Difference between revisions of "Aws-ebs-csi-driver Installation"
Jump to navigation
Jump to search
Line 24: | Line 24: | ||
[[kubectl get pod -n kube-system]] -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver" | [[kubectl get pod -n kube-system]] -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver" | ||
NAME READY STATUS RESTARTS AGE | NAME READY STATUS RESTARTS AGE | ||
− | ebs-csi-controller-7687b8974-2t8nf 5/5 Running 0 2m15s | + | [[ebs-csi-controller]]-7687b8974-2t8nf 5/5 Running 0 2m15s |
ebs-csi-controller-7687b8974-vpjln 5/5 Running 0 2m15s | ebs-csi-controller-7687b8974-vpjln 5/5 Running 0 2m15s | ||
− | ebs-csi-node-4nxsp 3/3 Running 0 2m15s | + | [[ebs-csi-node]]-4nxsp 3/3 Running 0 2m15s |
ebs-csi-node-6n8dp 3/3 Running 0 2m15s | ebs-csi-node-6n8dp 3/3 Running 0 2m15s | ||
ebs-csi-node-d4j8z 3/3 Running 0 2m15s | ebs-csi-node-d4j8z 3/3 Running 0 2m15s |
Revision as of 13:23, 30 December 2022
aws-ebs-csi-driver
Installation
0) Install driver
helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver helm repo update helm upgrade --install aws-ebs-csi-driver --namespace kube-system aws-ebs-csi-driver/aws-ebs-csi-driver
Release "aws-ebs-csi-driver" does not exist. Installing it now. NAME: aws-ebs-csi-driver LAST DEPLOYED: Mon Sep 26 08:02:42 2022 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: To verify that aws-ebs-csi-driver has started, run: kubectl get pod -n kube-system -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver" NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality.
Output after installation:
kubectl get pod -n kube-system -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver" NAME READY STATUS RESTARTS AGE ebs-csi-controller-7687b8974-2t8nf 5/5 Running 0 2m15s ebs-csi-controller-7687b8974-vpjln 5/5 Running 0 2m15s ebs-csi-node-4nxsp 3/3 Running 0 2m15s ebs-csi-node-6n8dp 3/3 Running 0 2m15s ebs-csi-node-d4j8z 3/3 Running 0 2m15s
1) Grant driver IAM permissions
Choose one of the following methods:
- 1.1 Using IAM instance profile - attach
arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
policy to the instance profile IAM role and turn on access to instance metadata for the instance(s) on which the driver Deployment will run. - 1.2 EKS only: Using IAM roles for ServiceAccounts - create an IAM role, attach the policy to it, then follow the IRSA documentation to associate the IAM role with the driver Deployment service account, which if you are installing via Helm is determined by value
controller.serviceAccount.name
,ebs-csi-controller-sa
by default - 1.3 Using secret object - create an IAM user, attach the policy to it, then create a generic secret called aws-secret in the kube-system namespace with the user's credentials
- Create IAM user:
aws iam create-user --user-name ebs-csi-user
- Attach policy:
aws iam attach-user-policy --user-name ebs-csi-user --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
- Create secret:
aws iam create-access-key --user-name ebs-csi-user
kubectl create secret generic aws-secret --namespace kube-system --from-literal "key_id=${AWS_ACCESS_KEY_ID}" --from-literal "access_key=${AWS_SECRET_ACCESS_KEY}"
- Create IAM user:
Related
kubectl get events default 107s Warning ProvisioningFailed persistentvolumeclaim/myprometheus-server (combined from similar events): failed to provision volume with StorageClass "gp2": rpc error: code = Internal desc = Could not create volume "pvc-4e14416c-c9c2-4d39-b749-9ce0fa98d597": could not create volume in EC2: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: Goz6E3qExxxxx.../...
kubectl delete pods -n kube-system -l=app=ebs-csi-controller
See also
- EKS storage, Amazon EBS CSI driver, Amazon EFS CSI driver,
kubectl describe storageclass
- EKS,
eksctl
, EKS add-ons, Amazon EKS cluster role, Terraform EKS, Kubernetes Autoscaler, Karpenter, Terraform module: EKS, Terraform resource: aws eks node group, Terraform data source: aws_eks_cluster, AWS Controllers for Kubernetes, AWS Load Balancer Controller, Amazon EKS Anywhere, Kustomize,aws-iam-authenticator
, ACK, tEKS, Amazon EKS authorization, Amazon EKS authentication, Nodegroup, EKS storage,aws-ebs-csi-driver, aws-efs-csi-driver, aws-load-balancer-controller, amazon-vpc-cni-k8s
, EKS security, EKS Best Practices Guides,hardeneks
, EKS versions,fargate-scheduler
,eks-connector
, Resilience in Amazon EKS, EKS control plane logging, Security groups for Pods in EKS
Advertising: