aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard
verified publisher icon aws

(aws-eks) EKS Add-On support as L2/3 construct

Open endersonmaia opened this issue 3 years ago • 5 comments

Describe the feature

As of 2022-03-01 we have the possibility to install the EBS CSI Driver via eksctl and management console.

I couldn't find a way to do this via aws-eks CDK module.

References:

  • https://aws.amazon.com/about-aws/whats-new/2022/03/eks-add-ons-ebs-csi-driver-available/
  • https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html
  • https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks-readme.html#table-of-contents

Use Case

I'm using the instructions at this link [1] to install EBS CSI Driver using helm inside CDK, but it could be simpler to use an add-on via CDK.

  1. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks-readme.html#table-of-contents

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • [ ] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

CDK version used

2.19.0

Environment details (OS name and version, etc.)

Ubuntu 20.04

endersonmaia avatar Apr 01 '22 14:04 endersonmaia

Reading through the documentation on this, it appears that this sort of add-in functionality would make for a good L2/L3 construct later on.

There are a few workarounds. The easiest is to deploy, then as a post-deploy action modify your created stack.

In your CDK app, create the outputs for your role ARN and such:


    new cdk.CfnOutput(this, 'eksClusterid', {
      value: eksCluster.name,
      description: 'Name of the EKS cluster',
      exportName: 'eksClusterId',
    });
    new cdk.CfnOutput(this, 'ebsrolearn', {
      value: eksCluster_EbsCsiRole.arn,
      description: 'ARN of the role used for the EKS CSI driver',
      exportName: 'eksEbsCsiDriverRoleArn',
    });

Then, in your deployment, modify the EKS cluster post-deployment of the CDK app


# Deploy the app
cdk deploy --app (..)

# Get the requisite info
export MY_EKS_CLUSTER=$(aws cloudformation describe-stacks --stack-name (..) --query "Stacks[0].Outputs[?OutputKey=='eksClusterId'].OutputValue" --output text
export CSI_DRIVER_ROLE=$(aws cloudformation describe-stacks --stack-name (..) --query "Stacks[0].Outputs[?OutputKey=='eksEbsCsiDriverRoleArn'].OutputValue" --output text

# ... modify the EKS cluster with your appropriate info 
aws eks create-addon \
  --cluster-name $MY_EKS_CLUSTER \
  --addon-name aws-ebs-csi-driver \
  --service-account-role-arn $CSI_DRIVER_ROLE

I'm not aware of how the behavior of create-addon changes if the addon is already added.

post-deployment scripts have been discussed in an RFC: https://github.com/aws/aws-cdk-rfcs/issues/228 -- If this is something you're interested in, please go comment or react to that.

indrora avatar Jun 09 '22 19:06 indrora

The market place for EKS add-ons was announced at re:Invent recently -- https://aws.amazon.com/blogs/aws/new-aws-marketplace-for-containers-now-supports-direct-deployment-to-amazon-eks-clusters/. It will be great if CDK can support this.

mburket avatar Dec 19 '22 18:12 mburket

Still relevant. We now have Addon L1 construct ICYMI. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.CfnAddon.html

pahud avatar Jan 26 '23 21:01 pahud

An L2 would be great, and L3s for the various core addons would be fantastic.

RichiCoder1 avatar Jan 26 '23 22:01 RichiCoder1

Is this now solved with the construct: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Addon.html and this issue can be resolved?

If the Addon construct does indeed solve this, how can set the serviceAccountRoleArn for the aws-ebs-csi-driver addon?

yakobe avatar Aug 14 '24 11:08 yakobe