Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Amazon EBS CSI driver for working PersistentVolumes in EKS #4

Open
jonashackt opened this issue Apr 23, 2024 · 0 comments
Open

Configure Amazon EBS CSI driver for working PersistentVolumes in EKS #4

jonashackt opened this issue Apr 23, 2024 · 0 comments

Comments

@jonashackt
Copy link
Owner

As described in this so answer and this Crossplane example, we should also add a Container Storage Interface (CSI) driver.

Therefore we need to

Enable the IAM OIDC provider:

          - name: oidcProvider
            base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: OpenIDConnectProvider
              spec:
                forProvider:
                  clientIdList:
                    - sts.amazonaws.com
                  thumbprintList:
                    - 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
            patches:
              - patchSetName: providerConfigRef
                type: PatchSet
              - patchSetName: deletionPolicy
                type: PatchSet
              - fromFieldPath: status.eks.oidc
                policy:
                  fromFieldPath: Required
                toFieldPath: spec.forProvider.url
                type: FromCompositeFieldPath
              - fromFieldPath: status.atProvider.arn
                policy:
                  fromFieldPath: Optional
                toFieldPath: status.eks.oidcArn
                type: ToCompositeFieldPath

Create Amazon EBS CSI driver IAM role:

          - name: ebsCsiRolePolicyAttachment
            base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: RolePolicyAttachment
              spec:
                forProvider:
                  policyArn: arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
                  roleSelector:
                    matchControllerRef: true
                    matchLabels:
                      role: nodegroup
            patches:
              - patchSetName: providerConfigRef
                type: PatchSet
              - patchSetName: deletionPolicy
                type: PatchSet

Add the Amazon EBS CSI add-on:

          - name: ebsCsiAddon
            base:
              apiVersion: eks.aws.upbound.io/v1beta1
              kind: Addon
              spec:
                forProvider:
                  addonName: aws-ebs-csi-driver
                  clusterNameSelector:
                    matchControllerRef: true
            patches:
              - patchSetName: providerConfigRef
                type: PatchSet
              - patchSetName: deletionPolicy
                type: PatchSet
              - patchSetName: region
                type: PatchSet
              - fromFieldPath: status.eks.clusterName
                policy:
                  fromFieldPath: Required
                toFieldPath: metadata.annotations[crossplane.io/external-name]
                transforms:
                  - string:
                      fmt: '%s:aws-ebs-csi-driver'
                      type: Format
                    type: string
                type: FromCompositeFieldPath
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonashackt