Documentation Status

SKA TANGO-controls docker images on Kubernetes

The following are a set of instructions of running the SKA TANGO-controls docker images made by SKA on Kubernetes, and has been tested on minikube v1.12.3 with k8s v1.18.3 Docker 19.03.8 on Ubuntu 18.04.

Minikube

Using Minikube enables us to create a single node stand alone Kubernetes cluster for testing purposes. If you already have a cluster at your disposal, then you can skip forward to the section Running the SKA TANGO-controls docker images on Kubernetes.

The generic installation instructions are available at https://kubernetes.io/docs/tasks/tools/install-minikube/. A deployment of Minikube that will support the standard features required for the SKA is available at https://gitlab.com/ska-telescope/sdi/deploy-minikube.

Once you have finished the deployment you may need to fixup your permissions:

sudo chown -R ${USER} /home/${USER}/.minikube
sudo chgrp -R ${USER} /home/${USER}/.minikube
sudo chown -R ${USER} /home/${USER}/.kube
sudo chgrp -R ${USER} /home/${USER}/.kube

Once completed, minikube will also update your kubectl settings to include the context current-context: minikube in ~/.kube/config. Test that connectivity works with something like:

$ kubectl get pods -n kube-system
NAME                               READY   STATUS    RESTARTS   AGE
coredns-86c58d9df4-5ztg8           1/1     Running   0          3m24s
...

Helm Chart

The Helm Chart based install of the SKA TANGO-controls docker images relies on Helm (surprise!). If your system does not have a running version of Helm the easiest way to install one is using the install script:

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash

Cleaning Up

Note on cleaning up:

minikube stop # stop minikube - this can be restarted with minikube start
minikube delete # destroy minikube - totally gone!
rm -rf ~/.kube # local minikube configuration cache
# remove all other minikube related installation files
sudo rm -rf /var/lib/kubeadm.yaml /data/minikube /var/lib/minikube /var/lib/kubelet /etc/kubernetes

Running the SKA TANGO-controls docker images on Kubernetes

The basic configuration for each component of the SKA TANGO-controls docker images is held in the values.yaml files.

We launch the SKA TANGO-controls docker images with:

$ make k8s-install-chart

To clean up the Helm Chart release:

$make k8s-uninstall-chart

Vault Secrets

When deploying to a remote cluster we may want to use the vault to fetch secrets.

The tango-base charts are configured to allow the use of vault in the tangodb and databaseds database containers.

When the vault is enable in your chart, vault annotations are added to the chart templates allowing the secrets to be injected in the container

This secret file, in the examples, are formatted as a key/value pairs allowing us the ability to source the file and consequently add the variables as environment variables. This is useful for database containers.

But be aware that sourcing the secret file, depending on your container specification, may disrupt its normal startup flow.

After sourcing the file you need to run the necessary scrips / commands so that your application starts correctly. This changes from application to application.

Enable vault secrets in the tango charts

To use vault configure in the values.yml (this is the tangodb example):

tangodb:

...

  vault:
    useVault: true
    secretPath: stfc
    role: kube-role    

parameter|description :—–:|:—–: useVault| turn it on/off secretPath| starting path for the secret in the server role| vault role to use

If you are using minikube set the useVault parameter to false, remove it or remove the vault section entirely.