search

jenkins-x / terraform-aws-eks-jx

A Terraform module for creating Jenkins X infrastructure on AWS
Apache License 2.0
63 stars 41 forks source link

fix: ebs csi driver addon (jx#8575) #367

Closed tgelpi closed 10 months ago

tgelpi commented 10 months ago

Description

Building/upgrading AWS to v1.23 and greater versions now require a container storage interface (CSI) driver.

The Kubernetes in-tree to container storage interface (CSI) volume migration feature was enabled in K8S version 1.23. This feature enables the replacement of existing Kubernetes in-tree storage plugins for Amazon EBS with a corresponding Amazon EBS CSI driver.

An add-on is software that provides supporting operational capabilities to Kubernetes applications, but is not specific to the application. EKS Addons Guide

This fix introduces Terraform resources to build and manage the Amazon EKS Add-on for the Amazon Elastic Block Store Container Storage Interface (Amazon EBS CSI)

Which issue this PR fixes

jenkins-x/jx#8575

Release notes

The proposed configuration may require multiple terraform apply commands executed due to Terraform resource dependency limitations. Currently, the first apply execution can result with the following error message:

Error: Kubernetes cluster unreachable: the server has asked for the client to provide credentials

Performing another apply command should resolve the issue.

tomhobson commented 10 months ago

/cc @msvticket

tgelpi commented 10 months ago

I think I resolved the "cluster unreachable" issue. Removed a dependency that I added for the helm_release.jx-git-operator resource. Will update the enable_ebs branch.

tgelpi commented 10 months ago

The latest version of this PR is now ready for approval. Implemented all suggested changes. Tested these changes agains Vault and ASM versions. Running test against this branch requires two additional variables that will be eventually get updated in https://github.com/jx3-gitops-repositories/jx3-terraform-eks:

create_addon_role = true
enable_ebs_addon = true

The following variable must be set to true for initial creation of environment:

enable_worker_groups_launch_template = true

The launch template variable can be set back to false after initial creation of environment.

msvticket commented 10 months ago

The following variable must be set to true for initial creation of environment:

enable_worker_groups_launch_template = true

The launch template variable can be set back to false after initial creation of environment.

Why is that?

tgelpi commented 10 months ago

If the enable_worker_groups_launch_template variable is set to false the current version and proposed versions do not complete a new build . The kubectl get nodes command returns empty. You can set the variable to true, complete the build, then set the variable to false but not sure how stable the new environment is.