Security Warning

Running unikernels under kubernetes diminishes some of their security benefits.


You need access to hardware virtualization. That means a real computer or nested virtualization but nested virtualization is not recommended. It's unclear if these instructions would work on AWS "metal" instances yet as that has not been tried.

Installing K8s / Initial Setup

Install KubeCtl:

  curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
  chmod +x ./kubectl
  mv kubectl /usr/local/bin/.
  sudo mv kubectl /usr/local/bin/.
  kubectl version --client

Install Minikube:

curl -Lo minikube
&& chmod +x minikube
minikube start --vm-driver=kvm2

Install KVM tooling:

sudo apt-get install libvirt-daemon-system libvirt-clients bridge-utils

Ensure you are setup for KVM via libvirt and have associated permissions:


Install KubeVirt:

export KUBEVIRT_VERSION=$(curl -s
https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name
| grep -v -- - | sort -V | tail -1 | awk -F':' '{print $2}' | sed
's/,//' | xargs)

  kubectl create -f

Create a Resource:

kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-cr.yaml

Install Virtctl:

curl -L -o virtctl \
chmod +x virtctl

Import CDI:

  wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/storage-setup.yml
  kubectl create -f storage-setup.yml
  export VERSION=$(curl -s https://github.com/kubevirt/containerized-data-importer/releases/latest | grep -o "v[0-9]\.[0-9]*\.[0-9]*")
  kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-operator.yaml
  kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-cr.yaml
  kubectl get pods -n cdi

Building / Deploying

If you have the base kubernetes installation up and running you can move on to the final part.

You need to compress the disk image in question to xz format.

cp .ops/images/goweb.img .
xz goweb.img

Now you need to upload that to a url for k8s to import.

Download a sample PVC template:

wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/pvc_fedora.yml

Edit the line to point to your xz'd image:

cdi.kubevirt.io/storage.import.endpoint: "https://storage.googleapis.com/totally-insecure/goweb.img.xz"


kubectl create -f pvc_fedora.yml
kubectl get pvc fedora -o yaml

Create the Actual VM:

wget https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/vm1_pvc.yml
kubectl create -f vm1_pvc.yml

If you minikube ssh you should now be able to hit up your instance.

Last updated