Install AWS EBS CSI Driver
This page explains steps by step instruction to install the AWS EBS CSI driver on AWS EKS cluster.
A CSI driver with snapshotting capability is a requirement for T4K to function properly. It has been discovered that in the Fall of 2022, the snapshot controller has been removed from the AWS EBS CSI driver install process. In addition, CSI is not installed by default with the creation of an EKS cluster so a customer will have to add this CSI support manually after the creation of an EKS cluster.
The instructions are validated for AWS EKS v 1.21, 1.22, and 1.23.
Getting Started with AWS CLI and EKS Cluster deployment:
Once you have an existing EKS cluster user with
eks-admin
privileges then fetch thekubeconfig
file of the cluster
Add CSI driver:
Install the AWS EBS CSI Driver through Amazon EKS Add-on. You can follow the below step-by-step instruction with commands:
Get OIDC endpoint:
The output will show the OIDC endpoint:
To create an IAM OIDC identity provider for your cluster with the AWS Management Console
Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
In the left pane, select Clusters, and then select the name of your cluster on the Clusters page.
In the Details section on the Overview tab, note the value of the OpenID Connect provider URL.
Open the IAM console at https://console.aws.amazon.com/iam/
In the left navigation pane, choose Identity Providers under Access management. If a Provider is listed that matches the URL for your cluster, then you already have a provider for your cluster. If a provider isn't listed that matches the URL for your cluster, then you must create one.
To create a provider, choose Add provider.
For Provider type, select OpenID Connect.
For Provider URL, enter the OIDC provider URL for your cluster, and then choose Get thumbprint.
For Audience, enter sts.amazonaws.com and choose Add provider.
Create role with policy:
Get OIDC provider for cluster:
The output will show the OIDC endpoint with region name:
Create role JSON file to be applied with AWS CLI
Change the AWS account number, OIDC provider URL and region code as per the EKS cluster deployment.
Create Role by applying role ISON file with AWS CLI:
Attach above created role to Amazon EBS CSI policy
Adding the Amazon EBS CSI add-on:
Add
ebs-sc
storage class, example pod and PVC using a CSI volume:Change default
StorageClass
toebs-sc
:Add VolumeSnapshot CRDs and Snapshot Controller:
With all above steps, EBS CSI driver with VolumeSnapshot capability is installed.
Validate the EBS driver installation
If T4K Preflight plugin is not already installed, follow the instructions here
Install and run the T4K preflight plugin: