From 985562f5bb18c9e36cff33c8083b67c4b899ebfe Mon Sep 17 00:00:00 2001 From: Darius Juodokas Date: Thu, 11 Jul 2024 14:00:19 +0300 Subject: [PATCH] Missing node.serviceAccount.annotations in values.yaml (#217) * Update values.yaml regd #564 * Update values.yaml regd #564 * SA EKS IAM role annotation in install.md * Update docs/install.md Co-authored-by: Burak --------- Co-authored-by: Burak --- charts/aws-mountpoint-s3-csi-driver/values.yaml | 3 +++ docs/install.md | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/charts/aws-mountpoint-s3-csi-driver/values.yaml b/charts/aws-mountpoint-s3-csi-driver/values.yaml index 4b7543a..09bfae3 100644 --- a/charts/aws-mountpoint-s3-csi-driver/values.yaml +++ b/charts/aws-mountpoint-s3-csi-driver/values.yaml @@ -22,6 +22,9 @@ node: # Specifies whether a service account should be created create: true name: s3-csi-driver-sa + # Specify the SA's role ARN if running in EKS. Otherwise, the the driver will be "Forbidden" from accessing s3 buckets + # annotations: + # "eks.amazonaws.com/role-arn": "" nodeSelector: {} resources: requests: diff --git a/docs/install.md b/docs/install.md index e4a0c6c..0ff50ec 100644 --- a/docs/install.md +++ b/docs/install.md @@ -114,6 +114,16 @@ helm upgrade --install aws-mountpoint-s3-csi-driver \ aws-mountpoint-s3-csi-driver/aws-mountpoint-s3-csi-driver ``` +> [!NOTE] +> For EKS users, you need to pass your Role ARN here if you're using IAM roles for service accounts: +> +> ```bash +> $ helm upgrade --install aws-mountpoint-s3-csi-driver \ +> --namespace kube-system \ +> --set node.serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::account:role/csi-driver-role-name" \ +> aws-mountpoint-s3-csi-driver/aws-mountpoint-s3-csi-driver +> ``` + Review the [configuration values](https://github.com/awslabs/mountpoint-s3-csi-driver/blob/main/charts/aws-mountpoint-s3-csi-driver/values.yaml) for the Helm chart. #### Once the driver has been deployed, verify the pods are running: