diff --git a/README.md b/README.md
index 65650df..cdf74fd 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ No modules.
| [kubernetes_cluster_role_binding.provisioner](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
| [kubernetes_csi_driver.efs](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/csi_driver) | resource |
| [kubernetes_daemonset.efs](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/daemonset) | resource |
+| [kubernetes_deployment.efs_csi_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
| [kubernetes_service_account.csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
## Inputs
@@ -46,13 +47,19 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [annotations](#input\_annotations) | Optional annotations to add to EFS CSI driver resources | `map(string)` | `{}` | no |
+| [controller\_annotations](#input\_controller\_annotations) | A map of extra annotations for controller | `map(string)` | `{}` | no |
+| [controller\_extra\_node\_selectors](#input\_controller\_extra\_node\_selectors) | A map of extra node selectors for controller pods | `map(string)` | `{}` | no |
+| [create\_controller](#input\_create\_controller) | Wheter to create a controller | `bool` | `false` | no |
+| [csi\_controller\_replica\_count](#input\_csi\_controller\_replica\_count) | Number of EFS CSI driver controller pods | `number` | `2` | no |
| [csi\_controller\_tolerations](#input\_csi\_controller\_tolerations) | CSI driver controller tolerations | `list(map(string))` | `[]` | no |
+| [delete\_access\_point\_root\_dir](#input\_delete\_access\_point\_root\_dir) | Wheter to delete the access point root dir | `bool` | `false` | no |
| [extra\_node\_selectors](#input\_extra\_node\_selectors) | A map of extra node selectors for all components | `map(string)` | `{}` | no |
| [host\_aliases](#input\_host\_aliases) | A map of host aliases | `map(any)` | `{}` | no |
| [labels](#input\_labels) | A map of extra labels for all resources | `map(string)` | `{}` | no |
| [log\_level](#input\_log\_level) | The log level for the CSI Driver controller | `number` | `5` | no |
| [namespace](#input\_namespace) | Namespace for EFS CSI driver resources | `string` | `"kube-system"` | no |
| [node\_extra\_node\_selectors](#input\_node\_extra\_node\_selectors) | A map of extra node selectors for node pods | `map(string)` | `{}` | no |
+| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
## Outputs
diff --git a/controller.tf b/controller.tf
new file mode 100644
index 0000000..763ef49
--- /dev/null
+++ b/controller.tf
@@ -0,0 +1,159 @@
+resource "kubernetes_deployment" "efs_csi_controller" {
+ count = var.create_controller ? 1 : 0
+
+ metadata {
+ name = local.controller_name
+ namespace = var.namespace
+ labels = var.labels
+ annotations = var.controller_annotations
+ }
+ spec {
+ replicas = var.csi_controller_replica_count
+
+ selector {
+ match_labels = {
+ app = local.controller_name
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ app = local.controller_name
+ }
+ }
+
+ spec {
+ host_network = true
+
+ node_selector = merge({
+ "beta.kubernetes.io/os" : "linux",
+ }, var.extra_node_selectors, var.controller_extra_node_selectors)
+
+ service_account_name = kubernetes_service_account[0].csi_driver.metadata[0].name
+ automount_service_account_token = true
+ priority_class_name = "system-cluster-critical"
+
+ toleration {
+ operator = "Exists"
+ }
+
+ dynamic "toleration" {
+ for_each = var.csi_controller_tolerations
+ content {
+ key = lookup(toleration.value, "key", null)
+ operator = lookup(toleration.value, "operator", null)
+ effect = lookup(toleration.value, "effect", null)
+ value = lookup(toleration.value, "value", null)
+ toleration_seconds = lookup(toleration.value, "toleration_seconds", null)
+ }
+ }
+
+ container {
+ name = "efs-plugin"
+ image = "amazon/aws-efs-csi-driver:v1.2.0"
+ args = compact(
+ [
+ "--endpoint=$(CSI_ENDPOINT)",
+ "--logtostderr",
+ "--v=${tostring(var.log_level)}",
+ length(local.csi_volume_tags) > 0 ? "tags=${local.csi_volume_tags}" : "",
+ var.delete_access_point_root_dir != "" ? "--delete-access-point-root-dir==${var.delete_access_point_root_dir}" : ""
+ ]
+ )
+
+ env {
+ name = "CSI_ENDPOINT"
+ value = "unix:///var/lib/csi/sockets/pluginproxy/csi.sock"
+ }
+
+ volume_mount {
+ mount_path = "/var/lib/csi/sockets/pluginproxy/"
+ name = "socket-dir"
+ }
+
+ port {
+ name = "healthz"
+ container_port = 9808
+ protocol = "TCP"
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/healthz"
+ port = "healthz"
+ }
+
+ initial_delay_seconds = 10
+ timeout_seconds = 3
+ period_seconds = 10
+ failure_threshold = 5
+ }
+
+ readiness_probe {
+ http_get {
+ path = "/healthz"
+ port = "healthz"
+ }
+
+ initial_delay_seconds = 10
+ timeout_seconds = 3
+ period_seconds = 10
+ failure_threshold = 5
+ }
+
+ security_context {
+ privileged = true
+ }
+ }
+
+ container {
+ name = "csi-provisioner"
+ image = "public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v2.1.1-eks-1-18-2"
+ args = compact(
+ [
+ "--csi-address=$(ADDRESS)",
+ "--v=${tostring(var.log_level)}",
+ "--feature-gates=Topology=true",
+ "--leader-election",
+ ]
+ )
+
+ env {
+ name = "ADDRESS"
+ value = "/var/lib/csi/sockets/pluginproxy/csi.sock"
+ }
+
+ volume_mount {
+ mount_path = "/var/lib/csi/sockets/pluginproxy/"
+ name = "socket-dir"
+ }
+ }
+
+ container {
+ name = "liveness-probe"
+ image = "public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.2.0-eks-1-18-2"
+ args = [
+ "--csi-address=/csi/csi.sock",
+ "--health-port=9808"
+ ]
+
+ volume_mount {
+ mount_path = "/csi"
+ name = "socket-dir"
+ }
+ }
+
+ volume {
+ name = "socket-dir"
+ empty_dir {}
+ }
+ }
+ }
+ }
+
+ depends_on = [
+ kubernetes_cluster_role_binding.provisioner,
+ kubernetes_csi_driver.efs,
+ ]
+}
diff --git a/daemonset.tf b/daemonset.tf
index 7f505f3..311e47d 100644
--- a/daemonset.tf
+++ b/daemonset.tf
@@ -1,11 +1,3 @@
-locals {
- name = "efs-csi-node"
- labels = {
- app = local.name
- "app.kubernetes.io/name" = "aws-efs-csi-driver"
- }
-}
-
resource "kubernetes_daemonset" "efs" {
metadata {
name = local.name
diff --git a/locals.tf b/locals.tf
new file mode 100644
index 0000000..7f21524
--- /dev/null
+++ b/locals.tf
@@ -0,0 +1,10 @@
+locals {
+ name = "efs-csi-node"
+ controller_name = "efs-csi-controller"
+ csi_volume_tags = join(",", [for key, value in var.tags : "${key}=${value}"])
+
+ labels = {
+ app = local.name
+ "app.kubernetes.io/name" = "aws-efs-csi-driver"
+ }
+}
\ No newline at end of file
diff --git a/rbac.tf b/rbac.tf
index 4794b19..9c17d1e 100644
--- a/rbac.tf
+++ b/rbac.tf
@@ -1,4 +1,6 @@
resource "kubernetes_service_account" "csi_driver" {
+ count = var.create_controller ? 1 : 0
+
metadata {
name = local.name
namespace = var.namespace
@@ -7,6 +9,8 @@ resource "kubernetes_service_account" "csi_driver" {
}
resource "kubernetes_cluster_role" "provisioner" {
+ count = var.create_controller ? 1 : 0
+
metadata {
name = "efs-csi-external-provisioner-role"
}
@@ -55,6 +59,8 @@ resource "kubernetes_cluster_role" "provisioner" {
}
resource "kubernetes_cluster_role_binding" "provisioner" {
+ count = var.create_controller ? 1 : 0
+
metadata {
name = "efs-csi-provisioner-binding"
}
@@ -62,12 +68,12 @@ resource "kubernetes_cluster_role_binding" "provisioner" {
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
- name = kubernetes_cluster_role.provisioner.metadata[0].name
+ name = kubernetes_cluster_role.provisioner[0].metadata[0].name
}
subject {
kind = "ServiceAccount"
- name = kubernetes_service_account.csi_driver.metadata[0].name
- namespace = kubernetes_service_account.csi_driver.metadata[0].namespace
+ name = kubernetes_service_account.csi_driver[0].metadata[0].name
+ namespace = kubernetes_service_account.csi_driver[0].metadata[0].namespace
}
}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 0ff398d..ba8f193 100644
--- a/variables.tf
+++ b/variables.tf
@@ -28,6 +28,12 @@ variable "extra_node_selectors" {
type = map(string)
}
+variable "controller_extra_node_selectors" {
+ description = "A map of extra node selectors for controller pods"
+ default = {}
+ type = map(string)
+}
+
variable "node_extra_node_selectors" {
description = "A map of extra node selectors for node pods"
default = {}
@@ -44,4 +50,34 @@ variable "host_aliases" {
description = "A map of host aliases"
default = {}
type = map(any)
+}
+
+variable "create_controller" {
+ description = "Wheter to create a controller"
+ type = bool
+ default = false
+}
+
+variable "csi_controller_replica_count" {
+ description = "Number of EFS CSI driver controller pods"
+ type = number
+ default = 2
+}
+
+variable "tags" {
+ description = "A map of tags to add to all resources"
+ default = {}
+ type = map(string)
+}
+
+variable "delete_access_point_root_dir" {
+ description = "Wheter to delete the access point root dir"
+ type = bool
+ default = false
+}
+
+variable "controller_annotations" {
+ description = "A map of extra annotations for controller"
+ default = {}
+ type = map(string)
}
\ No newline at end of file