先决条件

安装oidc:EKS系列五:OIDC+cm授权

eksctl配置role与policy

### 使用eksctl 创建 Amazon EBS CSI 插件 IAM 角色
eksctl create iamserviceaccount \
  --name ebs-csi-controller-sa \
  --namespace kube-system \
  --cluster eks-devops \
  --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
  --approve \
  --role-only \
  --role-name AmazonEKS_EBS_CSI_DriverRole

插件安装

### eksctl安装ebs插件
eksctl create addon --name aws-ebs-csi-driver --cluster my-cluster --service-account-role-arn arn:aws:iam::111122223333:role/AmazonEKS_EBS_CSI_DriverRole --force

###手动更新注解(可选)
kubectl annotate serviceaccount ebs-csi-controller-sa \
 -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::917958955567:role/AmazonEKS_EBS_CSI_DriverRole


EBS测试demo

###新建storageclass
cat > ebs-sc.yaml <<EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
  type: gp3
EOF

###新建claim.yaml
cat >claim.yaml <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ebs-claim
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: ebs-sc
  resources:
    requests:
      storage: 10Gi
EOF

###新建pod.yaml
cat >pod.yaml <<'EOF'
apiVersion: v1
kind: Pod
metadata:
  name: app
spec:
  containers:
  - name: app
    image: busybox
    command: ["/bin/sh"]
    args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
    volumeMounts:
    - name: persistent-storage
      mountPath: /data
  volumes:
  - name: persistent-storage
    persistentVolumeClaim:
      claimName: ebs-claim
EOF

允许修改磁盘大小(可选)

# 修改默认的gp2
kubectl patch storageclass gp2  -p '{"allowVolumeExpansion":true}'

自我判定

#

判定描述

自我判定(是/否)

1在各搜索引擎中是否能找到知识信息(包括但不限于Google、百度、Bing)
2是否需要代码集成开发