By flo in kubernetes

Setting Up EBS Storage in Your AWS EKS Cluster: A Quick Guide (Because I Tend to Forget)

DALL-Es idea of "a cloud that says "EKS" with an usb stick plugged in, with the writing "EBS" on it"

Let’s be real—sometimes you just need a straightforward guide you can come back to when the details get foggy. This is that guide. If you're working with an EKS cluster on AWS and need to integrate EBS (Elastic Block Storage), bookmark this post. Here’s everything you need to set up the EBS CSI driver, grant permissions, and make EBS the default storage class in your cluster.

Step 1: Install the EBS CSI Driver

To start, let’s get the EBS CSI driver installed. This driver allows your cluster to work seamlessly with EBS volumes. Run the following commands to set it up:

helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver
helm install aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver --namespace kube-system

This will pull in the Helm repository and install the driver to the kube-system namespace.

Step 2: Grant Your Cluster Permission to Use EBS

Next, you need to create an IAM policy to let your EKS nodes handle EBS volumes (create, attach, detach, and more). Use AWS CLI to create and attach the policy:

aws iam create-policy --policy-name AmazonEKS_EBS_CSI_Driver_Policy --policy-document '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CreateSnapshot",
        "ec2:AttachVolume",
        "ec2:DetachVolume",
        "ec2:DeleteVolume",
        "ec2:DescribeVolumes",
        "ec2:DescribeSnapshots",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:CreateVolume"
      ],
      "Resource": "*"
    }
  ]
}'

Now, attach this policy to your Node IAM Role:

aws iam attach-role-policy --role-name <NodeInstanceRole> --policy-arn arn:aws:iam::<your-account-id>:policy/AmazonEKS_EBS_CSI_Driver_Policy

Replace <NodeInstanceRole> with the name of your node's IAM role and <your-account-id> with your AWS account ID.

Finding Your Node IAM Role Name

If finding the Node IAM Role name in the AWS console isn’t going smoothly, you can locate it by checking the logs of the EBS CSI controller pod. Here’s how:

  1. List Pods in the kube-system Namespace:
    Start by listing the pods to find the EBS CSI controller pod name:
kubectl get pods -n kube-system
  1. View the Logs for the EBS CSI Controller Pod:
    Take the pod name (should look something like ebs-csi-controller-xxxxx) and check its logs:
kubectl logs <ebs-csi-controller-pod-name> -n kube-system
  1. Locate the IAM Role in the Logs:
    Scan the logs for lines mentioning “IAM role” or “ARN”—you’ll find the IAM role name your EKS nodes are using.

Once you have it, use that role name to attach the policy as shown above.

Step 3: Set EBS as the Default StorageClass

Finally, let’s make EBS the default storage class for your cluster. This ensures Kubernetes will automatically use EBS when you create persistent volumes. Run this command:

kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

That’s it! EBS is now set as the default StorageClass for your cluster, simplifying persistent storage setup.

Previous

How Talos Won My Heart (and My Clusters)

You might also like...