After your bootstrap is running and your cluster is created, you will need to install the Azure Disk CSI Driver on your pre-provisioned Azure Kubernetes cluster. The DKP pre-provisioned provider installs by default the storage-local-static-provisioner CSI driver, which is not suitable for production environments. For this reason, it needs to be replaced by the Azure Disk CSI Driver.

Prerequisites:

Before you begin using DKP you must have:

  • An x86_64-based Linux or macOS machine.

  • Download the dkp binary for Linux, or macOS. To check which version of DKP you installed for compatibility reasons, run the dkp version -h command (dkp version).

  • Docker version 18.09.2 or later installed.

  • kubectl for interacting with the running cluster.

  • Azure CLI.

  • A valid Azure account with credentials configured.

  • Create a custom Azure image using KIB.

On macOS, Docker runs in a virtual machine. Configure this virtual machine with at least 8GB of memory.

Set Environment Variables with Credentials:

An Azure Service Principal is needed for deploying resources. To configure your Azure environment, follow below:

  1. Log in to Azure:

    az login
    CODE

    [
      {
        "cloudName": "AzureCloud",
        "homeTenantId": "a1234567-b132-1234-1a11-1234a5678b90",
        "id": "b1234567-abcd-11a1-a0a0-1234a5678b90",
        "isDefault": true,
        "managedByTenants": [],
        "name": "Mesosphere Developer Subscription",
        "state": "Enabled",
        "tenantId": "a1234567-b132-1234-1a11-1234a5678b90",
        "user": {
          "name": "user@azuremesosphere.onmicrosoft.com",
          "type": "user"
        }
      }
    ]
    CODE
  2. Create an Azure Service Principal (SP) by running the following command:
    Note: If an SP with the name exists, this command will rotate the password.

    az ad sp create-for-rbac --role contributor --name "$(whoami)-konvoy" --scopes=/subscriptions/$(az account show --query id -o tsv)
    CODE

    {
      "appId": "7654321a-1a23-567b-b789-0987b6543a21",
      "displayName": "azure-cli-2021-03-09-23-17-06",
      "password": "Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C",
      "tenant": "a1234567-b132-1234-1a11-1234a5678b90"
    }
    CODE
  3. Set the required environment variables using that output:

    export AZURE_SUBSCRIPTION_ID="<id>"       # b1234567-abcd-11a1-a0a0-1234a5678b90
    export AZURE_TENANT_ID="<tenant>"         # a1234567-b132-1234-1a11-1234a5678b90
    export AZURE_CLIENT_ID="<appId>"          # 7654321a-1a23-567b-b789-0987b6543a21
    export AZURE_CLIENT_SECRET="<password>"   # Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C
    export AZURE_RESOURCE_GROUP="<resource group name>" # set to the name of the resorce group
    export AZURE_LOCATION="westus"            # set to the location you are using
    CODE
  4. Set your KUBECONFIG environment variable:

    export kubeconfig=${CLUSTER_NAME}.conf
    CODE
  5. Create the Secret with the Azure credentials, this will be used by the Azure CSI driver:

    1. Create an azure.json file:

      cat <<EOF > azure.json
      {
        "cloud": "AzurePublicCloud",
        "tenantId": "$AZURE_TENANT_ID",
        "subscriptionId": "$AZURE_SUBSCRIPTION_ID",
        "aadClientId": "$AZURE_CLIENT_ID",
        "aadClientSecret": "$AZURE_CLIENT_SECRET",
        "resourceGroup": "$AZURE_RESOURCE_GROUP",
        "location": "$AZURE_LOCATION"
      }
      EOF
      CODE
    2. Create the Secret:

      kubectl create secret generic azure-cloud-provider --namespace=kube-system --type=Opaque --from-file=cloud-config=azure.json
      CODE
  6. Install the Azure Disk CSI driver:

    $ curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/v1.26.2/deploy/install-driver.sh | bash -s v1.26.2 snapshot –
    CODE
  7. Check the status to see if the driver is ready for use:

    kubectl -n kube-system get pod -o wide --watch -l app=csi-azuredisk-controller
    kubectl -n kube-system get pod -o wide --watch -l app=csi-azuredisk-node
    CODE
  8. Now Kubernetes knows that this is Azure disk, and will create clusters on Azure. You are ready to create the StorageClass for the Azure Disk CSI Driver:

    kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/deploy/example/storageclass-azuredisk-csi.yaml
    CODE
  9. Change the default storage class to this new StorageClass so that every new disk will be created in the Azure environment:

    kubectl patch sc/localvolumeprovisioner -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
    kubectl patch sc/managed-csi -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
    CODE
  10. Verify that the StorageClass chosen is currently the default:

    kubectl get storageclass
    CODE

For more information about Azure Disk CSI for persistent storage and changing the default StorageClass, refer to that page in the documentation: Default Storage Providers in DKP

Next Step:

Pre-provisioned Modify the Calico Installation