Containers-roadmap: Amazon EFS CSI Driver for Kubernetes

Created on 1 Feb 2019 · 10Comments · Source: aws/containers-roadmap

Tell us about your request
A CSI Driver for AWS EFS. So that EFS filesystem could be modeled as native Kubernetes PV to be consumed by container.

Which service(s) is this request for?
EKS

EKS OSS

Source

leakingtapan

👍25

Most helpful comment

@tomfotherby yep that works fine, but that is using the old, in-tree NFS driver approach rather than a new CSI plug-in driver. This request is for CSI support.

The CSI driver also potentially enables encryption-in-transit, auto-provisioning PVs, which for NFS currently requires an extra tool like efs-provisioner.

(@leakingtapan maybe you should add 'CSI' to the title 😄)

whereisaaron on 18 Feb 2019

👍3

All 10 comments

Interestingly I'm already using this as NFS PV for a while now and works perfectly

apiVersion: v1
kind: PersistentVolume
metadata:
  name: foo
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 10Gi
  mountOptions:
  - nfsvers=4.1
  - rsize=1048576
  - wsize=1048576
  - hard
  - timeo=600
  - retrans=2
  - noresvport
  nfs:
    path: /
    server: fs-111111.efs.eu-west-1.amazonaws.com

oba11 on 12 Feb 2019

@oba11 yep that works fine, but it is using the old, in-tree NFS driver approach rather than a new CSI plug-in driver.

The CSI driver also potentially enables auto-provisioning PVs, which for NFS currently requires an extra tool like efs-provisioner.

whereisaaron on 12 Feb 2019

Another benefit to highlight is that with the CSI driver, it enables encryption in transit feature provided by EFS mount helper

leakingtapan on 12 Feb 2019

👍2

@oba11 - thanks for your comment, we do the same and it works for us too, but one disadvantage is that it means we have to install nfs stuff on the worker nodes. From my understanding, a CSI Driver for AWS EFS would avoid the need for this and therefore speed up node bootstrapping.

our userdata.sh to install nfs libs

Click to expand

We use Amazon Linux 2 and currently we have this in our userdata.sh to run when a new node boots:

# Install and start NFS software
yum install -y nfs-utils-lib nfs-utils amazon-efs-utils
chkconfig nfs on
service rpcbind start
service nfs start

tomfotherby on 15 Feb 2019

@tomfotherby Not sure why its not working for you. Works out of the box for me on EKS with my workers using ami amazon-eks-node-1.11-v20190109

Something like below

pv.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: foo
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 10Gi
  mountOptions:
  - nfsvers=4.1
  - rsize=1048576
  - wsize=1048576
  - hard
  - timeo=600
  - retrans=2
  - noresvport
  nfs:
    path: /
    server: fs-111111.efs.eu-west-1.amazonaws.com

pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: foo
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: ""

deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: foo
  name: foo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: foo
  template:
    metadata:
      labels:
        app: foo
      name: foo
    spec:
      containers:
      - name: foo
        image: "nginx:alpine"
        ports:
          - name: http
            containerPort: 80
            protocol: TCP
        volumeMounts:
        - name: data
          mountPath: "/var/www"
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: foo

oba11 on 18 Feb 2019

😄1 👍1

@tomfotherby yep that works fine, but that is using the old, in-tree NFS driver approach rather than a new CSI plug-in driver. This request is for CSI support.

The CSI driver also potentially enables encryption-in-transit, auto-provisioning PVs, which for NFS currently requires an extra tool like efs-provisioner.

(@leakingtapan maybe you should add 'CSI' to the title 😄)

whereisaaron on 18 Feb 2019

👍3

https://github.com/kubernetes/org/issues/468