Skip to content

Commit

Permalink
feat: ebs csi driver addon output (#370)
Browse files Browse the repository at this point in the history
Signed-off-by: tgelpi <[email protected]>
  • Loading branch information
tgelpi authored Mar 2, 2024
1 parent 02e741e commit 2ad5dae
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 3 deletions.
14 changes: 11 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -553,13 +553,21 @@ In version 1.23 the Kubernetes in-tree to container storage interface (CSI) volu

An add-on is software that provides supporting operational capabilities to Kubernetes applications, but is not specific to the application. This includes software like observability agents or Kubernetes drivers that allow the cluster to interact with underlying AWS resources for networking, compute, and storage. [EKS Addons Guide](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html)

To enable the EBS CSI Driver (aws-ebs-csi-driver) set variables `enable_ebs_addon`and `create_addon_role` both to true. The version of the driver addon is defined in the string variable `ebs_addon_version`
To determine what versions of EBS CSI driver are supported use the command:
The EBS CSI Driver (aws-ebs-csi-driver) by default is disabled. To enable set variables:
```
enable_ebs_addon = true
create_addon_role = true
ebs_addon_version = "v1.21.0-eksbuild.1"
```
To determine valid versions for variable `ebs_addon_version` use the command:
```
aws eks describe-addon-versions --addon-name "aws-ebs-csi-driver" | jq -r '.addons[].addonVersions[].addonVersion'
```
The EBS CSI Driver addon can be implemented successfully using **worker group launch templates**. Also set the following variable:
```
enable_worker_groups_launch_template = true
```

:warning: **Note**: It is imperative that you export the environment variable `AWS_REGION` with the appropriate region value (i.e. us-west-2).
### AWS Auth

When running EKS, authentication for the cluster is controlled by a `configmap` called `aws-auth`. By default, that should look something like this:
Expand Down
5 changes: 5 additions & 0 deletions modules/cluster/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,8 @@ output "pipeline_viz_iam_role" {
value = module.iam_assumable_role_pipeline_visualizer.this_iam_role_name
description = "The IAM Role that the pipeline visualizer pod will assume to authenticate"
}

output "ebscsi_addon_iam_role" {
value = module.ebs_csi_irsa_role.iam_role_name
description = "The IAM Role that the build pods will assume to authenticate"
}
4 changes: 4 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,10 @@ output "cluster_ssm_iam_role" {

}

output "ebscsi_addon_iam_role" {
value = module.cluster.ebscsi_addon_iam_role
description = "The IAM Role that the EBS CSI Driver addon will assume to authenticate"
}
// ----------------------------------------------------------------------------
// Vault Resources
// ----------------------------------------------------------------------------
Expand Down

0 comments on commit 2ad5dae

Please sign in to comment.