Example CSI configuration for AWS EBS and EFS #9366
Conversation
|
|
| ] | ||
| } | ||
|
|
||
| output "mytestefsvol" { |
There was a problem hiding this comment.
Another option here that could make this a little more streamlined is to register the volume via Terraform directly, similar to how it's done in the DO example: https://github.com/hashicorp/nomad/blob/master/demo/csi/digitalocean/main.tf#L18-L28
There was a problem hiding this comment.
I'll provide examples of both (and make it clear it's either/or).
| @@ -0,0 +1,30 @@ | |||
| data "aws_kms_alias" "ebs" { | |||
| name = "alias/aws/ebs" | |||
There was a problem hiding this comment.
There's no other reference to setting up a KMS key in the documentation. Can we either add something giving folks a pointer here or remove this?
There was a problem hiding this comment.
AWS automatically provides a master key for EBS to use to decrypt the per-volume keys, which is what is being used here. There is nothing extra to set up in this case. You can also use KMS to create other master keys, which requires more setup. I have added a comment to this effect.
| @@ -0,0 +1,10 @@ | |||
| # terraform output mytestebsvol >example-volume.hcl | |||
There was a problem hiding this comment.
If we intend for these example.hcl files to be generated by Terraform, we shouldn't also commit them to the repo. (I'd even drop a .gitignore file in this directory to be sure folks don't commit the volume)
There was a problem hiding this comment.
I think it's useful to have a simple example file that someone can try to understand without trying to understand Terraform at the same time. I'll change the comments so it's clear that this is a separate example from the Terraform examples.
|
Hi @tsarna! Do you think you're going to get a chance to wrap up the comments on this PR? Otherwise I can pick it up from here and carry it to get merged. |
|
Hi @tgross yes, I'll try to find some time this weekend |
I am contributing these additional CSI example files for AWS EBS and CSI in the hope that it will help others.
The online documentation does have some EBS content, but this example includes some more details, like getting AWS credentials from Vault, and using Terraform to create a disk and automatically create the volume registration file.
There are no EFS examples out there as far as I know.
Thanks!