安装oidc:EKS系列五:OIDC+cm授权
### 使用eksctl 创建 Amazon EBS CSI 插件 IAM 角色 eksctl create iamserviceaccount \ --name ebs-csi-controller-sa \ --namespace kube-system \ --cluster eks-devops \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve \ --role-only \ --role-name AmazonEKS_EBS_CSI_DriverRole |
### eksctl安装ebs插件 eksctl create addon --name aws-ebs-csi-driver --cluster my-cluster --service-account-role-arn arn:aws:iam::111122223333:role/AmazonEKS_EBS_CSI_DriverRole --force ###手动更新注解(可选) kubectl annotate serviceaccount ebs-csi-controller-sa \ -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::917958955567:role/AmazonEKS_EBS_CSI_DriverRole |
###新建storageclass
cat > ebs-sc.yaml <<EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
type: gp3
EOF
###新建claim.yaml
cat >claim.yaml <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 10Gi
EOF
###新建pod.yaml
cat >pod.yaml <<'EOF'
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
EOF
|
# 修改默认的gp2
kubectl patch storageclass gp2 -p '{"allowVolumeExpansion":true}' |
# | 判定描述 | 自我判定(是/否) |
|---|---|---|
| 1 | 在各搜索引擎中是否能找到知识信息(包括但不限于Google、百度、Bing) | 是 |
| 2 | 是否需要代码集成开发 | 否 |