# PV using EBS volume

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: ebs-sc
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/aws-ebs
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
parameters:
  type: gp2
  encrypted: 'true'
  kmsKeyId: arn:aws:kms:eu-west-1:1111111111111111:key/f0f9bdf3-de9c-4d84-af76-822bd72b695d # CMK - You can't share snapshots that are encrypted with the AWS managed key. You can't share encrypted snapshots publicly. 
  fsType: ext4

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ebs-claim
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: ebs-sc
  resources:
    requests:
      storage: 4Gi

---
apiVersion: v1
kind: Pod
metadata:
  name: app
spec:
  containers:
  - name: app
    image: centos:centos8
    command: ["/bin/sh"]
    args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"        
    volumeMounts:
    - name: persistent-storage
      mountPath: /data
    securityContext:
      allowPrivilegeEscalation: false       
  volumes:
  - name: persistent-storage
    persistentVolumeClaim:
      claimName: ebs-claim