Kubernetes cluster on AWS EKS, Part 2: Setup EBS CSI Driver

Mar 21, 2023
authorImg Manmeet Singh
authorImg Manmeet Singh

Manmeet is a Ruby on Rails Developer.

authorImg Gowsik Vivekanandan
authorImg Gowsik Vivekanandan

I’m a Ruby on Rails and Javascript enthusiast with over three years of experience in creating SaaS applications that make remote work easier. I work well in teams and am always up for new challenges. Born and raised in Namakkal, I enjoy playing video games, binge-watching tv shows, and stargazing to kill time.

 1 minute read

This is a series on setting up Kubernetes clusters in Amazon EKS.

In this post, we will setup Elastic Block Store on AWS EKS Cluster.

EBS is required for EKS PVC.

1. IAM Policy for EBS

  • Go to Services > IAM on the AWS Web Dashboard
  • Select “Create a Policy”
  • Select the JSON tab and paste it below
{
  "Version":  "2012-10-17",
  "Statement":  [
    {
      "Effect":  "Allow",  
      "Action":  [  
	      "ec2:AttachVolume",  
	      "ec2:CreateSnapshot",  
	      "ec2:CreateTags",  
	      "ec2:CreateVolume",  
	      "ec2:DeleteSnapshot",  
	      "ec2:DeleteTags",  
	      "ec2:DeleteVolume",  
	      "ec2:DescribeInstances",  
	      "ec2:DescribeSnapshots",  
	      "ec2:DescribeTags",  
	      "ec2:DescribeVolumes",  
	      "ec2:DetachVolume"  
	      ],
	      "Resource":  "*"  
	}  
  ]  
}
  • Review the same in Visual Editor
  • Click Review Policy
  • Name: Amazon_EBS_CSI_Driver
  • Click Create Policy

2. Associate with Worker Node IAM Role ARN

Use the following command to obtain the ARN from the aws-auth configmap

kubectl -n kube-system describe configmap aws-auth

From the output, note down the ARN Number

Name:         aws-auth
Namespace:    kube-system
Labels:       <none>
Annotations:  <none>

Data
====
mapRoles:
----
- groups:
  - system:bootstrappers
  - system:nodes
  rolearn: arn:aws:iam::17913XXXXXXX:role/eksctl-eks-cluster-nodegroup-ng-NodeInstanceRole-M3LZJUUCOC10
  username: system:node:

In the above case, it is rolearn: arn:aws:iam::17913XXXXXXX:role/eksctl-eks-cluster-nodegroup-ng-NodeInstanceRole-M3LZJUUCOC10

Next, we need to associate the role

  • Go to Services
  • IAM Roles
  • Search for a role with eksctl-eks-cluster-nodegroup
  • Click on Permissions tab
  • Click on Attach Policies
  • Search for Amazon_EBS_CSI_Driver
  • Click Attach Policy

3. Deploy Amazon EBS CSI Driver

Kubernetes-Sigs provides a deployment from the AWS EBS CSI Driver. We simply need to apply the deployment file.

kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"

Verify ebs-csi pods running kubectl get pods -n kube-system

kubectl get pods -n kube-system

The output will be similar to

NAME                                  READY   STATUS    RESTARTS   AGE
ebs-csi-controller-5fd5966556-gt5v5   6/6     Running   0          4m
ebs-csi-controller-5fd5966556-z7bjb   6/6     Running   0          4m
ebs-csi-node-6rgpp                    3/3     Running   0          4m
ebs-csi-node-ncnzw                    3/3     Running   0          4m

We have successfully, set up EBS CSI Driver.

Need help on your Ruby on Rails or React project?

BOOK A CALL

If you enjoyed this post, you might also like:

Kubernetes cluster on AWS EKS, Part 4: Setup Elastic Stack ( ElasticSearch / Kibana / APM Server ) on Kubernetes

March 21, 2023

Know how to rollout and rollback deployments in Kubernetes

June 6, 2022

Kubernetes cluster on AWS EKS, Part 3: Setup NGINX Ingress Controller with Cert-Manager on AWS EKS

March 21, 2023

Join Our Newsletter