On September 10th 2019, Amazon announced EKS support for the EBS Container Storage Interface driver, an initiative to create unified storage interfaces between container orchestrators such as Kubernetes and storage vendors like AWS.
To deploy the Amazon EBS CSI Driver to an Amazon EKS cluster, we need to create an IAM policy called Amazon_EBS_CSI_Driver for your worker node instance profile.
curl -s -O https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/v0.4.0/docs/example-iam-policy.json
export EBS_CNI_POLICY_NAME="Amazon_EBS_CSI_Driver"
aws iam create-policy \
--region ${AWS_REGION} \
--policy-name ${EBS_CNI_POLICY_NAME} \
--policy-document file://example-iam-policy.json
export EBS_CNI_POLICY_ARN=$(aws --region ${AWS_REGION} iam list-policies --query 'Policies[?PolicyName==`'$EBS_CNI_POLICY_NAME'`].Arn' --output text)
We will need to ensure the Role Name used by our workers is set in our environment.
test -n "$ROLE_NAME" && echo ROLE_NAME is "$ROLE_NAME" || echo ROLE_NAME is not set
If you receive an error or an empty response, please review the Test the Cluster section
We can now attach the new Amazon_EBS_CSI_Driver IAM policy to the worker nodes IAM role.
aws iam attach-role-policy \
--region ${AWS_REGION} \
--policy-arn ${EBS_CNI_POLICY_ARN} \
--role-name ${ROLE_NAME}
Run the command below to verify the policy has been attached to the worker nodes IAM role.
aws iam list-attached-role-policies \
--region ${AWS_REGION} \
--role-name ${ROLE_NAME} | grep '"PolicyName": "Amazon_EBS_CSI_Driver"'
The output should look like this.
Finally, we can deploy the driver.
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"