Deploy Kubernetes with recipes

Introduction

Xen Orchestra includes a Kubernetes cluster recipe that provides a simple way to deploy an official Kubernetes distribution called MicroK8s (maintained by Canonical).

tip

One of the key benefits of MicroK8s is its automatic security updates. For example, patch releases (like 1.30.x to 1.30.x+1) are applied automatically. This saves Kubernetes admins a lot of time and effort.

Networking and CNI

This recipe uses Calico, the default Container Network Interface (CNI) plugin included with MicroK8s, to handle container networking. Calico provides secure networking and network policies for Kubernetes, and its default configuration is ready for production—no additional setup required.

If you need to adjust the Calico setup (for example, to modify the CIDR range), check the MicroK8s documentation for step-by-step instructions.

Before you start

Make sure your infrastructure meets these requirements:

• A running Xen Orchestra instance connected to an XCP-ng pool
• A VM template for the base OS (e.g. an Ubuntu image)
• Enough resources to host the control plane and worker nodes

Deployment steps

1. In Xen Orchestra 5, go to Hub → Recipes.
   A list of recipes will appear:
2. Go to the Kubernetes cluster recipe and click Create.
   A cluster creation form appears:
3. Configure your cluster:
   1. Select a pool where you want to deploy your cluster.
   2. Select a storage repository, a network and a Kubernetes version.
   3. Enter a name for your cluster.
      The name will be used to tag VMs (see VM tagging).
   4. Define the number of worker nodes.
   5. Define the number of nodes used for the control plane.
   6. (Optional). If you want your cluster to use static IP addresses, check the Static IP addresses box and specify the IP address parameters:
4. Click OK to start deploying the cluster.

Xen Orchestra handles the rest: cloning VMs, assigning IPs, bootstrapping Kubernetes and configuring internal networking.

VM tagging

tip

The name provided to the cluster is also used to tag VMs, so that you can easily find them all:

During deployment

Follow the progress on the Task screen while the cluster is being created:

Using your cluster

Connecting to your cluster

Once the cluster and its VMs are ready, SSH into the first control plane node. From there, you can manage your Kubernetes cluster.

For example:

$ ssh debian@<replace-by-vm-ip>

$ debian@cp-1:~$ microk8s kubectl get nodes
NAME       STATUS   ROLES    AGE   VERSION
cp-1       Ready    <none>   40m   v1.33.0
cp-2       Ready    <none>   30m   v1.33.0
cp-3       Ready    <none>   31m   v1.33.0
worker-1   Ready    <none>   31m   v1.33.0
worker-2   Ready    <none>   31m   v1.33.0
worker-3   Ready    <none>   31m   v1.33.0

Adjusting VM Resources

The VMs in your Kubernetes cluster are created with default CPU and RAM settings, but you can easily adjust these to match your workload needs.

This gives you the flexibility to fine-tune performance or cut costs, depending on what your use case demands.

Keeping your cluster updated

tip

MicroK8s handles patch releases automatically by design, so you always benefit from the latest security fixes and improvements without manual intervention. We think this is a great feature as it helps keep your cluster secure and up to date effortlessly.

For minor version upgrades (for example, from 1.30.x to 1.31.x), you will need to follow the official MicroK8s upgrade guide. These upgrades typically involve:

• Checking the current version with microk8s version
• Refreshing the MicroK8s snap to the desired channel
• Restarting the nodes if necessary

Example:

# Check current version
microk8s version

# Upgrade to a new minor release
sudo snap refresh microk8s --channel=1.31/stable

warning

Always review the MicroK8s documentation for the most up-to-date instructions before performing a minor upgrade.

Managing your cluster with external tools

Once the deployment finishes, Xen Orchestra provides a kubeconfig file. You can use it to manage your cluster with external tools:

For example:

$ microk8s config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: [...]
    server: https://10.1.134.51:16443
  name: microk8s-cluster
contexts:
- context:
    cluster: microk8s-cluster
    user: admin
  name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: LS0tLS1CRU[...]
    client-key-data: LS0tLS1CRUdJ[...]

Add-ons

In addition to the core components of the Kubernetes control plane, this recipe automatically installs the following add-ons:

• DNS: Deploys CoreDNS for internal address resolution.
• Helm: Installs Helm 3, the Kubernetes package manager.
• RBAC: Enable Role-based access control (RBAC) for authorization.

When high availability (HA) is enabled, the recipe also includes:

• HA-cluster: Ensures high availability for clusters with three or more nodes.
• Kube-VIP: Provides a virtual IP and load balancer for the control plane, deployed via the official Helm chart.

Best Practices

When deploying Kubernetes clusters with recipes, it’s important to plan for performance and reliability.

• Always allocate enough CPU and memory resources for both control plane and worker nodes. Using three control plane nodes ensures high availability in production environments.
• Place the VMs on shared storage to allow live migration if needed.
• For security, restrict SSH and api-server accesses and consider enabling RBAC and network policies once the cluster is running.

Finally, keep your base template up to date with the latest OS patches and Kubernetes tools to avoid compatibility issues.

Related links

• Kubernetes official documentation
• MicroK8s official documentation
• CoreDNS official documentation