Difference between revisions of "Aws-ebs-csi-driver"

From wikieduonline
Jump to navigation Jump to search
Line 43: Line 43:
 
=== 1) Grant driver IAM permissions ===
 
=== 1) Grant driver IAM permissions ===
 
Choose one of the following methods:
 
Choose one of the following methods:
* 1.1 Using IAM [[instance profile]] - attach <code>[[arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]]</code> policy to the instance profile IAM role and turn on access to instance metadata for the instance(s) on which the driver Deployment will run
+
* 1.1 Using IAM [[instance profile]] - attach <code>[[arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]]</code> policy to the [[instance profile]] IAM role and turn on access to instance metadata for the instance(s) on which the driver Deployment will run
 
* 1.2 EKS only: Using [[IAM roles for ServiceAccounts]] - create an [[IAM role]], attach the policy to it, then follow the [[IRSA]] documentation to associate the IAM role with the driver Deployment service account, which if you are installing via Helm is determined by value <code>[[controller.serviceAccount.name]]</code>, <code>[[ebs-csi-controller-sa]]</code> by default
 
* 1.2 EKS only: Using [[IAM roles for ServiceAccounts]] - create an [[IAM role]], attach the policy to it, then follow the [[IRSA]] documentation to associate the IAM role with the driver Deployment service account, which if you are installing via Helm is determined by value <code>[[controller.serviceAccount.name]]</code>, <code>[[ebs-csi-controller-sa]]</code> by default
 
* 1.3 Using secret object - create an IAM user, attach the policy to it, then create a generic secret called aws-secret in the kube-system namespace with the user's credentials
 
* 1.3 Using secret object - create an IAM user, attach the policy to it, then create a generic secret called aws-secret in the kube-system namespace with the user's credentials

Revision as of 06:37, 26 September 2022

Amazon EBS CSI driver


kubectl get events
default 8m51s       Warning   FailedScheduling       pod/myprometheus-alertmanager-5967d4ff85-5glkh    running PreBind plugin "VolumeBinding": binding volumes: timed out waiting for the condition
default     4m58s       Normal    ExternalProvisioning   persistentvolumeclaim/myprometheus-alertmanager   waiting for a volume to be created, either by external provisioner "ebs.csi.aws.com" or manually created by system administrator


Installation

0) Install driver

helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver
helm repo update
helm upgrade --install aws-ebs-csi-driver --namespace kube-system aws-ebs-csi-driver/aws-ebs-csi-driver
Release "aws-ebs-csi-driver" does not exist. Installing it now.
NAME: aws-ebs-csi-driver
LAST DEPLOYED: Mon Sep 26 08:02:42 2022
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
To verify that aws-ebs-csi-driver has started, run:

    kubectl get pod -n kube-system -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver"

NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality.

Output after installation:

kubectl get pod -n kube-system -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver"
NAME                                 READY   STATUS    RESTARTS   AGE
ebs-csi-controller-7687b8974-2t8nf   5/5     Running   0          2m15s
ebs-csi-controller-7687b8974-vpjln   5/5     Running   0          2m15s
ebs-csi-node-4nxsp                   3/3     Running   0          2m15s
ebs-csi-node-6n8dp                   3/3     Running   0          2m15s 
ebs-csi-node-d4j8z                   3/3     Running   0          2m15s


1) Grant driver IAM permissions

Choose one of the following methods:

kubectl create secret generic aws-secret --namespace kube-system --from-literal "key_id=${AWS_ACCESS_KEY_ID}" --from-literal "access_key=${AWS_SECRET_ACCESS_KEY}"

Related

See also

Advertising: