Today we will see how to deploy AWS EBS CSI driver in Kubernetes and will check dynamic provision of EBS.

AWS Elastic Block Store(EBS) : It is a high performance storage block service designed to use with AWS EC2 instances for high throughput and transaction.

Container Storage Interface (CSI) :   It is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container Orchestration Systems (COs) like Kubernetes, Mesos, Docker, and Cloud Foundry.

Requirements :

Kubernetes version : v1.14 or v1.15
Kubernetes Cluster created in AWS EC2 Instances
AWS IAM role(EBS access) which attached to EC2 instances

Step 1 :

EC2 to EBS access :

There are two ways to allow access to kubernetes cluster to EBS,

1. Create a secret in Kubernetes cluster with AWS key id and secret key.

eg : kubernetes secret yaml file,

# vi secret.yaml

apiVersion: v1
kind: Secret
  name: aws-secret
  namespace: kube-system
  access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXA" 

save and exit.

# kubectl apply -f  secret.yaml

2. Create an IAM role which will allow access from EC2 to EBS with below permission and attach the role to the Kubernetes cluster instances.

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": "*"

Step 2 :

Install AWS EBS CSI Driver,

We can install in two ways,

Go to Kubernetes Master,

by kubectl,

# kubectl apply -k ""


by helm chart,

# helm install --name aws-ebs-csi-driver

Example helm chart output,

Step 3 :

Check  aws-ebs-csi-driver pods status in Kubernetes to make sure its got installed successfully,

# kubectl get pods -n kube-system

here you can see ebs pods will be running based on no. of worker nodes. make sure the pods status is running.I have a cluster with three servers.

Step 4 :

Deploy a dynamic provision pod to verify EBS provision,

1.Create storage class for EBS,

# vi storageclass.yaml

kind: StorageClass
  name: ebs-storage
volumeBindingMode: WaitForFirstConsumer

save and exit.

# kubectl apply -f  storageclass.yaml

to see the created storage class,

# kubectl get storageclass

2.Create persistent volume claim,

# vi pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
  name: ebs-claim
    - ReadWriteOnce
  storageClassName: ebs-storage

      storage: 2Gi

save and exit.

# kubectl apply -f  pvc.yaml

to check the pvc status,

# kubectl get pvc

3.Create a pod,

# vi pod.yaml

apiVersion: v1
kind: Pod
  name: app
  - name: app
    image: centos
    command: ["/bin/sh"]
    args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
    - name: persistent-storage
      mountPath: /data
  - name: persistent-storage

      claimName: ebs-claim

save and exit.

# kubectl apply -f  pod.yaml

to check the pod status,

# kubectl get pods

Step 5 :

Verify PV and PVC which is created automatically with EBS,

# kubectl get pv

# kubectl get pvc

# kubectl describe pv

Get the volume id and verify same volume id will be there in AWS EBS with the created size.

Thats all, AWS EBS CSI driver has been installed in kubernetes cluster and did dynamic EBS provision.


  1. Step 3 command heading needs change as it mentions "kubernetes" instead of "kubectl".


Post a Comment

Previous Post Next Post