Migrating Amazon EFS CSI Driver (from self-managed to AWS-managed)
2023年12月25日
Attached policy: AmazonEFSCSIDriverPolicy
Trust policy:
% k delete ds -n kube-system efs-csi-node
Install the Amazon EFS CSI driver through the Amazon EKS add-on.
-
% k get po -n kube-system -l 'app in (ebs-csi-controller,efs-csi-node)'
Long time ago, my site uses self-managed installation of the Amazon EFS CSI driver. As AWS now provide the option to install the Amazon EFS CSI driver through the Amazon EKS add-on, I will migrate it to the AWS-managed one, meanwhile making it multi-arch (x86_64 and ARM64).
Create an IAM role
IAM role name: AmazonEKS_EFS_CSI_DriverRoleAttached policy: AmazonEFSCSIDriverPolicy
Trust policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/BF***9F"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"oidc.eks.us-west-2.amazonaws.com/id/BF***9F:aud": "sts.amazonaws.com",
"oidc.eks.us-west-2.amazonaws.com/id/BF***9F:sub": "system:serviceaccount:kube-system:efs-csi-*"
}
}
}
]
}
Installing the Amazon EFS CSI driver
Remove the existing self-managed installation of the Amazon EFS CSI driver before installing the Amazon EFS CSI driver.% k delete ds -n kube-system efs-csi-node
daemonset.apps "efs-csi-node" deleted
Install the Amazon EFS CSI driver through the Amazon EKS add-on.
-
% k get po -n kube-system -l 'app in (ebs-csi-controller,efs-csi-node)'
NAME READY STATUS RESTARTS AGE ebs-csi-controller-6fcb897cfc-h9tcn 6/6 Running 0 36h ebs-csi-controller-6fcb897cfc-hbk65 6/6 Running 0 36h efs-csi-node-blg6j 3/3 Running 0 10m efs-csi-node-gnlpk 3/3 Running 0 10m efs-csi-node-j82vq 3/3 Running 0 10m efs-csi-node-l6mqb 3/3 Running 0 10m efs-csi-node-xk9fw 3/3 Running 0 10m