Terraform module which creates Kubernetes EBS CSI controller resources on AWS EKS.
Based on the original repo for the EBS CSI driver
data "aws_eks_cluster" "cluster" {
name = "my-eks-cluster"
}
data "aws_eks_cluster_auth" "cluster" {
name = "my-eks-cluster"
}
data "tls_certificate" "cert" {
url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
}
resource "aws_iam_openid_connect_provider" "openid_connect" {
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.tls_certificate.cert.certificates.0.sha1_fingerprint]
url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
}
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
version = "~> 1.11.4"
}
module "ebs_csi_driver_controller" {
source = "DrFaust92/ebs-csi-driver/kubernetes"
version = "<VERSION>"
ebs_csi_controller_image = ""
ebs_csi_controller_role_name = "ebs-csi-driver-controller"
ebs_csi_controller_role_policy_name_prefix = "ebs-csi-driver-policy"
oidc_url = aws_iam_openid_connect_provider.openid_connect.url
}| Name | Version |
|---|---|
| terraform | >= 0.12.6 |
| kubernetes | >= 1.11.4 |
| Name | Version |
|---|---|
| aws | n/a |
| kubernetes | >= 1.11.4 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| csi_controller_replica_count | Number of EBS CSI driver controller pods | number |
2 |
no |
| csi_controller_tolerations | CSI driver controller tolerations | list(map(string)) |
[] |
no |
| ebs_csi_controller_image | The EBS CSI driver controller's image | string |
"" |
no |
| ebs_csi_controller_role_name | The name of the EBS CSI driver IAM role | string |
"ebs-csi-driver-controller" |
no |
| ebs_csi_controller_role_policy_name_prefix | The prefix of the EBS CSI driver IAM policy | string |
"ebs-csi-driver-policy" |
no |
| eks_cluster_id | ID of the Kubernetes cluster used for tagging provisioned EBS volumes | string |
"" |
no |
| enable_volume_resizing | Whether to enable volume resizing | bool |
false |
no |
| enable_volume_snapshot | Whether to enable volume snapshotting | bool |
false |
no |
| extra_create_metadata | If set, add pv/pvc metadata to plugin create requests as parameters. | bool |
false |
no |
| extra_node_selectors | A map of extra node selectors for all components | map(string) |
{} |
no |
| node_extra_node_selectors | A map of extra node selectors for node component | map(string) |
{} |
no |
| controller_extra_node_selectors | A map of extra node selectors for controller component | map(string) |
{} |
no |
| namespace | The K8s namespace for all EBS CSI driver resources | string |
"kube-system" |
no |
| node_tolerations | CSI driver node tolerations | list(map(string)) |
[] |
no |
| oidc_url | EKS OIDC provider URL, to allow pod to assume role using IRSA | string |
n/a | yes |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| ebs_csi_driver_controller_role_arn | The Name of the EBS CSI driver controller IAM role ARN |
| ebs_csi_driver_controller_role_name | The Name of the EBS CSI driver controller IAM role name |
| ebs_csi_driver_controller_role_policy_arn | The Name of the EBS CSI driver controller IAM role policy ARN |
| ebs_csi_driver_controller_role_policy_name | The Name of the EBS CSI driver controller IAM role policy name |
| ebs_csi_driver_name | The Name of the EBS CSI driver |