Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
bitter-policeman-94135
10/26/2021, 12:07 AMHas anyone had success with getting EBS-CSI working with Pulimi in Python?
https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html
☝️ I'm having some difficulty translating these steps to Python.
b
billowy-army-68599
10/26/2021, 2:30 AMi can probably help here, but what specifically are you struggling with?
(it'll probably be later in the week when I can create an example)
w
worried-city-86458
10/26/2021, 7:32 PMI've got it working via dotnet/c# so you should be able to translate from there?
Using pulumi kubernetes and the new helm release resource:
// aws ebs csi driver; <https://github.com/kubernetes-sigs/aws-ebs-csi-driver/tree/master/charts/aws-ebs-csi-driver>
Logger.LogDebug("Installing aws ebs csi driver");
var ebsControllerRole = new RoleX($"{k8sPrefix}-ebs-csi-controller",
new RoleXArgs
{
AssumeRolePolicy = IamHelpers.AssumeRoleForServiceAccount(oidcArn, oidcUrl, "kube-system", "aws-ebs-csi-controller", awsProvider),
InlinePolicies = { ["policy"] = ReadResource("AwsEbsCsiPolicy.json") }
},
new ComponentResourceOptions { Provider = awsProvider });
var ebsDriverValues = ebsControllerRole.Arn.Apply(roleArn =>
new Dictionary<string, object>
{
["controller"] = new
{
extraVolumeTags = GetDefaultTags(),
serviceAccount = new { name = "aws-ebs-csi-controller", annotations = new Dictionary<string, string> { ["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = roleArn } }
},
["node"] = new
{
serviceAccount = new { name = "aws-ebs-csi-node" },
tolerateAllTaints = true
},
["storageClasses"] = new[]
{
new
{
name = "ebs-sc",
parameters = new { encrypted = "true" },
reclaimPolicy = "Retain"
}
}
}.ToDictionary()); // workaround <https://github.com/pulumi/pulumi/issues/8013>
new Release("aws-ebs-csi-driver",
new ReleaseArgs
{
Namespace = "kube-system",
Name = "aws-ebs-csi-driver",
RepositoryOpts = new RepositoryOptsArgs { Repo = "<https://kubernetes-sigs.github.io/aws-ebs-csi-driver>" },
Chart = "aws-ebs-csi-driver",
Version = K8sConfig.AwsEbsCsiDriverVersion,
Values = ebsDriverValues,
Atomic = true
},
new CustomResourceOptions { Provider = k8sProvider });The above is the policy used for iam roles for service accounts (irsa)