Add S3 CSI Driver IAM policy as blueprints addon #1093
Conversation
This commit adds a new file `iam-policy.ts` that contains the IAM policy statements for the S3 CSI driver. It also adds a new file `index.ts` that implements the S3 CSI driver addon. The addon creates a service account, attaches the IAM policy to the service account's role, and deploys the addon to the cluster. The commit also includes some helper functions and default options for the addon.
jesperalmstrom
requested review from
aws-ia-ci,
shapirov103,
youngjeong46,
elamaran11 and
a team
as code owners
There was a problem hiding this comment.
@jesperalmstrom great work!
I have a couple of minor comments, please take a look when you get a chance.
As far testing: if you don't mind creating a doc for the addon in the https://github.com/aws-quickstart/cdk-eks-blueprints/tree/main/docs/addons folder providing an example workload to the customers (blueprint with just the addon and example workload for verification) that would be most helpful.
Also once your test is success, please indicate on this PR. If you hit any issues testing it out, I am happy to do some pair programming to resolve.
Refactor bucket arn to use name instead.
|
/do-e2e-tests |
| import { S3CsiDriverAddon } from '@aws-quickstart/eks-blueprints'; | ||
|
|
||
| const addOns = [ | ||
| new S3CsiDriverAddon({ |
There was a problem hiding this comment.
@jesperalmstrom minor: must be S3CSIDriverAddOn not S3CsiDriverAddon
| namespace: 'kube-system', | ||
| release: S3_CSI_DRIVER_RELEASE, | ||
| version: 'v1.9.0', | ||
| repository: 'https://github.com/awslabs/mountpoint-s3-csi-driver', |
There was a problem hiding this comment.
This should be 'https://awslabs.github.io/mountpoint-s3-csi-driver' which is a proper helm repo as opposed to the source repo. Otherwise helm version validation fails.
See https://github.com/awslabs/mountpoint-s3-csi-driver/blob/main/docs/install.md#helm
|
Merging it, issues that I identified are addressed in #1106 . |
S3 CSI Driver
Description of changes:
This commit adds a new file
iam-policy.tsthat contains the IAM policy statements for the S3 CSI driver. It also adds a new fileindex.tsthat implements the S3 CSI driver addon. The addon creates a service account, attaches the IAM policy to the service account's role, and deploys the addon to the cluster. The commit also includes some helper functions and default options for the addon.