Deploy EBS CSI Driver (AWS Only)¶
In this section you will configure and deploy the EBS CSI driver using an IAM role to provide it with permissions to manage the lifecycle of EBS volumes for persistent volumes.
Fast Forward
If you deploying EKF on Google Cloud or Azure, skip this guide and proceed to the What’s Next section.
Fast Forward
If you have already configured and deployed the EBS CSI driver, expand this box to fast-forward.
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsSave your state:
root@rok-tools:~/ops/deployments# rok-j2 deploy/env.ebs-csi-driver.j2 \ > -o deploy/env.ebs-csi-driverCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Deploy EBS CSI Driver"Proceed to the Verify section.
Choose one of the following options to deploy the EBS CSI driver:
- Option 1: Deploy EBS CSI Driver Automatically (preferred).
- Option 2: Deploy EBS CSI Driver Manually.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
- An existing Snapshot Controller.
- An existing IAM role for the EBS CSI driver.
Option 1: Deploy EBS CSI Driver Automatically (preferred)¶
Deploy the EBS CSI driver by following the on-screen instructions on the
rok-deploy
user interface.
If rok-deploy
is not already running, start it with:

Proceed to the Summary section.
Option 2: Deploy EBS CSI Driver Manually¶
If you want to deploy the EBS CSI driver manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.{envvars-aws,iam-ebs-csi-driver})root@rok-tools:~/ops/deployments# export AWS_ACCOUNT_ID IAM_EBS_CSI_DRIVER_ROLEAnnotate the
ebs-csi-controller-sa
service account with the ARN of the IAM role:root@rok-tools:~/ops/deployments# j2 rok/aws-ebs-csi-driver/overlays/deploy/patches/serviceaccount.yaml.j2 \ > -o rok/aws-ebs-csi-driver/overlays/deploy/patches/serviceaccount.yamlSave your state:
root@rok-tools:~/ops/deployments# rok-j2 deploy/env.ebs-csi-driver.j2 \ > -o deploy/env.ebs-csi-driverCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Deploy EBS CSI Driver"Deploy the EBS CSI driver:
root@rok-tools:~/ops/deployments# rok-deploy \ > --apply rok/aws-ebs-csi-driver/overlays/deploy/Mark your progress:
root@rok-tools:~/ops/deployments# export DATE=$(date -u "+%Y-%m-%dT%H.%M.%SZ")root@rok-tools:~/ops/deployments# git tag \ > -a deploy/${DATE?}/release-2.0/ebs-csi-driver \ > -m "Deploy EBS CSI Driver"
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.{envvars-aws,iam-ebs-csi-driver})root@rok-tools:~/ops/deployments# export AWS_ACCOUNT_ID IAM_EBS_CSI_DRIVER_ROLEVerify that the EBS CSI driver Pods are up and running. Verify that field READY is N/N:
root@rok-tools:~/ops/deployments# kubectl get pods \ > -l app.kubernetes.io/name=aws-ebs-csi-driver \ > -n kube-system NAME READY STATUS RESTARTS AGE ebs-csi-controller-5c58f77db8-jlsmg 6/6 Running 0 3m45s ebs-csi-controller-5c58f77db8-t2ml9 6/6 Running 0 3m45s ebs-csi-node-6qmdz 3/3 Running 0 3m45s ebs-csi-node-b56j7 3/3 Running 0 3m45sVerify that the
ebs-csi-controller-sa
service account is annotated with the ARN of the IAM role:root@rok-tools:~/ops/deployments# ROLE_ARN=$(kubectl get serviceaccount ebs-csi-controller-sa \ > -n kube-system \ > -o jsonpath='{.metadata.annotations.eks\.amazonaws\.com/role-arn}') \ > && [[ ${ROLE_ARN?} == arn:aws:iam::${AWS_ACCOUNT_ID?}:role/${IAM_EBS_CSI_DRIVER_ROLE?} ]] \ > && echo OK \ > || echo FAIL OK