Updated it to allow an EBS volume to be created along with a FSxN one.

Author: kcantrel

EKS/FSxN-as-PVC-for-EKS/README.md

@@ -5,7 +5,7 @@
 * [Installation Overview](#Installation-Overview)
 * [Detailed Instructions](#Detailed-instructions)
   * [Clone the "NetApp/FSx-ONTAP-samples-scripts" repo from GitHub](#Clone-the-NetAppFSx-ONTAP-samples-scripts-repo-from-GitHub)
-  * [Make any desired changes to the variables.tf file](#Make-any-desired-changes-to-the-variablestf-file)
+  * [Make any desired changes to the configuration variables](#Make-any-desired-changes-to-the-configuration-variables)
   * [Initialize the Terraform environment](#Initialize-the-Terraform-environment)
   * [Deploy the resources](#Deploy-the-resources)
   * [SSH to the jump server to complete the setup](#SSH-to-the-jump-server-to-complete-the-setup)
@@ -78,21 +78,19 @@ terraform files are located:
 git clone https://github.com/NetApp/FSx-ONTAP-samples-scripts.git
 cd FSx-ONTAP-samples-scripts/EKS/FSxN-as-PVC-for-EKS/terraform
 ```
-### Make any desired changes to the variables.tf file.
-Variables that can be changed include:
+### Make any desired changes to the configuration variables
+To configure the deployment first copy the `terraform.tfvars.template` file to `terraform.tfvars`. Then, modify it to suit your needs. Here are the variables you can set:
 - aws_region - The AWS region where you want to deploy the resources.
 - aws_secrets_region - The region where the fsx password secret will be created.
 - fsx_name - The name you want applied to the FSx for NetApp ONTAP File System. Must not already exist.
-- secret_name_prefix - The base name of the AWS SecretsManager secrets that will be created that will hold the FSxN adminstrator, and SVM, passwords.
+- secret_name_prefix - The base name of the AWS SecretsManager secrets that will be created that will hold the FSxN administrator, and SVM, passwords.
 A random string will be appended to this name to ensure uniqueness.
-- fsx_storage_capacity - The storage capacity of the FSx for NetApp ONTAP File System.
-Read the "description" of the variable to see the valid range.
-- fsx_throughput_capacity - The throughput capacity of the FSx for NetApp ONTAP File System.
-Read the "description" of the variable to see valid values.
+- fsx_storage_capacity - The storage capacity of the FSx for NetApp ONTAP File System.  Read the "description" of the variable in the `variables.tf` file to see the valid range.
+- fsx_throughput_capacity - The throughput capacity of the FSx for NetApp ONTAP File System.  Read the "description" of the variable in the `varaibles.tf` file to see valid values.
 - key_pair_name - The name of the EC2 key pair to use to access the jump server.
 - secure_ips - The IP address ranges to allow SSH access to the jump server. The default is wide open.
 
-:warning: **NOTE:** You must change the key_pair_name variable, otherwise the deployment will not complete succesfully.
+:warning: **NOTE:** You must change the key_pair_name variable, otherwise the deployment will not complete successfully.
 ### Initialize the Terraform environment
 Run the following command to initialize the terraform environment.
 ```bash

EKS/FSxN-as-PVC-for-EKS/terraform/ec2.tf

@@ -26,6 +26,8 @@ resource "aws_instance" "eks_jump_server" {
   user_data       = <<EOF
 #!/bin/bash
 #
+ARCH=amd64
+#
 # Get the system up to date:
 apt update
 apt upgrade -y
@@ -41,12 +43,18 @@ unzip -q awscliv2.zip
 rm -rf awscliv2.zip aws
 #
 # Install kubectl:
-curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/$ARCH/kubectl"
 install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 #
 # Install helm:
 snap install helm --classic
 #
+# Install eksctl:
+PLATFORM=$(uname -s)_$ARCH
+curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz"
+tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz
+sudo mv /tmp/eksctl /usr/local/bin
+#
 # Install the eks samples repo into the ubuntu home directory:
 cd /home/ubuntu
 git clone https://github.com/NetApp/FSx-ONTAP-samples-scripts.git

EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf

@@ -43,6 +43,12 @@ resource "random_id" "id" {
 # Get access to the aws provider identity data to get account ID.
 data "aws_caller_identity" "current" {}
 #
+# Add pod-identity add-on to the EKS cluster.
+resource "aws_eks_addon" "pod_identity_agent" {
+  cluster_name = module.eks.cluster_name
+  addon_name   = "eks-pod-identity-agent"
+}
+#
 # Add Trident to the EKS cluster with a role that will allow it to read secrets
 # add manage the fsxn file system.
 resource "aws_eks_addon" "fsxn_csi_addon" {

EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh

@@ -4,5 +4,8 @@ rpm -q iscsi-initiator-utils
 sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf
 cat /etc/iscsi/initiatorname.iscsi
 sudo mpathconf --enable --with_multipathd y --find_multipaths n
+#
+# Blacklist any EBS volume since they don't support them!
+sed -i -e '/^blacklist {/,/^}/{/^}/i\    device {\n        vendor "NVME"\n        product "Amazon Elastic Block Store"\n    }\n' -e '}' /etc/multipath.conf
 sudo systemctl enable --now iscsid multipathd
 sudo systemctl enable --now iscsi

EKS/FSxN-as-PVC-for-EKS/terraform/variables.tf

@@ -1,13 +1,11 @@
 variable "aws_region" {
   description = "The AWS region where you want the resources deployed."
   type        = string
-  default     = "us-west-2"
 }
 
 variable "aws_secrets_region" {
   description = "The AWS region where you want the FSxN and SVM secrets stored within AWS Secrets Manager."
   type        = string
-  default     = "us-west-2"
 }
 
 variable "fsx_name" {
@@ -62,13 +60,13 @@ variable "secure_ips" {
 
 variable "trident_version" {
   description = "The version of Astra Trident to 'add-on' to the EKS cluster."
-  default     = "v24.2.0-eksbuild.1"
+  default     = "v24.10.0-eksbuild.1"
   type        = string
 }
 
 variable "kubernetes_version" {
   description = "kubernetes version"
-  default     = 1.29
+  default     = 1.31
   type        = string
 }
 

EKS/Trident-Protect/README.md …igrate-Backup-EKS-Applications/README.mdEKS/Trident-Protect/README.md renamed to EKS/Migrate-Backup-EKS-Applications/README.md EKS/Trident-Protect/README.md renamed to EKS/Migrate-Backup-EKS-Applications/README.md

@@ -1,4 +1,4 @@
-# Trident Protect Migrate PVC Storage Class
+# Migrate and Backup EKS Applications with Trident Protect
 
 This is a sample for setting up your Kubernetes application to be backed up by Trident Protect with an option to migrate it from one storage class to another.
 
@@ -178,14 +178,6 @@ Now run the following command to create the Trident Vault:
 kubectl apply -f trident-vault.yaml
 ```
 
-SECURITY NOTE:
-
-If you want to avoid storing AWS credentials explicitly in Kubernetes secrets, a more secure approach would be to use IAM roles for service accounts (IRSA):
-- Create an IAM policy with minimal S3 access permissions for the specific bucket.
-- Create an IAM role and attach the policy to it.
-- Configure your EKS cluster to use IAM roles for service accounts (IRSA).
-- Create a Kubernetes service account in the trident-protect namespace and associate it with the IAM role
-
 ### Create a Trident Application
 You create a Trident application with the specification of your application in order to back it up. You do that by creating a file named `trident-application.yaml` with the following contents:
 
@@ -342,5 +334,9 @@ kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME> -o jsonp
 
 ## Final Notes
 This is a simple example of how to use Trident Protect to backup and restore your application.
-There are a lot of other features and options available with Trident Protect that are not covered here.
+There are a lot of other features and options available with Trident Protect that are not covered here for example:
+- Creating snapshots of your application.
+- Scheduling backups.
+- Replicating backups to another FSxN file system with SnapMirror.
+
 For more information please refer to the official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).