Eksctl: feat: EFS support add-on for efs-provisioner
Add possibility to create PVCs on EFS filestytem using a nodegroup add-on as suggested https://github.com/weaveworks/eksctl/issues/69#issuecomment-403429166
At least AmazonElasicFilesystemReadOnlyAccess role should be added to nodes along with proper security groups setup.
milkowski
All 5 comments
EFS is a regular NFS mount, so no IAM role is normally required, just a SecurityGroup with access to the EFS end points. Unless this IAM role is needed for the EFS CSI driver?
whereisaaron
on 16 Feb 2019
I just set this up in my cluster yesterday and no IAM role was needed. Just put the EFS mount points in the same subnets as my nodes and applied a permissive SG.
rsyvarth
on 20 Feb 2019
Unless this IAM role is needed for the EFS CSI driver?
EFS CSI driver is just doing regular mounts using amazon-efs-utils and no special IAM permission is needed
leakingtapan
on 14 Mar 2019
From the comments I don't think this is an issue, please reopen if there is something we are missing.
kalbir
on 25 May 2020
I am a little confused.
Documentation says there is an addon IAM policy for EFS:
nodeGroups:
- name: ng-1
instanceType: m5.xlarge
desiredCapacity: 1
iam:
withAddonPolicies:
...
efs: true
...
If IAM role is not needed for EFS, what does it do?
artem-nefedov
on 22 Jun 2020
Related issues
errordeveloper
路
4Comments
Raduan77
路
3Comments
sabhizer
路
3Comments
martina-if
路
4Comments
theimpostor
路
3Comments
Most helpful comment
I am a little confused.
Documentation says there is an addon IAM policy for EFS:
If IAM role is not needed for EFS, what does it do?