Allow for the FSx CSI driver to be selectively installed

azavea · Jan 30, 2023 · cf9bf23 · cf9bf23
1 parent a2a1767
commit cf9bf23
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 12 deletions.
diff --git a/deployment/aws-terraform/1-services/fsx-csi.tf b/deployment/aws-terraform/1-services/fsx-csi.tf
@@ -1,12 +1,24 @@
 resource "helm_release" "fsx_csi_driver" {
+  count = local.use_fsx
   namespace        = "kube-system"
 
   name       = "aws-fsx-csi-driver"
   repository = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/"
   chart      = "aws-fsx-csi-driver"
+
+  set {
+    name = "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = module.fsx_csi_irsa[0].iam_role_arn
+  }
+
+  set {
+    name = "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = module.fsx_csi_irsa[0].iam_role_arn
+  }
 }
 
 resource  "kubernetes_storage_class_v1" "fsx_sc" {
+  count = local.use_fsx
   metadata {
     name = "fsx-sc"
   }
@@ -16,5 +28,5 @@ resource  "kubernetes_storage_class_v1" "fsx_sc" {
     securityGroupIds = module.eks.cluster_security_group
     deploymentType = "PERSISTENT_2"
   }
-  depends_on = [ helm_release.fsx_csi_driver ]
+  depends_on = [ helm_release.fsx_csi_driver[0] ]
 }
diff --git a/deployment/aws-terraform/1-services/irsa.tf b/deployment/aws-terraform/1-services/irsa.tf
@@ -29,6 +29,8 @@ resource "kubernetes_annotations" "ebs_csi_iam_annotation" {
 }
 
 module "fsx_csi_irsa" {
+  count = local.use_fsx
+
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
 
   role_name_prefix      = "fsx-csi-${local.cluster_name}"
@@ -46,14 +48,16 @@ module "fsx_csi_irsa" {
   tags = local.tags
 }
 
-resource "kubernetes_annotations" "fsx_csi_controller_annotation" {
-  api_version = "v1"
-  kind = "ServiceAccount"
-  metadata {
-    name = "fsx-csi-controller-sa"
-    namespace = "kube-system"
-  }
-  annotations = {
-    "eks.amazonaws.com/role-arn": module.fsx_csi_irsa.iam_role_arn
-  }
-}
+# resource "kubernetes_annotations" "fsx_csi_controller_annotation" {
+#   count = local.use_fsx
+
+#   api_version = "v1"
+#   kind = "ServiceAccount"
+#   metadata {
+#     name = "fsx-csi-controller-sa"
+#     namespace = "kube-system"
+#   }
+#   annotations = {
+#     "eks.amazonaws.com/role-arn": module.fsx_csi_irsa[0].iam_role_arn
+#   }
+# }
diff --git a/deployment/aws-terraform/1-services/locals.tf b/deployment/aws-terraform/1-services/locals.tf
@@ -2,6 +2,7 @@ locals {
   cluster_name = "${var.project_prefix}-${var.environment}"
   db_count = var.create_rds_instance ? 1 : 0
   cognito_pool_count = var.create_cognito_pool ? 1 : 0
+  use_fsx = var.use_fsx_csi ? 1 : 0
 
   tags = {
     Name    = var.project_prefix

diff --git a/deployment/aws-terraform/1-services/variables.tf b/deployment/aws-terraform/1-services/variables.tf
@@ -44,6 +44,12 @@ variable "google_identity_client_secret" {
   description = "Client ID for Google identity provider"
 }
 
+variable "use_fsx_csi" {
+  type = bool
+  description = "Install CSI driver for FSx for Lustre volumes"
+  default = false
+}
+
 variable "r53_rds_private_hosted_zone" {
   type = string
   default = null