From 3c7f28d2794f4bf5948038840075f07686491c3e Mon Sep 17 00:00:00 2001 From: jpolchlo Date: Mon, 30 Jan 2023 14:55:43 -0500 Subject: [PATCH] Allow for the FSx CSI driver to be selectively installed --- .../aws-terraform/1-services/fsx-csi.tf | 14 +++++++++- deployment/aws-terraform/1-services/irsa.tf | 26 ++++++++++++------- deployment/aws-terraform/1-services/locals.tf | 1 + .../aws-terraform/1-services/variables.tf | 6 +++++ 4 files changed, 36 insertions(+), 11 deletions(-) diff --git a/deployment/aws-terraform/1-services/fsx-csi.tf b/deployment/aws-terraform/1-services/fsx-csi.tf index e41693a..d8647a8 100644 --- a/deployment/aws-terraform/1-services/fsx-csi.tf +++ b/deployment/aws-terraform/1-services/fsx-csi.tf @@ -1,12 +1,24 @@ resource "helm_release" "fsx_csi_driver" { + count = local.use_fsx namespace = "kube-system" name = "aws-fsx-csi-driver" repository = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/" chart = "aws-fsx-csi-driver" + + set { + name = "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = module.fsx_csi_irsa[0].iam_role_arn + } + + set { + name = "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = module.fsx_csi_irsa[0].iam_role_arn + } } resource "kubernetes_storage_class_v1" "fsx_sc" { + count = local.use_fsx metadata { name = "fsx-sc" } @@ -16,5 +28,5 @@ resource "kubernetes_storage_class_v1" "fsx_sc" { securityGroupIds = module.eks.cluster_security_group deploymentType = "PERSISTENT_2" } - depends_on = [ helm_release.fsx_csi_driver ] + depends_on = [ helm_release.fsx_csi_driver[0] ] } diff --git a/deployment/aws-terraform/1-services/irsa.tf b/deployment/aws-terraform/1-services/irsa.tf index e002b49..012eaac 100644 --- a/deployment/aws-terraform/1-services/irsa.tf +++ b/deployment/aws-terraform/1-services/irsa.tf @@ -50,6 +50,8 @@ module "efs_csi_irsa" { } module "fsx_csi_irsa" { + count = local.use_fsx + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" role_name_prefix = "fsx-csi-${local.cluster_name}" @@ -112,15 +114,19 @@ resource "kubernetes_annotations" "efs_csi_node_annotation" { } annotations = { "eks.amazonaws.com/role-arn": module.efs_csi_irsa_node[0].iam_role_arn - -resource "kubernetes_annotations" "fsx_csi_controller_annotation" { - api_version = "v1" - kind = "ServiceAccount" - metadata { - name = "fsx-csi-controller-sa" - namespace = "kube-system" - } - annotations = { - "eks.amazonaws.com/role-arn": module.fsx_csi_irsa.iam_role_arn } } + +# resource "kubernetes_annotations" "fsx_csi_controller_annotation" { +# count = local.use_fsx + +# api_version = "v1" +# kind = "ServiceAccount" +# metadata { +# name = "fsx-csi-controller-sa" +# namespace = "kube-system" +# } +# annotations = { +# "eks.amazonaws.com/role-arn": module.fsx_csi_irsa[0].iam_role_arn +# } +# } diff --git a/deployment/aws-terraform/1-services/locals.tf b/deployment/aws-terraform/1-services/locals.tf index 7d710cb..a2a5e81 100644 --- a/deployment/aws-terraform/1-services/locals.tf +++ b/deployment/aws-terraform/1-services/locals.tf @@ -3,6 +3,7 @@ locals { db_count = var.create_rds_instance ? 1 : 0 cognito_pool_count = var.create_cognito_pool ? 1 : 0 use_efs = var.use_efs_csi ? 1 : 0 + use_fsx = var.use_fsx_csi ? 1 : 0 tags = { Name = var.project_prefix diff --git a/deployment/aws-terraform/1-services/variables.tf b/deployment/aws-terraform/1-services/variables.tf index e7dae1a..e084484 100644 --- a/deployment/aws-terraform/1-services/variables.tf +++ b/deployment/aws-terraform/1-services/variables.tf @@ -50,6 +50,12 @@ variable "use_efs_csi" { default = false } +variable "use_fsx_csi" { + type = bool + description = "Install CSI driver for FSx for Lustre volumes" + default = false +} + variable "r53_rds_private_hosted_zone" { type = string default = null