Kubernetes EBS CSI driver Terraform module

Terraform module which creates Kubernetes EBS CSI controller resources on AWS EKS.

Based on the original repo for the EBS CSI driver

Usage

data "aws_eks_cluster" "cluster" {
  name = "my-eks-cluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = "my-eks-cluster"
}

data "tls_certificate" "cert" {
  url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
}

resource "aws_iam_openid_connect_provider" "openid_connect" {
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.tls_certificate.cert.certificates.0.sha1_fingerprint]
  url             = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
}

module "ebs_csi_driver_controller" {
  source = "DrFaust92/ebs-csi-driver/kubernetes"
  version = "<VERSION>"

  ebs_csi_controller_image                   = ""
  ebs_csi_controller_role_name               = "ebs-csi-driver-controller"
  ebs_csi_controller_role_policy_name_prefix = "ebs-csi-driver-policy"
  oidc_url                                   = aws_iam_openid_connect_provider.openid_connect.url
}

Requirements

Name	Version
terraform	>= 0.12.6
aws	>= 3.40.0
kubernetes	>= 1.11.4

Providers

Name	Version
aws	4.22.0
kubernetes	2.12.1

Modules

Name	Source	Version
ebs_controller_role	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc	4.24.1

Resources

Name	Type
aws_iam_policy.ebs_controller_policy	resource
kubernetes_cluster_role.attacher	resource
kubernetes_cluster_role.node	resource
kubernetes_cluster_role.provisioner	resource
kubernetes_cluster_role.resizer	resource
kubernetes_cluster_role.snapshotter	resource
kubernetes_cluster_role_binding.attacher	resource
kubernetes_cluster_role_binding.node	resource
kubernetes_cluster_role_binding.provisioner	resource
kubernetes_cluster_role_binding.resizer	resource
kubernetes_cluster_role_binding.snapshotter	resource
kubernetes_csi_driver_v1.ebs	resource
kubernetes_daemonset.node	resource
kubernetes_deployment.ebs_csi_controller	resource
kubernetes_service_account.csi_driver	resource
kubernetes_service_account.node	resource

Inputs

Name	Description	Type	Default	Required
additional_iam_policies_arns	The EBS CSI driver controller's additional policies to allow more actions (kms, etc)	`list(string)`	`[]`	no
controller_extra_node_selectors	A map of extra node selectors for controller pods	`map(string)`	`{}`	no
csi_controller_replica_count	Number of EBS CSI driver controller pods	`number`	`2`	no
csi_controller_tolerations	CSI driver controller tolerations	`list(map(string))`	`[]`	no
csi_provisioner_tag_version	The csi provisioner tag version	`string`	`"v3.2.1"`	no
default_fstype	The default Filesystem type	`string`	`"ext4"`	no
ebs_csi_controller_image	The EBS CSI driver controller's image	`string`	`""`	no
ebs_csi_controller_role_name	The name of the EBS CSI driver IAM role	`string`	`"ebs-csi-driver-controller"`	no
ebs_csi_controller_role_policy_name_prefix	The prefix of the EBS CSI driver IAM policy	`string`	`"ebs-csi-driver-policy"`	no
ebs_csi_driver_version	The EBS CSI driver controller's image version	`string`	`""`	no
eks_cluster_id	ID of the Kubernetes cluster used for tagging provisioned EBS volumes	`string`	`""`	no
enable_default_fstype	Wheter to enable default Filesystem type	`bool`	`false`	no
enable_volume_resizing	Whether to enable volume resizing	`bool`	`false`	no
enable_volume_snapshot	Whether to enable volume snapshotting	`bool`	`false`	no
extra_create_metadata	If set, add pv/pvc metadata to plugin create requests as parameters.	`bool`	`false`	no
extra_node_selectors	A map of extra node selectors for all components	`map(string)`	`{}`	no
labels	A map of extra labels for all resources	`map(string)`	`{}`	no
log_level	The log level for the CSI Driver controller	`number`	`5`	no
namespace	The K8s namespace for all EBS CSI driver resources	`string`	`"kube-system"`	no
node_extra_node_selectors	A map of extra node selectors for node pods	`map(string)`	`{}`	no
node_tolerations	CSI driver node tolerations	`list(map(string))`	`[]`	no
oidc_url	EKS OIDC provider URL, to allow pod to assume role using IRSA	`string`	n/a	yes
tags	A map of tags to add to all resources	`map(string)`	`{}`	no
volume_attach_limit	Configure maximum volume attachments per node. -1 means use default configuration	`number`	`-1`	no

Outputs

Name	Description
ebs_csi_driver_controller_role_arn	The Name of the EBS CSI driver controller IAM role ARN
ebs_csi_driver_controller_role_name	The Name of the EBS CSI driver controller IAM role name
ebs_csi_driver_controller_role_policy_arn	The Name of the EBS CSI driver controller IAM role policy ARN
ebs_csi_driver_controller_role_policy_name	The Name of the EBS CSI driver controller IAM role policy name
ebs_csi_driver_name	The Name of the EBS CSI driver

Name		Name	Last commit message	Last commit date
Latest commit History 167 Commits
examples/simple		examples/simple
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.tflint.hcl		.tflint.hcl
LICENSE		LICENSE
README.md		README.md
controller.tf		controller.tf
csi_driver.tf		csi_driver.tf
csi_rbac.tf		csi_rbac.tf
iam-policy.json		iam-policy.json
iam.tf		iam.tf
locals.tf		locals.tf
node-rbac.tf		node-rbac.tf
node.tf		node.tf
outputs.tf		outputs.tf
renovate.json		renovate.json
variables.tf		variables.tf
versions.tf		versions.tf

License

convox/terraform-kubernetes-ebs-csi-driver

Folders and files

Latest commit

History

Repository files navigation

Kubernetes EBS CSI driver Terraform module

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Resources

License

Stars

Watchers

Forks

Languages