Merge pull request #5 from SPHTech-Platform/feat/update-module

feat: update efs csi driver module

Author: uchinda-sph

iam.tf

@@ -2,16 +2,19 @@ module "efs_csi_role" {
   count = var.create_default_irsa ? 1 : 0
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 4.21.1"
+  version = "~> 5.55"
 
   role_name_prefix = coalesce(var.iam_role_name, "${var.cluster_name}-efs-csi-")
   role_description = "EKS Cluster ${var.cluster_name} EFS CSI Driver role"
 
   attach_efs_csi_policy = true
   oidc_providers = {
     main = {
-      provider_arn               = var.oidc_provider_arn
-      namespace_service_accounts = ["${var.namespace}:${local.service_account_name}"]
+      provider_arn = var.oidc_provider_arn
+      namespace_service_accounts = [
+        "${var.namespace}:${var.controller_service_account_name}",
+        "${var.namespace}:${var.node_service_account_name}",
+      ]
     }
   }
 }

main.tf

@@ -1,14 +1,30 @@
 locals {
-  service_account_name = var.service_account_name
+  controller_service_account_annotations = var.create_default_irsa ? {
+    "eks.amazonaws.com/role-arn" = module.efs_csi_role[0].iam_role_arn
+  } : {}
+  node_service_account_annotations = var.create_default_irsa ? {
+    "eks.amazonaws.com/role-arn" = module.efs_csi_role[0].iam_role_arn
+  } : {}
 
   values = {
     image_repository = var.image_repository
     image_tag        = var.image_tag
 
-    resources_driver    = jsonencode(var.resources_driver)
-    resources_registrar = jsonencode(var.resources_registrar)
-    resources_liveness  = jsonencode(var.resources_liveness)
+    liveness_probe_image_tag        = var.liveness_probe_image_tag
+    node_driver_registrar_image_tag = var.node_driver_registrar_image_tag
+    external_provisioner_image_tag  = var.external_provisioner_image_tag
 
+    controller_service_account_name        = var.controller_service_account_name
+    controller_resources                   = jsonencode(var.controller_resources)
+    controller_service_account_annotations = jsonencode(local.controller_service_account_annotations)
+
+    node_service_account_name        = var.node_service_account_name
+    node_resources                   = jsonencode(var.node_resources)
+    node_service_account_annotations = jsonencode(local.node_service_account_annotations)
+
+    storage_classes = jsonencode(var.storage_classess)
+
+    enable_helm_hooks_for_csi_driver = var.enable_helm_hooks_for_csi_driver
   }
 
 }

templates/values.yaml

@@ -1,12 +1,6 @@
 # Default values for aws-efs-csi-driver.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-
-nameOverride: ""
-fullnameOverride: ""
-
-replicaCount: 2
-
 image:
   repository: ${image_repository}
   tag: ${image_tag}
@@ -15,113 +9,40 @@ image:
 sidecars:
   livenessProbe:
     image:
-      repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
-      tag: v2.2.0-eks-1-18-13
-      pullPolicy: IfNotPresent
-    resources: {}
+      tag: ${liveness_probe_image_tag}
   nodeDriverRegistrar:
     image:
-      repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
-      tag: v2.1.0-eks-1-18-13
-      pullPolicy: IfNotPresent
-    resources: {}
+      tag: ${node_driver_registrar_image_tag}
   csiProvisioner:
     image:
-      repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
-      tag: v2.1.1-eks-1-18-13
-      pullPolicy: IfNotPresent
-    resources: {}
-
-imagePullSecrets: []
-
-## Controller deployment variables
+      tag: ${external_provisioner_image_tag}
 
 controller:
-  # Specifies whether a deployment should be created
   create: true
-  # Number for the log level verbosity
-  logLevel: 2
-  # If set, add pv/pvc metadata to plugin create requests as parameters.
-  extraCreateMetadata: true
-  # Add additional tags to access points
-  tags:
-    {}
-    # environment: prod
-    # region: us-east-1
-  # Enable if you want the controller to also delete the
-  # path on efs when deleteing an access point
-  deleteAccessPointRootDir: false
-  volMetricsOptIn: false
-  podAnnotations: {}
-  resources:
-    {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-  nodeSelector: {}
-  tolerations: []
-  affinity: {}
-  # Specifies whether a service account should be created
+  resources: ${controller_resources}
   serviceAccount:
     create: true
-    name: efs-csi-controller-sa
-    annotations: {}
+    name: ${controller_service_account_name}
+    annotations: ${controller_service_account_annotations}
     ## Enable if EKS IAM for SA is used
     #  eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
-  healthPort: 9909
-  regionalStsEndpoints: false
-## Node daemonset variables
+  podDisruptionBudget:
+    enabled: true
+  topologySpreadConstraints:
+    - maxSkew: 1
+      topologyKey: "topology.kubernetes.io/zone"
+      whenUnsatisfiable: DoNotSchedule
 
 node:
-  # Number for the log level verbosity
-  logLevel: 2
-  hostAliases:
-    {}
-    # For cross VPC EFS, you need to poison or overwrite the DNS for the efs volume as per
-    # https://docs.aws.amazon.com/efs/latest/ug/efs-different-vpc.html#wt6-efs-utils-step3
-    # implementing the suggested solution found here:
-    # https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/240#issuecomment-676849346
-    # EFS Vol ID, IP, Region
-    # "fs-01234567":
-    #   ip: 10.10.2.2
-    #   region: us-east-2
-  dnsPolicy: ClusterFirst
-  dnsConfig:
-    {}
-    # Example config which uses the AWS nameservers
-    # dnsPolicy: "None"
-    # dnsConfig:
-    #   nameservers:
-    #     - 169.254.169.253
-  podAnnotations: {}
-  resources:
-    {}
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-  nodeSelector: {}
-  tolerations:
-    - operator: Exists
-  # Specifies whether a service account should be created
+  resources: ${node_resources}
   serviceAccount:
     create: true
-    name: efs-csi-node-sa
-    annotations: {}
+    name: ${node_service_account_name}
+    annotations: ${node_service_account_annotations}
     ## Enable if EKS IAM for SA is used
     #  eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
-  healthPort: 9809
 
-storageClasses: []
+storageClasses: ${storage_classes}
 # Add StorageClass resources like:
 # - name: efs-sc
 #   annotations:
@@ -138,3 +59,6 @@ storageClasses: []
 #     basePath: "/dynamic_provisioning"
 #   reclaimPolicy: Delete
 #   volumeBindingMode: Immediate
+
+# Specifies wether to use helm hooks to apply the CSI driver
+useHelmHooksForCSIDriver: ${enable_helm_hooks_for_csi_driver}

variables.tf

@@ -24,7 +24,7 @@ variable "chart_repository" {
 variable "chart_version" {
   description = "Version of Chart to install. Set to empty to install the latest version"
   type        = string
-  default     = "2.4.3"
+  default     = "3.1.9"
 }
 
 variable "chart_namespace" {
@@ -48,7 +48,7 @@ variable "max_history" {
 variable "create_namespace" {
   description = "Create the namespace if it does not exist"
   type        = bool
-  default     = false
+  default     = true
 }
 
 ########################
@@ -58,17 +58,35 @@ variable "create_namespace" {
 variable "image_repository" {
   description = "Image repository on Dockerhub"
   type        = string
-  default     = "amazon/aws-efs-csi-driver"
+  default     = "public.ecr.aws/efs-csi-driver/amazon/aws-efs-csi-driver"
 }
 
 variable "image_tag" {
   description = "Image tag"
   type        = string
-  default     = "v1.5.5"
+  default     = "v2.1.8"
+}
+
+variable "liveness_probe_image_tag" {
+  description = "Liveness Probe Image Tag"
+  type        = string
+  default     = "v2.14.0-eks-1-32-6"
+}
+
+variable "node_driver_registrar_image_tag" {
+  description = "Node Driver Registrar Image Tag"
+  type        = string
+  default     = "v2.13.0-eks-1-32-6"
+}
+
+variable "external_provisioner_image_tag" {
+  description = "External Provisioner Image Tag"
+  type        = string
+  default     = "v5.2.0-eks-1-32-6"
 }
 
-variable "resources_driver" {
-  description = "Driver Resources"
+variable "controller_resources" {
+  description = "Controller Resources"
   type        = map(any)
   default = {
     requests = {
@@ -82,34 +100,43 @@ variable "resources_driver" {
   }
 }
 
-variable "resources_registrar" {
-  description = "Registrar Resources"
+variable "node_resources" {
+  description = "Node Resources"
   type        = map(any)
   default = {
     requests = {
-      cpu    = "100m"
-      memory = "100Mi"
+      cpu    = "200m"
+      memory = "200Mi"
     }
     limits = {
-      cpu    = "100m"
-      memory = "100Mi"
+      cpu    = "200m"
+      memory = "200Mi"
     }
   }
 }
 
-variable "resources_liveness" {
-  description = "LivenessProbe Resources"
-  type        = map(any)
-  default = {
-    requests = {
-      cpu    = "100m"
-      memory = "100Mi"
-    }
-    limits = {
-      cpu    = "100m"
-      memory = "100Mi"
-    }
-  }
+variable "storage_classess" {
+  description = "Storage Classes"
+  type        = any
+  default     = []
+}
+
+variable "enable_helm_hooks_for_csi_driver" {
+  description = "Enable Helm hooks for CSI driver"
+  type        = bool
+  default     = true
+}
+
+variable "controller_service_account_name" {
+  description = "Controller Service Account Name"
+  type        = string
+  default     = "efs-csi-controller-sa"
+}
+
+variable "node_service_account_name" {
+  description = "Node Service Account Name"
+  type        = string
+  default     = "efs-csi-node-sa"
 }
 
 ########################
@@ -129,12 +156,6 @@ variable "iam_role_name" {
 ##############
 #### IRSA ####
 ##############
-variable "service_account_name" {
-  description = "Name of service account to create. Not generated"
-  type        = string
-  default     = "efs-csi-controller-sa"
-}
-
 variable "create_default_irsa" {
   description = "Create default IRSA for service account"
   type        = bool