Portworx is a Kubernetes data services platform that provides persistent storage, data protection, disaster recovery, and other capabilities for containerized applications. This blueprint installs Portworx on Amazon Elastic Kubernetes Service (EKS) environment.
To get started look at these sample blueprints.
For the add-on to work, Portworx needs additional permission to AWS resources which can be provided in the following two ways. The different flows are also covered in sample blueprints:
- Add the below code block in your terraform script to create a policy with the required permissions. Make a note of the resource name for the policy you created:
resource "aws_iam_policy" "<policy-resource-name>" {
name = "<policy-name>"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:AttachVolume",
"ec2:ModifyVolume",
"ec2:DetachVolume",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeTags",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DescribeInstances",
"autoscaling:DescribeAutoScalingGroups"
]
Effect = "Allow"
Resource = "*"
},
]
})
}
- Run
terraform apply
command for the policy (replace it with your resource name):
terraform apply -target="aws_iam_policy.<policy-resource-name>"
- Attach the newly created AWS policy ARN to the node groups in your cluster:
managed_node_groups = {
node_group_1 = {
node_group_name = "my_node_group_1"
instance_types = ["t2.medium"]
min_size = 3
max_size = 3
subnet_ids = module.vpc.private_subnets
#Add this line to the code block or add the new policy ARN to the list if it already exists
additional_iam_policies = [aws_iam_policy.<policy-resource-name>.arn]
}
}
- Run the command below to apply the changes. (This step can be performed even if the cluster is up and running. The policy attachment happens without having to restart the nodes)
terraform apply -target="module.eks_blueprints"
Create a User with the same policy and generate an AWS access key ID and AWS secret access key pair and share it with Portworx.
It is recommended to pass the above values to the terraform script from your environment variable and is demonstrated below:
- Pass the key pair to Portworx by setting these two environment variables.
export TF_VAR_aws_access_key_id=<access-key-id-value>
export TF_VAR_aws_secret_access_key=<access-key-secret>
- To use Portworx add-on with this method, along with
enable_portworx
variable, pass these credentials in the following manner:
enable_portworx = true
portworx_helm_config = {
set_sensitive = [
{
name = "aws.accessKeyId"
value = var.aws_access_key_id
},
{
name = "aws.secretAccessKey"
value = var.aws_secret_access_key
}
]
}
- Define these two variables
aws_access_key_id
andaws_secret_access_key
. Terraform then automatically populates these variables from the environment variables.
variable "aws_access_key_id" {
type = string
default = ""
}
variable "aws_secret_access_key" {
type = string
default = ""
}
Alternatively, you can also provide the value of the secret key pair directly by hardcoding the values into the script.
After completing the requirement step, installing Portworx is simple, set enable_portworx
variable to true inside the Kubernetes add-on module.
module "eks_blueprints_kubernetes_addons" {
source = "github.com/pragrawal10/terraform-aws-eks-blueprints//modules/kubernetes-addons"
eks_cluster_id = module.eks_blueprints.eks_cluster_id
eks_cluster_endpoint = module.eks_blueprints.eks_cluster_endpoint
eks_oidc_provider = module.eks_blueprints.oidc_provider
eks_cluster_version = module.eks_blueprints.eks_cluster_version
#Add this line to enable Portworx
enable_portworx = true
}
To customize Portworx installation, pass the configuration parameter as an list of objects as shown below:
enable_portworx = true
portworx_helm_config = {
set = [
{
name = "clusterName"
value = "testCluster"
},
{
name = "imageVersion"
value = "2.13.4"
}
]
}
}
Name | Version |
---|---|
terraform | >= 1.0.0 |
aws | >= 3.72 |
kubernetes | >= 2.10 |
Name | Version |
---|---|
aws | >= 3.72 |
random | n/a |
Name | Source | Version |
---|---|---|
helm_addon | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | n/a |
Name | Type |
---|---|
aws_iam_policy.portworx_eksblueprint_metering | resource |
random_string.id | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
addon_context | Input configuration for the addon | any |
n/a | yes |
helm_config | Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs | any |
{} |
no |
irsa_config | Input configuration for IRSA module | any |
{} |
no |
No outputs.