# Terraform Modular EKS + Istio — Part 5
CSI Drivers (How Storage Actually Works in EKS) So far: VPC → network IAM → permissions EKS → control plane Nodes → compute Now comes the part many people ignore: 👉 Storage Without this: Pods can’t persist data Databases won’t work Logs disappear on restart This module installs CSI drivers, which a
POTHURAJU JAYAKRISHNA YADAV
CSI Drivers (How Storage Actually Works in EKS)
So far:
- VPC → network
- IAM → permissions
- EKS → control plane
- Nodes → compute
Now comes the part many people ignore:
👉 Storage
Without this:
- Pods can’t persist data
- Databases won’t work
- Logs disappear on restart
This module installs CSI drivers, which allow Kubernetes to use AWS storage.
📂 Module Files
modules/csi-driver/
├── main.tf
├── variables.tf
└── outputs.tf
📄 variables.tf
variable "cluster_name" {
description = "Name of the EKS cluster"
type = string
}
variable "ebs_csi_role_arn" {
description = "IAM role ARN for EBS CSI driver"
type = string
}
variable "s3_csi_role_arn" {
description = "IAM role ARN for S3 CSI driver"
type = string
}
variable "node_group_dependency" {
description = "Node group dependency to ensure nodes exist first"
type = any
}
🧠 What these inputs mean
-
cluster_name→ where to install addons -
ebs_csi_role_arn→ IAM role for EBS driver -
s3_csi_role_arn→ IAM role for S3 driver -
node_group_dependency→ ensures nodes exist first
⚠️ Important insight
This module depends on:
👉 IAM (for IRSA roles)
👉 Node groups (for scheduling pods)
📄 main.tf
1. EBS CSI Driver
resource "aws_eks_addon" "ebs_csi" {
cluster_name = var.cluster_name
addon_name = "aws-ebs-csi-driver"
service_account_role_arn = var.ebs_csi_role_arn
depends_on = [var.node_group_dependency]
}
🧠 What this does
Installs:
👉 AWS EBS CSI Driver inside cluster
What is CSI?
CSI = Container Storage Interface
👉 It allows Kubernetes to talk to AWS storage.
What EBS CSI enables
- Create EBS volumes
- Attach volumes to pods
- Persist data
Important line
service_account_role_arn = var.ebs_csi_role_arn
👉 This is IRSA
This means:
- Pod gets IAM role
- Pod can call AWS APIs
Without this
❌ Pod cannot create volumes
❌ PVC fails
2. S3 CSI Driver
resource "aws_eks_addon" "s3_csi" {
cluster_name = var.cluster_name
addon_name = "aws-mountpoint-s3-csi-driver"
service_account_role_arn = var.s3_csi_role_arn
depends_on = [var.node_group_dependency]
}
🧠 What this does
Installs:
👉 S3 CSI driver
What it enables
Mount S3 bucket as:
Pod → S3 bucket (like filesystem)
Use cases
- logs
- shared storage
- backups
3. Dependency Handling
depends_on = [var.node_group_dependency]
Why this is critical
CSI driver runs as pods.
👉 Pods need nodes
So order must be:
Nodes → CSI Driver
Without this
- Addon installs
- But pods fail to schedule
📄 outputs.tf
output "ebs_csi_addon_id" {
description = "EBS CSI addon ID"
value = aws_eks_addon.ebs_csi.id
}
output "s3_csi_addon_id" {
description = "S3 CSI addon ID"
value = aws_eks_addon.s3_csi.id
}
🧠 Why outputs matter
Used for:
- tracking addon deployment
- debugging
- dependencies in future modules
🔥 What You Actually Built
Kubernetes Pod
│
│
CSI Driver
│
│
AWS Storage (EBS / S3)
⚠️ Real Issues People Face
- Missing IRSA → access denied
- No node dependency → pods fail
- Wrong role → volume attach fails
- Forgetting CSI → PVC stuck in pending
🧠 Key Takeaways
- Kubernetes doesn’t manage storage directly
- CSI drivers connect Kubernetes to AWS
- IRSA is required for secure access
- EBS = block storage
- S3 = object storage
🚀 Next
In Part 6:
👉 AWS Load Balancer Controller
👉 How ALB actually integrates with Kubernetes
👉 Why target-type: ip matters
At this point, your cluster can:
- run workloads
- persist data
Now we move to traffic layer.
Found this useful? Share it!
Read the Full Story
Continue reading on Dev.to
Related Stories
Stop Copying Skills Between Claude Code, Cursor, and Codex
about 3 hours ago
Agentic Architectures — Article 2: Advanced Coordination and Reasoning Patterns
about 3 hours ago
Agentic Architectures — Article 1: The Agentic AI Maturity Model
about 3 hours ago
Reimagining Creativity: Inside IdeaForge
about 3 hours ago