PV provisioning is failed for AWS storageclass lacking KMS privileges

Solution Verified - Updated -

Issue

  • PVC provisioned with AWS EBS CSI driver or AWS in-tree storageclass is stuck in Pending state with below error messages if KMS key is mentioned in storageclass.
    Error for PVC with storageclass of AWS EBS CSI driver:

    Warning  ProvisioningFailed   52m   ebs.csi.aws.com_ip-10-0-18-23_568113c3-7636-4891-b68d-baf4fa8c02d5  failed to provision volume with StorageClass "gp2-csi-abc": rpc error: code = Internal desc = Could not create volume "pvc-568113c3-7636-4891-b68d-baf4fa8c02d5": failed to get an available volume in EC2: InvalidVolume.NotFound: The volume 'vol-0a4c40a8419407ddb' does not exist. status code: 400, request id: b7aae59c-aa3c-4e21-ab81-bcd858b4a37b
..
Warning  ProvisioningFailed    26m (x14 over 52m)         ebs.csi.aws.com_ip-10-0-18-23_568113c3-7636-4891-b68d-baf4fa8c02d5  failed to provision volume with StorageClass "gp2-csi-abc": rpc error: code = AlreadyExists desc = Could not create volume "pvc-568113c3-7636-4891-b68d-baf4fa8c02d5": Parameters on this idempotent request are inconsistent with parameters used in previous request(s)

    Error for PVC with In-tree type of storageclass:

    Warning  ProvisioningFailed    6s                 persistentvolume-controller  Failed to provision volume with StorageClass "gp2": failed to create encrypted volume: the volume disappeared after creation, most likely due to inaccessible KMS encryption key

Environment

  • OpenShift Container Platform 4.x
  • AWS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content