|
| 1 | +--- |
| 2 | +title: Configure AWS EBS Storage for Kubernetes |
| 3 | +description: Learn how configure AWS EBS storage for Kubernetes clusters. |
| 4 | +keywords: UCP, Docker Enterprise, Kubernetes, storage, AWS, ELB |
| 5 | +--- |
| 6 | + |
| 7 | +[AWS Elastic Block Store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) (EBS) can be deployed with Kubernetes in Docker Enterprise 2.1 to use AWS volumes as peristent storage for applications. Before using EBS volumes, configure UCP and the AWS infrastructure for storage orchestration to function. |
| 8 | + |
| 9 | +## Configure AWS Infrastructure for Kubernetes |
| 10 | + |
| 11 | +Kubernetes [Cloud Providers](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/) provide a method of provisioning cloud resources through Kubernetes via the `--cloud-provider` option. In AWS, this flag allows the [provisioning of EBS volumes](#) and cloud load balancers. |
| 12 | + |
| 13 | +Configuring a cluster for AWS requires several specific configuration parameters in the infrastructure before installing UCP. |
| 14 | + |
| 15 | +### AWS IAM Permissions |
| 16 | + |
| 17 | +Instances must have the following [AWS Identity and Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) permissions configured to provision EBS volumes through Kubernetes PVCs. |
| 18 | + |
| 19 | + |
| 20 | +| Master | Worker | |
| 21 | +|------------|--------| |
| 22 | +| ec2:DescribeInstances | ec2:DescribeInstances | |
| 23 | +| ec2:AttachVolume | ec2:AttachVolume | |
| 24 | +| ec2:DetachVolume | ec2:DetachVolume | |
| 25 | +| ec2:DescribeVolumes | ec2:DescribeVolumes | |
| 26 | +| ec2:CreateVolume | ec2:DescribeSecurityGroups | |
| 27 | +| ec2:DeleteVolume | | |
| 28 | +| ec2:CreateTags | | |
| 29 | +| ec2:DescribeSecurityGroups | | |
| 30 | + |
| 31 | + |
| 32 | +### Infrastructure Configuration |
| 33 | + |
| 34 | +- Apply the roles and policies to Kubernetes masters and workers as indicated in the above chart. |
| 35 | +- EC2 instances must be set to the private DNS hostname of the instance (will typically end in `.internal`) |
| 36 | +- EC2 instances must also be labeled with the key `KubernetesCluster` with a matching value across all nodes. |
| 37 | + |
| 38 | +### Cluster Configuration |
| 39 | + |
| 40 | +- In addition to your existing [install flags](https://docs.docker.com/reference/ucp/3.0/cli/install/) the cloud provider flag `--cloud-provider=aws` is required at install time. |
| 41 | +- The cloud provider can also be enabled post-install through the UCP config. The `ucp-agent` needs to be updated to propogate the new config, as described in [UCP configuration file](https://docs.docker.com/ee/ucp/admin/configure/ucp-configuration-file/#inspect-and-modify-existing-configuration). |
| 42 | + |
| 43 | +``` |
| 44 | +[cluster_config] |
| 45 | +
|
| 46 | +... |
| 47 | +
|
| 48 | + cloud_provider = "aws" |
| 49 | +``` |
| 50 | + |
| 51 | +## Deploy AWS EBS Volumes |
| 52 | + |
| 53 | +After configuring UCP for the AWS cloud provider, you can create persistent volumes that deploy EBS volumes attached to hosts and mounted inside pods. The EBS volumes are provisioned dynamically such they are created, attached, destroyed along with the lifecycle of the persistent volumes. This does not require users to directly access to the AWS as you request these resources directly through Kubernetes primitives. |
| 54 | + |
| 55 | +We recommend you use the `StorageClass` and `PersistentVolumeClaim` resources as these abstraction layers provide more portability as well as control over the storage layer across environments. |
| 56 | + |
| 57 | +To learn more about storage concepts in Kubernetes, see [Storage - Kubernetes](https://kubernetes.io/docs/concepts/storage/). |
| 58 | + |
| 59 | +### Creating a Storage Class |
| 60 | + |
| 61 | +A `StorageClass` lets administrators describe “classes” of storage available in which classes map to quality-of-service levels, or backup policies, or any policies required by cluster administrators. The following `StorageClass` maps a "standard" class of storage to the `gp2` type of storage in AWS EBS. |
| 62 | + |
| 63 | +``` |
| 64 | +kind: StorageClass |
| 65 | +apiVersion: storage.k8s.io/v1 |
| 66 | +metadata: |
| 67 | + name: standard |
| 68 | +provisioner: kubernetes.io/aws-ebs |
| 69 | +parameters: |
| 70 | + type: gp2 |
| 71 | +reclaimPolicy: Retain |
| 72 | +mountOptions: |
| 73 | + - debug |
| 74 | +``` |
| 75 | + |
| 76 | +For descriptions of AWS EBS parameters, see [Storage Classes](https://kubernetes.io/docs/concepts/storage/storage-classes/#aws). |
| 77 | + |
| 78 | +### Creating a Persistent Volume Claim |
| 79 | + |
| 80 | +A `PersistentVolumeClaim` (PVC) is a claim for storage resources that are bound to a `PersistentVolume` (PV) when storage resources are granted. The following PVC makes a request for `1Gi` of storage from the `standard` storage class. |
| 81 | + |
| 82 | +``` |
| 83 | +kind: PersistentVolumeClaim |
| 84 | +apiVersion: v1 |
| 85 | +metadata: |
| 86 | + name: task-pv-claim |
| 87 | +spec: |
| 88 | + storageClassName: standard |
| 89 | + accessModes: |
| 90 | + - ReadWriteOnce |
| 91 | + resources: |
| 92 | + requests: |
| 93 | + storage: 1Gi |
| 94 | + ``` |
| 95 | + |
| 96 | +### Deploying a Persistent Volume |
| 97 | + |
| 98 | +The following Pod spec references the PVC `task-pv-claim` from above which references the `standard` storage class in this cluster. |
| 99 | + |
| 100 | +``` |
| 101 | +kind: Pod |
| 102 | +apiVersion: v1 |
| 103 | +metadata: |
| 104 | + name: task-pv-pod |
| 105 | +spec: |
| 106 | + volumes: |
| 107 | + - name: task-pv-storage |
| 108 | + persistentVolumeClaim: |
| 109 | + claimName: task-pv-claim |
| 110 | + containers: |
| 111 | + - name: task-pv-container |
| 112 | + image: nginx |
| 113 | + ports: |
| 114 | + - containerPort: 80 |
| 115 | + name: "http-server" |
| 116 | + volumeMounts: |
| 117 | + - mountPath: "/usr/share/nginx/html" |
| 118 | + name: task-pv-storage |
| 119 | + ``` |
| 120 | + |
| 121 | +### Inspecting and Using PVs |
| 122 | + |
| 123 | + Once the pod is deployed, run the following `kubectl` command to verify the PV was created and bound to the PVC. |
| 124 | + |
| 125 | +``` |
| 126 | +kubectl get pv |
| 127 | +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE |
| 128 | +pvc-751c006e-a00b-11e8-8007-0242ac110012 1Gi RWO Retain Bound default/task-pv-claim standard 3h |
| 129 | +``` |
| 130 | + |
| 131 | +The AWS console shows a volume has been provisioned having a matching name with type `gp2` and a `1GiB` size. |
| 132 | + |
| 133 | + |
0 commit comments