Created
April 28, 2020 18:33
-
-
Save hsm207/00c75bf62eb4c0466737f07f243681cd to your computer and use it in GitHub Desktop.
Setup dynamic FSx lustre on EKS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# from https://aws.amazon.com/blogs/opensource/using-fsx-lustre-csi-driver-amazon-eks/ | |
# and | |
# from https://github.com/kubernetes-sigs/aws-fsx-csi-driver | |
pushd /tmp | |
# create an IAM policy to allow FSx use | |
cat >policy.json <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"iam:CreateServiceLinkedRole", | |
"iam:AttachRolePolicy", | |
"iam:PutRolePolicy" | |
], | |
"Resource": "arn:aws:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/*" | |
}, | |
{ | |
"Action":"iam:CreateServiceLinkedRole", | |
"Effect":"Allow", | |
"Resource":"*", | |
"Condition":{ | |
"StringLike":{ | |
"iam:AWSServiceName":[ | |
"fsx.amazonaws.com" | |
] | |
} | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:ListBucket", | |
"fsx:CreateFileSystem", | |
"fsx:DeleteFileSystem", | |
"fsx:DescribeFileSystems" | |
], | |
"Resource": ["*"] | |
} | |
] | |
} | |
EOF | |
POLICY_ARN=$(aws iam create-policy --policy-name fsx-csi --policy-document file://./policy.json --query "Policy.Arn" --output text) | |
popd | |
# add the policy to the worker nodes | |
CLUSTER_NAME="dev" | |
NODEGROUP_NAME="ng-1" | |
CLUSTER_STACK_NAME="eksctl-$CLUSTER_NAME-nodegroup-$NODEGROUP_NAME" | |
INSTANCE_ROLE_NAME=$(aws cloudformation describe-stacks --stack-name $CLUSTER_STACK_NAME --output text --query "Stacks[0].Outputs[1].OutputValue" | | |
sed -e 's/.*\///g') | |
aws iam attach-role-policy --policy-arn ${POLICY_ARN} --role-name ${INSTANCE_ROLE_NAME} | |
# deploy the FSx CSI driver | |
kubectl apply -k "github.com/kubernetes-sigs/aws-fsx-csi-driver/deploy/kubernetes/overlays/stable/?ref=master" | |
# configure the storage class | |
# get cluster's VPC | |
VPC_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=eksctl-$CLUSTER_NAME-cluster/VPC" --query "Vpcs[0].VpcId" --output text) | |
# get the VPC's subnet | |
# note that we provisioned the nodegroup to be from "ap-southeast-1a" only | |
AZ=`echo ${AWS_DEFAULT_REGION^^}A | | |
tr -d '-'` | |
SUBNET_ID=`aws ec2 describe-subnets \ | |
--filters "[{\"Name\": \"vpc-id\",\"Values\": [\"$VPC_ID\"]}, | |
{\"Name\": \"tag:aws:cloudformation:logical-id\",\"Values\": [\"SubnetPublic$AZ\"]}]" \ | |
--query "Subnets[0].SubnetId" \ | |
--output text` | |
# create the security group | |
SECURITY_GROUP_ID=`aws ec2 create-security-group \ | |
--group-name eks-fsx-security-group \ | |
--vpc-id ${VPC_ID} \ | |
--description "FSx for Lustre Security Group" \ | |
--query "GroupId" \ | |
--output text` | |
aws ec2 authorize-security-group-ingress \ | |
--group-id ${SECURITY_GROUP_ID} \ | |
--protocol tcp \ | |
--port 988 \ | |
--cidr 192.168.0.0/16 | |
# create the storage class config | |
AWS_BUCKET="eks-volume" | |
pushd /tmp | |
cat >storage-class.yaml <<EOF | |
kind: StorageClass | |
apiVersion: storage.k8s.io/v1 | |
metadata: | |
name: fsx-sc | |
provisioner: fsx.csi.aws.com | |
parameters: | |
subnetId: ${SUBNET_ID} | |
securityGroupIds: ${SECURITY_GROUP_ID} | |
s3ImportPath: s3://$AWS_BUCKET | |
s3ExportPath: s3://$AWS_BUCKET | |
deploymentType: SCRATCH_2 | |
EOF | |
# deploy the storage class config | |
kubectl apply -f storage-class.yaml | |
popd | |
# create and deploy the persistent volume claim | |
pushd /tmp | |
cat >claim.yaml <<EOF | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: fsx-claim | |
spec: | |
accessModes: | |
- ReadWriteMany | |
storageClassName: fsx-sc | |
resources: | |
requests: | |
storage: 1200Gi | |
EOF | |
kubectl apply -f claim.yaml | |
popd | |
# wait for the pv claim to be Bounded | |
kubectl get persistentvolumeclaims fsx-claim -w |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment