Bootstrap FreeKB - Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) - Create CSI Storage Class using Terraform
Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) - Create CSI Storage Class using Terraform
Updated:   |  Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) articles

At a high level, setting up an Elastic Kubernetes Service (EKS) Cluster with Container Storage Interface (CSI) looks something like this.

 

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── elastic_kubernetes_service (directory)
│   ├── csi_driver.tf
│   ├── provider.tf
│   ├── storage_classes.tf

 

required_providers.tf will almost always have this.

terraform {
  required_providers {

    aws = {
      source  = "hashicorp/aws"
    }

    kubernetes = {
      source  = "hashicorp/kubernetes"
    }

    kubectl = {
      source = "gavinbunney/kubectl"
    }

    helm = {
      source = "hashicorp/helm"
    }
  }
}

 

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

data "aws_eks_cluster" "cluster" {
  name = "my-cluster"
}

data "aws_eks_cluster_auth" "cluster_auth" {
  name = "my-cluster"
}

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

provider "kubernetes" {
  host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
  token = data.aws_eks_cluster_auth.cluster_auth.token
}

provider "kubectl" {
  host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
  token = data.aws_eks_cluster_auth.cluster_auth.token
}

provider "helm" {
  host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
  token = data.aws_eks_cluster_auth.cluster_auth.token
}

 

And csi_driver.tf could have something like this to create the Container Storage Interface (CSI) Driver.

resource "helm_release" "aws_efs_csi_driver" {
  chart      = "aws-efs-csi-driver"
  name       = "aws-efs-csi-driver"
  namespace  = "kube-system"
  repository = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
}

 

And storage_classes.tf could have something like this to create a Storage Class that uses the CSI Driver.

resource "kubernetes_storage_class" "csi" {
  
  metadata {
    name = "csi"
  }
  
  storage_provisioner = "efs.csi.aws.com"
}

 

You may need to reissue the terraform init command.

terraform init

 

The terraform plan command can be used to see what Terraform will try to do.

terraform plan

 

The terraform apply command can be used to create or update the storage class.

terraform apply -auto-approve

 

kubectl get storageclass can then be used to verify that the storage class exists.

~]$ kubectl get storageclass
NAME            PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
csi             efs.csi.aws.com         Delete          Immediate              true                   33s
gp2 (default)   kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   false                  20d

 

Or using the Elastic Kubernetes Services (EKS) console at Resources > Storage > Storage Classes.

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 050a54 in the box below so that we can be sure you are a human.