Skip to main content

aws-ebs-csi-driver


AWS EBS Container Storage Interface Driver

Prerequisites

import * as aws from "@pulumi/aws";
import * as variable from "@src/variable";

const awsEbsCsiDriverRoleName = "aws-ebs-csi-driver-role";
const oidcUrl = variable.eks.core.eks.apply((eks) => eks.oidcProvider.url);
export const awsEbsCsiDriverRole = new aws.iam.Role(
awsEbsCsiDriverRoleName,
{
namePrefix: `${awsEbsCsiDriverRoleName}-`,
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRoleWithWebIdentity",
Effect: "Allow",
Principal: {
Federated: oidcUrl.apply(
(url) => `arn:aws:iam::718951341054:oidc-provider/${url}`
),
},
Condition: {
StringEquals: oidcUrl.apply((url) => ({
[`${url}:sub`]:
"system:serviceaccount:kube-system:aws-ebs-csi-driver",
})),
},
},
],
},
tags: {
Name: awsEbsCsiDriverRoleName,
"hits.ai/stack": variable.stackName,
},
},
{ protect: true }
);

new aws.iam.RolePolicyAttachment(
"aws-ebs-csi-driver-rpa-0",
{
policyArn: "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
role: awsEbsCsiDriverRole.name,
},
{ protect: true }
);

설치

helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver
helm repo update aws-ebs-csi-driver \
&& helm search repo aws-ebs-csi-driver/aws-ebs-csi-driver -l | head -n 10
helm show values aws-ebs-csi-driver/aws-ebs-csi-driver \
--version 2.14.2 \
> aws-ebs-csi-driver-values.yaml
aws-ebs-csi-driver-values.yaml
customLabels: {}

controller:
serviceAccount:
create: true
name: aws-ebs-csi-driver
annotations:
eks.amazonaws.com/role-arn: "arn:aws:iam::<account-id>:role/<role-name>"
helm template aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver \
--version 2.14.2 \
-n kube-system \
-f aws-ebs-csi-driver-values.yaml \
> aws-ebs-csi-driver.yaml
helm upgrade aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver \
--install \
--version 2.14.2 \
-n kube-system \
--history-max 3 \
-f aws-ebs-csi-driver-values.yaml

StorageClass

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: gp3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
type: gp3