Topic 1 Question 317
A DevOps engineer provisioned an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with managed node groups. The DevOps engineer associated an OpenID Connect (OIDC) issuer with the cluster.
The DevOps engineer is configuring Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp3) volumes for the cluster. The DevOps engineer attempts to initiate a PersistentVolumeClaim (PVC) request but is unable to provision a volume. To troubleshoot the issue, the DevOps engineer runs the kubectl describe pyc command. The DevOps engineer receives a failed to provision volume with StorageClass error and a could not create volume in EC2:UnauthorizedOperation error.
Which solution will resolve these errors?
Create a Kubernetes cluster role that allows the persistent volumes to perform get, list, watch, create, and delete operations. Configure the cluster role to allow get, list, and watch operations for storage in the cluster.
Create an Amazon EBS Container Storage Interface (CSI) driver IAM role that has the required permissions and trust relationships. Attach the IAM role to the Amazon EBS CSI driver add-on in the cluster.
Add the ebs.csi.aws.com/volumeType:gp3 annotation to the PersistentVolumeClaim object in the cluster.
Create a Kubernetes storage class object. Set the provisioner value to ebs.csi.aws.com. Set the volumeBindingMode value to WaitForFirstConsumer in the luster.
ユーザの投票
コメント(3)
The root cause of the error is that the EBS CSI driver does not have the necessary IAM permissions to create EBS volumes in EC2. Solution B resolves the issue by creating an appropriate IAM role and attaching it to the EBS CSI driver, giving it the required permissions.
��👍 2uncledana2024/11/18- 正解だと思う選択肢: B
It's B based on this: https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html
👍 2teo21572024/12/17 - 正解だと思う選択肢: B
B seems correct.
👍 1jojewi81432025/02/02
シャッフルモード