Enable ebs-csi driver on AWS, add region + kubernetes_version vars (#…

…1494) * Enable ebs-csi driver on AWS, add region + kubernetes_version vars * ensure cluster, node-group are created first
nebari-dev · Oct 14, 2022 · 9f09c8d · 9f09c8d
1 parent 452a241
commit 9f09c8d
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 3 deletions.
diff --git a/qhub/template/stages/02-infrastructure/aws/main.tf b/qhub/template/stages/02-infrastructure/aws/main.tf
@@ -66,8 +66,10 @@ module "efs" {
 module "kubernetes" {
   source = "./modules/kubernetes"
 
-  name = local.cluster_name
-  tags = local.additional_tags
+  name               = local.cluster_name
+  tags               = local.additional_tags
+  region             = var.region
+  kubernetes_version = var.kubernetes_version
 
   cluster_subnets         = module.network.subnet_ids
   cluster_security_groups = [module.network.security_group_id]

diff --git a/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf b/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/locals.tf
@@ -1,12 +1,14 @@
 locals {
   cluster_policies = concat([
     "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
-    "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+    "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
+    "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
   ], var.cluster_additional_policies)
 
   node_group_policies = concat([
     "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
     "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+    "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
     aws_iam_policy.worker_autoscaling.arn
   ], var.node_group_additional_policies)
 

diff --git a/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/main.tf b/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/main.tf
@@ -1,6 +1,7 @@
 resource "aws_eks_cluster" "main" {
   name     = var.name
   role_arn = aws_iam_role.cluster.arn
+  version  = var.kubernetes_version
 
   vpc_config {
     security_group_ids = var.cluster_security_groups
@@ -48,3 +49,15 @@ resource "aws_eks_node_group" "main" {
 data "aws_eks_cluster_auth" "main" {
   name = aws_eks_cluster.main.name
 }
+
+resource "aws_eks_addon" "aws-ebs-csi-driver" {
+  # required for Kubernetes v1.23+ on AWS
+  addon_name        = "aws-ebs-csi-driver"
+  cluster_name      = aws_eks_cluster.main.name
+  resolve_conflicts = "OVERWRITE"
+  # Ensure cluster and node groups are created
+  depends_on = [
+    aws_eks_cluster.main,
+    aws_eks_node_group.main,
+  ]
+}
diff --git a/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf b/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf
@@ -14,6 +14,16 @@ variable "cluster_subnets" {
   type        = list(string)
 }
 
+variable "region" {
+  description = "AWS region for EKS cluster"
+  type        = string
+}
+
+variable "kubernetes_version" {
+  description = "AWS kubernetes version for EKS cluster"
+  type        = string
+}
+
 variable "cluster_security_groups" {
   description = "AWS security groups to use for EKS cluster"
   type        = list(string)

diff --git a/qhub/template/stages/02-infrastructure/aws/variables.tf b/qhub/template/stages/02-infrastructure/aws/variables.tf
@@ -8,6 +8,16 @@ variable "environment" {
   type        = string
 }
 
+variable "region" {
+  description = "AWS region for EKS cluster"
+  type        = string
+}
+
+variable "kubernetes_version" {
+  description = "AWS kubernetes version for EKS cluster"
+  type        = string
+}
+
 variable "node_groups" {
   description = "AWS node groups"
   type = list(object({