The product described by this documentation, Anthos Clusters on AWS (previous generation), is now in maintenance mode. All new installs must use the current generation product, Anthos clusters on AWS.

Importing a preexisting EBS volume

Overview

If you already have an AWS Elastic Block Store (EBS) volume to import into GKE on AWS, you can create a PersistentVolume (PV) object and reserve it for a specific PersistentVolumeClaim (PVC).

This page explains how to create a PV by using an existing EBS volume populated with data, and how to use the PV in a Pod.

Before you begin

From your anthos-aws directory, use anthos-gke to switch context to your user cluster.
```
cd anthos-aws
env HTTPS_PROXY=http://localhost:8118 \
  anthos-gke aws clusters get-credentials CLUSTER_NAME
```
Replace CLUSTER_NAME with your user cluster name.

Creating a PersistentVolume for a pre-existing EBS volume

You can import an existing EBS volume by specifying a new PV.

Copy the following YAML into a file named existing-volume.yaml and complete your configuration by replacing the values:

volume-capacity: size of the volume. For example, 30Gi. For more information on specifying volume capacity in Kubernetes, see the Meaning of memory.
storage-class-name: the name of the StorageClass that provisions the volume. For example, you can use the default standard-rwo.

Note: A StorageClass is required to reference other attributes like allowVolumeExpansion, even if a volume is not dynamically provisioned.
ebs-id: EBS volume id. For example, vol-05786ec9ec9526b67.
fs-type: The file system of the volume. For example, ext4.
zone: The AWS Availability Zone that hosts the EBS volume. For example, us-east-1c.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: volume-name
  annotations:
    pv.kubernetes.io/provisioned-by: ebs.csi.aws.com
spec:
  capacity:
    storage: volume-capacity
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: storage-class-name
  claimRef:
    name: my-pvc
    namespace: default
  csi:
    driver: ebs.csi.aws.com
    volumeHandle: ebs-volume-id
    fsType: file-system-type
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: topology.ebs.csi.aws.com/zone
          operator: In
          values:
          - zone

Apply the YAML to your cluster
```
kubectl apply -f existing-volume.yaml
```
Confirm the creation of your PV
```
kubectl describe pv volume-name
```
The output of this command contains the status of the PV.

Using the volume with a PersistentVolumeClaim and Pod

After you have imported your volume, you can create a PVC and a Pod that attaches the PVC.

The YAML below creates a PVC and attaches it to a Pod running the Nginx web server. Copy it into a file named nginx.yaml and complete your configuration by replacing the values:

storage-class: The name of the StorageClass from the PersistentVolume you created previously. For example, standard-rwo.
volume-name: The name of the volume you created previously.
volume-capacity: size of the volume. For example, 30Gi.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  storageClassName: storage-class-name
  volumeName: volume-name
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: volume-capacity
---

apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  containers:
   - name: web-server
     image: nginx
     volumeMounts:
       - mountPath: /var/lib/www/html
         name: data
  volumes:
   - name: data
     persistentVolumeClaim:
       claimName: my-pvc

Apply the YAML to your cluster
```
kubectl apply -f nginx.yaml
```
Check the status of your Nginx instance with kubectl describe. The output should have a STATUS of Running.
```
kubectl describe pod web-server
```

Using encrypted EBS volumes

If your EBS volume is encrypted with the AWS Key Management Service (KMS), you need to grant the GKE on AWS control plane AWS IAM role access to your KMS key.

To get the AWS IAM role name, perform the following steps:

Change to the directory with your GKE on AWS configuration. You created this directory when Installing the management service.
```
cd anthos-aws
```
Choose if you created your GKE on AWS environment with the anthos-gke tool or if you created your AWS IAM profiles manually.
anthos-gke tool
Use the terraform output command and search for the value of iamInstanceProfile.
```
terraform output | grep iamInstanceProfile
```
If you created your GKE on AWS environment with the anthos- gke tool, the output looks like the following:
```
  iamInstanceProfile: gke-CLUSTER_ID-controlplane
  iamInstanceProfile: gke-CLUSTER_ID-nodepool
```
Where CLUSTER_ID is your cluster's ID. Copy the value of gke-CLUSTER_ID-controlplane for the following step.
Manually created
Examine the output of terraform output with the following command:
```
terraform output | less
```
Scroll through the output and find the iamInstanceProfile after the AWSCluster definition.
```
kind: AWSCluster
metadata:
  name: cluster-0
spec:
  ...
  controlPlane:
   ...
    iamInstanceProfile: INSTANCE_PROFILE_NAME
```
Copy the value of INSTANCE_PROFILE_NAME for the following step.
To grant the control plane access to your EBS volumes, add the gke-xxxxxx-controlplane AWS IAM profile as a Key User to the AWS KMS key used to encrypt your EBS volume.

What's next

Use additional storage drivers with GKE on AWS.