updates for weave EFS storage class

main.tf

@@ -26,6 +26,14 @@ module "file_storage" {
   deletion_protection = var.deletion_protection
 }
 
+module "efs" {
+  source                            = "./modules/efs"
+  namespace                         = var.namespace
+  private_subnets                   = module.networking.private_subnets
+  primary_workers_security_group_id = module.app_eks.primary_workers_security_group_id
+  vpc_id                            = module.networking.vpc_id
+}
+
 locals {
   bucket_name       = local.use_external_bucket ? var.bucket_name : module.file_storage.0.bucket_name
   bucket_queue_name = local.use_internal_queue ? null : module.file_storage.0.bucket_queue_name
@@ -241,6 +249,21 @@ module "wandb" {
 
       mysql = { install = false }
       redis = { install = false }
+
+      weave = {
+        persistence = {
+          provider = "efs"
+          efs = {
+            fileSystemId = module.efs.efs_id
+          }
+
+        }
+      }
     }
   }
 }
+
+
+output "efs_ip" {
+  value = module.efs.efs_ip
+}

modules/app_eks/main.tf

@@ -16,8 +16,10 @@ resource "aws_eks_addon" "eks" {
 }
 
 resource "aws_eks_addon" "efs" {
-  cluster_name = var.namespace
-  addon_name   = "aws-efs-csi-driver"
+  cluster_name      = module.eks.cluster_id
+  addon_name        = "aws-efs-csi-driver"
+  addon_version     = "v1.7.1-eksbuild.1" # Ensure this version is compatible
+  resolve_conflicts = "OVERWRITE"
   depends_on = [
     module.eks
   ]

modules/app_eks/outputs.tf

@@ -10,3 +10,7 @@ output "autoscaling_group_names" {
 output "node_role" {
   value = aws_iam_role.node
 }
+
+output "primary_workers_security_group_id" {
+  value = aws_security_group.primary_workers.id
+}

modules/efs/main.tf

@@ -0,0 +1,49 @@
+resource "random_pet" "efs" {
+  length = 2
+}
+
+resource "aws_efs_file_system" "storage_class" {
+  creation_token   = "${var.namespace}-${random_pet.efs.id}"
+  encrypted        = true
+  performance_mode = "generalPurpose"
+  throughput_mode  = "elastic"
+
+
+  tags = {
+    Name = "${var.namespace}-efs-${random_pet.efs.id}"
+  }
+}
+
+resource "aws_efs_backup_policy" "storage_class" {
+  file_system_id = aws_efs_file_system.storage_class.id
+
+  backup_policy {
+    status = "DISABLED"
+  }
+}
+
+resource "aws_security_group" "storage_class_nfs" {
+  name        = "nfs-security-group"
+  description = "Security group for NFS traffic"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    description     = "NFS inbound"
+    from_port       = 2049
+    to_port         = 2049
+    protocol        = "tcp"
+    security_groups = [var.primary_workers_security_group_id]
+  }
+
+  tags = {
+    Name = "nfs-security-group"
+  }
+}
+
+
+resource "aws_efs_mount_target" "storage_class" {
+  for_each        = { for subnet in var.private_subnets : subnet => subnet }
+  file_system_id  = aws_efs_file_system.storage_class.id
+  subnet_id       = each.value
+  security_groups = [aws_security_group.storage_class_nfs.id]
+}

modules/efs/outputs.tf

@@ -0,0 +1,3 @@
+output "efs_id" {
+  value = aws_efs_file_system.storage_class.id
+}

modules/efs/variables.tf

@@ -0,0 +1,19 @@
+variable "namespace" {
+  description = "The namespace to use for the efs resource"
+  type        = string
+}
+
+variable "private_subnets" {
+  description = "A list of the subnets in which the aws_efs_mount_target will be deployed."
+  type        = list(string)
+}
+
+variable "primary_workers_security_group_id" {
+  description = "The security group ID of the primary workers."
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "The ID of the VPC in which the storage_class_nfs security group will be deployed."
+  type        = string
+}

modules/file_storage/outputs.tf

@@ -20,4 +20,4 @@ output "bucket_queue_name" {
 
 output "bucket_queue_arn" {
   value = var.create_queue ? aws_sqs_queue.file_storage.0.arn : null
-}
+}