-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathdeploy.sh
More file actions
executable file
·60 lines (34 loc) · 2.14 KB
/
deploy.sh
File metadata and controls
executable file
·60 lines (34 loc) · 2.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
# This script intergrates your EKS cluster or EKS Hyperpod Cluster with Amazon FSx for Lustre.
# To learn more about FSx and the steps involved in setting it up, please refer to the following links
# https://aws.amazon.com/blogs/opensource/using-fsx-lustre-csi-driver-amazon-eks/
# https://docs.aws.amazon.com/eks/latest/userguide/fsx-csi.html
# https://github.com/kubernetes-sigs/aws-fsx-csi-driver
# This is sourced from the Amazon EKS Support in Amazon SageMaker workshop studio
set -e
# Create an IAM OIDC identity provider for your cluster with the following command:
eksctl utils associate-iam-oidc-provider --cluster $AWS_EKS_CLUSTER --approve
# Deploy the FSx for Lustre CSI driver:
helm repo add aws-fsx-csi-driver https://kubernetes-sigs.github.io/aws-fsx-csi-driver
helm repo update
helm upgrade --install aws-fsx-csi-driver aws-fsx-csi-driver/aws-fsx-csi-driver\
--namespace kube-system
# Use the eksctl CLI to create an IAM role bound to the service account used by the driver, attaching the AmazonFSxFullAccess AWS-managed policy:
eksctl create iamserviceaccount \
--name fsx-csi-controller-sa \
--override-existing-serviceaccounts \
--namespace kube-system \
--cluster $AWS_EKS_CLUSTER \
--attach-policy-arn arn:aws:iam::aws:policy/AmazonFSxFullAccess \
--approve \
--role-name AmazonEKSFSxLustreCSIDriverFullAccess \
--region $AWS_REGION
# Annotate the driver's service account with the ARN of the AmazonEKSFSxLustreCSIDriverFullAccess IAM role that was created:
SA_ROLE_ARN=$(aws iam get-role --role-name AmazonEKSFSxLustreCSIDriverFullAccess --query 'Role.Arn' --output text)
kubectl annotate serviceaccount -n kube-system fsx-csi-controller-sa \
eks.amazonaws.com/role-arn=${SA_ROLE_ARN} --overwrite=true
# This annotation lets the driver know what IAM role it should use to interact with the FSx for Lustre service on your behalf.
# Verify that the service account has been properly annotated:
kubectl get serviceaccount -n kube-system fsx-csi-controller-sa -oyaml
# Restart the fsx-csi-controller deployment for the changes to take effect:
kubectl rollout restart deployment fsx-csi-controller -n kube-system