Channels
#general
Title
# general
h
helpful-account-44059
04/12/2022, 12:57 PMHi, i follow this guide and write the blew code to create aws eks's aws-ebs-csi-driver addon
Copy code
axios.default.get("<https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/master/docs/example-iam-policy.json>")
.then((response) => {
const eksEbsCsiDriverPolicy = new aws.iam.Policy("AmazonEKS_EBS_CSI_Driver_Policy", {
path: "/",
policy: JSON.stringify(response.data),
});
const eksEbsCsiDriverPolicyRole = new aws.iam.Role("AmazonEKS_EBS_CSI_Driver_Policy_Role", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
},
"Effect": "Allow",
"Sid": ""
}
]
}`
});
new aws.iam.RolePolicyAttachment("policy-attach", {
role: eksEbsCsiDriverPolicyRole.name,
policyArn: eksEbsCsiDriverPolicy.arn,
});
const ebsCsiAddon = new aws.eks.Addon("aws-ebs-csi-driver", {
clusterName: eksCluster.eksCluster.name,
addonName: "aws-ebs-csi-driver",
serviceAccountRoleArn: eksEbsCsiDriverPolicyRole.arn,
resolveConflicts: "OVERWRITE",
});
});kubectl describe pvc ebs-claim Copy code
Name: ebs-claim
Namespace: default
StorageClass: ebs-sc
Status: Pending
Volume:
Labels: <none>
Annotations: <http://volume.beta.kubernetes.io/storage-provisioner|volume.beta.kubernetes.io/storage-provisioner>: <http://ebs.csi.aws.com|ebs.csi.aws.com>
<http://volume.kubernetes.io/selected-node|volume.kubernetes.io/selected-node>: ip-172-28-161-249.ap-southeast-1.compute.internal
Finalizers: [<http://kubernetes.io/pvc-protection|kubernetes.io/pvc-protection>]
Capacity:
Access Modes:
VolumeMode: Filesystem
Used By: app
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ProvisioningFailed 103s persistentvolume-controller <http://storageclass.storage.k8s.io|storageclass.storage.k8s.io> "ebs-sc" not found
Warning ProvisioningFailed 98s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: 08d8c9b1-d5c6-43b6-b0b4-8bcc9ffb0ca6
Warning ProvisioningFailed 97s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: 294b3cd6-bba8-45b7-a456-bf711ab8c9d4
Warning ProvisioningFailed 95s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: e994db08-fb40-40d0-a7ee-5a1bd91f03b1
Warning ProvisioningFailed 91s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: e3085d02-4dae-4c8b-bf24-3a082b028544
Warning ProvisioningFailed 83s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: 7ae3cb86-3fb5-4490-bc96-f3dd40009b99
Warning ProvisioningFailed 66s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: 5b4f043e-90f0-4e2b-b97e-782416eb7000
Normal Provisioning 34s (x7 over 101s) ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 External provisioner is provisioning volume for claim "default/ebs-claim"
Warning ProvisioningFailed 34s ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3 failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: 743b9abd-b0e8-471a-aa08-9507df6476b8
Normal ExternalProvisioning 5s (x9 over 101s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "<http://ebs.csi.aws.com|ebs.csi.aws.com>" or manually created by system administratorb
billowy-army-68599
04/12/2022, 2:04 PM
@helpful-account-44059 you need to set up iam roles for service accounts, this isn't a Pulumi problem
h
helpful-account-44059
04/12/2022, 2:07 PMyeah, after restart all the addon's pod, it seems ok
684 Views