Use AWS EBS Storage

You can use AWS volumes as the persistent storage for your application by using Kubernetes to deploy AWS Elastic Block Store (EBS). Before you can use EBS volumes, you must configure MKE to use the AWS infrastructure.

Configure AWS infrastructure for Kubernetes

To configure the AWS infrastructure:

  1. Configure the following AWS Identity and Access Management (IAM) master and worker node permissions, as doing so is required to provision EBS volumes using Kubernetes PersistentVolumeClaims:

    IAM permission

    Master

    Worker

    ec2:DescribeInstances

    Yes

    Yes

    ec2:AttachVolume

    Yes

    Yes

    ec2:DetachVolume

    Yes

    Yes

    ec2:DescribeVolumes

    Yes

    Yes

    ec2:DescribeSecurityGroups

    Yes

    Yes

    ec2:CreateVolume

    Yes

    No

    ec2:DeleteVolume

    Yes

    No

    ec2:CreateTags

    Yes

    No

  2. Set the host name of the EC2 instances to the private DNS host name of the instance.

  3. Change the system host name so that it does not use a public DNS name.

  4. Label the EC2 instances using the key KubernetesCluster and assign the same value across all nodes, for example, MKEKubenertesCluster.

  5. Configure your cluster for use with AWS volumes. Select from the following options:

    • In a new cluster during installation, issue the following cloud provider flag: --cloud-provider=aws.

    • In an existing cluster:

      1. Update the MKE configuration file as follows:

        [cluster_config]
        
        ...
        
          cloud_provider = "aws"
        
      2. Update ucp-agent to propagate the new configuration.

Deploy AWS EBS volumes

You can now create PersistentVolumes (PVs) that deploy EBS volumes that are attached to hosts and mounted inside Pods. The EBS volumes are provisioned dynamically such they are created, attached, and destroyed according to the life cycle of the PVs. Users do not need direct access to AWS, as they request the required resources directly using Kubernetes primitives.

Mirantis recommends that you use the StorageClass and PersistentVolumeClaim resources, as these abstraction layers provide more portability and control over the storage layer across environments.


To deploy an AWS EBS volume:

  1. Create a StorageClass to map a standard class of storage to the gp2 storage type in AWS EBS:

    cat <<EOF | kubectl create -f -
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
      name: standard
    provisioner: kubernetes.io/aws-ebs
    parameters:
      type: gp2
    reclaimPolicy: Retain
    mountOptions:
      - debug
    EOF
    
  2. Create a PersistentVolumeClaim (PVC) that makes a request for 1Gi of storage from the standard storage class:

    cat <<EOF | kubectl create -f -
    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: task-pv-claim
    spec:
      storageClassName: standard
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
    EOF
    
  3. Deploy a PersistentVolume with the following Pod specification:

    cat <<EOF | kubectl create -f -
    kind: Pod
    apiVersion: v1
    metadata:
      name: task-pv-pod
    spec:
      volumes:
        - name: task-pv-storage
          persistentVolumeClaim:
           claimName: task-pv-claim
      containers:
        - name: task-pv-container
          image: nginx
          ports:
            - containerPort: 80
              name: "http-server"
          volumeMounts:
            - mountPath: "/usr/share/nginx/html"
              name: task-pv-storage
    EOF
    
  4. Verify that the PV is created and bound to the PVC:

    kubectl get pv
    

    Example output:

    NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS    CLAIM                   STORAGECLASS   REASON    AGE
    pvc-751c006e-a00b-11e8-8007-0242ac110012   1Gi        RWO            Retain           Bound     default/task-pv-claim   standard                 3h
    
  5. Verify that the AWS console indicates that a volume has been provisioned with a matching name, a type of gp2, and a size of 1Gi.