Merge pull request #235 from networkservicemesh/spire

Add AWS CSI support
networkservicemesh · Jan 23, 2024 · 358de25 · 358de25
2 parents 2d948ad + 0565dfd
commit 358de25
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/networkservicemesh/integration-interdomain-k8s
 go 1.20
 
 require (
-	github.com/networkservicemesh/integration-tests v0.0.0-20231017125309-7c71d1c7b0c4
+	github.com/networkservicemesh/integration-tests v0.0.0-20240119111719-2cb8da4b1e5a
 	github.com/stretchr/testify v1.8.1
 )
 

diff --git a/go.sum b/go.sum
@@ -14,8 +14,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/networkservicemesh/gotestmd v0.0.0-20220628095933-eabbdc09e0dc h1:1L/OisEFsOyhwaqeJpYmM1nlJ2dBusUMiszPDBlUip0=
 github.com/networkservicemesh/gotestmd v0.0.0-20220628095933-eabbdc09e0dc/go.mod h1:8EWnekTRNX+NxBdTFE24WqUoM7SgJHbiafDBrIIdOmQ=
-github.com/networkservicemesh/integration-tests v0.0.0-20231017125309-7c71d1c7b0c4 h1:8gOjm2k/u/jLLcUKhj0O6HLTmI16KPAzQUx8hFdh1yQ=
-github.com/networkservicemesh/integration-tests v0.0.0-20231017125309-7c71d1c7b0c4/go.mod h1:o3+iZ6iQvk2ukrAxQhaDOXUPhhQRW4O9BMi6YolZ4pI=
+github.com/networkservicemesh/integration-tests v0.0.0-20240119111719-2cb8da4b1e5a h1:GdMXVpG3nu+TOqs4fEmvFEn23znMQU5uLzepVRE3PJE=
+github.com/networkservicemesh/integration-tests v0.0.0-20240119111719-2cb8da4b1e5a/go.mod h1:o3+iZ6iQvk2ukrAxQhaDOXUPhhQRW4O9BMi6YolZ4pI=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

diff --git a/scripts/aws/aws-start.sh b/scripts/aws/aws-start.sh
@@ -2,6 +2,8 @@
 
 echo "aws region is $AWS_REGION"
 
+export IAM_NAME=ebs-csi-controller-sa
+
 apt-get update && apt-get -y install curl dnsutils
 
 curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl
@@ -45,6 +47,19 @@ if [[ -z $sg  ]]; then
     exit 1
 fi
 
+# These steps are required to support CSI
+eksctl utils associate-iam-oidc-provider --cluster="${AWS_CLUSTER_NAME}" --approve
+eksctl create iamserviceaccount \
+    --name "${IAM_NAME}" \
+    --namespace kube-system \
+    --cluster "${AWS_CLUSTER_NAME}" \
+    --role-name AmazonEKS_EBS_CSI_DriverRole \
+    --role-only \
+    --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
+    --approve
+ROLE_ARN=$(eksctl get iamserviceaccount --cluster "${AWS_CLUSTER_NAME}" -o json | jq -r '.[] | select(.metadata.name == env.IAM_NAME) | .status.roleARN')
+eksctl create addon --name aws-ebs-csi-driver --cluster "${AWS_CLUSTER_NAME}" --service-account-role-arn "${ROLE_ARN}" --force
+
 ### authorize wireguard
 aws ec2 authorize-security-group-ingress --group-id "$sg" --protocol tcp --port 51820 --cidr 0.0.0.0/0
 aws ec2 authorize-security-group-ingress --group-id "$sg" --protocol udp --port 51820 --cidr 0.0.0.0/0