At a high level, setting up an Elastic Kubernetes Service (EKS) Cluster with Container Storage Interface (CSI) looks something like this.
Let's say you have the following files on your Terraform server.
├── required_providers.tf
├── elastic_kubernetes_service (directory)
│ ├── csi_driver.tf
│ ├── provider.tf
│ ├── storage_classes.tf
required_providers.tf will almost always have this.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
kubernetes = {
source = "hashicorp/kubernetes"
}
kubectl = {
source = "gavinbunney/kubectl"
}
helm = {
source = "hashicorp/helm"
}
}
}
Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.
data "aws_eks_cluster" "cluster" {
name = "my-cluster"
}
data "aws_eks_cluster_auth" "cluster_auth" {
name = "my-cluster"
}
provider "aws" {
alias = "default"
profile = "default"
region = "default"
}
provider "kubernetes" {
host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.cluster_auth.token
}
provider "kubectl" {
host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.cluster_auth.token
}
provider "helm" {
host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.cluster_auth.token
}
And csi_driver.tf could have something like this to create the Container Storage Interface (CSI) Driver.
resource "helm_release" "aws_efs_csi_driver" {
chart = "aws-efs-csi-driver"
name = "aws-efs-csi-driver"
namespace = "kube-system"
repository = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
}
And storage_classes.tf could have something like this to create a Storage Class that uses the CSI Driver.
resource "kubernetes_storage_class" "csi" {
metadata {
name = "csi"
}
storage_provisioner = "efs.csi.aws.com"
}
You may need to reissue the terraform init command.
terraform init
The terraform plan command can be used to see what Terraform will try to do.
terraform plan
The terraform apply command can be used to create or update the storage class.
terraform apply -auto-approve
kubectl get storageclass can then be used to verify that the storage class exists.
~]$ kubectl get storageclass
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
csi efs.csi.aws.com Delete Immediate true 33s
gp2 (default) kubernetes.io/aws-ebs Delete WaitForFirstConsumer false 20d
Or using the Elastic Kubernetes Services (EKS) console at Resources > Storage > Storage Classes.
Did you find this article helpful?
If so, consider buying me a coffee over at