Today we will see how to deploy AWS EBS CSI driver in Kubernetes and will check dynamic provision of EBS.

AWS Elastic Block Store(EBS) : It is a high performance storage block service designed to use with AWS EC2 instances for high throughput and transaction.

Container Storage Interface (CSI) :   It is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container Orchestration Systems (COs) like Kubernetes, Mesos, Docker, and Cloud Foundry.

Requirements :

Kubernetes version : v1.14 or v1.15
Kubernetes Cluster created in AWS EC2 Instances
AWS IAM role(EBS access) which attached to EC2 instances

Step 1 :

EC2 to EBS access :

There are two ways to allow access to kubernetes cluster to EBS,

1. Create a secret in Kubernetes cluster with AWS key id and secret key.

eg : kubernetes secret yaml file,

# vi secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: aws-secret
  namespace: kube-system
stringData:
  key_id: "AKIAIOSFODNN7EXAMPLE"
  access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXA" 

save and exit.

# kubectl apply -f  secret.yaml

2. Create an IAM role which will allow access from EC2 to EBS with below permission and attach the role to the Kubernetes cluster instances.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:AttachVolume",
        "ec2:CreateSnapshot",
        "ec2:CreateTags",
        "ec2:CreateVolume",
        "ec2:DeleteSnapshot",
        "ec2:DeleteTags",
        "ec2:DeleteVolume",
        "ec2:DescribeInstances",
        "ec2:DescribeSnapshots",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "ec2:DetachVolume",
        "ec2:ModifyVolume"
      ],
      "Resource": "*"
    }
  ]
}

Step 2 :

Install AWS EBS CSI Driver,

We can install in two ways,

Go to Kubernetes Master,

by kubectl,

# kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"

or

by helm chart,

# helm install --name aws-ebs-csi-driver https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/download/v0.4.0/helm-chart.tgz

Example helm chart output,



Step 3 :

Check  aws-ebs-csi-driver pods status in Kubernetes to make sure its got installed successfully,

# kubectl get pods -n kube-system



here you can see ebs pods will be running based on no. of worker nodes. make sure the pods status is running.I have a cluster with three servers.

Step 4 :

Deploy a dynamic provision pod to verify EBS provision,

1.Create storage class for EBS,

# vi storageclass.yaml

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: ebs-storage
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer

save and exit.

# kubectl apply -f  storageclass.yaml

to see the created storage class,

# kubectl get storageclass



2.Create persistent volume claim,

# vi pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ebs-claim
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: ebs-storage
  resources:
    requests:

      storage: 2Gi

save and exit.

# kubectl apply -f  pvc.yaml

to check the pvc status,

# kubectl get pvc



3.Create a pod,

# vi pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: app
spec:
  containers:
  - name: app
    image: centos
    command: ["/bin/sh"]
    args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
    volumeMounts:
    - name: persistent-storage
      mountPath: /data
  volumes:
  - name: persistent-storage
    persistentVolumeClaim:

      claimName: ebs-claim

save and exit.

# kubectl apply -f  pod.yaml

to check the pod status,

# kubectl get pods



Step 5 :

Verify PV and PVC which is created automatically with EBS,

# kubectl get pv



# kubectl get pvc




# kubectl describe pv



Get the volume id and verify same volume id will be there in AWS EBS with the created size.








Thats all, AWS EBS CSI driver has been installed in kubernetes cluster and did dynamic EBS provision.



2 Comments

  1. Step 3 command heading needs change as it mentions "kubernetes" instead of "kubectl".

    ReplyDelete

Post a Comment

Previous Post Next Post