A DevOps Stack module to deploy an Amazon EFS Container Storage Interface (CSI) driver.
The EFS CSI Driver chart used by this module is shipped in this repository as well, in order to avoid any unwanted behaviors caused by unsupported versions.
Current Chart Version | Original Repository | Default Values |
---|---|---|
3.0.8 |
This module can be declared by adding the following block on your Terraform configuration:
module "efs" {
source = "git::https://github.com/camptocamp/devops-stack-module-efs-csi-driver.git?ref=<RELEASE>"
cluster_name = local.cluster_name
argocd_namespace = local.argocd_namespace
efs_file_system_id = resource.aws_efs_file_system.eks.id
create_role = true
cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
depends_on = [
module.argocd_bootstrap,
]
}
In case you want to create an OIDC assumable IAM role on your own, you’ll need to provide the ARN for that role and disable the creation of the role inside of the module as follows:
module "efs" {
source = "git::https://github.com/camptocamp/devops-stack-module-efs-csi-driver.git?ref=<RELEASE>"
cluster_name = local.cluster_name
argocd_namespace = local.argocd_namespace
efs_file_system_id = resource.aws_efs_file_system.eks.id
create_role = false
iam_role_arn = module.iam_assumable_role_efs.iam_role_arn
depends_on = [
module.argocd_bootstrap,
]
}
Important
|
The create_role variable is required. If passing iam_role_arn it should be set as false, otherwise you will need to specify the variable cluster_oidc_issuer_url and set it as true.
|
This module needs to have other resources created externally. You can follow the example bellow:
resource "aws_efs_file_system" "eks" {
creation_token = module.eks.cluster_name
tags = {
Name = module.eks.cluster_name
}
}
resource "aws_security_group" "efs_eks" {
name = "efs-devops-stack"
description = "Security group for EFS."
vpc_id = module.vpc.vpc_id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 2049
to_port = 2049
protocol = "tcp"
security_groups = [module.eks.node_security_group_id]
}
}
resource "aws_efs_mount_target" "eks" {
count = length(local.private_subnets)
file_system_id = resource.aws_efs_file_system.eks.id
subnet_id = element(module.vpc.private_subnets, count.index)
security_groups = [resource.aws_security_group.efs_eks.id]
}
The following requirements are needed by this module:
The following providers are used by this module:
The following Modules are called:
Source: terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
Version: ~> 5.0
The following resources are used by this module:
-
argocd_application.this (resource)
-
argocd_project.this (resource)
-
null_resource.dependencies (resource)
-
null_resource.this (resource)
-
aws_iam_policy.AmazonEFSCSIDriverPolicy (data source)
-
utils_deep_merge_yaml.values (data source)
The following input variables are required:
Description: EFS Filesystem ID to use by the CSI driver to create volumes.
Type: string
Description: Boolean to indicate that the OIDC assumable IAM role should be created. If passing iam_role_arn
this should be false, otherwise if you want to create the OIDC assumable IAM role provided by this module, you will need to specify the variable cluster_oidc_issuer_url
.
Type: bool
The following input variables are optional (have default values):
Description: Name given to the cluster. Value used for naming some the resources created by the module.
Type: string
Default: "cluster"
Description: Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
Type: string
Default: null
Description: Labels to attach to the Argo CD Application resource.
Type: map(string)
Default: {}
Description: Destination cluster where the application should be deployed.
Type: string
Default: "in-cluster"
Description: Override of target revision of the application chart.
Type: string
Default: "v5.0.0"
Description: Helm chart value overrides. They should be passed as a list of HCL structures.
Type: any
Default: []
Description: Automated sync options for the Argo CD Application resource.
Type:
object({
allow_empty = optional(bool)
prune = optional(bool)
self_heal = optional(bool)
})
Default:
{
"allow_empty": false,
"prune": true,
"self_heal": true
}
Description: IDs of the other modules on which this module depends on.
Type: map(string)
Default: {}
Description: Resource limits and requests for aws-efs-csi-driver’s components. Follow the style on official documentation to understand the format of the values."
Note
|
These are the same values as the defaults on the Helm chart aws-efs-csi-driver. |
Type:
object({
controller = optional(object({
requests = optional(object({
cpu = optional(string, "10m")
memory = optional(string, "40Mi")
}), {})
limits = optional(object({
cpu = optional(string)
memory = optional(string, "256Mi")
}), {})
}), {})
node = optional(object({
requests = optional(object({
cpu = optional(string, "10m")
memory = optional(string, "40Mi")
}), {})
limits = optional(object({
cpu = optional(string)
memory = optional(string, "256Mi")
}), {})
}), {})
})
Default: {}
Description: ARN of an OIDC assumable IAM role that has access to the EFS filesystem. When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning.
Type: string
Default: null
Description: Cluster OIDC issuer URL used to create the OIDC assumable IAM role. This variable is required to create a IAM role if you set create_role
as true.
Type: string
Default: ""
The following outputs are exported:
Description: ID to pass other modules in order to refer to this module as a dependency.
Show tables
= Requirements
Name | Version |
---|---|
>= 6 |
|
>= 3 |
|
>= 1 |
= Providers
Name | Version |
---|---|
>= 6 |
|
>= 1 |
|
n/a |
|
>= 3 |
= Modules
Name | Source | Version |
---|---|---|
terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc |
~> 5.0 |
= Resources
Name | Type |
---|---|
resource |
|
resource |
|
resource |
|
resource |
|
data source |
|
data source |
= Inputs
Name | Description | Type | Default | Required | ||
---|---|---|---|---|---|---|
Name given to the cluster. Value used for naming some the resources created by the module. |
|
|
no |
|||
Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application. |
|
|
no |
|||
Labels to attach to the Argo CD Application resource. |
|
|
no |
|||
Destination cluster where the application should be deployed. |
|
|
no |
|||
Override of target revision of the application chart. |
|
|
no |
|||
Helm chart value overrides. They should be passed as a list of HCL structures. |
|
|
no |
|||
Automated sync options for the Argo CD Application resource. |
|
|
no |
|||
IDs of the other modules on which this module depends on. |
|
|
no |
|||
Resource limits and requests for aws-efs-csi-driver’s components. Follow the style on official documentation to understand the format of the values."
|
|
|
no |
|||
EFS Filesystem ID to use by the CSI driver to create volumes. |
|
n/a |
yes |
|||
Boolean to indicate that the OIDC assumable IAM role should be created. If passing |
|
n/a |
yes |
|||
ARN of an OIDC assumable IAM role that has access to the EFS filesystem. When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning. |
|
|
no |
|||
Cluster OIDC issuer URL used to create the OIDC assumable IAM role. This variable is required to create a IAM role if you set |
|
|
no |
= Outputs
Name | Description |
---|---|
ID to pass other modules in order to refer to this module as a dependency. |