ENV
EKS_CLUSTER_NAME="<CLUSTER_NAME>"
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
REGION_CODE="ap-northeast-2"
EKS_NODE_GROUP_SG_ID=$(aws ec2 describe-instances --filter Name=tag:Name,Values=<NODE_INSTANCE_NAME> --query "Reservations[0].Instances[].SecurityGroups[].GroupId" --outpu text)
Shell
복사
IRSA
eksctl create iamserviceaccount \
--name fsx-csi-controller-sa \
--namespace kube-system \
--cluster $EKS_CLUSTER_NAME \
--attach-policy-arn arn:aws:iam::aws:policy/AmazonFSxFullAccess \
--approve \
--role-name AmazonEKSFSxLustreCSIDriverFullAccess \
--region $REGION_CODE
Shell
복사
Driver Deploy
kubectl apply -k "github.com/kubernetes-sigs/aws-fsx-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
Shell
복사
Add Annotate
kubectl annotate serviceaccount -n kube-system fsx-csi-controller-sa \
eks.amazonaws.com/role-arn=arn:aws:iam::$AWS_ACCOUNT_ID:role/AmazonEKSFSxLustreCSIDriverFullAccess --overwrite=true
Shell
복사
Security Group Rule Add
CLUSTER_SG=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --query cluster.resourcesVpcConfig.clusterSecurityGroupId --output text)
Shell
복사
# 보안 그룹 인바운드 규칙 추가
aws ec2 authorize-security-group-ingress --group-id $CLUSTER_SG --protocol tcp --port 988 --cidr 0.0.0.0/0 --description "FSx for Lustre 파일 서버 간 Lustre 트래픽 허용" > /dev/null
aws ec2 authorize-security-group-ingress --group-id $CLUSTER_SG --protocol tcp --port 1018-1023 --cidr 0.0.0.0/0 --description "FSx for Lustre 파일 서버 간 Lustre 트래픽 허용" > /dev/null
# 보안 그룹 아웃바운드 규칙 추가
aws ec2 authorize-security-group-egress --group-id $CLUSTER_SG --protocol tcp --port 988 --cidr 0.0.0.0/0 --description "FSx for Lustre 파일 서버 간 Lustre 트래픽 허용" > /dev/null
aws ec2 authorize-security-group-egress --group-id $CLUSTER_SG --protocol tcp --port 1018-1023 --cidr 0.0.0.0/0 --description "FSx for Lustre 파일 서버 간 Lustre 트래픽 허용" > /dev/null
Shell
복사
StorageClass
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-fsx-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/storageclass.yaml
Shell
복사
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fsx-sc
provisioner: fsx.csi.aws.com
parameters:
subnetId: <SUBNET_ID>
securityGroupIds: <SG_ID>
deploymentType: PERSISTENT_1
automaticBackupRetentionDays: "1"
dailyAutomaticBackupStartTime: "00:00"
copyTagsToBackups: "true"
perUnitStorageThroughput: "200"
dataCompressionType: "NONE"
weeklyMaintenanceStartTime: "7:09:00"
fileSystemTypeVersion: "2.12"
mountOptions:
- flock
YAML
복사
kubectl apply -f storageclass.yaml
Shell
복사
Claim
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-fsx-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/claim.yaml
Shell
복사
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: fsx-claim
spec:
accessModes:
- ReadWriteMany
storageClassName: fsx-sc
resources:
requests:
storage: 1200Gi
YAML
복사
kubectl apply -f claim.yaml
Shell
복사
kubectl describe pvc
Shell
복사
Test Pod Deploy
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-fsx-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/pod.yaml
Shell
복사
kubectl get pods
Shell
복사
Pod Exec Test
kubectl exec -ti fsx-app -- df -h
kubectl exec -it fsx-app -- ls /data
Shell
복사