This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

10/26/2021, 12:07 AM

This message was deleted.

billowy-army-68599

10/26/2021, 2:30 AM

i can probably help here, but what specifically are you struggling with?

billowy-army-68599

10/26/2021, 2:30 AM

(it'll probably be later in the week when I can create an example)

worried-city-86458

10/26/2021, 7:32 PM

I've got it working via dotnet/c# so you should be able to translate from there?

worried-city-86458

10/26/2021, 7:34 PM

Using pulumi kubernetes and the new helm release resource:

Copy code

// aws ebs csi driver; <https://github.com/kubernetes-sigs/aws-ebs-csi-driver/tree/master/charts/aws-ebs-csi-driver>
Logger.LogDebug("Installing aws ebs csi driver");
var ebsControllerRole = new RoleX($"{k8sPrefix}-ebs-csi-controller",
    new RoleXArgs
    {
        AssumeRolePolicy = IamHelpers.AssumeRoleForServiceAccount(oidcArn, oidcUrl, "kube-system", "aws-ebs-csi-controller", awsProvider),
        InlinePolicies = { ["policy"] = ReadResource("AwsEbsCsiPolicy.json") }
    },
    new ComponentResourceOptions { Provider = awsProvider });

var ebsDriverValues = ebsControllerRole.Arn.Apply(roleArn =>
    new Dictionary<string, object>
    {
        ["controller"] = new
        {
            extraVolumeTags = GetDefaultTags(),
            serviceAccount = new { name = "aws-ebs-csi-controller", annotations = new Dictionary<string, string> { ["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = roleArn } }
        },
        ["node"] = new
        {
            serviceAccount = new { name = "aws-ebs-csi-node" },
            tolerateAllTaints = true
        },
        ["storageClasses"] = new[]
        {
            new
            {
                name = "ebs-sc",
                parameters = new { encrypted = "true" },
                reclaimPolicy = "Retain"
            }
        }
    }.ToDictionary()); // workaround <https://github.com/pulumi/pulumi/issues/8013>

new Release("aws-ebs-csi-driver",
    new ReleaseArgs
    {
        Namespace = "kube-system",
        Name = "aws-ebs-csi-driver",
        RepositoryOpts = new RepositoryOptsArgs { Repo = "<https://kubernetes-sigs.github.io/aws-ebs-csi-driver>" },
        Chart = "aws-ebs-csi-driver",
        Version = K8sConfig.AwsEbsCsiDriverVersion,
        Values = ebsDriverValues,
        Atomic = true
    },
    new CustomResourceOptions { Provider = k8sProvider });

worried-city-86458

10/26/2021, 7:35 PM

The above is the policy used for iam roles for service accounts (irsa)

138 Views

Open in Slack

Previous Next