(aws-eks) EKS Add-On support as L2/3 construct

[endersonmaia]

Describe the feature

As of 2022-03-01 we have the possibility to install the EBS CSI Driver via eksctl and management console.

I couldn't find a way to do this via aws-eks CDK module.

References:

• https://aws.amazon.com/about-aws/whats-new/2022/03/eks-add-ons-ebs-csi-driver-available/
• https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html
• https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks-readme.html#table-of-contents

Use Case

I'm using the instructions at this link [1] to install EBS CSI Driver using helm inside CDK, but it could be simpler to use an add-on via CDK.

1. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks-readme.html#table-of-contents

Proposed Solution

No response

Other Information

No response

Acknowledgements

• [ ] I may be able to implement this feature request
• [ ] This feature might incur a breaking change

CDK version used

2.19.0

Environment details (OS name and version, etc.)

Ubuntu 20.04

[indrora]

Reading through the documentation on this, it appears that this sort of add-in functionality would make for a good L2/L3 construct later on.

There are a few workarounds. The easiest is to deploy, then as a post-deploy action modify your created stack.

In your CDK app, create the outputs for your role ARN and such:

    new cdk.CfnOutput(this, 'eksClusterid', {
      value: eksCluster.name,
      description: 'Name of the EKS cluster',
      exportName: 'eksClusterId',
    });
    new cdk.CfnOutput(this, 'ebsrolearn', {
      value: eksCluster_EbsCsiRole.arn,
      description: 'ARN of the role used for the EKS CSI driver',
      exportName: 'eksEbsCsiDriverRoleArn',
    });

Then, in your deployment, modify the EKS cluster post-deployment of the CDK app

# Deploy the app
cdk deploy --app (..)

# Get the requisite info
export MY_EKS_CLUSTER=$(aws cloudformation describe-stacks --stack-name (..) --query "Stacks[0].Outputs[?OutputKey=='eksClusterId'].OutputValue" --output text
export CSI_DRIVER_ROLE=$(aws cloudformation describe-stacks --stack-name (..) --query "Stacks[0].Outputs[?OutputKey=='eksEbsCsiDriverRoleArn'].OutputValue" --output text

# ... modify the EKS cluster with your appropriate info 
aws eks create-addon \
  --cluster-name $MY_EKS_CLUSTER \
  --addon-name aws-ebs-csi-driver \
  --service-account-role-arn $CSI_DRIVER_ROLE

I'm not aware of how the behavior of create-addon changes if the addon is already added.

post-deployment scripts have been discussed in an RFC: https://github.com/aws/aws-cdk-rfcs/issues/228 -- If this is something you're interested in, please go comment or react to that.

[mburket]

The market place for EKS add-ons was announced at re:Invent recently -- https://aws.amazon.com/blogs/aws/new-aws-marketplace-for-containers-now-supports-direct-deployment-to-amazon-eks-clusters/. It will be great if CDK can support this.

[pahud]

Still relevant. We now have Addon L1 construct ICYMI. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.CfnAddon.html

[RichiCoder1]

An L2 would be great, and L3s for the various core addons would be fantastic.

[yakobe]

Is this now solved with the construct: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Addon.html and this issue can be resolved?

If the Addon construct does indeed solve this, how can set the serviceAccountRoleArn for the aws-ebs-csi-driver addon?