adding depends on matrix and enable s3_csi_driver

cluster.tf

@@ -54,6 +54,7 @@ resource "aws_eks_addon" "core" {
     "vpc-cni",
     "coredns",
     "aws-ebs-csi-driver",
+    var.s3_csi_driver_enabled ? ["aws-mountpoint-s3-csi-driver"] : [],
     var.efs_enabled ? ["aws-efs-csi-driver"] : [],
   ]))
 

examples/eks/main.tf

@@ -25,17 +25,11 @@ provider "kubernetes" {
   config_path = "./kubeconfig"
 }
 
-module "encrypted-launch-template" {
-  source = "github.com/opszero/terraform-aws-kubespot//module/encrypted-launch-template?ref=developv8"
 
-  eks_cluster         = module.eks_cluster
-  eks_cluster_version = "1.29"
-}
 
 module "opszero-eks" {
   source = "github.com/opszero/terraform-aws-kubespot"
 
-  aws_profile = local.profile
   zones = [
     "us-east-1a",
     "us-east-1b"
@@ -78,21 +72,16 @@ module "opszero-eks" {
       nodes_max_size         = 3,
       nodes_min_size         = 3
       ami_type               = "CUSTOM"
-      launch_template = [{
-        id      = module.encrypted-launch-template.launch_template_id
-        version = "$Latest"
-      }]
     },
     "t3a-medium-spot2" = {
       instance_types = [
         "t3a.medium",
       ]
-      capacity_type          = "SPOT"
-      node_disk_size         = 20
+      node_disk_size         = 32
       nodes_in_public_subnet = false
-      node_desired_capacity  = 3,
-      nodes_max_size         = 3,
-      nodes_min_size         = 3
+      node_desired_capacity  = 1,
+      nodes_max_size         = 1,
+      nodes_min_size         = 1
     }
   }
 
@@ -103,6 +92,9 @@ module "opszero-eks" {
   nat_enabled           = true
   vpc_flow_logs_enabled = false
   efs_enabled           = false
+  # csi
+  s3_csi_driver_enabled  = true
+  csi_bucket_name   = "test-6647373dd"  #name of s3
 }
 
 module "helm-common" {
@@ -113,12 +105,3 @@ module "helm-common" {
   nginx_max_replicas = 3
 }
 
-
-# resource "aws_ecr_repository" "opszero" {
-#   name                 = "opszero"
-#   image_tag_mutability = "MUTABLE"
-
-#   # image_scanning_configuration {
-#   #   scan_on_push = true
-#   # }
-# }

iam.tf

@@ -384,3 +384,47 @@ resource "aws_iam_policy" "ebs" {
 }
 EOF
 }
+
+
+resource "aws_iam_policy" "s3_policy" {
+  count = var.s3_csi_driver_enabled ? 1 : 0
+  name        = "${var.environment_name}-s3-access-policy"
+  description = "IAM policy for S3 access"
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid    = "MountpointFullBucketAccess",
+        Effect = "Allow",
+        Action = [
+          "s3:ListBucket"
+        ],
+        Resource = [
+          "arn:aws:s3:::${var.csi_bucket_name}"
+        ],
+      },
+      {
+        Sid    = "MountpointFullObjectAccess",
+        Effect = "Allow",
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:AbortMultipartUpload",
+          "s3:DeleteObject",
+        ],
+        Resource = [
+          "arn:aws:s3:::${var.csi_bucket_name}/*"
+        ],
+      },
+    ],
+  })
+}
+
+
+resource "aws_iam_role_policy_attachment" "csi" {
+  count = var.s3_csi_driver_enabled ? 1 : 0
+
+  policy_arn = join("", aws_iam_policy.s3_policy.*.arn)
+  role       = aws_iam_role.node.name
+}

metrics_server.tf

@@ -1,4 +1,5 @@
 resource "helm_release" "metrics-server" {
+  depends_on = [aws_eks_cluster.cluster]
   name             = "metrics-server"
   repository       = "https://kubernetes-sigs.github.io/metrics-server/"
   chart            = "metrics-server"

variables.tf

@@ -442,3 +442,15 @@ variable "access_policies" {
   description = "access policies"
   default     = []
 }
+
+variable "s3_csi_driver_enabled" {
+  description = "Enable or disable the S3 CSI driver"
+  type        = bool
+  default     = false
+}
+
+variable "csi_bucket_name" {
+  description = "The name of the S3 bucket for the CSI driver"
+  type        = string
+  default     = ""
+}