CSI Drivers (How Storage Actually Works in EKS)
So far:
- VPC → network
- IAM → permissions
- EKS → control plane
- Nodes → compute
Now comes the part many people ignore:
👉 Storage
Without this:
- Pods can’t persist data
- Databases won’t work
- Logs disappear on restart
This module installs CSI drivers, which allow Kubernetes to use AWS storage.
📂 Module Files
modules/csi-driver/
├── main.tf
├── variables.tf
└── outputs.tf
📄 variables.tf
variable "cluster_name" {
description = "Name of the EKS cluster"
type = string
}
variable "ebs_csi_role_arn" {
description = "IAM role ARN for EBS CSI driver"
type = string
}
variable "s3_csi_role_arn" {
description = "IAM role ARN for S3 CSI driver"
type = string
}
variable "node_group_dependency" {
description = "Node group dependency to ensure nodes exist first"
type = any
}
🧠 What these inputs mean
-
cluster_name→ where to install addons -
ebs_csi_role_arn→ IAM role for EBS driver -
s3_csi_role_arn→ IAM role for S3 driver -
node_group_dependency→ ensures nodes exist first
⚠️ Important insight
This module depends on:
👉 IAM (for IRSA roles)
👉 Node groups (for scheduling pods)
📄 main.tf
1. EBS CSI Driver
resource "aws_eks_addon" "ebs_csi" {
cluster_name = var.cluster_name
addon_name = "aws-ebs-csi-driver"
service_account_role_arn = var.ebs_csi_role_arn
depends_on = [var.node_group_dependency]
}
🧠 What this does
Installs:
👉 AWS EBS CSI Driver inside cluster
What is CSI?
CSI = Container Storage Interface
👉 It allows Kubernetes to talk to AWS storage.
What EBS CSI enables
- Create EBS volumes
- Attach volumes to pods
- Persist data
Important line
service_account_role_arn = var.ebs_csi_role_arn
👉 This is IRSA
This means:
- Pod gets IAM role
- Pod can call AWS APIs
Without this
❌ Pod cannot create volumes
❌ PVC fails
2. S3 CSI Driver
resource "aws_eks_addon" "s3_csi" {
cluster_name = var.cluster_name
addon_name = "aws-mountpoint-s3-csi-driver"
service_account_role_arn = var.s3_csi_role_arn
depends_on = [var.node_group_dependency]
}
🧠 What this does
Installs:
👉 S3 CSI driver
What it enables
Mount S3 bucket as:
Pod → S3 bucket (like filesystem)
Use cases
- logs
- shared storage
- backups
3. Dependency Handling
depends_on = [var.node_group_dependency]
Why this is critical
CSI driver runs as pods.
👉 Pods need nodes
So order must be:
Nodes → CSI Driver
Without this
- Addon installs
- But pods fail to schedule
📄 outputs.tf
output "ebs_csi_addon_id" {
description = "EBS CSI addon ID"
value = aws_eks_addon.ebs_csi.id
}
output "s3_csi_addon_id" {
description = "S3 CSI addon ID"
value = aws_eks_addon.s3_csi.id
}
🧠 Why outputs matter
Used for:
- tracking addon deployment
- debugging
- dependencies in future modules
🔥 What You Actually Built
Kubernetes Pod
│
│
CSI Driver
│
│
AWS Storage (EBS / S3)
⚠️ Real Issues People Face
- Missing IRSA → access denied
- No node dependency → pods fail
- Wrong role → volume attach fails
- Forgetting CSI → PVC stuck in pending
🧠 Key Takeaways
- Kubernetes doesn’t manage storage directly
- CSI drivers connect Kubernetes to AWS
- IRSA is required for secure access
- EBS = block storage
- S3 = object storage
🚀 Next
In Part 6:
👉 AWS Load Balancer Controller
👉 How ALB actually integrates with Kubernetes
👉 Why target-type: ip matters
At this point, your cluster can:
- run workloads
- persist data
Now we move to traffic layer.
Top comments (0)