Using AWS EBS Volumes in Kubernetes To Store Persistent Data for Kubernetes Versions > 1.23

AWS EBS!!

I had written a speedrun on how to create persistent volume claims using AWS EBS in a previous mentioned blog post here. However the steps shown there won’t work for kubernetes clusters version above 1.23 due to a feature enabled in these versions called CSI Migration. So some additional steps have to be taken to create PVC’s for these versions as shown below:

An IAM Role needs to be attached to the worker nodes with the following permissions :

{
 “Version”: “2012–10–17”,
 “Statement”: [
 {
 “Effect”: “Allow”,
 “Action”: [
 “ec2:AttachVolume”,
 “ec2:CreateSnapshot”,
 “ec2:CreateTags”,
 “ec2:CreateVolume”,
 “ec2:DeleteSnapshot”,
 “ec2:DeleteTags”,
 “ec2:DeleteVolume”,
 “ec2:DescribeAvailabilityZones”,
 “ec2:DescribeInstances”,
 “ec2:DescribeSnapshots”,
 “ec2:DescribeTags”,
 “ec2:DescribeVolumes”,
 “ec2:DescribeVolumesModifications”,
 “ec2:DetachVolume”,
 “ec2:ModifyVolume”
 ],
 “Resource”: “*”
 }
 ]
}

Next we need to install AWS EBS CSI Driver using helm as shown below:

helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driverhelm repo updatehelm upgrade — install aws-ebs-csi-driver \
 — namespace kube-system \
 — set enableVolumeScheduling=true \
 — set enableVolumeResizing=true \
 — set ‘podAnnotations.iam\.amazonaws\.com/role’=ROLE_ARN \
 — set ‘node.podAnnotations.iam\.amazonaws\.com/role’=ROLE_ARN \
 aws-ebs-csi-driver/aws-ebs-csi-driver

Here ROLE_ARN is the kubernetes role assigned to kubernetes worker node

Next we can create a storage class using the below example where values can be accordingly changed. Pay attention as it’s slightly different from the one generally used:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
 name: aws-ebs-k8
 labels:
 deploy: aws-ebs-k8
 namespace: monitoring
provisioner: ebs.csi.aws.com
volumeBindingMode: Immediate
parameters:
 type: gp2 # This configures SSDs (recommended).
allowVolumeExpansion: true
reclaimPolicy: Retain
allowedTopologies:
- matchLabelExpressions:
 — key: topology.ebs.csi.aws.com/zone
 values:
 — us-west-2b

Now we can create a persistent volume claim directly by using the storage class name which we configured above:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
 labels:
 deploy: pvc-k8
 name: pvc-k8
spec:
 accessModes:
 — ReadWriteOnce
 resources:
 requests:
 storage: 20Gi
 storageClassName: aws-ebs-k8

Applying this configuration would create a persistent volume claim as well as an EBS volume , and further the claim can be used to attach to a kubernetes application.