Some optional add-ons for a kubernetes cluster
My previous writeup on kubernetes installation showed how to install a cluster. This tutorial will just show how to add on a few extras that might be useful.
Adding helm/tiller, digitalocean csi driver
Helm/Tiller allowing installing deployments/services and other resources using helm charts. With the recent release of Helm v3 Tiller is no longer used, but I am going to leave that configuration in here because the RBAC aspect was probably what tripped most people up if anything.
These instructions are once again digitalocean specific, so I show how to install their csi driver so that persistent volume claims can be used to create volumes for other containers. Note that I install v1.1.1 here, but that depending on your cluster version you may want to use a different CSI driver version. I switched to a kubernetes 1.17 cluster and changed the CSI driver to 1.2, which worked without any config changes.
1. Installing helm
This installs helm using a default rbac setup.
- name: "Check if Helm is installed"
shell: command -v helm >/dev/null 2>&1
register: helm_exists
ignore_errors: yes
tags: helm
- name: "Install Helm"
block:
- name: "Get Helm installer"
get_url:
url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
dest: "{{ dl_dir }}/get_helm.sh"
mode: 0755
- name: "Run the installer"
shell: "{{ dl_dir }}/get_helm.sh"
when: helm_exists.rc > 0
- name: "Copy yaml file"
copy:
src: "rbac-config.yml"
dest: "{{ dl_dir }}/rbac-config.yml"
mode: 0644
tags: helm
- name: "RBAC configuration"
shell: "kubectl apply -f {{ dl_dir }}/rbac-config.yml"
tags: helm
- name: "Init Helm"
shell: "helm init --service-account tiller"
tags: helm
- name: "Update Helm repo"
shell: "helm repo update"
tags: helm
- name: "Clean-up"
file:
path: "{{ dl_dir }}"
state: absent
ignore_errors: yes
tags: helm
- name: helm sanity - wait for tiller pod to be running
shell: "kubectl get --namespace kube-system pods --no-headers | grep -w 'tiller-deploy' | grep -v -w 'Running' || true "
register: command_result
until: command_result.stdout == ""
retries: 50
delay: 3
2. Setting up the digitalocean csi driver
This is for persistent volumes, so install it if you want to use those with digitalocean as the provisioner. The secret is an access token, so you will need to set up a kubernetes secret that holds your do access token or you will install the csi driver but find you can’t use it to create volumes since it needs the access token to make volumes in your account.
---
- name: Copy secret file to temporary directory
copy:
src: secret_atdo.yml
dest: "{{ dl_dir }}/secret_atdo.yml"
- name: Install secret for do block storage
k8s:
state: present
src: "{{ dl_dir }}/secret_atdo.yml"
# kubectl create -f "{{ tmp_dir }}/secret_atdo.yml"
- name: download digitalocean v 1.1.1 csi configuration object file
get_url:
url: https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v1.1.1.yaml
dest: "{{ dl_dir }}/csi-digitalocean-v1.1.1.yaml"
- name: Install digitalocean csi driver
k8s:
state: present
src: "{{ dl_dir }}/csi-digitalocean-v1.1.1.yaml"
# kubectl create -f "{{ tmp_dir }}/secret_atdo.yml"
- name: Copy PVC file to temporary directory
copy:
src: testclaim.yml
force: yes
dest: "{{ dl_dir }}/testclaim.yml"
- name: Create PVC to test if do block storage working
k8s:
state: present
src: "{{ dl_dir }}/testclaim.yml"