AWS Elastic Block Store (EBS) can be deployed with Kubernetes in Docker Enterprise 2.1 to use AWS volumes as peristent storage for applications. Before using EBS volumes, configure MKE and the AWS infrastructure for storage orchestration to function.
Kubernetes Cloud Providers rovide a method of provisioning cloud resources
through Kubernetes via he --cloud-provider
option. In AWS, this flag
allows the provisioning of EBS volumes and cloud load balancers.
Configuring a cluster for AWS requires several specific configuration parameters in the infrastructure before installing MKE.
Instances must have the following AWS Identity and Access permissions configured to provision EBS volumes through Kubernetes PVCs.
Master | Worker |
---|---|
ec2:DescribeInstances | ec2:DescribeInstances |
ec2:AttachVolume | ec2:AttachVolume |
ec2:DetachVolume | ec2:DetachVolume |
ec2:DescribeVolumes | ec2:DescribeVolumes |
ec2:CreateVolume | ec2:DescribeSecurityGroups |
ec2:DeleteVolume | |
ec2:CreateTags | |
ec2:DescribeSecurityGroups |
KubernetesCluster
and assign the
same value across all nodes, for example, UCPKubenertesCluster
.--cloud-provider=aws
is required at install time.ucp-agent
needs to be updated to propogate the new configuration.[cluster_config]
...
cloud_provider = "aws"
After configuring MKE for the AWS cloud provider, you can create persistent volumes that deploy EBS volumes attached to hosts and mounted inside pods. The EBS volumes are provisioned dynamically such they are created, attached, destroyed along with the lifecycle of the persistent volumes. This does not require users to directly access to the AWS as you request these resources directly through Kubernetes primitives.
We recommend you use the StorageClass
and PersistentVolumeClaim
resources as these abstraction layers provide more portability as well
as control over the storage layer across environments.
A StorageClass
lets administrators describe “classes” of storage
available in which classes map to quality-of-service levels, or backup
policies, or any policies required by cluster administrators. The
following StorageClass
maps a “standard” class of storage to the
gp2
type of storage in AWS EBS.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: standard
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
reclaimPolicy: Retain
mountOptions:
- debug
A PersistentVolumeClaim
(PVC) is a claim for storage resources that
are bound to a PersistentVolume
(PV) when storage resources are
granted. The following PVC makes a request for 1Gi
of storage from
the standard
storage class.
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: task-pv-claim
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
The following Pod spec references the PVC task-pv-claim
from above
which references the standard
storage class in this cluster.
kind: Pod
apiVersion: v1
metadata:
name: task-pv-pod
spec:
volumes:
- name: task-pv-storage
persistentVolumeClaim:
claimName: task-pv-claim
containers:
- name: task-pv-container
image: nginx
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: task-pv-storage
Once the pod is deployed, run the following kubectl
command to
verify the PV was created and bound to the PVC.
kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-751c006e-a00b-11e8-8007-0242ac110012 1Gi RWO Retain Bound default/task-pv-claim standard 3h
The AWS console shows a volume has been provisioned having a
matching name with type gp2
and a 1GiB
size.