Add EBS CSI driver for EKS

Without the EBS CSI driver, the default `StorageClass` is no longer sufficient on recent EKS - persistent volumes cannot be provisioned. This change adds the EBS "Addon" for EKS and attaches the default AWS Policy for EBS CSI Driver to the cluster nodegroup. Note: this just one of the ways it can be done, but others are not as straightforward to implement currently. Ref: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/install.md
upbound · Feb 7, 2023 · 6204c02 · 6204c02
1 parent 023be25
commit 6204c02
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/package/cluster/eks/composition.yaml b/package/cluster/eks/composition.yaml
@@ -141,6 +141,17 @@ spec:
               matchLabels:
                 role: nodegroup
       name: cniRolePolicyAttachment
+    - base:
+        apiVersion: iam.aws.upbound.io/v1beta1
+        kind: RolePolicyAttachment
+        spec:
+          forProvider:
+            policyArn: arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
+            roleSelector:
+              matchControllerRef: true
+              matchLabels:
+                role: nodegroup
+      name: ebsCsiRolePolicyAttachment
     - base:
         apiVersion: iam.aws.upbound.io/v1beta1
         kind: RolePolicyAttachment
@@ -187,6 +198,18 @@ spec:
                 large: t3.large
         - fromFieldPath: spec.id
           toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platformref.upbound.io/network-id]
+    - base:
+        apiVersion: eks.aws.upbound.io/v1beta1
+        kind: Addon
+        metadata:
+          annotations:
+            crossplane.io/external-name: aws-ebs-csi-driver
+        spec:
+          forProvider:
+            clusterNameSelector:
+              matchControllerRef: true
+            region: us-west-2
+      name: ebsCsiAddon
     - base:
         apiVersion: iam.aws.upbound.io/v1beta1
         kind: OpenIDConnectProvider