics-server </code></pre> </div> <h3> Check status </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s status </code></pre> </div> <p>You should see all enabled add-ons listed as active.</p> <h2> 🧪 Test Your Kubernetes Cluster </h2> <h3> Check node status </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get nodes </code></pre> </div> <p>Expected output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAME STATUS ROLES AGE VERSION hostname Ready &lt;none&gt; 5m v1.31.3 </code></pre> </div> <p><strong>STATUS</strong> should be <strong>Ready</strong> ✅</p> <h3> Check system pods </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">--all-namespaces</span> </code></pre> </div> <p>All components should show <strong>Running</strong> or <strong>Completed</strong> status:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-node-xxxxx 1/1 Running 0 5m kube-system coredns-xxxxx 1/1 Running 0 4m ingress nginx-ingress-microk8s-controller-xxxxx 1/1 Running 0 3m </code></pre> </div> <p>If everything shows <strong>Running</strong>, your cluster is healthy! 🎉</p> <h2> 🐳 Deploy a Test NGINX App </h2> <p>Let's deploy a simple NGINX workload to verify everything works end-to-end:</p> <h3> Create deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create deployment nginx <span class="nt">--image</span><span class="o">=</span>nginx </code></pre> </div> <h3> Expose the deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl expose deployment nginx <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--type</span><span class="o">=</span>NodePort </code></pre> </div> <h3> Get service details </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc nginx </code></pre> </div> <p>You'll see output like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx NodePort 10.152.183.45 &lt;none&gt; 80:31234/TCP 10s </code></pre> </div> <p>Note the <strong>NodePort</strong> (e.g., <code>31234</code>).</p> <h3> Access the application </h3> <p>Open your browser and visit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://your-server-ip:31234 </code></pre> </div> <p>If you see the <strong>NGINX welcome page</strong> → 🎉 Your Kubernetes cluster is working perfectly!</p> <h2> 🔄 Ensuring MicroK8s Auto-Starts on Boot </h2> <p>Since MicroK8s is installed via Snap, <strong>systemctl cannot be used directly</strong>. Snap manages startup behavior automatically, but let's verify and ensure it's active.</p> <h3> ✔️ Step 1: Check Service Status </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>snap services microk8s </code></pre> </div> <p>You should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Service Startup microk8s.daemon-apiserver enabled microk8s.daemon-containerd enabled ... </code></pre> </div> <p>If all services show <strong>Startup: enabled</strong>, MicroK8s is set to autostart ✅</p> <h3> ✔️ Step 2: Enable Autostart (If Needed) </h3> <p>If services show <code>disabled</code>, simply run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>snap start <span class="nt">--enable</span> microk8s </code></pre> </div> <p>This enables the entire application service and its internal daemons.</p> <h3> ✔️ Step 3: Reboot &amp; Validate </h3> <p>Reboot the server to test autostart:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>reboot </code></pre> </div> <p>After logging back in, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>microk8s status <span class="nt">--wait-ready</span> </code></pre> </div> <p>If you see <code>microk8s is running</code>, then autostart is confirmed! 🎉</p> <h3> Verify your NGINX app survived the reboot </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods </code></pre> </div> <p>Your nginx pod should be running.</p> <h2> 💾 Resource Usage Check </h2> <p>Check how much of your 8GB RAM MicroK8s is using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>free <span class="nt">-h</span> </code></pre> </div> <p>Check disk usage (out of 120GB):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">df</span> <span class="nt">-h</span> </code></pre> </div> <p>MicroK8s typically uses:</p> <ul> <li> <strong>~500MB-1GB RAM</strong> at idle</li> <li> <strong>~2-3GB storage</strong> for base installation</li> </ul> <p>This leaves plenty of resources for your workloads! 🚀</p> <h2> 🛠️ Troubleshooting Tools </h2> <h3> Check cluster health (Generates a report) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>microk8s inspect </code></pre> </div> <h3> Restart MicroK8s </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>microk8s stop <span class="nb">sudo </span>microk8s start </code></pre> </div> <h3> Check specific logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check kubelet logs</span> journalctl <span class="nt">-u</span> snap.microk8s.daemon-kubelet <span class="nt">-f</span> <span class="c"># Check API server logs</span> journalctl <span class="nt">-u</span> snap.microk8s.daemon-apiserver <span class="nt">-f</span> </code></pre> </div> <h2> 📋 Summary Checklist </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Step</th> <th>Purpose</th> <th>Status</th> </tr> </thead> <tbody> <tr> <td>✅ Install MicroK8s</td> <td>Kubernetes runtime</td> <td>Done</td> </tr> <tr> <td>✅ Add user to group</td> <td>Non-root access</td> <td>Done</td> </tr> <tr> <td>✅ Set up kubectl alias</td> <td>Simplify commands</td> <td>Done</td> </tr> <tr> <td>✅ Enable add-ons</td> <td>DNS, storage, ingress</td> <td>Done</td> </tr> <tr> <td>✅ Test with kubectl</td> <td>Validate cluster</td> <td>Done</td> </tr> <tr> <td>✅ Deploy NGINX</td> <td>Confirm workload scheduling</td> <td>Done</td> </tr> <tr> <td>✅ Enable autostart</td> <td>Ensure services start on boot</td> <td>Done</td> </tr> </tbody> </table></div> <h2> 🧹 Clean Up Test Deployment (Optional) </h2> <p>Once you've verified everything works, you can remove the test NGINX deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl delete deployment nginx kubectl delete service nginx </code></pre> </div> <h2> 🎯 Final Thoughts </h2> <p>Congratulations! 🎉 Your <strong>4-core, 8GB RAM, 120GB Ubuntu server</strong> is now running a fully functional MicroK8s cluster!</p> <p>You have a robust foundation ready for production workloads.</p> <h2> 🔙 Previous Guide </h2> <p>👈 <strong><a href="https://dev.to/kamlesh_merugu/installing-microk8s-on-ubuntu-2404-a-lightweight-kubernetes-setup-guide-d1n">Back to Part 1: Prerequisites &amp; Basic Ubuntu Setup</a></strong></p> <h2> 🔜 What's Next? </h2> <p><strong>Ready to deploy production applications?</strong> 🚀</p> <p>👉 <strong><a href="https://dev.to/kamlesh_merugu/part-3-production-namespace-app-deployment-backups-restore-step-by-step-guide-2ff5">Continue to Part 3: Production Namespace, App Deployment &amp; Configuration</a></strong></p> <p>In Part 3, you'll learn how to:</p> <ul> <li>🏗️ Create production namespaces for workload isolation</li> <li>🚀 Deploy PostgreSQL and n8n with proper configurations</li> <li>📦 Set up Persistent Volume Claims for databases</li> <li>🔐 Secure sensitive data using Kubernetes Secrets</li> </ul> beginners kubernetes tutorial ubuntu kamlesh merugu Tue, 13 Jan 2026 11:21:01 +0000 https://dev.to/kamlesh_merugu/install-k3s-on-debian-1112-3ppo https://dev.to/kamlesh_merugu/install-k3s-on-debian-1112-3ppo <h2> 📌 Project Overview </h2> <p>This project sets up a <strong>production-ready MicroK8s Kubernetes environment</strong> for hosting:</p> <ul> <li> <strong>n8n</strong> — workflow automation platform</li> <li> <strong>Postgres</strong> — relational database for n8n</li> <li> <strong>Redis</strong> — cache &amp; queue backend for n8n</li> <li> <strong>Observability Stack</strong> — Prometheus + Grafana + Loki</li> <li> <strong>Centralized Secrets</strong> — Bitwarden (SaaS) as single source of truth</li> </ul> <blockquote> <p>Backup &amp; restore is included for all critical services to ensure disaster recovery.</p> </blockquote> <h2> 🔑 Project Goals </h2> <ol> <li><strong>Centralized Secrets Management</strong></li> </ol> <ul> <li>Secrets live in <strong>Bitwarden</strong> only.</li> <li>Auto-sync into Kubernetes via <strong>External Secrets Operator (ESO)</strong>.</li> </ul> <ol> <li><strong>Clean, Modular Deployment</strong></li> </ol> <ul> <li>Each service has its <strong>own namespace &amp; manifest/Helm structure</strong>.</li> <li>Independent lifecycle per service.</li> </ul> <ol> <li><strong>Observability &amp; Health Checks</strong></li> </ol> <ul> <li>Metrics for cluster nodes, Postgres, Redis, n8n workflows.</li> <li>Alerts &amp; dashboards via Grafana.</li> </ul> <ol> <li><strong>Production-Ready Infrastructure</strong></li> </ol> <ul> <li>Persistent storage (PV/PVC) for Postgres + Redis.</li> <li>Ingress with HTTPS (cert-manager / Let’s Encrypt).</li> <li>Scalable and maintainable architecture.</li> </ul> <ol> <li><strong>Backup &amp; Restore Strategy</strong></li> </ol> <ul> <li>Backup Postgres, Redis, and n8n workflows.</li> <li>Cluster-level snapshot for disaster recovery.</li> <li>Easy restore procedure for production incidents.</li> </ul> <h2> 🏛️ Architecture Diagram </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ┌─────────────────────────┐ │ MicroK8s Cluster │ │ (Namespaces &amp; PVs) │ └─────────┬──────────────-┘ │ ┌───────────────────────┼────────────────────────┐ │ │ │ ▼ ▼ ▼ ┌─────────┐ ┌─────────┐ ┌──────────┐ │ n8n │ │ Postgres│ │ Redis │ └─────────┘ └─────────┘ └──────────┘ │ │ │ └─────────────┬───────┴───────────────┬────────┘ ▼ ▼ ┌────────────┐ ┌────────────┐ │ Prometheus │ │ Grafana │ └────────────┘ └────────────┘ </code></pre> </div> <h2> 🛠️ Tech Stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Version / Tool</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>Kubernetes</td> <td>MicroK8s v1.28+</td> <td>Lightweight production-grade K8s</td> </tr> <tr> <td>Secrets</td> <td>Bitwarden SaaS</td> <td>Centralized secrets vault</td> </tr> <tr> <td>Secrets Sync</td> <td>External Secrets Operator</td> <td>Sync secrets from Bitwarden → K8s</td> </tr> <tr> <td>Database</td> <td>PostgreSQL</td> <td>Primary n8n DB</td> </tr> <tr> <td>Cache</td> <td>Redis</td> <td>Queue &amp; cache for n8n</td> </tr> <tr> <td>Workflow</td> <td>n8n</td> <td>Automation engine</td> </tr> <tr> <td>Observability</td> <td>Prometheus + Grafana + Loki</td> <td>Monitoring &amp; dashboards</td> </tr> <tr> <td>Ingress</td> <td>NGINX + cert-manager</td> <td>HTTPS routing &amp; certificates</td> </tr> <tr> <td>Backup</td> <td>Velero / Custom CronJobs</td> <td>Backup &amp; restore critical components</td> </tr> </tbody> </table></div> <h2> 🗂️ Project Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>k8s-project/ ├── 01-cluster-setup/ # MicroK8s setup scripts &amp; configs ├── 02-secrets/ # Bitwarden + ExternalSecrets configs ├── 03-postgres/ # Postgres manifests / Helm / PVs ├── 04-redis/ # Redis manifests / Helm / PVs ├── 05-n8n/ # n8n manifests / Helm ├── 06-observability/ # Prometheus, Grafana, Loki ├── 07-ingress/ # Ingress &amp; cert-manager setup ├── 08-backup-restore/ # Backup &amp; restore scripts / Velero configs └── README.md </code></pre> </div> <h2> 🚀 Setup Plan </h2> <h3> Step 1 — Prepare Cluster </h3> <ul> <li>Update Debian nodes, disable swap, configure networking.</li> <li>Install <strong>MicroK8s</strong> (single or multi-node).</li> <li>Enable addons: <code>dns</code>, <code>storage</code>, <code>ingress</code>, <code>metrics-server</code>.</li> </ul> <h3> Step 2 — Configure Centralized Secrets </h3> <ul> <li>Setup <strong>Bitwarden Vault</strong> for all sensitive keys.</li> <li>Install <strong>External Secrets Operator</strong>.</li> <li>Create <code>ExternalSecret</code> manifests to sync secrets into K8s namespaces.</li> </ul> <h3> Step 3 — Deploy Databases </h3> <ul> <li>Deploy <strong>Postgres</strong> with PVCs and secrets from Bitwarden.</li> <li>Deploy <strong>Redis</strong> with PVCs and secrets from Bitwarden.</li> </ul> <h3> Step 4 — Deploy n8n </h3> <ul> <li>Deploy <strong>n8n</strong> using manifests or Helm.</li> <li>Configure secrets via ESO.</li> <li>Expose via <strong>Ingress with HTTPS</strong>.</li> </ul> <h3> Step 5 — Deploy Observability Stack </h3> <ul> <li>Prometheus, Grafana, Loki.</li> <li> <p>Collect metrics from:</p> <ul> <li>MicroK8s nodes</li> <li>n8n, Postgres, Redis</li> </ul> </li> <li><p>Setup dashboards &amp; alerts.</p></li> </ul> <h3> Step 6 — Validate &amp; Harden </h3> <ul> <li>Test app workflows, DB connectivity, and secret sync.</li> <li>Apply network policies, resource limits, and backup schedules.</li> </ul> <h3> Step 7 — Backup &amp; Restore Strategy </h3> <ul> <li> <strong>Postgres:</strong> Scheduled <code>pg_dump</code> + store in PVC or external S3 bucket.</li> <li> <strong>Redis:</strong> Scheduled RDB/AOF snapshots.</li> <li> <strong>n8n workflows:</strong> Export via n8n API cronjobs.</li> <li> <strong>Cluster state:</strong> Use <strong>Velero</strong> for cluster snapshots (PV + resources).</li> <li>Provide <strong>restore scripts</strong> to recover from disaster with minimal downtime.</li> </ul> <h2> 🔑 End Goal </h2> <p>By the end of this project:</p> <ol> <li> <strong>Fully functional MicroK8s cluster</strong> running n8n + Redis + Postgres + Observability stack.</li> <li> <strong>All secrets centralized</strong> in Bitwarden.</li> <li> <strong>Safe, repeatable deployments</strong> with Helm/manifests.</li> <li> <strong>Scalable, production-ready architecture</strong> with monitoring, backups, and HTTPS ingress.</li> <li> <strong>Disaster recovery plan</strong> via backup &amp; restore strategy.</li> </ol> <p>Link to part 1 </p> debian k3s containers kamlesh merugu Sat, 14 Jun 2025 01:15:15 +0000 https://dev.to/kamlesh_merugu/complete-podman-desktop-wsl2-setup-guide-replace-docker-desktop-for-free-3j1p https://dev.to/kamlesh_merugu/complete-podman-desktop-wsl2-setup-guide-replace-docker-desktop-for-free-3j1p <p>🚀 Complete Tutorial: Accessing Podman Desktop Containers from Ubuntu WSL</p> <p>Ever wished you could seamlessly manage your Podman containers from your Ubuntu WSL terminal while still enjoying the slick UI of Podman Desktop on Windows? 🤔 You're in luck! This tutorial will guide you through setting up this powerful integration, giving you the best of both worlds. 💻✨</p> <p>This is super useful for developers who want to leverage the Linux environment of WSL for their container workflows, while keeping Podman Desktop as their central hub for visual management. Let's dive in! 🐳</p> <h3> 📋 Prerequisites </h3> <p>Before we get started, make sure you have these essentials in place:</p> <ul> <li> <strong>Podman Desktop</strong> installed and happily running on your Windows machine.</li> <li>An <strong>Ubuntu WSL distribution</strong> already installed and configured.</li> <li>A <strong>Podman Machine</strong> created in Podman Desktop. (This usually happens automatically during the initial setup. 👍)</li> </ul> <h3> 💡 Overview </h3> <p>Podman Desktop is smart! It sets up a special WSL virtual machine called "Podman Machine" and configures the Windows Podman client to chat with it. However, it doesn't automatically extend this courtesy to your other WSL distributions (like our beloved Ubuntu). Our mission: to bridge this communication gap! 🌉</p> <h3> Step 1: Access Your Ubuntu WSL Distribution 🚪 </h3> <p>First things first, let's jump into your Ubuntu WSL session. Open your favorite Windows terminal (Command Prompt, PowerShell, or Windows Terminal) and type:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>wsl <span class="nt">--distribution</span> Ubuntu </code></pre> </div> <p>If Ubuntu is your go-to default distribution, a simple <code>wsl</code> will do the trick! 😉</p> <h3> Step 2: Install Podman Remote Client 📥 </h3> <p>Instead of a full-blown Podman installation from Ubuntu's repositories, we're going for the leaner, meaner <code>podman-remote</code> binary. This ensures you're always on the cutting edge with the latest features and best compatibility! ✂️</p> <h4> Download the Latest Podman Remote Binary </h4> <p>Always check the <a href="https://github.com/containers/podman/releases" rel="noopener noreferrer">Podman releases page</a> for the absolute latest version.</p> <p>Then, download and install the binary (remember to replace <code>v5.5.1</code> with the <em>actual</em> latest version you found!):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>wget https://github.com/containers/podman/releases/download/v5.5.1/podman-remote-static-linux_amd64.tar.gz </code></pre> </div> <h4> Configure the Binary 🛠️ </h4> <p>Let's make sure your system knows where to find <code>podman-remote</code> and give it a friendly alias. Edit your <code>.zshrc</code> (or <code>.bashrc</code> if you're using Bash):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s1">'export PATH="$PATH:/usr/local/bin"'</span> <span class="o">&gt;&gt;</span> ~/.zshrc <span class="nb">echo</span> <span class="s1">'alias podman="podman-remote-static-linux_amd64"'</span> <span class="o">&gt;&gt;</span> ~/.zshrc <span class="nb">source</span> ~/.zshrc </code></pre> </div> <h3> Step 3: Identify Your Podman Machine Configuration 🕵️‍♀️ </h3> <p>Before we connect, we need to know which socket your Podman Desktop is currently using.</p> <h4> Find Available Sockets 🔗 </h4> <p>List the available Podman sockets in your WSL distribution:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>find /mnt/wsl/podman-sockets/ <span class="nt">-name</span> <span class="s1">'*.sock'</span> </code></pre> </div> <p>You should see something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/mnt/wsl/podman-sockets/podman-machine-default/podman-root.sock /mnt/wsl/podman-sockets/podman-machine-default/podman-user.sock </code></pre> </div> <h4> Identify the Active Socket 👀 </h4> <p>Now, open a <em>new</em> Command Prompt or PowerShell window on Windows (don't close your WSL terminal yet!). Check which connection Podman Desktop is using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">podman</span><span class="w"> </span><span class="nx">system</span><span class="w"> </span><span class="nx">connection</span><span class="w"> </span><span class="nx">list</span><span class="w"> </span></code></pre> </div> <p>Look for the connection marked <code>true</code> in the <code>Default</code> column. The <code>URI</code> will tell you if it's <code>rootful</code> or <code>rootless</code>:</p> <ul> <li> <strong>Rootful:</strong> <code>ssh://root@127.0.0.1:PORT/run/podman/podman.sock</code> (most common, default)</li> <li> <strong>Rootless:</strong> <code>ssh://user@127.0.0.1:PORT/run/user/1000/podman/podman.sock</code> ### Step 4: Configure the Podman Connection 🤝</li> </ul> <p>Based on whether your Podman Desktop is using rootful or rootless mode, let's set up the connection!</p> <h4> For Rootful Podman (Default) 👑 </h4> <p>If your Podman Desktop is in rootful mode (which is typically the default):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>podman system connection add <span class="nt">--default</span> podman-machine-default-root unix:///mnt/wsl/podman-sockets/podman-machine-default/podman-root.sock </code></pre> </div> <h4> For Rootless Podman 🌱 </h4> <p>If your Podman Desktop is using rootless mode:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>podman system connection add <span class="nt">--default</span> podman-machine-default-user unix:///mnt/wsl/podman-sockets/podman-machine-default/podman-user.sock </code></pre> </div> <h3> Step 5: Configure User Permissions 🔒 </h3> <p>Your WSL user needs the right permissions to talk to the Podman Machine socket. Add your user to the appropriate group and <em>then exit your WSL session</em> to apply the changes. This step is crucial! 🔑<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>usermod <span class="nt">--append</span> <span class="nt">--groups</span> 10 <span class="si">$(</span><span class="nb">whoami</span><span class="si">)</span> <span class="nb">exit</span> </code></pre> </div> <h3> Step 6: Test the Connection! ✅ </h3> <p>It's showtime! Restart your WSL session and let's verify everything is working smoothly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>wsl </code></pre> </div> <h4> Verify Group Membership 👥 </h4> <p>Double-check that your user is now in the correct group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">groups</span> </code></pre> </div> <p>You should see <code>uucp</code> in the list (this corresponds to group ID <code>10</code> for rootful access).</p> <h4> Verify Podman Connection 🌐 </h4> <p>Confirm that the connection is properly configured:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>podman system connection list </code></pre> </div> <h4> Test Podman Version 🧪 </h4> <p>Now, the moment of truth! Verify that Podman in your WSL can communicate with the remote machine:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>podman version </code></pre> </div> <p>You should see both <code>Client</code> and <code>Server</code> versions, indicating a glorious, successful connection! 🎉</p> <h4> Test Container Operations 📦 </h4> <p>Let's run a quick test by launching a simple container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>podman run quay.io/podman/hello podman ps <span class="nt">-a</span> <span class="nt">--last</span> 1 </code></pre> </div> <h2> Voilà! The container should magically appear in both your WSL terminal output <em>and</em> in Podman Desktop's container list. Synchronization at its finest! 👯‍♀️ </h2> <h3> Step 7: Switching Between Rootful and Rootless (Optional) 🔄 </h3> <p>Sometimes you might need to flip between rootful and rootless modes. Here's how:</p> <h4> To Switch to Rootless Mode: </h4> <ol> <li> <p><strong>In Windows terminal:</strong><br> </p> <pre class="highlight powershell"><code><span class="n">podman</span><span class="w"> </span><span class="nx">machine</span><span class="w"> </span><span class="nx">set</span><span class="w"> </span><span class="nt">--rootful</span><span class="o">=</span><span class="n">false</span><span class="w"> </span></code></pre> </li> <li> <p><strong>In WSL:</strong><br> </p> <pre class="highlight shell"><code>podman system connection add <span class="nt">--default</span> podman-machine-default-user unix:///mnt/wsl/podman-sockets/podman-machine-default/podman-user.sock </code></pre> </li> </ol> <h4> To Switch to Rootful Mode: </h4> <ol> <li> <p><strong>In Windows terminal:</strong><br> </p> <pre class="highlight powershell"><code><span class="n">podman</span><span class="w"> </span><span class="nx">machine</span><span class="w"> </span><span class="nx">set</span><span class="w"> </span><span class="nt">--rootful</span><span class="o">=</span><span class="n">true</span><span class="w"> </span></code></pre> </li> <li> <p><strong>In WSL:</strong><br> </p> <pre class="highlight shell"><code>podman system connection add <span class="nt">--default</span> podman-machine-default-root unix:///mnt/wsl/podman-sockets/podman-machine-default/podman-root.sock </code></pre> </li> </ol> <h3> 🐛 Troubleshooting Corner </h3> <p>Ran into a snag? Don't worry, we've got you covered with some common fixes!</p> <h4> Permission Denied Errors 🚫 </h4> <p>If you're seeing <code>Permission denied</code> errors:</p> <ul> <li> <p><strong>Ensure you're in the correct group:</strong><br> </p> <pre class="highlight shell"><code><span class="nb">groups</span> | <span class="nb">grep </span>uucp </code></pre> </li> <li> <p><strong>If not, add yourself to the group again and exit/restart:</strong><br> </p> <pre class="highlight shell"><code><span class="nb">sudo </span>usermod <span class="nt">--append</span> <span class="nt">--groups</span> 10 <span class="si">$(</span><span class="nb">whoami</span><span class="si">)</span> <span class="nb">exit</span> </code></pre> </li> <li> <p><strong>Restart WSL completely:</strong><br> </p> <pre class="highlight shell"><code>wsl <span class="nt">--shutdown</span> </code></pre> </li> </ul> <h4> Socket Not Found 🔌 </h4> <p>If the socket files seem to be playing hide-and-seek:</p> <ul> <li> <strong>Ensure Podman Desktop is running.</strong> 🏃‍♀️</li> <li><strong>Ensure the Podman Machine is started in Podman Desktop.</strong></li> <li> <p><strong>Check if the machine name is different (it might not be <code>podman-machine-default</code>):</strong><br> </p> <pre class="highlight shell"><code><span class="nb">ls</span> /mnt/wsl/podman-sockets/ </code></pre> </li> </ul> <h4> Connection Refused 🛑 </h4> <p>If you're getting <code>Connection refused</code> errors:</p> <ul> <li><strong>Verify Podman Desktop is running.</strong></li> <li><strong>Check that the Podman Machine is started.</strong></li> <li> <strong>Try restarting the Podman Machine from Podman Desktop.</strong> 🔄</li> </ul> <h3> ⚙️ Custom Configurations </h3> <p>A couple of notes for more unique setups:</p> <h4> Custom WSL Distribution 🐧 </h4> <p>If you're using a WSL distribution other than Ubuntu, the group names for group ID <code>10</code> might be different. You can find the correct group name using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>getent group 10 </code></pre> </div> <h4> Custom Podman Machine Name 🏷️ </h4> <h2> If you've been adventurous and created a custom Podman Machine with a different name, simply replace <code>podman-machine-default</code> in the socket paths with your machine's actual name. </h2> <h3> ➡️ Next Steps </h3> <p>Congratulations! 🎉 You've successfully configured your Ubuntu WSL distribution to communicate with Podman Desktop's container engine. Now, the world of containerized development is your oyster within WSL!</p> <p>You can now:</p> <ul> <li>Use <strong>all Podman commands</strong> directly from your WSL terminal.</li> <li> <strong>Manage containers</strong> that appear seamlessly in both your WSL and Podman Desktop.</li> <li>Start experimenting with container orchestration tools like <strong>Podman Compose</strong>.</li> <li>Deeply <strong>integrate container workflows</strong> into your WSL development environment.</li> </ul> <h3> 🌟 Summary </h3> <p>You've done it! You've successfully linked your Ubuntu WSL with Podman Desktop, allowing you to enjoy the power of the Podman CLI from within WSL while benefiting from Podman Desktop's excellent graphical interface.</p> <p><strong>Key takeaways to remember:</strong></p> <ul> <li>Always use <code>podman-remote</code> for the latest features and best compatibility.</li> <li>Configure the correct socket path based on your Podman Desktop's rootful/rootless setting.</li> <li>Proper group permissions are essential for socket access.</li> <li>The magic part: <strong>Both WSL and Podman Desktop will now show the same containers and images!</strong> ✨</li> </ul> <p>Happy containerizing! 🚀</p> podman docker wsl2 containers