add code for storage

Author: Nidhi Gupta

terraform/eks_nodegroup/ebs.tf

@@ -0,0 +1,43 @@
+provider "kubernetes" {
+   host                   = module.eks.cluster_endpoint
+   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+   token                  = data.aws_eks_cluster_auth.cluster.token
+}
+// This addon will also create a kubernetes service account with the necessary IAM role attached to managed EBS volumes
+resource "aws_eks_addon" "ebs" {
+  depends_on = [ module.eks_managed_node_group ]
+  cluster_name = module.eks.cluster_name 
+  addon_name   = "aws-ebs-csi-driver"
+  service_account_role_arn = aws_iam_role.eks-ebs.arn
+}
+resource "aws_iam_role" "eks-ebs" {
+  name = "eks-ebs"
+  assume_role_policy = data.aws_iam_policy_document.ebs_controller_assume_role_policy.json  
+}
+
+resource "aws_iam_role_policy_attachment" "ebs_controller_policy_attachment" {
+  role       = aws_iam_role.eks-ebs.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
+}
+
+# Define the IAM policy document for the AssumeRole policy
+data "aws_iam_policy_document" "ebs_controller_assume_role_policy" {
+  statement {
+    actions   = ["sts:AssumeRoleWithWebIdentity"]
+    effect    = "Allow"
+    principals {
+      type        = "Federated"
+      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${module.eks.oidc_provider}"]
+    }
+    condition {
+      test     = "StringEquals"
+      variable = "${module.eks.oidc_provider}:aud"
+      values   = ["sts.amazonaws.com"]
+    }
+    condition {
+      test     = "StringEquals"
+      variable = "${module.eks.oidc_provider}:sub"
+      values   = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"]
+    }
+  }
+}

terraform/eks_nodegroup/providers.tf

@@ -13,6 +13,6 @@ terraform {
   backend "s3" {
     region = "us-east-1"
     bucket = "devops4solutions-terraform"
-    key    = "eks_cluster_2.tfstate"
+    key    = "eks_cluster_3.tfstate"
   }
 }

terraform/eks_nodegroup/vpc.tf

@@ -1,11 +1,11 @@
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
-  name = "eks-vpc1"
-  cidr = "11.0.0.0/16"
+  name = "eks-vpc"
+  cidr = "12.0.0.0/16"
 
   azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
-  private_subnets = ["11.0.1.0/24", "11.0.2.0/24", "11.0.3.0/24"]
-  public_subnets  = ["11.0.101.0/24", "11.0.102.0/24", "11.0.103.0/24"]
+  private_subnets = ["12.0.1.0/24", "12.0.2.0/24", "12.0.3.0/24"]
+  public_subnets  = ["12.0.101.0/24", "12.0.102.0/24", "12.0.103.0/24"]
   enable_nat_gateway = true
   single_nat_gateway  = true
   one_nat_gateway_per_az = false