This guide sets up a secure, production-grade MicroK8s Kubernetes cluster on Debian 12, ready for deploying:
- n8n workflows
- Postgres & Redis
- Observabilit y stack (Prometheus, Grafana, Loki)
- Centralized secrets (Doppler, in Part 2)
β οΈ Follow every step carefullyβskipping steps can break the cluster.
β Supported Systems
- Debian 12 (Bookworm) LTS
- VPS, VM, or bare-metal
- Minimum: 2 vCPU, 4 GB RAM
π§ Step 1 β Update & Prepare the Server
sudo apt update && sudo apt full-upgrade -y
sudo reboot
Reconnect after reboot. Install essential tools:
sudo apt install -y \
curl wget git vim htop neofetch \
apt-transport-https ca-certificates gnupg lsb-release
β System updated and ready for Kubernetes.
π€ Step 2 β Create a Deployment User (Optional but Recommended)
Kubernetes should never run as root.
sudo adduser deploy
sudo usermod -aG sudo deploy
echo "deploy ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/deploy
sudo chmod 440 /etc/sudoers.d/deploy
su - deploy
π Step 3 β Disable Swap
sudo swapoff -a
sudo sed -i '/\sswap\s/s/^/#/' /etc/fstab
free -h
Swap should show
0B.
π Step 4 β Kernel Modules & Networking
sudo tee /etc/modules-load.d/k8s.conf <<EOF
br_netfilter
EOF
sudo modprobe br_netfilter
sudo tee /etc/sysctl.d/99-k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
sysctl net.ipv4.ip_forward
π¦ Step 5 β Install snapd
MicroK8s is distributed as a Snap package.
sudo apt install -y snapd
sudo systemctl enable --now snapd
sudo systemctl enable --now snapd.socket
Verify snap:
snap version
π Step 6 β Install Latest MicroK8s
sudo snap install microk8s --classic
Adjust the channel to the desired stable version.
π§ Step 7 β Add Deploy User to MicroK8s Group
sudo usermod -aG microk8s $USER
sudo chown -f -R $USER ~/.kube
Important: Log out and back in, or use:
newgrp microk8s
πΉ Step 8 β Enable Core Addons
MicroK8s includes essential production addons:
microk8s status --wait-ready
microk8s enable dns storage ingress metrics-server
dnsβ service discoverystorageβ dynamic persistent volumesingressβ NGINX ingress controllermetrics-serverβ node & pod metrics
π§° Step 9 β Setup kubectl for Deploy User
MicroK8s ships its own kubectl. To avoid typing microk8s.kubectl:
sudo snap alias microk8s.kubectl kubectl
Optional: export kubeconfig for scripts/CI:
mkdir -p $HOME/.kube
microk8s config > $HOME/.kube/config
chmod 600 $HOME/.kube/config
export KUBECONFIG=$HOME/.kube/config
echo 'export KUBECONFIG=$HOME/.kube/config' >> ~/.bashrc
source ~/.bashrc
π Step 10 β Optional: Remote kubectl Access
microk8s config > kubeconfig.yaml
scp kubeconfig.yaml user@localmachine:~/.kube/config
Adjust
server:IP if needed for external access.
β Step 11 β Add Worker Nodes (Optional)
microk8s add-node
Follow instructions on worker nodes. Verify:
kubectl get nodes
π Step 12 β Verify Cluster Health
microk8s status --wait-ready
kubectl get nodes
kubectl get pods -A
kubectl cluster-info
All kube-system pods should be Running.
β What Youβve Achieved
- MicroK8s installed via Snap on Debian 12
- Deploy user configured with group membership
- Kernel & networking configured for Kubernetes
- Swap disabled, core addons enabled
-
kubectlworking for non-root deploy user - Ready for n8n, Postgres, Redis, observability, and secrets
π Next Steps (Part 2)
- Setup centralized secrets with Doppler
- Install External Secrets Operator
- Prepare namespaces & secret sync for workloads
Top comments (0)