본문으로 건너뛰기

aws-ebs-csi-driver

AWS EBS Container Storage Interface Driver

사전 요구 사항

import * as aws from "@pulumi/aws";
import * as variable from "@src/variable";

const awsEbsCsiDriverRoleName = "aws-ebs-csi-driver-role";
export const awsEbsCsiDriverRole = new aws.iam.Role(
awsEbsCsiDriverRoleName,
{
namePrefix: `${awsEbsCsiDriverRoleName}-`,
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Federated: variable.eks.core.eks.apply((eks) => eks.oidcProvider.arn),
},
Condition: {
StringEquals: variable.eks.core.eks.apply((eks) => ({
[`${eks.oidcProvider.url}:aud`]: "sts.amazonaws.com",
[`${eks.oidcProvider.url}:sub`]:
// system:serviceaccount:<namespace>:<serviceAccount>
"system:serviceaccount:kube-system:aws-ebs-csi-driver",
})),
},
Action: "sts:AssumeRoleWithWebIdentity",
},
],
},
tags: {
Name: awsEbsCsiDriverRoleName,
"loliot.net/stack": variable.stackName,
},
},
{ protect: true },
);

new aws.iam.RolePolicyAttachment(
"aws-ebs-csi-driver-rpa-0",
{
policyArn: "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
role: awsEbsCsiDriverRole.name,
},
{ protect: true },
);

설치

helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver
helm repo update aws-ebs-csi-driver \
&& helm search repo aws-ebs-csi-driver/aws-ebs-csi-driver -l | head -n 10
helm show values aws-ebs-csi-driver/aws-ebs-csi-driver \
--version 2.26.0 \
> aws-ebs-csi-driver-values.yaml
aws-ebs-csi-driver-values.yaml
customLabels: {}

controller:
serviceAccount:
create: true
name: aws-ebs-csi-driver
annotations:
eks.amazonaws.com/role-arn: "arn:aws:iam::<account-id>:role/<role-name>"

tolerations: []
helm template aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver \
--version 2.26.0 \
-n kube-system \
-f aws-ebs-csi-driver-values.yaml \
> aws-ebs-csi-driver.yaml
helm upgrade aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver \
--install \
--history-max 5 \
--version 2.26.0 \
-n kube-system \
-f aws-ebs-csi-driver-values.yaml

StorageClass

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: gp3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
type: gp3