Bootstrap FreeKB - Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) - Create CSI Driver using Terraform
Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) - Create CSI Driver using Terraform


At a high level, setting up an Elastic Kubernetes Service (EKS) Cluster with Container Storage Interface (CSI) looks something like this.

 

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── elastic_file_system (directory)
│   ├── provider.tf
│   ├── csi_driver.tf

 

required_providers.tf will almost always have this.

terraform {
  required_providers {

    aws = {
      source  = "hashicorp/aws"
    }

    kubernetes = {
      source  = "hashicorp/kubernetes"
    }

    kubectl = {
      source = "gavinbunney/kubectl"
    }

    helm = {
      source = "hashicorp/helm"
    }
  }
}

 

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

data "aws_eks_cluster" "cluster" {
  name = "my-cluster"
}

data "aws_eks_cluster_auth" "cluster_auth" {
  name = "my-cluster"
}

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

provider "kubernetes" {
  host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
  token = data.aws_eks_cluster_auth.cluster_auth.token
}

provider "kubectl" {
  host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
  token = data.aws_eks_cluster_auth.cluster_auth.token
}

provider "helm" {
  host = "https://123456789ABCDEFG123456789ABCDEFG.gr7.us-east-1.eks.amazonaws.com"
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
  token = data.aws_eks_cluster_auth.cluster_auth.token
}

 

And csi_driver.tf could have something like this to create the Container Storage Interface (CSI) Driver.

resource "helm_release" "aws_efs_csi_driver" {
  chart      = "aws-efs-csi-driver"
  name       = "aws-efs-csi-driver"
  namespace  = "kube-system"
  repository = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
}

 

You may need to reissue the terraform init command.

terraform init

 

The terraform plan command can be used to see what Terraform will try to do.

terraform plan

 

The terraform apply command can be used to create or update the CDI driver.

terraform apply -auto-approve

 

Let's say the following is returned.

│ Error: Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
│ 
│   with module.modules.module.efs_csi_driver.helm_release.kubernetes_efs_csi_driver[0],
│   on .terraform/modules/modules.efs_csi_driver/helm.tf line 1, in resource "helm_release" "kubernetes_efs_csi_driver":
│    1: resource "helm_release" "kubernetes_efs_csi_driver" {

 

You can try setting the KUBE_CONFIG variable to point to your hidden .kube config file.

export KUBE_CONFIG_PATH=/path/to/.kube/config

 

In your Elastic Kubernetes Services (EKS) console, at Resources > Storage > CSIDrivers, the efs.csi.aws.com driver should be listed.

 

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter eb7ffd in the box below so that we can be sure you are a human.