There's also a video tutorial here for those who prefer to watch instead of read.
By default, when you setup a kubernetes cluster on digitalocean manually, there isn't any persistent volume support even though digitalocean has block storage.
Our aim is to enable persistent volume support backed by digitalocean's block storage using a storage provisioner plugin.
This tutorial assumes you have a running kubernetes cluster setup on digitalocean using CoreOS (setup might vary for other operating systems) with RBAC enabled (usually enabled by default with versions 1.9 and above).
You'll need a digitalocean access token, get one from your account here.
Step 1: Configure Access Token
Base64 encode your digitalocean access token, you can use base64encode.org. You should get an encoded string like this:
Insert the encoded string into the following yaml file and save it your system as
And finally create the secret using the command:
kubectl create -f digitalocean-secret.yml
Step 2: Update kubelet service with volume plugin directory
We'll need to create the volume plugin directory and tell the kubelet service where the directory lives, this has to be done on the kubenetes master & all worker nodes. Save this script as
And run the following command:
ssh core@[kubernetes-master-ip-goes-here] "bash -s" < ./blockstorage-pv.sh ssh core@[repeat-for-each-worker-node-ip-goes-here] "bash -s" < ./blockstorage-pv.sh
If everything goes well, it should exit with out any errors.
Step 3: Update kube-controller-manager
Next we'll need to update the kube-controller manager with the right path to ssl certs, as the defaults don't exist, we'll need point it to the default volume plugin directory. Ssh into your kubernetes master with
ssh core@[kubernetes-master-ip-goes-here] and update the following file
/etc/kubernetes/manifests/kube-controller-manager.yaml using the root user:
spec.containers.command add the following:
spec.containers.volumeMounts add the following:
- mountPath: /etc/kubernetes/kubelet-plugins/volume name: flexvolume-mount readOnly: true
spec.volumes update the following:
- hostPath: path: /etc/ssl/certs type: DirectoryOrCreate name: ca-certs
with this yaml (this will update the ssl certs to the right path):
- hostPath: path: /usr/share/ca-certificates type: DirectoryOrCreate name: ca-certs
And then add the flex volume-mount:
- hostPath: path: /etc/kubernetes/kubelet-plugins/volume type: DirectoryOrCreate name: flexvolume-mount
Save the file and finally restart the sublet service with
systemctl restart kubelet
Step 4: Deploy the digitalocean storage provisioner plugin
Deploy RBAC rules
Save the rbac rules as
digitalocean-flexplugin-rbac.yml and create the rules using the following:
kubectl create -f digitalocean-flexplugin-rbac.yml
Deploy digitalocean provisioner
Save the provisioner as
digitalocean-provisioner.yml and deploy using the following:
kubectl create -f digitalocean-provisioner.yml
Deploy the digitalocean flexplugin
Save the flexplugin as
digitalocean-flexplugin-deploy.yml and deploy using the following:
kubectl create -f digitalocean-flexplugin-deploy.yml
Deploy the storage class
Important!: Change the zone on Line 8 above to the same region as your cluster & also the name on Line 4.
Save the storage class as
ditigalocean-sc.yml and deploy using the following:
kubectl create -f ditigalocean-sc.yml
Let's deploy a sample application which will utilise a persistent volume to make sure our deployment is working.
Important!: Change the storageClassName on Line 11 above to the same name you gave your storage class.
Save the deployment as
ditigalocean-pv-example.yml and deploy using the following:
kubectl create -f ditigalocean-pv-example.yml
To check If your deployment succeeds, goto your digitalocean account under Droplets > Volumes, you should see a 1Gb volume provisioned and attached to one of your nodes. If this is the case, you have successfully added persistent volume support to your kubernetes cluster. Yay!!!
Next in our series, we'll install and enable our kubernetes dashboard! But still to come, installing helm & automatic ssl certificates backed by letsencrypt. Stay tuned.
I hope this helps.