digitalocean: Document common tweaks required for a working setup

[klausenbusk]

/area digitalocean

Per #529, for kubeadm and bootkube setups, the flexvolume dir need to be accessible for kube-controller-manager for a working setup (the volume won't attach if not).

bootkube also require adding a DIGITALOCEAN_ACCESS_TOKEN env variable to kube-controller-manager, as kube-controller-manager run as nobody and as so can't read the do_token file.

[klausenbusk]

Per: #571

• Document CoreOS required change (change of flexvolume dir)
  • Document that kube-controller-manager (kubeadm only?) need to use the /usr/share/ca-certificates instead of /etc/ssl/certs due to symlinks.
• Add RBAC policy (see digitalocean: Add RBAC policy #572) Done

cc @lloeki

[lloeki]

I was faced with a silent mount failure. The sole available bit of log was on the pod's events:

Unable to mount volumes for pod "postgres-deployment-8b4fd44dc5-4rjw9_www(591133ae-0692-11e3-bfd9-22337054e03c)": timeout expired waiting for volumes to attach/mount for pod "www"/"postgres-deployment-8b4fd44dc5-4rjw9". list of unattached/unmounted volumes=[postgres-persistent-storage]

Volume was attaching correctly, just not mounting. Took me two hours before I thought about looking into the node's kubelet logs:

journalctl -xn -u kubelet.service

Turns out I forgot to set --volume-plugin-dir= on a node's kubelet args.

It's a bit more general than digitalocean, but I thought that may be worth mentioning somewhere that a mount timeout could have its cause logged over there and not inside kubernetes.

[Kiura]

@lloeki, could you please tell me how you added --volume-plugin-dir and where/which config?

[lloeki]

@Kiura the systemd service file. If you're using kubeadm:

mkdir -p /etc/kubernetes/kubelet-plugins/volume/exec
sed -i -e 's#\(KUBELET_EXTRA_ARGS=\)#\1--volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec #' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
systemctl daemon-reload
systemctl restart kubelet

Again, be sure to set it for both the master and each none.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

[fejta-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

[k8s-ci-robot]

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.