EKS EBS CSI Driver Module
This Terraform module installs the Amazon EBS CSI Driver to an EKS cluster as an EKS Managed AddOn. The EBS CSI Driver manages the lifecycle of EBS Volumes when used as Kubernetes Volumes. The EBS CSI Driver is enabled by default in EKS clusters >= 1.23
, but not installed. The EBS CSI Driver was installed by default on earlier versions of EKS. This module will create all of the required resources to run the EBS CSI Driver and can be configured as needed without the bounds of the EBS CSI Driver as a Managed AddOn. See the official documentation for more details.
This module is exposed directly on the eks-cluster-control module as with the other available EKS AddOns, but this module can also be used independently by toggling the enable_ebs_csi_driver
to false
(false
by default on the eks-control-plane
module) on the eks-control-plane
module and instead declaring this module elsewhere within the codebase.
NOTE: currently enabling/deploying this module in a new cluster will take ~15 mins to deploy due to a limitation on the AWS side. The health status of the AddOn itself isn't reported in a timely manner which causes the deployment to take extra time even though the AddOn is deployed and healthy. Please be aware of this as it will increase the initial deployment time of a new EKS cluster.
Sample Usage
- Terraform
- Terragrunt
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S EKS-EBS-CSI-DRIVER MODULE
# ------------------------------------------------------------------------------------------------------
module "eks_ebs_csi_driver" {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-ebs-csi-driver?ref=v0.72.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# The name of the EKS cluster to create the AWS EKS EBS CSI Driver in.
eks_cluster_name = <string>
# ARN of the OpenID Connect Provider provisioned for the EKS cluster.
eks_openid_connect_provider_arn = <string>
# URL of the OpenID Connect Provider provisioned for the EKS cluster.
eks_openid_connect_provider_url = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# Tags to apply to all AWS resources managed by this module.
default_tags = {}
# Configuraiton object for the EBS CSI Driver EKS AddOn
ebs_csi_driver_addon_config = {}
# A map of custom tags to apply to the EBS CSI Driver AddOn. The key is the
# tag name and the value is the tag value.
ebs_csi_driver_addon_tags = {}
# A map of custom tags to apply to the IAM Policies created for the EBS CSI
# Driver IAM Role if enabled. The key is the tag name and the value is the tag
# value.
ebs_csi_driver_iam_policy_tags = {}
# A map of custom tags to apply to the EBS CSI Driver IAM Role if enabled. The
# key is the tag name and the value is the tag value.
ebs_csi_driver_iam_role_tags = {}
# If using KMS encryption of EBS volumes, provide the KMS Key ARN to be used
# for a policy attachment.
ebs_csi_driver_kms_key_arn = null
# The namespace for the EBS CSI Driver. This will almost always be the
# kube-system namespace.
ebs_csi_driver_namespace = "kube-system"
# The Service Account name to be used with the EBS CSI Driver
ebs_csi_driver_sa_name = "ebs-csi-controller-sa"
# When set to true, the module configures and install the EBS CSI Driver as an
# EKS managed AddOn
# (https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html). To
# use this feature, `configure_openid_connect_provider` must be set to true
# (the default value).
enable_ebs_csi_driver = true
# The version of Kubernetes for the EKS Cluster.
kubernetes_version = "1.30"
}
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S EKS-EBS-CSI-DRIVER MODULE
# ------------------------------------------------------------------------------------------------------
terraform {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-ebs-csi-driver?ref=v0.72.3"
}
inputs = {
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# The name of the EKS cluster to create the AWS EKS EBS CSI Driver in.
eks_cluster_name = <string>
# ARN of the OpenID Connect Provider provisioned for the EKS cluster.
eks_openid_connect_provider_arn = <string>
# URL of the OpenID Connect Provider provisioned for the EKS cluster.
eks_openid_connect_provider_url = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# Tags to apply to all AWS resources managed by this module.
default_tags = {}
# Configuraiton object for the EBS CSI Driver EKS AddOn
ebs_csi_driver_addon_config = {}
# A map of custom tags to apply to the EBS CSI Driver AddOn. The key is the
# tag name and the value is the tag value.
ebs_csi_driver_addon_tags = {}
# A map of custom tags to apply to the IAM Policies created for the EBS CSI
# Driver IAM Role if enabled. The key is the tag name and the value is the tag
# value.
ebs_csi_driver_iam_policy_tags = {}
# A map of custom tags to apply to the EBS CSI Driver IAM Role if enabled. The
# key is the tag name and the value is the tag value.
ebs_csi_driver_iam_role_tags = {}
# If using KMS encryption of EBS volumes, provide the KMS Key ARN to be used
# for a policy attachment.
ebs_csi_driver_kms_key_arn = null
# The namespace for the EBS CSI Driver. This will almost always be the
# kube-system namespace.
ebs_csi_driver_namespace = "kube-system"
# The Service Account name to be used with the EBS CSI Driver
ebs_csi_driver_sa_name = "ebs-csi-controller-sa"
# When set to true, the module configures and install the EBS CSI Driver as an
# EKS managed AddOn
# (https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html). To
# use this feature, `configure_openid_connect_provider` must be set to true
# (the default value).
enable_ebs_csi_driver = true
# The version of Kubernetes for the EKS Cluster.
kubernetes_version = "1.30"
}
Reference
- Inputs
- Outputs
Required
eks_cluster_name
stringThe name of the EKS cluster to create the AWS EKS EBS CSI Driver in.
ARN of the OpenID Connect Provider provisioned for the EKS cluster.
URL of the OpenID Connect Provider provisioned for the EKS cluster.
Optional
default_tags
map(string)Tags to apply to all AWS resources managed by this module.
{}
Configuraiton object for the EBS CSI Driver EKS AddOn
Any types represent complex values of variable type. For details, please consult `variables.tf` in the source repo.
{}
Details
EKS add-on advanced configuration via configuration_values must follow the configuration schema for the deployed version of the add-on.
See the following AWS Blog for more details on advanced configuration of EKS add-ons: https://aws.amazon.com/blogs/containers/amazon-eks-add-ons-advanced-configuration/
Example:
{
addon_version = "v1.14.0-eksbuild.1"
configuration_values = {}
preserve = false
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "NONE"
service_account_role_arn = "arn:aws:iam::123456789012:role/role-name"
}
ebs_csi_driver_addon_tags
map(string)A map of custom tags to apply to the EBS CSI Driver AddOn. The key is the tag name and the value is the tag value.
{}
Example
{
key1 = "value1"
key2 = "value2"
}
ebs_csi_driver_iam_policy_tags
map(string)A map of custom tags to apply to the IAM Policies created for the EBS CSI Driver IAM Role if enabled. The key is the tag name and the value is the tag value.
{}
ebs_csi_driver_iam_role_tags
map(string)A map of custom tags to apply to the EBS CSI Driver IAM Role if enabled. The key is the tag name and the value is the tag value.
{}
If using KMS encryption of EBS volumes, provide the KMS Key ARN to be used for a policy attachment.
null
ebs_csi_driver_namespace
stringThe namespace for the EBS CSI Driver. This will almost always be the kube-system namespace.
"kube-system"
ebs_csi_driver_sa_name
stringThe Service Account name to be used with the EBS CSI Driver
"ebs-csi-controller-sa"
When set to true, the module configures and install the EBS CSI Driver as an EKS managed AddOn (https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html). To use this feature, configure_openid_connect_provider
must be set to true (the default value).
true
kubernetes_version
stringThe version of Kubernetes for the EKS Cluster.
"1.30"
The ARN of the EBS CSI AddOn.
The current version of the EBS CSI AddOn.
The latest available version of the EBS CSI AddOn.