GP3存储比GP2价格便宜,且最低IOPS为3000,无论是从性能或是价格因素考虑,都值得从GP2升级到GP3。
在EKS中使用GP3步骤也并不复杂:
在安装EBS Driver之前,worker node要有访问EC2的权限(因为涉及到创建、修改、删除GP3卷等操作)
在IAM Policy界面中,创建如下policy,并命名为Amazon_EBS_CSI_Driver
:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AttachVolume",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume"
],
"Resource": "*"
}
]
}
将创建的Amazon_EBS_CSI_Driver
policy绑定到worker node的role上。worker node role可以用以下命令获取:
# Get Worker node IAM Role ARN
kubectl -n kube-system describe configmap aws-auth
# from output check rolearn
rolearn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-nodegroup-eksdemo-NodeInstanceRole-IJN07ZKXAWNN
安装EBS CSI Driver:
# Deploy EBS CSI Driver
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
# Verify ebs-csi pods running
kubectl get pods -n kube-system
将以下文件保存为gp3-storageclass.yml
:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: gp3
provisioner: ebs.csi.aws.com # Amazon EBS CSI driver
parameters:
type: gp3
encrypted: 'true' # EBS volumes will always be encrypted by default
volumeBindingMode: WaitForFirstConsumer # EBS volumes are AZ specific
reclaimPolicy: Delete
mountOptions:
- debug
执行kubectl apply -f gp3-storageclass.yml
。 部署成功后状态如下:
将以下文件保存为pod-test.yml
:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/data"
name: mypd
volumes:
- name: mypd
persistentVolumeClaim:
claimName: pvc-gp3
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-gp3
spec:
storageClassName: gp3
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
执行kubectl apply -f pod-test.yml
。创建成功后可以获取到对应的pvc信息:
在aws控制台上也能找到对应的GP3卷:
https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html