AWS Controllers for Kubernetes - S3

kubernetes aws s3 operator

3 min read | by Jordi Prats

Amazon has recently released a set of controllers (actually they are operators because they are using CRDs) to create resources on AWS using Kubernetes objects. It works in the same way it crossplane works

Let's install an test the ACK S3

We can install the operator by cloning the repository (there's no reference on where they host the helm chart):

git clone https://github.com/aws-controllers-k8s/s3-controller

If we are using IRSA we'll need to create a values file to push the annotation to the ServiceAccount:

serviceAccount:
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME

Then we can install the helm chart using the local copy as follows:

helm install s3controller s3-controller/helm/ -n aws-controllers --create-namespace -f irsa.yaml

Once the controller is up and running:

$ kubectl get pods -n aws-controllers
NAME                                    READY   STATUS    RESTARTS   AGE
s3controller-s3-chart-85b88fc55-86z24   1/1     Running   0          11m

We can now use the Bucket CRD to create a new S3 bucket:

apiVersion: s3.services.k8s.aws/v1alpha1
kind: Bucket
metadata:
  name: k8s-demo-bucket
spec:
  name: testjordi-demo-bucket

Once applied neither kubectl get bucket:

$ kubectl apply -f helpers/s3controller/demo_bucket.yaml
bucket.s3.services.k8s.aws/k8s-demo-bucket created
$ kubectl get bucket
NAME              AGE
k8s-demo-bucket   5s

Or kubectl describe provide much information about the actual state of the S3 bucket:

$ kubectl describe bucket.s3.services.k8s.aws/k8s-demo-bucket
Name:         k8s-demo-bucket
Namespace:    testvault
Labels:       <none>
Annotations:  <none>
API Version:  s3.services.k8s.aws/v1alpha1
Kind:         Bucket
Metadata:
  Creation Timestamp:  2022-09-22:53:37Z
  Finalizers:
    finalizers.s3.services.k8s.aws/Bucket
  Generation:  1
  Managed Fields:
    API Version:  s3.services.k8s.aws/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:name:
    Manager:      kubectl-client-side-apply
    Operation:    Update
    Time:         2022-09-16T22:54:09Z
    API Version:  s3.services.k8s.aws/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:finalizers:
          .:
          v:"finalizers.s3.services.k8s.aws/Bucket":
    Manager:         controller
    Operation:       Update
    Time:            2022-09-16T22:54:10Z
  Resource Version:  94893
  UID:               f099feb7-7cdb-41c4-b747-0af920c1fc80
Spec:
  Name:  testjordi-demo-bucket
Events:  <none>

But we can use awstools to check that the S3 bucket has been created:

$ awstools s3 list
k3s-awswebk3s                                                2022-09-01 06:09:58+00:00
testjordi-demo-bucket                                        2022-09-16 22:54:12+00:00

If we delete the object:

k delete -f helpers/s3controller
bucket.s3.services.k8s.aws "k8s-demo-bucket" deleted

The S3 bucket is going to go away as well:

$ awstools s3 list
k3s-awswebk3s                                                2022-09-01 06:09:58+00:00

At the end of the day, it provides the same functionality as crossplane but without all the bells and whistles. Mainly because it haven't been out there for that long, let's see if this changes in the future

Posted on 21/09/2022

Categories