使用GP3存储

GP3存储比GP2价格便宜,且最低IOPS为3000,无论是从性能或是价格因素考虑,都值得从GP2升级到GP3。

在EKS中使用GP3步骤也并不复杂:

  1. 安装EBS CSI Driver(由于EKS目前尚不原生支持GP3存储,所以需要安装EBS CSI Driver。)
  2. 创建storage class
  3. 创建pvc并绑定到pod上

安装EBS CSI Driver

在安装EBS Driver之前,worker node要有访问EC2的权限(因为涉及到创建、修改、删除GP3卷等操作)


在IAM Policy界面中,创建如下policy,并命名为Amazon_EBS_CSI_Driver:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:AttachVolume",
        "ec2:CreateSnapshot",
        "ec2:CreateTags",
        "ec2:CreateVolume",
        "ec2:DeleteSnapshot",
        "ec2:DeleteTags",
        "ec2:DeleteVolume",
        "ec2:DescribeInstances",
        "ec2:DescribeSnapshots",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "ec2:DetachVolume"
      ],
      "Resource": "*"
    }
  ]
}

将创建的Amazon_EBS_CSI_Driver policy绑定到worker node的role上。worker node role可以用以下命令获取:

# Get Worker node IAM Role ARN
kubectl -n kube-system describe configmap aws-auth

# from output check rolearn
rolearn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-nodegroup-eksdemo-NodeInstanceRole-IJN07ZKXAWNN

安装EBS CSI Driver:

# Deploy EBS CSI Driver
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"

# Verify ebs-csi pods running
kubectl get pods -n kube-system

image-20211026223141296

创建GP3 storageclass

将以下文件保存为gp3-storageclass.yml:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: gp3
provisioner: ebs.csi.aws.com # Amazon EBS CSI driver
parameters:
  type: gp3
  encrypted: 'true' # EBS volumes will always be encrypted by default
volumeBindingMode: WaitForFirstConsumer # EBS volumes are AZ specific
reclaimPolicy: Delete
mountOptions:
- debug

执行kubectl apply -f gp3-storageclass.yml。 部署成功后状态如下:

image-20211026223823292

创建pvc测试

将以下文件保存为pod-test.yml:

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: myfrontend
      image: nginx
      volumeMounts:
      - mountPath: "/data"
        name: mypd
  volumes:
    - name: mypd
      persistentVolumeClaim:
        claimName: pvc-gp3
        
---   
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-gp3
spec:
  storageClassName: gp3
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

执行kubectl apply -f pod-test.yml。创建成功后可以获取到对应的pvc信息:

image-20211026224038147

在aws控制台上也能找到对应的GP3卷:

image-20211026224212374

参考: https://www.stacksimplify.com/aws-eks/kubernetes-storage/install-aws-ebs-csi-driver-on-aws-eks-for-persistent-storage/

https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html