In this post we will review the steps to create a storage provisioner for AWS EKS. This is required to allocate EFS storage as a response to a Physical Volume Claim (PVC).
First we create a service account that will be used for the provisioner.
rm -f iam-policy.json
curl -S https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.2.0/docs/iam-policy-example.json -o iam-policy.json
policyExists=$(aws iam list-policies|grep EFSCSIControllerIAMPolicy|wc -l)
if [[ "${policyExists}" = "0" ]]; then
aws iam create-policy \
--policy-name EFSCSIControllerIAMPolicy \
--policy-document file://iam-policy.json
fi
rm -f iam-policy.json
eksctl create iamserviceaccount \
--name=efs-csi-controller-sa \
--namespace=kube-system \
--cluster=${AWS_EKS_CLUSTER_NAME} \
--region ${AWS_REGION} \
--override-existing-serviceaccounts \
--attach-policy-arn=arn:aws:iam::${AWS_ACCOUNT}:policy/EFSCSIControllerIAMPolicy \
--approve
Next we install the provisioner using helm chart.
helm repo add aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver
helm repo update
helm upgrade -i aws-efs-csi-driver aws-efs-csi-driver/aws-efs-csi-driver \
--namespace kube-system \
--set image.repository=602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efs-csi-driver \
--set controller.serviceAccount.create=false \
--set controller.serviceAccount.name=efs-csi-controller-sa
Now, we login to the AWS console, and manually create an EFS, and update the EFS ID in the following yaml file, and apply it using kubectl.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
fileSystemId: fs-084ad2344494c65a4
directoryPerms: "700"
Now any PVC with storage class efs-sc will be automatically handled by the storage provisioner.
No comments:
Post a Comment