Merge pull request #13 from DrFaust92/r/contoller

Add Controller
DrFaust92 · May 16, 2021 · ce1f40d · ce1f40d
2 parents 222832b + 382e65f
commit ce1f40d
Show file tree

Hide file tree

Showing 6 changed files with 221 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -39,20 +39,27 @@ No modules.
 | [kubernetes_cluster_role_binding.provisioner](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
 | [kubernetes_csi_driver.efs](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/csi_driver) | resource |
 | [kubernetes_daemonset.efs](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/daemonset) | resource |
+| [kubernetes_deployment.efs_csi_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
 | [kubernetes_service_account.csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_annotations"></a> [annotations](#input\_annotations) | Optional annotations to add to EFS CSI driver resources | `map(string)` | `{}` | no |
+| <a name="input_controller_annotations"></a> [controller\_annotations](#input\_controller\_annotations) | A map of extra annotations for controller | `map(string)` | `{}` | no |
+| <a name="input_controller_extra_node_selectors"></a> [controller\_extra\_node\_selectors](#input\_controller\_extra\_node\_selectors) | A map of extra node selectors for controller pods | `map(string)` | `{}` | no |
+| <a name="input_create_controller"></a> [create\_controller](#input\_create\_controller) | Wheter to create a controller | `bool` | `false` | no |
+| <a name="input_csi_controller_replica_count"></a> [csi\_controller\_replica\_count](#input\_csi\_controller\_replica\_count) | Number of EFS CSI driver controller pods | `number` | `2` | no |
 | <a name="input_csi_controller_tolerations"></a> [csi\_controller\_tolerations](#input\_csi\_controller\_tolerations) | CSI driver controller tolerations | `list(map(string))` | `[]` | no |
+| <a name="input_delete_access_point_root_dir"></a> [delete\_access\_point\_root\_dir](#input\_delete\_access\_point\_root\_dir) | Wheter to delete the access point root dir | `bool` | `false` | no |
 | <a name="input_extra_node_selectors"></a> [extra\_node\_selectors](#input\_extra\_node\_selectors) | A map of extra node selectors for all components | `map(string)` | `{}` | no |
 | <a name="input_host_aliases"></a> [host\_aliases](#input\_host\_aliases) | A map of host aliases | `map(any)` | `{}` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | A map of extra labels for all resources | `map(string)` | `{}` | no |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | The log level for the CSI Driver controller | `number` | `5` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace for EFS CSI driver resources | `string` | `"kube-system"` | no |
 | <a name="input_node_extra_node_selectors"></a> [node\_extra\_node\_selectors](#input\_node\_extra\_node\_selectors) | A map of extra node selectors for node pods | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 
 ## Outputs
 

diff --git a/controller.tf b/controller.tf
@@ -0,0 +1,159 @@
+resource "kubernetes_deployment" "efs_csi_controller" {
+  count = var.create_controller ? 1 : 0
+
+  metadata {
+    name        = local.controller_name
+    namespace   = var.namespace
+    labels      = var.labels
+    annotations = var.controller_annotations
+  }
+  spec {
+    replicas = var.csi_controller_replica_count
+
+    selector {
+      match_labels = {
+        app = local.controller_name
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = local.controller_name
+        }
+      }
+
+      spec {
+        host_network = true
+
+        node_selector = merge({
+          "beta.kubernetes.io/os" : "linux",
+        }, var.extra_node_selectors, var.controller_extra_node_selectors)
+
+        service_account_name            = kubernetes_service_account[0].csi_driver.metadata[0].name
+        automount_service_account_token = true
+        priority_class_name             = "system-cluster-critical"
+
+        toleration {
+          operator = "Exists"
+        }
+
+        dynamic "toleration" {
+          for_each = var.csi_controller_tolerations
+          content {
+            key                = lookup(toleration.value, "key", null)
+            operator           = lookup(toleration.value, "operator", null)
+            effect             = lookup(toleration.value, "effect", null)
+            value              = lookup(toleration.value, "value", null)
+            toleration_seconds = lookup(toleration.value, "toleration_seconds", null)
+          }
+        }
+
+        container {
+          name  = "efs-plugin"
+          image = "amazon/aws-efs-csi-driver:v1.2.0"
+          args = compact(
+            [
+              "--endpoint=$(CSI_ENDPOINT)",
+              "--logtostderr",
+              "--v=${tostring(var.log_level)}",
+              length(local.csi_volume_tags) > 0 ? "tags=${local.csi_volume_tags}" : "",
+              var.delete_access_point_root_dir != "" ? "--delete-access-point-root-dir==${var.delete_access_point_root_dir}" : ""
+            ]
+          )
+
+          env {
+            name  = "CSI_ENDPOINT"
+            value = "unix:///var/lib/csi/sockets/pluginproxy/csi.sock"
+          }
+
+          volume_mount {
+            mount_path = "/var/lib/csi/sockets/pluginproxy/"
+            name       = "socket-dir"
+          }
+
+          port {
+            name           = "healthz"
+            container_port = 9808
+            protocol       = "TCP"
+          }
+
+          liveness_probe {
+            http_get {
+              path = "/healthz"
+              port = "healthz"
+            }
+
+            initial_delay_seconds = 10
+            timeout_seconds       = 3
+            period_seconds        = 10
+            failure_threshold     = 5
+          }
+
+          readiness_probe {
+            http_get {
+              path = "/healthz"
+              port = "healthz"
+            }
+
+            initial_delay_seconds = 10
+            timeout_seconds       = 3
+            period_seconds        = 10
+            failure_threshold     = 5
+          }
+
+          security_context {
+            privileged = true
+          }
+        }
+
+        container {
+          name  = "csi-provisioner"
+          image = "public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v2.1.1-eks-1-18-2"
+          args = compact(
+            [
+              "--csi-address=$(ADDRESS)",
+              "--v=${tostring(var.log_level)}",
+              "--feature-gates=Topology=true",
+              "--leader-election",
+            ]
+          )
+
+          env {
+            name  = "ADDRESS"
+            value = "/var/lib/csi/sockets/pluginproxy/csi.sock"
+          }
+
+          volume_mount {
+            mount_path = "/var/lib/csi/sockets/pluginproxy/"
+            name       = "socket-dir"
+          }
+        }
+
+        container {
+          name  = "liveness-probe"
+          image = "public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.2.0-eks-1-18-2"
+          args = [
+            "--csi-address=/csi/csi.sock",
+            "--health-port=9808"
+          ]
+
+          volume_mount {
+            mount_path = "/csi"
+            name       = "socket-dir"
+          }
+        }
+
+        volume {
+          name = "socket-dir"
+          empty_dir {}
+        }
+      }
+    }
+  }
+
+  depends_on = [
+    kubernetes_cluster_role_binding.provisioner,
+    kubernetes_csi_driver.efs,
+  ]
+}
diff --git a/daemonset.tf b/daemonset.tf
@@ -1,11 +1,3 @@
-locals {
-  name = "efs-csi-node"
-  labels = {
-    app                      = local.name
-    "app.kubernetes.io/name" = "aws-efs-csi-driver"
-  }
-}
-
 resource "kubernetes_daemonset" "efs" {
   metadata {
     name      = local.name

diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,10 @@
+locals {
+  name            = "efs-csi-node"
+  controller_name = "efs-csi-controller"
+  csi_volume_tags = join(",", [for key, value in var.tags : "${key}=${value}"])
+
+  labels = {
+    app                      = local.name
+    "app.kubernetes.io/name" = "aws-efs-csi-driver"
+  }
+}
diff --git a/rbac.tf b/rbac.tf
@@ -1,4 +1,6 @@
 resource "kubernetes_service_account" "csi_driver" {
+  count = var.create_controller ? 1 : 0
+
   metadata {
     name      = local.name
     namespace = var.namespace
@@ -7,6 +9,8 @@ resource "kubernetes_service_account" "csi_driver" {
 }
 
 resource "kubernetes_cluster_role" "provisioner" {
+  count = var.create_controller ? 1 : 0
+
   metadata {
     name = "efs-csi-external-provisioner-role"
   }
@@ -55,19 +59,21 @@ resource "kubernetes_cluster_role" "provisioner" {
 }
 
 resource "kubernetes_cluster_role_binding" "provisioner" {
+  count = var.create_controller ? 1 : 0
+
   metadata {
     name = "efs-csi-provisioner-binding"
   }
 
   role_ref {
     api_group = "rbac.authorization.k8s.io"
     kind      = "ClusterRole"
-    name      = kubernetes_cluster_role.provisioner.metadata[0].name
+    name      = kubernetes_cluster_role.provisioner[0].metadata[0].name
   }
 
   subject {
     kind      = "ServiceAccount"
-    name      = kubernetes_service_account.csi_driver.metadata[0].name
-    namespace = kubernetes_service_account.csi_driver.metadata[0].namespace
+    name      = kubernetes_service_account.csi_driver[0].metadata[0].name
+    namespace = kubernetes_service_account.csi_driver[0].metadata[0].namespace
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -28,6 +28,12 @@ variable "extra_node_selectors" {
   type        = map(string)
 }
 
+variable "controller_extra_node_selectors" {
+  description = "A map of extra node selectors for controller pods"
+  default     = {}
+  type        = map(string)
+}
+
 variable "node_extra_node_selectors" {
   description = "A map of extra node selectors for node pods"
   default     = {}
@@ -44,4 +50,34 @@ variable "host_aliases" {
   description = "A map of host aliases"
   default     = {}
   type        = map(any)
+}
+
+variable "create_controller" {
+  description = "Wheter to create a controller"
+  type        = bool
+  default     = false
+}
+
+variable "csi_controller_replica_count" {
+  description = "Number of EFS CSI driver controller pods"
+  type        = number
+  default     = 2
+}
+
+variable "tags" {
+  description = "A map of tags to add to all resources"
+  default     = {}
+  type        = map(string)
+}
+
+variable "delete_access_point_root_dir" {
+  description = "Wheter to delete the access point root dir"
+  type        = bool
+  default     = false
+}
+
+variable "controller_annotations" {
+  description = "A map of extra annotations for controller"
+  default     = {}
+  type        = map(string)
 }