From cdb8f0f912d032f21a39dbf0d1132da2dcb92d02 Mon Sep 17 00:00:00 2001
From: jpolchlo <jpolchlopek@azavea.com>
Date: Tue, 17 Jan 2023 11:52:54 -0500
Subject: [PATCH] Add FSX CSI plugin and required storage class

---
 .../aws-terraform/1-services/fsx-csi.tf       | 20 +++++++++++++
 deployment/aws-terraform/1-services/irsa.tf   | 29 +++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 deployment/aws-terraform/1-services/fsx-csi.tf

diff --git a/deployment/aws-terraform/1-services/fsx-csi.tf b/deployment/aws-terraform/1-services/fsx-csi.tf
new file mode 100644
index 0000000..e41693a
--- /dev/null
+++ b/deployment/aws-terraform/1-services/fsx-csi.tf
@@ -0,0 +1,20 @@
+resource "helm_release" "fsx_csi_driver" {
+  namespace        = "kube-system"
+
+  name       = "aws-fsx-csi-driver"
+  repository = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/"
+  chart      = "aws-fsx-csi-driver"
+}
+
+resource  "kubernetes_storage_class_v1" "fsx_sc" {
+  metadata {
+    name = "fsx-sc"
+  }
+  storage_provisioner = "fsx.csi.aws.com"
+  parameters = {
+    subnetId = tolist(module.eks.vpc_private_subnet_ids)[0]
+    securityGroupIds = module.eks.cluster_security_group
+    deploymentType = "PERSISTENT_2"
+  }
+  depends_on = [ helm_release.fsx_csi_driver ]
+}
diff --git a/deployment/aws-terraform/1-services/irsa.tf b/deployment/aws-terraform/1-services/irsa.tf
index 9f232d2..c50d764 100644
--- a/deployment/aws-terraform/1-services/irsa.tf
+++ b/deployment/aws-terraform/1-services/irsa.tf
@@ -27,3 +27,32 @@ resource "kubernetes_annotations" "ebs_csi_iam_annotation" {
     "eks.amazonaws.com/role-arn": module.ebs_csi_irsa.iam_role_arn
   }
 }
+module "fsx_csi_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+
+  role_name_prefix      = "fsx-csi-${local.cluster_name}"
+  attach_fsx_lustre_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = [
+        "kube-system:fsx-csi-controller-sa"
+      ]
+    }
+  }
+
+  tags = local.tags
+}
+
+resource "kubernetes_annotations" "fsx_csi_controller_annotation" {
+  api_version = "v1"
+  kind = "ServiceAccount"
+  metadata {
+    name = "fsx-csi-controller-sa"
+    namespace = "kube-system"
+  }
+  annotations = {
+    "eks.amazonaws.com/role-arn": module.fsx_csi_irsa.iam_role_arn
+  }
+}