adding depends on matrix and enable s3_csi_driver (#403)

* adding depends on matrix and enable s3_csi_driver * run fmt * enable csi * enable csi * csi s3 in add list * csi s3 in add list * csi s3 in add list --------- Co-authored-by: Abhi Yerra <abhi@berkeley.edu>
opszero · Jul 30, 2024 · fe75ec8 · fe75ec8
1 parent 903a54e
commit fe75ec8
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 26 deletions.
diff --git a/cluster.tf b/cluster.tf
@@ -54,6 +54,7 @@ resource "aws_eks_addon" "core" {
     "vpc-cni",
     "coredns",
     "aws-ebs-csi-driver",
+    var.s3_csi_driver_enabled ? ["aws-mountpoint-s3-csi-driver"] : [],
     var.efs_enabled ? ["aws-efs-csi-driver"] : [],
   ]))
 

diff --git a/examples/eks/main.tf b/examples/eks/main.tf
@@ -25,17 +25,11 @@ provider "kubernetes" {
   config_path = "./kubeconfig"
 }
 
-module "encrypted-launch-template" {
-  source = "github.com/opszero/terraform-aws-kubespot//module/encrypted-launch-template?ref=developv8"
 
-  eks_cluster         = module.eks_cluster
-  eks_cluster_version = "1.29"
-}
 
 module "opszero-eks" {
   source = "github.com/opszero/terraform-aws-kubespot"
 
-  aws_profile = local.profile
   zones = [
     "us-east-1a",
     "us-east-1b"
@@ -78,21 +72,16 @@ module "opszero-eks" {
       nodes_max_size         = 3,
       nodes_min_size         = 3
       ami_type               = "CUSTOM"
-      launch_template = [{
-        id      = module.encrypted-launch-template.launch_template_id
-        version = "$Latest"
-      }]
     },
     "t3a-medium-spot2" = {
       instance_types = [
         "t3a.medium",
       ]
-      capacity_type          = "SPOT"
-      node_disk_size         = 20
+      node_disk_size         = 32
       nodes_in_public_subnet = false
-      node_desired_capacity  = 3,
-      nodes_max_size         = 3,
-      nodes_min_size         = 3
+      node_desired_capacity  = 1,
+      nodes_max_size         = 1,
+      nodes_min_size         = 1
     }
   }
 
@@ -103,6 +92,9 @@ module "opszero-eks" {
   nat_enabled           = true
   vpc_flow_logs_enabled = false
   efs_enabled           = false
+  #csi
+  s3_csi_driver_enabled = false
+  s3_csi_bucket_names      = ["test-6647373dd"] #name of s3
 }
 
 module "helm-common" {
@@ -113,12 +105,3 @@ module "helm-common" {
   nginx_max_replicas = 3
 }
 
-
-# resource "aws_ecr_repository" "opszero" {
-#   name                 = "opszero"
-#   image_tag_mutability = "MUTABLE"
-
-#   # image_scanning_configuration {
-#   #   scan_on_push = true
-#   # }
-# }
diff --git a/iam.tf b/iam.tf
@@ -384,3 +384,43 @@ resource "aws_iam_policy" "ebs" {
 }
 EOF
 }
+
+
+resource "aws_iam_policy" "s3_policy" {
+  count       = var.s3_csi_driver_enabled ? 1 : 0
+  name        = "${var.environment_name}-s3-access-policy"
+  description = "IAM policy for S3 access"
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid    = "MountpointFullBucketAccess",
+        Effect = "Allow",
+        Action = [
+          "s3:ListBucket"
+        ],
+        Resource = [for bucket in var.s3_csi_bucket_names : "arn:aws:s3:::$bucket"]
+      },
+      {
+        Sid    = "MountpointFullObjectAccess",
+        Effect = "Allow",
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:AbortMultipartUpload",
+          "s3:DeleteObject",
+        ],
+        Resource = [for bucket in var.s3_csi_bucket_names : "arn:aws:s3:::$bucket/*"]
+      },
+    ],
+  })
+}
+
+
+resource "aws_iam_role_policy_attachment" "csi" {
+  count = var.s3_csi_driver_enabled ? 1 : 0
+
+  policy_arn = join("", aws_iam_policy.s3_policy.*.arn)
+  role       = aws_iam_role.node.name
+}
diff --git a/metrics_server.tf b/metrics_server.tf
@@ -1,4 +1,5 @@
 resource "helm_release" "metrics-server" {
+  depends_on       = [aws_eks_cluster.cluster]
   name             = "metrics-server"
   repository       = "https://kubernetes-sigs.github.io/metrics-server/"
   chart            = "metrics-server"

diff --git a/node.tf b/node.tf
@@ -100,4 +100,4 @@ resource "aws_autoscaling_group" "asg_nodes" {
     value               = var.environment_name
     propagate_at_launch = true
   }
-}
+}
diff --git a/node_groups.tf b/node_groups.tf
@@ -42,7 +42,7 @@ resource "aws_launch_template" "encrypted_launch_template" {
     no_device   = true
     ebs {
       delete_on_termination = true
-      volume_size           = 2
+      volume_size           = 32
       volume_type           = "gp3"
       encrypted             = true
     }

diff --git a/variables.tf b/variables.tf
@@ -442,3 +442,15 @@ variable "access_policies" {
   description = "access policies"
   default     = []
 }
+
+variable "s3_csi_driver_enabled" {
+  description = "Enable or disable the S3 CSI driver"
+  type        = bool
+  default     = false
+}
+
+variable "s3_csi_bucket_names" {
+  description = "The name of the S3 bucket for the CSI driver"
+  type        = list(string)
+  default     = [""]
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -100,4 +100,4 @@ resource "aws_autoscaling_group" "asg_nodes" { @@
         value               = var.environment_name
         propagate_at_launch = true
       }
-    }
+    }