merge(#3648): deployed EBS CSI driver

Install AWS EBS CSI driver by default as EKS addon or PKE AWS 1.23+ Helm chart
#3648

Author: pregnor

cmd/worker/aws.go

@@ -36,6 +36,7 @@ func registerAwsWorkflows(
 	awsSecretStore awsworkflow.SecretStore,
 ) {
 	createClusterWorkflow := pkeworkflow.NewCreateClusterWorkflow(
+		config.Distribution.PKE.Amazon.DefaultEBSCSIDriverChartVersion,
 		config.Distribution.PKE.Amazon.DefaultNodeVolumeSize,
 		config.Distribution.PKE.Amazon.GlobalRegion,
 	)

cmd/worker/main.go

@@ -387,6 +387,15 @@ func main() {
 			restoreBackupActivity := velero.NewRestoreBackupActivity(clusterManager, unifiedHelmReleaser, global.DB(), config.Cluster.DisasterRecovery)
 			worker.RegisterActivityWithOptions(restoreBackupActivity.Execute, activity.RegisterOptions{Name: clustersetup.RestoreBackupActivityName})
 
+			deployAWSEBSCSIDriverActivity := clustersetup.NewDeployAWSEBSCSIDriverActivity(
+				config.Cluster.Labels,
+				unifiedHelmReleaser,
+			)
+			worker.RegisterActivityWithOptions(
+				deployAWSEBSCSIDriverActivity.Execute,
+				activity.RegisterOptions{Name: clustersetup.DeployAWSEBSCSIDriverActivityName},
+			)
+
 			deployIngressControllerActivity := clustersetup.NewDeployIngressControllerActivity(
 				config.Cluster.Labels,
 				unifiedHelmReleaser,

config/config.yaml.dist

@@ -386,6 +386,7 @@ dex:
 #helm:
 #    home: "./var/cache"
 #    repositories:
+#        aws-ebs-csi-driver: "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
 #        stable: "https://charts.helm.sh/stable"
 #        banzaicloud-stable: "https://kubernetes-charts.banzaicloud.com"
 #        bitnami: "https://charts.bitnami.com/bitnami"
@@ -421,6 +422,7 @@ distribution:
        amazon:
            enabled: true
 #            globalRegion: us-east-1
+#            defaultEBSCSIDriverChartVersion: "2.12.1"
 #            defaultImages: {}
 #            defaultNetworkProvider: "cilium"
 #            defaultNodeVolumeSize: 0 # GiB, 0/fallback: max(50, AMISize)

internal/cluster/clustersetup/BUILD.plz

@@ -19,6 +19,7 @@ go_library(
         "//src/auth",
         "//src/dns",
         "//third_party/go:emperror.dev__errors",
+        "//third_party/go:github.com__Masterminds__semver__v3",
         "//third_party/go:github.com__aws__aws-sdk-go__aws",
         "//third_party/go:github.com__ghodss__yaml",
         "//third_party/go:go.uber.org__cadence",
@@ -50,6 +51,7 @@ go_test(
         "//src/auth",
         "//src/dns",
         "//third_party/go:emperror.dev__errors",
+        "//third_party/go:github.com__Masterminds__semver__v3",
         "//third_party/go:github.com__aws__aws-sdk-go__aws",
         "//third_party/go:github.com__ghodss__yaml",
         "//third_party/go:github.com__stretchr__testify__mock",
@@ -90,6 +92,7 @@ go_test(
         "//src/auth",
         "//src/dns",
         "//third_party/go:emperror.dev__errors",
+        "//third_party/go:github.com__Masterminds__semver__v3",
         "//third_party/go:github.com__aws__aws-sdk-go__aws",
         "//third_party/go:github.com__ghodss__yaml",
         "//third_party/go:github.com__stretchr__testify__mock",

internal/cluster/clustersetup/activity_deploy_aws_ebs_csi_driver.go

@@ -0,0 +1,84 @@
+// Copyright © 2021 Banzai Cloud
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package clustersetup
+
+import (
+	"context"
+
+	"emperror.dev/errors"
+	"github.com/Masterminds/semver/v3"
+	"go.uber.org/cadence/activity"
+
+	"github.com/banzaicloud/pipeline/internal/cluster/clusterconfig"
+	"github.com/banzaicloud/pipeline/internal/global"
+)
+
+const DeployAWSEBSCSIDriverActivityName = "deploy-aws-ebs-csi-driver"
+
+type DeployAWSEBSCSIDriverActivity struct {
+	config      clusterconfig.LabelConfig
+	helmService HelmService
+}
+
+type DeployAWSEBSCSIDriverActivityInput struct {
+	ClusterID         uint
+	KubernetesVersion string
+	ChartVersion      string
+}
+
+// NewDeployAWSEBSCSIDriverActivity returns a new DeployAWSEBSCSIDriverActivity.
+func NewDeployAWSEBSCSIDriverActivity(
+	config clusterconfig.LabelConfig,
+	helmService HelmService,
+) DeployAWSEBSCSIDriverActivity {
+	return DeployAWSEBSCSIDriverActivity{
+		config:      config,
+		helmService: helmService,
+	}
+}
+
+func (a DeployAWSEBSCSIDriverActivity) Execute(ctx context.Context, input DeployAWSEBSCSIDriverActivityInput) error {
+	logger := activity.GetLogger(ctx).Sugar().With(
+		"clusterID", input.ClusterID,
+		"KubernetesVersion", input.KubernetesVersion,
+		"chartVersion", input.ChartVersion,
+	)
+
+	ebsCSIDriverConstraint, err := semver.NewConstraint(">= 1.23")
+	if err != nil {
+		return errors.WrapIf(err, "creating semver constraint for EBS CSI driver failed")
+	}
+
+	k8sVersion, err := semver.NewVersion(input.KubernetesVersion)
+	if err != nil {
+		return errors.WrapIf(err, "creating semver from Kubernetes version failed")
+	}
+
+	if !ebsCSIDriverConstraint.Check(k8sVersion) {
+		logger.Infof("kubernetesVersion failed ebsCSIDriverConstraint check", "k8sVersion", k8sVersion)
+
+		return nil
+	}
+
+	return a.helmService.ApplyDeployment(
+		ctx,
+		input.ClusterID,
+		global.Config.Cluster.Namespace,
+		"aws-ebs-csi-driver/aws-ebs-csi-driver",
+		"aws-ebs-csi-driver",
+		nil,
+		input.ChartVersion,
+	)
+}

internal/cluster/distribution/eks/eksprovider/workflow/bootstrap_workflow.go

@@ -108,6 +108,12 @@ func (a *BootstrapWorkflow) Execute(ctx workflow.Context, input BootstrapWorkflo
 					KubernetesVersion: input.KubernetesVersion,
 					AddonName:         "kube-proxy",
 				}),
+			workflow.ExecuteActivity(ctx, CreateAddonActivityName,
+				CreateAddonActivityInput{
+					EKSActivityInput:  commonActivityInput,
+					KubernetesVersion: input.KubernetesVersion,
+					AddonName:         "aws-ebs-csi-driver",
+				}),
 		)
 	}
 

internal/cmd/config.go

@@ -515,11 +515,12 @@ type DistributionConfig struct {
 
 	PKE struct {
 		Amazon struct {
-			Enabled                bool
-			GlobalRegion           string
-			DefaultImages          map[string]string
-			DefaultNetworkProvider string
-			DefaultNodeVolumeSize  int
+			Enabled                         bool
+			GlobalRegion                    string
+			DefaultEBSCSIDriverChartVersion string
+			DefaultImages                   map[string]string
+			DefaultNetworkProvider          string
+			DefaultNodeVolumeSize           int
 		}
 		Azure struct {
 			Enabled bool
@@ -866,6 +867,7 @@ traefik:
 
 	// Helm configuration
 	v.SetDefault("helm::home", "./var/cache")
+	v.SetDefault("helm::repositories::aws-ebs-csi-driver", "https://kubernetes-sigs.github.io/aws-ebs-csi-driver")
 	v.SetDefault("helm::repositories::stable", "https://charts.helm.sh/stable")
 	v.SetDefault("helm::repositories::banzaicloud-stable", "https://kubernetes-charts.banzaicloud.com")
 	v.SetDefault("helm::repositories::bitnami", "https://charts.bitnami.com/bitnami")
@@ -885,6 +887,7 @@ traefik:
 
 	v.SetDefault("distribution::pke::amazon::enabled", true)
 	v.SetDefault("distribution::pke::amazon::globalRegion", "us-east-1")
+	v.SetDefault("distribution::pke::amazon::defaultEBSCSIDriverChartVersion", "2.12.1")
 	v.SetDefault("distribution::pke::amazon::defaultImages", map[string]string{})
 	v.SetDefault("distribution::pke::amazon::defaultNetworkProvider", "cilium")
 	v.SetDefault("distribution::pke::amazon::defaultNodeVolumeSize", 0)

internal/providers/pke/pkeworkflow/BUILD.plz

@@ -10,6 +10,7 @@ go_library(
         "//internal/cluster",
         "//internal/cluster/auth",
         "//internal/cluster/clustersecret",
+        "//internal/cluster/clustersetup",
         "//internal/cluster/distribution/eks/eksprovider/workflow",
         "//internal/cluster/distribution/pke/pkeaws",
         "//internal/providers/amazon",
@@ -55,6 +56,7 @@ go_test(
         "//internal/cluster",
         "//internal/cluster/auth",
         "//internal/cluster/clustersecret",
+        "//internal/cluster/clustersetup",
         "//internal/cluster/distribution/eks/eksprovider/workflow",
         "//internal/cluster/distribution/pke/pkeaws",
         "//internal/providers/amazon",

internal/providers/pke/pkeworkflow/create_cluster.go

@@ -22,6 +22,7 @@ import (
 	"go.uber.org/cadence"
 	"go.uber.org/cadence/workflow"
 
+	"github.com/banzaicloud/pipeline/internal/cluster/clustersetup"
 	"github.com/banzaicloud/pipeline/pkg/sdk/brn"
 	"github.com/banzaicloud/pipeline/pkg/sdk/cadence/lib/pipeline/processlog"
 )
@@ -47,19 +48,26 @@ type CreateClusterWorkflowInput struct {
 	PipelineExternalURLInsecure bool
 	OIDCEnabled                 bool
 	VPCID                       string
+	KubernetesVersion           string
 }
 
 type CreateClusterWorkflow struct {
-	DefaultNodeVolumeSize int
-	GlobalRegion          string
-	processLogger         processlog.ProcessLogger
+	DefaultEBSCSIDriverChartVersion string
+	DefaultNodeVolumeSize           int
+	GlobalRegion                    string
+	processLogger                   processlog.ProcessLogger
 }
 
-func NewCreateClusterWorkflow(defaultNodeVolumeSize int, globalRegion string) CreateClusterWorkflow {
+func NewCreateClusterWorkflow(
+	defaultEBSCSIDriverChartVersion string,
+	defaultNodeVolumeSize int,
+	globalRegion string,
+) CreateClusterWorkflow {
 	return CreateClusterWorkflow{
-		DefaultNodeVolumeSize: defaultNodeVolumeSize,
-		GlobalRegion:          globalRegion,
-		processLogger:         processlog.New(),
+		DefaultEBSCSIDriverChartVersion: defaultEBSCSIDriverChartVersion,
+		DefaultNodeVolumeSize:           defaultNodeVolumeSize,
+		GlobalRegion:                    globalRegion,
+		processLogger:                   processlog.New(),
 	}
 }
 
@@ -406,9 +414,9 @@ func (w CreateClusterWorkflow) Execute(ctx workflow.Context, input CreateCluster
 
 	// Create nodes
 	{
-		futures := make([]workflow.Future, len(nodePools))
+		futures := make([]workflow.Future, 0, len(nodePools))
 
-		for i, np := range nodePools {
+		for _, np := range nodePools {
 			if !np.Master {
 				subnetIDs := np.Subnets
 				if len(np.Subnets) == 0 {
@@ -430,19 +438,51 @@ func (w CreateClusterWorkflow) Execute(ctx workflow.Context, input CreateCluster
 					SSHKeyName:                keyOut.KeyName,
 				}
 
-				futures[i] = workflow.ExecuteActivity(ctx, CreateWorkerPoolActivityName, createWorkerPoolActivityInput)
+				futures = append(
+					futures,
+					workflow.ExecuteActivity(ctx, CreateWorkerPoolActivityName, createWorkerPoolActivityInput),
+				)
 			}
 		}
 
-		errs := make([]error, len(futures))
-		for i, future := range futures {
+		errs := make([]error, 0, len(futures))
+		for index, future := range futures {
 			if future != nil {
-				errs[i] = errors.Wrapf(future.Get(ctx, nil), "couldn't create nodepool %q", nodePools[i].Name)
+				if err := future.Get(ctx, nil); err != nil {
+					errs = append(errs, errors.Wrapf(err, "couldn't create nodepool %q", nodePools[index].Name))
+				}
 			}
 		}
 
-		return errors.Combine(errs...)
+		if len(errs) > 0 {
+			return errors.Combine(errs...)
+		}
+	}
+
+	// Note: install EBS CSI driver for PVCs from K8s 1.23.
+	// Source: https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html
+	{
+		activityInput := clustersetup.DeployAWSEBSCSIDriverActivityInput{
+			ClusterID:         input.ClusterID,
+			KubernetesVersion: input.KubernetesVersion,
+			ChartVersion:      w.DefaultEBSCSIDriverChartVersion,
+		}
+
+		err := workflow.ExecuteActivity(
+			ctx,
+			clustersetup.DeployAWSEBSCSIDriverActivityName,
+			activityInput,
+		).Get(ctx, nil)
+		if err != nil {
+			return errors.WrapIfWithDetails(
+				err,
+				"installing EBS CSI driver Helm chart failed",
+				"activityInput", activityInput,
+			)
+		}
 	}
+
+	return nil
 }
 
 type decodableError struct {

src/cluster/manager_common_creator.go

@@ -74,11 +74,10 @@ func NewClusterCreator(request *pkgCluster.CreateClusterRequest, cluster CommonC
 
 	if strings.HasPrefix(cluster.GetDistribution(), pkgCluster.PKE) && cluster.GetCloud() == pkgCluster.Amazon {
 		return &pkeCreator{
-			workflowClient: workflowClient,
-
-			commonCreator: *common,
-
-			oidcEnabled: request.Properties.CreateClusterPKE.Kubernetes.OIDC.Enabled,
+			workflowClient:    workflowClient,
+			commonCreator:     *common,
+			oidcEnabled:       request.Properties.CreateClusterPKE.Kubernetes.OIDC.Enabled,
+			kubernetesVersion: request.Properties.CreateClusterPKE.Kubernetes.Version,
 		}
 	}
 
@@ -94,7 +93,8 @@ type pkeCreator struct {
 
 	commonCreator
 
-	oidcEnabled bool
+	oidcEnabled       bool
+	kubernetesVersion string
 }
 
 // Create implements the clusterCreator interface.
@@ -119,6 +119,7 @@ func (c *pkeCreator) Create(ctx context.Context) error {
 		PipelineExternalURL:         externalBaseURL,
 		PipelineExternalURLInsecure: externalBaseURLInsecure,
 		OIDCEnabled:                 c.oidcEnabled,
+		KubernetesVersion:           c.kubernetesVersion,
 	}
 
 	providerConfig := c.request.Properties.CreateClusterPKE.Network.ProviderConfig