Install Kubernetes Tools (Minikube, Microk8s, K3s)

11 min

this tutorial provides instructions for installing and configuring three popular kubernetes distributions minikube, microk8s, and k3s with futurex specific tls certificates and cert manager integration follow these steps to set up a local kubernetes environment for development and testing purposes workflow overview install core dependencies install docker, kubectl, helm, and cmctl as required select kubernetes distribution choose between minikube, microk8s, or k3s based on your use case install selected distribution follow the specific installation steps for your chosen kubernetes distribution configure tls certificates install futurex specific tls certificates for secure communication with the futurex docker registry install cert manager deploy the cert manager operator to handle tls certificate provisioning install futurex cert manager plugin deploy the futurex specific cert manager issuer plugin validation verify all components are running correctly using kubectl commands minikube minikube is a tool designed to run a single node kubernetes cluster locally on your machine, including linux systems it is primarily used by developers and those new to kubernetes for learning, development, and testing purposes libraries needed cert manager a cloud native certificate management service for kubernetes it automates the provisioning and management of transport layer security (tls) certificates by integrating with various certificate authorities (cas) cert manager ensures that certificates are automatically renewed before they expire, and it stores them as kubernetes secrets for applications to use docker an open source platform designed to simplify the creation, deployment, and management of applications using containerization essentially, docker allows you to package an application and all its dependencies (libraries, configurations, etc ) into a self contained unit called a docker container kernel based virtual machine (kvm) a virtualization technology built into the linux kernel that turns a linux machine into a hypervisor allowing a single physical server to run multiple vms kubectl a command line tool for controlling kubernetes clusters it allows users to run commands against kubernetes clusters, performing various operations helm a package manager for kubernetes, a container orchestration system, that simplifies deploying and managing complex applications it packages application resources into a single, reusable unit called a chart , which contains all the necessary configuration files to define, install, and upgrade an application very similar to linux's apt or yum software package manager cmctl a command line interface (cli) tool designed to manage and configure cert manager resources within a kubernetes cluster curl a command line tool and library used for transferring data to or from a server using a variety of internet protocols, such as http, https, ftp, and more it is commonly used by developers for tasks like testing apis, downloading files, and automating web requests because it is versatile, widely available, and efficient installation steps confirm virtualization support check if the computer that will be running minikube has virtualization support egrep c '(vmx|svm)' /proc/cpuinfo if the number is less than 1, then the computer doesn't support virtualization if minikube is running on a vm, most likely, there is a virtualization feature that needs to be enabled for example, in oracle virtualbox, the vm needs to be shut down in the main virtualbox menu, go to the settings for that vm and select expert at the top left then, under system > processor , select the enable pae/nx and enable nest vt x/amd v options install docker update the system's local package index sudo apt update install the following dependencies sudo apt install y ca certificates curl gnupg add docker's official gpg key sudo install m 0755 d /etc/apt/keyrings curl fssl https //download docker com/linux/ubuntu/gpg | sudo gpg dearmor o /etc/apt/keyrings/docker gpg sudo chmod a+r /etc/apt/keyrings/docker gpg add docker's official repository echo \\ "deb \[arch=$(dpkg print architecture) signed by=/etc/apt/keyrings/docker gpg] \\ https //download docker com/linux/ubuntu \\ $( /etc/os release && echo "$version codename") stable" | \\ sudo tee /etc/apt/sources list d/docker list > /dev/null install docker engine sudo apt update sudo apt install y \\ docker ce docker ce cli containerd io \\ docker buildx plugin docker compose plugin the user must be added to docker group sudo usermod ag docker $user && newgrp docker install minikube curl lo https //storage googleapis com/minikube/releases/latest/minikube linux amd64 sudo install minikube linux amd64 /usr/local/bin/minikube to verify if minikube is installed minikube version install kubectl curl lo "https //dl k8s io/release/$(curl l s https //dl k8s io/release/stable txt)/bin/linux/amd64/kubectl" sudo install o root g root m 0755 kubectl /usr/local/bin/kubectl to verify if kubectl is installed kubectl version install cmctl os=$(uname s | tr a z a z); arch=$(uname m | sed 's/x86 64/amd64/' | sed 's/aarch64/arm64/'); curl fssl o cmctl https //github com/cert manager/cmctl/releases/latest/download/cmctl ${os} ${arch} chmod +x cmctl sudo mv cmctl /usr/local/bin \# or `sudo mv cmctl /usr/local/bin/kubectl cert manager` to use `kubectl cert manager` instead to check if cmctl is installed cmctl version install helm curl https //raw\ githubusercontent com/helm/helm/master/scripts/get helm 3 > get helm sh chmod 700 get helm sh /get helm sh to verify if helm is installed helm version install futurex's docker tls certificates for minikube environment the certificates can be found here \[placeholder] download them to a local directory make a minikube certificate directory (if there isn't one already) mkdir p $home/ minikube/certs copy the certificates to the newly created directory cp futurex rsa tls ca pem $home/ minikube/certs/futurex rsa tls ca crt run minikube with the required flags and addons # start local kubernetes cluster minikube start \\ \ embed certs \\ \ driver=docker \\ \ insecure registry localhost 5000 \# start a docker registry minikube addons enable registry minikube addons enable metrics server helm repo add prometheus community https //prometheus community github io/helm charts helm repo update if you run into issues with enabling the docker registry, try pulling the images manually minikube ssh docker pull gcr io/k8s minikube/kube registry proxy 0 0 9 docker pull registry 3 0 0 \# if running into issues with reaching unauthenticated pull rate limit use docker login and log into a docker account exit minikube addons enable registry images="registry=docker io/registry 3 0 0,kuberegistryproxy=gcr io/k8s minikube/kube registry proxy 0 0 9" get the status of all the pods to confirm everything is running kubectl get pods a download cert manager kubectl apply f https //github com/cert manager/cert manager/releases/latest/download/cert manager yaml download the futurex cert manager plugin into the local directory wget o cert manager tgz https //docker registry futurex com/repository/futurex helm prod/cryptohub cert manager issuer 0 2 0 tgz no check certificate helm install the futurex cert manager plugin n cert manager puts the futurex cert manager plugin in the same namespace as the previously downloaded cert manager helm install futurex cert manager /cert manager tgz set fullnameoverride="futurex cert manager" n cert manager if successful, the output should look similar to below name futurex cert manager last deployed wed oct 22 14 51 58 2025 namespace cert manager status deployed revision 1 test suite none microk8s microk8s is a lightweight, production grade, and conformant kubernetes distribution developed by canonical it is designed to simplify the deployment and management of kubernetes, making it accessible for a wide range of use cases, including local development, edge computing, iot devices, and small scale production environments libraries needed cert manager a cloud native certificate management service for kubernetes it automates the provisioning and management of transport layer security (tls) certificates by integrating with various certificate authorities (cas) cert manager ensures that certificates are automatically renewed before they expire, and it stores them as kubernetes secrets for applications to use kubectl a command line tool for controlling kubernetes clusters it allows users to run commands against kubernetes clusters, performing various operations the snap install of microk8s already includes kubectl a separate install of kubectl won't be necessary helm a package manager for kubernetes, a container orchestration system, that simplifies deploying and managing complex applications it packages application resources into a single, reusable unit called a chart , which contains all the necessary configuration files to define, install, and upgrade an application very similar to linux's apt or yum software package manager curl a command line tool and library used for transferring data to or from a server using a variety of internet protocols, such as http, https, ftp, and more it is commonly used by developers for tasks like testing apis, downloading files, and automating web requests because it is versatile, widely available, and efficient installation steps install microk8s via snap sudo snap install microk8s classic install curl sudo apt install curl install cmctl os=$(uname s | tr a z a z); arch=$(uname m | sed 's/x86 64/amd64/' | sed 's/aarch64/arm64/'); curl fssl o cmctl https //github com/cert manager/cmctl/releases/latest/download/cmctl ${os} ${arch} chmod +x cmctl sudo mv cmctl /usr/local/bin \# or `sudo mv cmctl /usr/local/bin/kubectl cert manager` to use `kubectl cert manager` instead to check if cmctl is installed cmctl version download cert manager sudo microk8s kubectl apply f https //github com/cert manager/cert manager/releases/latest/download/cert manager yaml enable the helm add on sudo microk8s enable helm install futurex's docker tls certificates for microk8s environment the certificates can be found here \[placeholder] download them to a local directory make a directory containing the futurex docker registry hostname sudo mkdir p /var/snap/microk8s/current/args/certs d/docker registry futurex com copy the certs and change the file extensions from pem to crt in the newly created directory sudo cp futurex rsa tls ca pem /var/snap/microk8s/current/args/certs d/docker registry futurex com/futurex rsa tls ca crt start microk8s sudo microk8s start download the futurex cert manager plugin into the local directory wget o cert manager tgz https //docker registry futurex com/repository/futurex helm prod/cryptohub cert manager issuer 0 2 0 tgz no check certificate helm install the futurex cert manager n cert manager puts the futurex cert manager plugin in the same namespace as the previously downloaded cert manager sudo microk8s helm install futurex cert manager /cert manager tgz set fullnameoverride="futurex cert manager" n cert manager if successful, the output should look similar to below name futurex cert manager last deployed wed oct 22 14 51 58 2025 namespace cert manager status deployed revision 1 test suite none k3s a lightweight, certified kubernetes distribution for managing containers that is optimized for resource constrained environments like iot and edge computing it is packaged as a single binary and includes all necessary components, such as a container runtime, network, and dns, making it much simpler to install and run than standard kubernetes k3s uses a simplified architecture, with the control plane and worker node components built into single binaries there are 2 ways to setup k3s local testing setup run k3s on a single device using docker containers to simulate multiple cluster nodes this is ideal for quick testing and development without extra hardware multi device setup install k3s as a service on multiple physical or virtual machines this configuration mirrors a real distributed cluster and can be used for staging or production deployments, especially in edge, iot, or lightweight server environments both approaches are shown below single device testing (using docker) libraries needed docker an open source platform designed to simplify the creation, deployment, and management of applications using containerization essentially, docker allows you to package an application and all its dependencies (libraries, configurations, etc ) into a self contained unit called a docker container kubectl a command line tool for controlling kubernetes clusters it allows users to run commands against kubernetes clusters, performing various operations cmctl a command line interface (cli) tool designed to manage and configure cert manager resources within a kubernetes cluster helm a package manager for kubernetes, a container orchestration system, that simplifies deploying and managing complex applications it packages application resources into a single, reusable unit called a chart , which contains all the necessary configuration files to define, install, and upgrade an application very similar to linux's apt or yum software package manager curl a command line tool and library used for transferring data to or from a server using a variety of internet protocols, such as http, https, ftp, and more it is commonly used by developers for tasks like testing apis, downloading files, and automating web requests because it is versatile, widely available, and efficient installation steps install docker update the system's local package index sudo apt update install the following dependencies sudo apt install y ca certificates curl gnupg add docker's official gpg key sudo install m 0755 d /etc/apt/keyrings curl fssl https //download docker com/linux/ubuntu/gpg | sudo gpg dearmor o /etc/apt/keyrings/docker gpg sudo chmod a+r /etc/apt/keyrings/docker gpg add docker's official repository echo \\ "deb \[arch=$(dpkg print architecture) signed by=/etc/apt/keyrings/docker gpg] \\ https //download docker com/linux/ubuntu \\ $( /etc/os release && echo "$version codename") stable" | \\ sudo tee /etc/apt/sources list d/docker list > /dev/null install docker engine sudo apt update sudo apt install y \\ docker ce docker ce cli containerd io \\ docker buildx plugin docker compose plugin the user must be added to docker group sudo usermod ag docker $user && newgrp docker install kubectl curl lo "https //dl k8s io/release/$(curl l s https //dl k8s io/release/stable txt)/bin/linux/amd64/kubectl" sudo install o root g root m 0755 kubectl /usr/local/bin/kubectl to verify kubectl is installed kubectl version install cmctl os=$(uname s | tr a z a z); arch=$(uname m | sed 's/x86 64/amd64/' | sed 's/aarch64/arm64/'); curl fssl o cmctl https //github com/cert manager/cmctl/releases/latest/download/cmctl ${os} ${arch} chmod +x cmctl sudo mv cmctl /usr/local/bin \# or `sudo mv cmctl /usr/local/bin/kubectl cert manager` to use `kubectl cert manager` instead to verify cmctl is installed cmctl version install helm curl https //raw\ githubusercontent com/helm/helm/master/scripts/get helm 3 > get helm sh chmod 700 get helm sh /get helm sh to verify helm is installed helm version create a docker network docker network create k3s net install futurex's docker tls certificates for k3s environment the certificates can be found here \[placeholder] download them to a local directory change the file extensions from pem to crt mv futurex rsa tls ca pem futurex rsa tls ca crt take note of the full path to the crt file as this will be needed for the next command set up the k3s server docker run d name k3s server \\ \ privileged \\ p 6443 6443 \\ v k3s data /var/lib/rancher/k3s \\ v \<full path to>/futurex rsa tls ca crt /etc/ssl/certs/futurex rsa tls ca crt\ ro \\ \ network k3s net \\ \ hostname k3s server \\ rancher/k3s server \\ \ node name k3s server d runs the container in detached mode, runs the container in the background name name of the container so that it can be easily referenced by docker privileged gives the container extended privileges needed for k3s to access system resources like network interfaces, cgroups, and mount points in the container p maps host port to the container port ( note port 6443 is the default kubernetes api server port ) v mounts a docker volume with a specified name (e g , k3s data ) into the container at a specified location (e g , /var/lib/rancher/k3s ) this is where k3s store persistent data like etcd or kubelet data the second v line mounts the futurex tls certificate into the proper place for k3s server network connects the container to a user defined docker network (e g , k3s net ) so other containers can communicate with it hostname sets the hostname inside the container (e g , k3s server ) ( note k3s uses this as the node name if you don't override it ) node name sets the node name that appears in kubernetes configure kubectl access this copies the k3s yaml configuration file to the current directory and then sets the kubectl environmental variable to that file docker cp k3s server /etc/rancher/k3s/k3s yaml /k3s yaml export kubeconfig= /k3s yaml run the command to find out if the server node is active kubectl get nodes if the node is ready, the output should look similar to below name status roles age version k3s server ready control plane 2m v1 34 1+k3s1 set up the k3s worker retrieve the server node token agents require a token to authenticate with the server to extract it from the server container docker exec k3s server cat /var/lib/rancher/k3s/server/node token it should look similar to k106366b56a682885fc75a691d2d6a852ee95065e478a7ec37a802c57857727ba41 server\ e2aff656ff80197f9c8ad22c6927e742 copy that token as the value for the token flag docker run d \\ \ name k3s agent 1 \\ \ privileged \\ \ network k3s net \\ \ hostname k3s agent 1 \\ rancher/k3s agent \\ \ server https //k3s server 6443 \\ \ token \<server token> \\ \ node name k3s agent 1 d runs the container in detached mode, runs the container in the background name name of the container so that it can be easily referenced by docker privileged gives the container extended privileges needed for k3s to access system resources like network interfaces, cgroups, and mount points in the container network connects the container to a user defined docker network (e g , k3s net ) so other containers can communicate with it hostname sets the hostname inside the container (e g , k3s agent 1 ) note k3s uses this as the node name if you don't override it server specifies the address of the k3s server that this agent should connect to ( note use the hostname or ip of the k3s server reachable from this container ) token the node registration token uses to authenticate this agent with the k3s server node name sets the node name that appears in kubernetes if the node is ready, running the command kubectl get nodes should provide an output similar to below name status roles age version k3s agent 1 ready \<none> 2m v1 34 1+k3s1 k3s server ready control plane 5m v1 34 1+k3s1 download cert manager kubectl apply f https //github com/cert manager/cert manager/releases/latest/download/cert manager yaml after waiting about 10 seconds, check if cert manager was installed correctly kubectl get pods n cert manager the output should look similar to below namespace name ready status restarts age cert manager cert manager 69fd4bc5fc 9xg24 1/1 running 0 16s cert manager cert manager cainjector 85b6d7fc67 rbwq2 1/1 running 0 16s cert manager cert manager webhook cfbc49fc8 blg9v 1/1 running 0 16s download the futurex cert manager plugin into the local directory wget o cert manager tgz https //docker registry futurex com/repository/futurex helm prod/cryptohub cert manager issuer 0 2 0 tgz no check certificate helm install the futurex cert manager helm install futurex cert manager /cert manager tgz set fullnameoverride="futurex cert manager" n cert manager n cert manager puts the futurex cert manager plugin in the same namespace as the previously downloaded cert manager to check if the install was successful, run kubectl get pods n cert manager the output should look similar to below name ready status restarts age cert manager 7f6864ff99 sqxhf 1/1 running 0 76s cert manager cainjector 6595c6777 88x7g 1/1 running 0 76s cert manager webhook 58fd9998b4 pc56t 1/1 running 0 76s futurex cert manager controller manager cdfdd7c6d l4pld 1/1 running 0 15s multi device testing libraries needed kubectl a command line tool for controlling kubernetes clusters it allows users to run commands against kubernetes clusters, performing various operations cmctl a command line interface (cli) tool designed to manage and configure cert manager resources within a kubernetes cluster helm a package manager for kubernetes, a container orchestration system, that simplifies deploying and managing complex applications it packages application resources into a single, reusable unit called a chart which contains all the necessary configuration files to define, install, and upgrade an application very similar to linux's apt or yum software package manager curl a command line tool and library used for transferring data to or from a server using a variety of internet protocols, such as http, https, ftp, and more it is commonly used by developers for tasks like testing apis, downloading files, and automating web requests because it is versatile, widely available, and efficient installation steps on the server machine, install curl sudo apt install curl install kubectl curl lo "https //dl k8s io/release/$(curl l s https //dl k8s io/release/stable txt)/bin/linux/amd64/kubectl" sudo install o root g root m 0755 kubectl /usr/local/bin/kubectl to verify if kubectl is installed kubectl version install cmctl os=$(uname s | tr a z a z); arch=$(uname m | sed 's/x86 64/amd64/' | sed 's/aarch64/arm64/'); curl fssl o cmctl https //github com/cert manager/cmctl/releases/latest/download/cmctl ${os} ${arch} chmod +x cmctl sudo mv cmctl /usr/local/bin \# or `sudo mv cmctl /usr/local/bin/kubectl cert manager` to use `kubectl cert manager` instead to verify cmctl is installed cmctl version install helm curl https //raw\ githubusercontent com/helm/helm/master/scripts/get helm 3 > get helm sh chmod 700 get helm sh /get helm sh to check if helm is installed helm version download and install k3s for the server (master) device curl sfl https //get k3s io | sh k3s yaml is a kubernetes kubeconfig file that k3s generates for the cluster it is originally owned by root user it is recommended to copy the configuration file to a secure location and change the permissions to only allow the specified user read and write access the k3s yaml contains sensitive informmation about the cluster follow best security practices to secure this file sudo cp /etc/rancher/k3s/k3s yaml /path/to/secure/location sudo chown $user $user /path/to/secure/location/k3s yaml export the kubeconfig environment variable so that the current user can use kubectl and helm export kubeconfig=/path/to/secure/location/k3s yaml install futurex's docker tls certificates for k3s environment the certificates can found here \[placeholder] download them to a local directory change the file extenions from pem to crt mv futurex rsa tls ca pem futurex rsa tls ca crt move the crt file to sudo cp futurex rsa tls ca crt /usr/local/share/ca certificates/ sudo update ca certificates sudo systemctl daemon reload sudo systemctl restart k3s download cert manager kubectl apply f https //github com/cert manager/cert manager/releases/latest/download/cert manager yaml after about 10 seconds, check if it is installed correctly kubectl get pods n cert manager the output should be similar to the below namespace name ready status restarts age cert manager cert manager 69fd4bc5fc 9xg24 1/1 running 0 16s cert manager cert manager cainjector 85b6d7fc67 rbwq2 1/1 running 0 16s cert manager cert manager webhook cfbc49fc8 blg9v 1/1 running 0 16s download the futurex cert manager plugin to the local directory wget o cert manager tgz https //docker registry futurex com/repository/futurex helm prod/cryptohub cert manager issuer 0 2 0 tgz no check certificate helm install the futurex cert manager n cert manager puts the futurex cert manager plugin in the same namespace as the previously downloaded cert manager helm install futurex cert manager /cert manager tgz set fullnameoverride="futurex cert manager" n cert manager to check if the install was successful, run kubectl get pods n cert manager the output should look similar to below name ready status restarts age cert manager 7f6864ff99 sqxhf 1/1 running 0 76s cert manager cainjector 6595c6777 88x7g 1/1 running 0 76s cert manager webhook 58fd9998b4 pc56t 1/1 running 0 76s futurex cert manager controller manager cdfdd7c6d l4pld 1/1 running 0 15s download and install k3s for the worker device obtain the server token on the server device sudo cat /var/lib/rancher/k3s/server/node token the output will look similar to below k101253e84a8417669086a787eb724d4e314298d49b1c9053861d1206f40e258015 server 5e10e3aa22035f74f69a7299a3a0137d obtain the server's ip address one of the ways to do so is shown below ip addr paste the server's token and ip address in the following command on the worker device curl sfl https //get k3s io | k3s url=https //\<server ip> 6443 k3s token=\<server token> sh