aws-ebs-csi-driver VS aws-node-termination-handler

The AWS EBS CSI Driver relies on IAM permissions to communicate with Amazon EBS for volume management on behalf of the user. The example policy can be used to define the required permissions. Additionally, AWS provides a managed policy at ARN arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy

I looks like the driver's permissions to invoke the EBS APIs was revoked and/or changed. When you install the EBS CSI addon you can either inherit permissions from the worker node or you can choose an IRSA role (preferred). If you use IRSA, the service account that the EBS CSI driver uses should have an annotation that references the ARN of the IAM role you selected, e.g. eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/my-role. You can see an example of the IAM policy the driver needs here, https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/fb6d456558fb291b13f855454c1525c7acaf7046/docs/example-iam-policy.json.

I'm know it's possible to write terraform code that exhibits that issue, but that's not the case in my experience. I'm using helm to deploy aws's ebs csi driver in the above setup. As you mentioned, if the eks cluster was destroyed before the helm provider attempted to use its API to destroy the helm deployment, it would cause problems. And I don't run into that issue. It's not luck of timing, either - I also have a CI process that deploys all of this, tests, and deletes it all that has succeeded hundreds of times.

Any Kubernetes cluster requires persistent storage - whether organizations choose to begin with an on-premise Kubernetes cluster and migrate to the public cloud, or provision a Kubernetes cluster using a managed service in the cloud. Kubernetes supports multiple types of persistent storage – from object storage (such as Azure Blob storage or Google Cloud Storage), block storage (such as Amazon EBS, Azure Disk, or Google Persistent Disk), or file sharing storage (such as Amazon EFS, Azure Files or Google Cloud Filestore). The fact that each cloud provider has its implementation of persistent storage adds to the complexity of storage management, not to mention a scenario where an organization is provisioning Kubernetes clusters over several cloud providers. To succeed in managing Kubernetes clusters over a long period, knowing which storage type to use for each scenario, requires storage expertise.

Lots of info in this issue: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1163

aws-ebs-csi-driver

Hello, we are running an EKS cluster (1.20) with aws-ebs-csi-driver (1.4.0). After recreating our whole cluster we can observe that the EBS volumes from our PVCs still exist but the "mapping" to the PVCs is gone.

OP could probably just layer their own CSI driver on top of an existing one (a la aws-ebs-csi-driver), but there's still several problems:

Disaster recovery is a critical component of any IT infrastructure. It ensures that your applications and data are protected in the event of an unexpected outage or disaster. In this blog post, we will explore different disaster recovery strategies for Amazon Elastic Compute Cloud (EC2) deployments.

When you are using compute you have a lot of options. One of these options is Amazon EC2. In a world where more and more workloads become serverless. You might still have this use-case that is better off on EC2. But, how do you combine EC2 with compliance and security? In this blog post we will explore how we can build a compliant and secure EC2 stack.

In this article, a WEB application using the latest version of Angular in a built Docker image will be hosted on Amazon EC2 (Elastic Compute Cloud) and deployed by Amazon ECS (Elastic Container Service) using an Amazon ECR (Elastic Container Registry) containers repository.

The single most important development in hosting since the invention of EC2 is defined by its own 3-letter acronym: k8s. Kubernetes has won the “container orchestrator” space, becoming the default way that teams across industries are managing their compute nodes and scheduling their workloads, from data pipelines to web services.

EC2

Then in 2020, I started working with AWS. My first two years with AWS were mostly interacting with the Node.js apps I've deployed in EC2 and reviewing logs since we had a DevOps engineer who managed the cloud infrastructure.

If you want to learn more about EC2 and get detailed information, I suggest you start your journey by visiting https://aws.amazon.com/ec2/. This is the best place to begin learning about EC2.

AWS - Cloud Computing AWS - EC2 Wikipedia - Cloud Computing Guru99 - Cloud Computing Cloudflare - Cloud Computing Cloudzero - Statistics Zippia - Statistics

Say that we have an application running behind a public-facing Application Load Balancer (ALB). The load balancer's target can be any supported target, including ECS containers, EC2 instances or even Lambda functions. Because the application is only available to authenticated users, we want to find a solution to identify them.

Although I'll use Lambda functions in the examples, we can transfer the concepts to other compute resources, like EC2 instances, and ECS or EKS containers.