Kubernetes cluster on AWS EKS, Part 2: Setup EBS CSI Driver

This is a series on setting up Kubernetes clusters in Amazon EKS.

In this post, we will setup Elastic Block Store on AWS EKS Cluster.

EBS is required for EKS PVC.

1. IAM Policy for EBS

  • Go to Services > IAM on the AWS Web Dashboard
  • Select “Create a Policy”
  • Select the JSON tab and paste it below
{
  "Version":  "2012-10-17",
  "Statement":  [
    {
      "Effect":  "Allow",  
      "Action":  [  
	      "ec2:AttachVolume",  
	      "ec2:CreateSnapshot",  
	      "ec2:CreateTags",  
	      "ec2:CreateVolume",  
	      "ec2:DeleteSnapshot",  
	      "ec2:DeleteTags",  
	      "ec2:DeleteVolume",  
	      "ec2:DescribeInstances",  
	      "ec2:DescribeSnapshots",  
	      "ec2:DescribeTags",  
	      "ec2:DescribeVolumes",  
	      "ec2:DetachVolume"  
	      ],
	      "Resource":  "*"  
	}  
  ]  
}
  • Review the same in Visual Editor
  • Click Review Policy
  • Name: Amazon_EBS_CSI_Driver
  • Click Create Policy

2. Associate with Worker Node IAM Role ARN

Use the following command to obtain the ARN from the aws-auth configmap

kubectl -n kube-system describe configmap aws-auth

From the output, note down the ARN Number

Name:         aws-auth
Namespace:    kube-system
Labels:       <none>
Annotations:  <none>

Data
====
mapRoles:
----
- groups:
  - system:bootstrappers
  - system:nodes
  rolearn: arn:aws:iam::17913XXXXXXX:role/eksctl-eks-cluster-nodegroup-ng-NodeInstanceRole-M3LZJUUCOC10
  username: system:node:

In the above case, it is rolearn: arn:aws:iam::17913XXXXXXX:role/eksctl-eks-cluster-nodegroup-ng-NodeInstanceRole-M3LZJUUCOC10

Next, we need to associate the role

  • Go to Services
  • IAM Roles
  • Search for a role with eksctl-eks-cluster-nodegroup
  • Click on Permissions tab
  • Click on Attach Policies
  • Search for Amazon_EBS_CSI_Driver
  • Click Attach Policy

3. Deploy Amazon EBS CSI Driver

Kubernetes-Sigs provides a deployment from the AWS EBS CSI Driver. We simply need to apply the deployment file.

kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master" 

Verify ebs-csi pods running kubectl get pods -n kube-system

kubectl get pods -n kube-system

The output will be similar to

NAME                                  READY   STATUS    RESTARTS   AGE
ebs-csi-controller-5fd5966556-gt5v5   6/6     Running   0          4m
ebs-csi-controller-5fd5966556-z7bjb   6/6     Running   0          4m
ebs-csi-node-6rgpp                    3/3     Running   0          4m
ebs-csi-node-ncnzw                    3/3     Running   0          4m

We have successfully, set up EBS CSI Driver.

Need help on your Ruby on Rails or React project?

Join Our Newsletter