Install kubectl from Google via cloud-init
Quick-answer:
You need to add this to your cloud-init:
sources:
google.list:
source: deb http://apt.kubernetes.io/ kubernetes-xenial main
keyid: BA07F4FB
keyserver: pgp.mit.edu
The TL;DR Story
Like you, I am a fan of cloud-init. It is a very straight forward way to handle sending metadata to cloud provider instances. A lot of changes have been made to cloud-init over the past few years so I took some time to look into a few of them. I needed to install Kubernetes (k8s) tools and I wanted to use the Google Cloud Package deb repository as the source.I could have used one of the many curl methods to install k8s, or some other manual method with bash, but I wanted to do it a clean cloud-init way. I also tried installing the GCE tools and using gcloud to install kubectl, but I am an AWS user and that did not seem to work well on my ec2 instance (hung with dpkg and did not do anything).
Here is what I found as clean approach to my problem:
Setup the cloud-init apt: configs
My cloud-init YAML for apt looks like the image below. I'll try to explain each of the major pieces needed for adding the Google repo. Note, I stopped using the older format of apt-sources: and switched to this format that is in cloud-init v17.x+
- google.list: This is the source that will get added to the /etc/apt/sources.list.d path on your Ubuntu instance.
- source: This is the deb repo path. I obtained this path from this guy.
- keyid: This was the tricky part. I used my gpg-keychain app on my Mac to search for the Google Cloud Packages Automatic Signing Key. I knew I had to find this key because of these documents. Once I found Google's entry in gpg-keychain, I got the Key ID like shown below. I then stuffed it into this field in my cloud-init.
- keyserver: I added this for good measure to make sure that cloud-init could find the key, since that is where my gpg-keychain app had found it. I probably did not need this.
Making sure kubectl (Kubernetes) was installed
Simply adding the item to the cloud-init packages: list made sure it was installed. The below list of packages is more than just for k8s; I shared my whole list for reference.
Logs to prove it
Here you can see that my repo was found and my packages were installed
I just started to have an error with this key from the keyserver, not sure if it changed - if I found out I will update the above post.
ReplyDeleteGoogle's GPG Key expired, and is now BA07F4FB.
Delete