Skip to content

Latest commit

 

History

History
144 lines (122 loc) · 14.7 KB

File metadata and controls

144 lines (122 loc) · 14.7 KB

Kubernetes EBS CSI driver Terraform module

Terraform module which creates Kubernetes EBS CSI controller resources on AWS EKS.

Based on the original repo for the EBS CSI driver

Usage

data "aws_eks_cluster" "cluster" {
  name = "my-eks-cluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = "my-eks-cluster"
}

data "tls_certificate" "cert" {
  url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
}

resource "aws_iam_openid_connect_provider" "openid_connect" {
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.tls_certificate.cert.certificates.0.sha1_fingerprint]
  url             = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
}

module "ebs_csi_driver_controller" {
  source = "DrFaust92/ebs-csi-driver/kubernetes"
  version = "<VERSION>"

  ebs_csi_controller_role_name               = "ebs-csi-driver-controller"
  ebs_csi_controller_role_policy_name_prefix = "ebs-csi-driver-policy"
  oidc_url                                   = aws_iam_openid_connect_provider.openid_connect.url
}

Requirements

Name Version
terraform >= 0.12.6
aws >= 3.40.0
kubernetes >= 1.11.4

Providers

Name Version
aws 4.22.0
kubernetes 2.12.1

Modules

Name Source Version
ebs_controller_role terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 4.24.1

Resources

Name Type
aws_iam_policy.ebs_controller_policy resource
kubernetes_cluster_role.attacher resource
kubernetes_cluster_role.node resource
kubernetes_cluster_role.provisioner resource
kubernetes_cluster_role.resizer resource
kubernetes_cluster_role.snapshotter resource
kubernetes_cluster_role_binding.attacher resource
kubernetes_cluster_role_binding.node resource
kubernetes_cluster_role_binding.provisioner resource
kubernetes_cluster_role_binding.resizer resource
kubernetes_cluster_role_binding.snapshotter resource
kubernetes_csi_driver_v1.ebs resource
kubernetes_daemonset.node resource
kubernetes_deployment.ebs_csi_controller resource
kubernetes_service_account.csi_driver resource
kubernetes_service_account.node resource

Inputs

Name Description Type Default Required
additional_iam_policies_arns The EBS CSI driver controller's additional policies to allow more actions (kms, etc) list(string) [] no
controller_csi_attacher_resources The controller csi attacher resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
controller_csi_provisioner_resources The controller csi provisioner resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
controller_csi_resizer_resources The controller csi resizer resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
controller_csi_snapshotter_resources The controller csi snapshotter resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
controller_ebs_plugin_resources The controller ebs plugin resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
controller_extra_node_selectors A map of extra node selectors for controller pods map(string) {} no
csi_attacher_image The CSI attacher image string "registry.k8s.io/sig-storage/csi-attacher" no
csi_attacher_version The CSI attacher image version string "v3.5.1" no
csi_controller_replica_count Number of EBS CSI driver controller pods number 2 no
csi_controller_tolerations CSI driver controller tolerations list(map(string)) [] no
csi_node_driver_registrar_image The CSI node driver registrar image string "registry.k8s.io/sig-storage/csi-node-driver-registrar" no
csi_node_driver_registrar_version The CSI node driver registrar image version string "v2.9.0" no
csi_provisioner_image The CSI provisioner image string "registry.k8s.io/sig-storage/csi-provisioner" no
csi_provisioner_tag_version The CSI provisioner tag version string "v3.2.1" no
csi_resizer_image The CSI resizer image string "registry.k8s.io/sig-storage/csi-resizer" no
csi_resizer_version The CSI resizer image version string "v1.4.0" no
csi_snapshotter_image The CSI snapshotter image string "registry.k8s.io/sig-storage/csi-snapshotter" no
csi_snapshotter_version The CSI snapshotter image version string "v6.0.1" no
default_fstype The default Filesystem type string "ext4" no
ebs_csi_controller_image The EBS CSI driver controller's image string "k8s.gcr.io/provider-aws/aws-ebs-csi-driver" no
ebs_csi_controller_role_name The name of the EBS CSI driver IAM role string "ebs-csi-driver-controller" no
ebs_csi_controller_role_policy_name_prefix The prefix of the EBS CSI driver IAM policy string "ebs-csi-driver-policy" no
ebs_csi_driver_version The EBS CSI driver controller's image version string "v1.6.2" no
eks_cluster_id ID of the Kubernetes cluster used for tagging provisioned EBS volumes string "" no
enable_default_fstype Wheter to enable default Filesystem type bool false no
enable_volume_resizing Whether to enable volume resizing bool false no
enable_volume_snapshot Whether to enable volume snapshotting bool false no
extra_create_metadata If set, add pv/pvc metadata to plugin create requests as parameters. bool false no
extra_node_selectors A map of extra node selectors for all components map(string) {} no
labels A map of extra labels for all resources map(string) {} no
liveness_probe_image The liveness probe image string "registry.k8s.io/sig-storage/livenessprobe" no
liveness_probe_version The liveness probe image version string "v2.5.0" no
log_level The log level for the CSI Driver controller number 5 no
namespace The K8s namespace for all EBS CSI driver resources string "kube-system" no
node_driver_registrar_resources The node driver registrar resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
node_ebs_plugin_resources The node ebs plugin resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
node_extra_node_selectors A map of extra node selectors for node pods map(string) {} no
node_liveness_probe_resources The node liveness probe resources
object({
requests = map(string)
limits = map(string)
})
{
"limits": {},
"requests": {}
}
no
node_tolerations CSI driver node tolerations list(map(string)) [] no
oidc_url EKS OIDC provider URL, to allow pod to assume role using IRSA string n/a yes
tags A map of tags to add to all resources map(string) {} no
volume_attach_limit Configure maximum volume attachments per node. -1 means use default configuration number -1 no

Outputs

Name Description
ebs_csi_driver_controller_role_arn The Name of the EBS CSI driver controller IAM role ARN
ebs_csi_driver_controller_role_name The Name of the EBS CSI driver controller IAM role name
ebs_csi_driver_controller_role_policy_arn The Name of the EBS CSI driver controller IAM role policy ARN
ebs_csi_driver_controller_role_policy_name The Name of the EBS CSI driver controller IAM role policy name
ebs_csi_driver_name The Name of the EBS CSI driver