From 2ad5dae568024f96c2940d0e0b230ace5d870bdc Mon Sep 17 00:00:00 2001 From: Ted Gelpi Date: Sat, 2 Mar 2024 08:12:35 -0500 Subject: [PATCH] feat: ebs csi driver addon output (#370) Signed-off-by: tgelpi --- README.md | 14 +++++++++++--- modules/cluster/outputs.tf | 5 +++++ outputs.tf | 4 ++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0782e5b..1ae9009 100644 --- a/README.md +++ b/README.md @@ -553,13 +553,21 @@ In version 1.23 the Kubernetes in-tree to container storage interface (CSI) volu An add-on is software that provides supporting operational capabilities to Kubernetes applications, but is not specific to the application. This includes software like observability agents or Kubernetes drivers that allow the cluster to interact with underlying AWS resources for networking, compute, and storage. [EKS Addons Guide](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) -To enable the EBS CSI Driver (aws-ebs-csi-driver) set variables `enable_ebs_addon`and `create_addon_role` both to true. The version of the driver addon is defined in the string variable `ebs_addon_version` -To determine what versions of EBS CSI driver are supported use the command: +The EBS CSI Driver (aws-ebs-csi-driver) by default is disabled. To enable set variables: +``` +enable_ebs_addon = true +create_addon_role = true +ebs_addon_version = "v1.21.0-eksbuild.1" +``` +To determine valid versions for variable `ebs_addon_version` use the command: ``` aws eks describe-addon-versions --addon-name "aws-ebs-csi-driver" | jq -r '.addons[].addonVersions[].addonVersion' ``` +The EBS CSI Driver addon can be implemented successfully using **worker group launch templates**. Also set the following variable: +``` +enable_worker_groups_launch_template = true +``` -:warning: **Note**: It is imperative that you export the environment variable `AWS_REGION` with the appropriate region value (i.e. us-west-2). ### AWS Auth When running EKS, authentication for the cluster is controlled by a `configmap` called `aws-auth`. By default, that should look something like this: diff --git a/modules/cluster/outputs.tf b/modules/cluster/outputs.tf index 6c91fab..cb05b9b 100644 --- a/modules/cluster/outputs.tf +++ b/modules/cluster/outputs.tf @@ -94,3 +94,8 @@ output "pipeline_viz_iam_role" { value = module.iam_assumable_role_pipeline_visualizer.this_iam_role_name description = "The IAM Role that the pipeline visualizer pod will assume to authenticate" } + +output "ebscsi_addon_iam_role" { + value = module.ebs_csi_irsa_role.iam_role_name + description = "The IAM Role that the build pods will assume to authenticate" +} diff --git a/outputs.tf b/outputs.tf index de464b8..d11e153 100644 --- a/outputs.tf +++ b/outputs.tf @@ -103,6 +103,10 @@ output "cluster_ssm_iam_role" { } +output "ebscsi_addon_iam_role" { + value = module.cluster.ebscsi_addon_iam_role + description = "The IAM Role that the EBS CSI Driver addon will assume to authenticate" +} // ---------------------------------------------------------------------------- // Vault Resources // ----------------------------------------------------------------------------