AWS Container Storage Interface (CSI) enabled in K8s 1.23

Question

AWS Container Storage Interface (CSI) enabled in K8s 1.23

tgelpi opened this issue 2 years ago · 1 comments

Currently when trying to build an AWS environment with K8S v1.24 it remains in a pending state with creating persistent volume claims with the gp2 storage classes.

Building/upgrading AWS to v1.23 now requires a container storage interface (CSI) driver.

The Kubernetes in-tree to container storage interface (CSI) volume migration feature was enabled in K8S version 1.23. This feature enables the replacement of existing Kubernetes in-tree storage plugins for Amazon EBS with a corresponding Amazon EBS CSI driver.

To improve security and reduce the amount of work, you can manage the Amazon EBS CSI driver as an Amazon EKS add-on

A proposal is being made to accomodate the new EBS CSI driver requirements for K8S 1.23 and implement an addon mechanism for managing the EBS CSI driver.

Answer 1 · 2023-05-30T08:26:10.000Z

I perform this in my case:

Create a policy about this requirement:

https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html

NOTE: I created it inside terraform jx3 code in another module

Add a helm chart in /helmfiles/kubesystem/helmfile.yaml

repositories:
- name: aws-efs-csi-driver
  url: https://kubernetes-sigs.github.io/aws-efs-csi-driver/

and

releases:
- chart: aws-efs-csi-driver/aws-efs-csi-driver
  version: 2.3.7
  name: aws-efs-csi-driver
  values:
  - aws-efs-csi-driver.yaml.gotmpl
  - jx-values.yaml

attach the role create for aws-ebs-csi in a custom aws-efs-csi-driver.yaml.gotmpl:

controller:
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::XXXXXXXXX:role/<cluster-name>-ebs-csi