Skip to content
CSI Driver for Amazon EFS https://aws.amazon.com/efs/
Go Shell Makefile Dockerfile
Branch: master
Clone or download
Latest commit 7c42c57 Aug 22, 2019

README.md

Build Status Coverage Status Go Report Card

WARNING: This driver is currently an ALPHA release. This means that there may potentially be backwards compatible breaking changes moving forward. Do NOT use this driver in a production environment in its current state.

Amazon EFS CSI Driver

The Amazon Elastic File System Container Storage Interface (CSI) Driver implements the CSI specification for container orchestrators to manage the lifecycle of Amazon EFS filesystems.

CSI Specification Compability Matrix

AWS EFS CSI Driver \ CSI Version v0.3.0 v1.1.0
master branch no yes
v0.1.0 yes no

Features

Currently only static provisioning is supported. This means an AWS EFS filesystem needs to be created manually on AWS first. After that it can be mounted inside a container as a volume using the driver.

The following CSI interfaces are implemented:

  • Node Service: NodePublishVolume, NodeUnpublishVolume, NodeGetCapabilities, NodeGetInfo, NodeGetId
  • Identity Service: GetPluginInfo, GetPluginCapabilities, Probe

Encryption In Transit

One of the advantages of using EFS is that it provides encryption in transit support using TLS. Using encryption in transit, data will be encrypted during its transition over the network to the EFS service. This provides an extra layer of defence-in-depth for applications that requires strict security compliance.

To enable encryption in transit, tls needs to be set in the NodePublishVolumeRequest.VolumeCapability.MountVolume object's MountFlags fields. For an example of using it in kubernetes, see the persistence volume manifest in Encryption in Transit Example

Note Kubernetes version 1.13+ is required if you are using this feature in Kubernetes.

EFS CSI Driver on Kubernetes

The following sections are Kubernetes specific. If you are a Kubernetes user, use this for driver features, installation steps and examples.

Kubernetes Version Compability Matrix

AWS EFS CSI Driver \ Kubernetes Version v1.11 v1.12 v1.13 v1.14
master branch no no no yes
v0.1.0 yes yes yes no

Container Images

EFS CSI Driver Version Image
master branch amazon/aws-efs-csi-driver:latest
v0.1.0 amazon/aws-efs-csi-driver:v0.1.0

Features

  • Static provisioning - EFS filesystem needs to be created manually first, then it could be mounted inside container as a persistent volume (PV) using the driver.
  • Mount Options - Mount options can be specified in the persistence volume (PV) to define how the volume should be mounted. Aside from normal mount options, you can also specify tls as a mount option to enable encryption in transit of the EFS filesystem.

Notes:

  • Since EFS is an elastic filesystem it doesn't really enforce any filesystem capacity. The actual storage capacity value in persistence volume and persistence volume claim is not used when creating the filesystem. However, since the storage capacity is a required field by Kubernetes, you must specify the value and you can use any valid value for the capacity.

Installation

Deploy the driver:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/deploy/kubernetes/manifest.yaml

Examples

Before the example, you need to:

  • Get yourself familiar with how to setup Kubernetes on AWS and how to create EFS filesystem.
  • When creating EFS filesystem, make sure it is accessible from Kuberenetes cluster. This can be achieved by creating the filesystem inside the same VPC as Kubernetes cluster or using VPC peering.
  • Install EFS CSI driver following the Installation steps.

Example links

Development

Please go through CSI Spec and General CSI driver development guideline to get some basic understanding of CSI driver before you start.

Requirements

  • Golang 1.12.7+

Dependency

Dependencies are managed through go module. To build the project, first turn on go mod using export GO111MODULE=on, to build the project run: make

Testing

To execute all unit tests, run: make test

License

This library is licensed under the Apache 2.0 License.

You can’t perform that action at this time.