Add x-AZ support

Dockerfile

@@ -32,7 +32,7 @@ ENV EFS_CLIENT_SOURCE=$client_source
 RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} make aws-efs-csi-driver
 
 FROM amazonlinux:2.0.20210219.0
-RUN yum install amazon-efs-utils-1.28.2-1.amzn2.noarch -y
+RUN yum install amazon-efs-utils-1.30.1-1.amzn2.noarch -y
 
 # At image build time, static files installed by efs-utils in the config directory, i.e. CAs file, need
 # to be saved in another place so that the other stateful files created at runtime, i.e. private key for

pkg/driver/efs_watch_dog.go

@@ -26,9 +26,17 @@ import (
 	"k8s.io/klog"
 )
 
-// https://github.com/aws/efs-utils/blob/v1.28.2/dist/efs-utils.conf
+// https://github.com/aws/efs-utils/blob/v1.30.2/dist/efs-utils.conf
 const (
 	efsUtilsConfigTemplate = `
+#
+# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved.
+#
+# Licensed under the MIT License. See the LICENSE accompanying this file
+# for the specific language governing permissions and limitations under
+# the License.
+#
+
 [DEFAULT]
 logging_level = INFO
 logging_max_bytes = 1048576
@@ -37,14 +45,10 @@ logging_file_count = 10
 state_file_dir_mode = 750
 
 [mount]
-dns_name_format = {fs_id}.efs.{region}.{dns_name_suffix}
+dns_name_format = {az}.{fs_id}.efs.{region}.{dns_name_suffix}
 dns_name_suffix = amazonaws.com
 #The region of the file system when mounting from on-premises or cross region.
-{{if .Region -}}
-region = {{.Region -}}
-{{else -}}
 #region = us-east-1
-{{- end}}
 stunnel_debug_enabled = false
 #Uncomment the below option to save all stunnel logs for a file system to the same file
 #stunnel_logs_file = /var/log/amazon/efs/{fs_id}.stunnel.log
@@ -60,17 +64,25 @@ stunnel_check_cert_validity = false
 port_range_lower_bound = 20049
 port_range_upper_bound = 20449
 
+# Optimize read_ahead_kb for Linux 5.4+
+optimize_readahead = true
+
+
 [mount.cn-north-1]
 dns_name_suffix = amazonaws.com.cn
 
+
 [mount.cn-northwest-1]
 dns_name_suffix = amazonaws.com.cn
 
+
 [mount.us-iso-east-1]
 dns_name_suffix = c2s.ic.gov
+stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 [mount.us-isob-east-1]
 dns_name_suffix = sc2s.sgov.gov
+stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 [mount-watchdog]
 enabled = true
@@ -80,9 +92,6 @@ unmount_grace_period_sec = 30
 # Set client auth/access point certificate renewal rate. Minimum value is 1 minute.
 tls_cert_renewal_interval_min = 60
 
-[client-info] 
-source={{.EfsClientSource}}
-
 [cloudwatch-log]
 # enabled = true
 log_group_name = /aws/efs/utils
@@ -248,7 +257,7 @@ func (w *execWatchdog) runLoop(stopCh <-chan struct{}) {
 	for {
 		select {
 		case <-stopCh:
-			klog.Info("stopping...")
+			//klog.Info("stopping...")
 			break
 		default:
 			err := w.exec()

pkg/driver/efs_watch_dog_test.go

@@ -23,6 +23,14 @@ import (
 
 const (
 	expectedEfsUtilsConfig = `
+#
+# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved.
+#
+# Licensed under the MIT License. See the LICENSE accompanying this file
+# for the specific language governing permissions and limitations under
+# the License.
+#
+
 [DEFAULT]
 logging_level = INFO
 logging_max_bytes = 1048576
@@ -31,7 +39,7 @@ logging_file_count = 10
 state_file_dir_mode = 750
 
 [mount]
-dns_name_format = {fs_id}.efs.{region}.{dns_name_suffix}
+dns_name_format = {az}.{fs_id}.efs.{region}.{dns_name_suffix}
 dns_name_suffix = amazonaws.com
 #The region of the file system when mounting from on-premises or cross region.
 #region = us-east-1
@@ -50,17 +58,25 @@ stunnel_check_cert_validity = false
 port_range_lower_bound = 20049
 port_range_upper_bound = 20449
 
+# Optimize read_ahead_kb for Linux 5.4+
+optimize_readahead = true
+
+
 [mount.cn-north-1]
 dns_name_suffix = amazonaws.com.cn
 
+
 [mount.cn-northwest-1]
 dns_name_suffix = amazonaws.com.cn
 
+
 [mount.us-iso-east-1]
 dns_name_suffix = c2s.ic.gov
+stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 [mount.us-isob-east-1]
 dns_name_suffix = sc2s.sgov.gov
+stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 [mount-watchdog]
 enabled = true
@@ -70,9 +86,6 @@ unmount_grace_period_sec = 30
 # Set client auth/access point certificate renewal rate. Minimum value is 1 minute.
 tls_cert_renewal_interval_min = 60
 
-[client-info] 
-source=k8s
-
 [cloudwatch-log]
 # enabled = true
 log_group_name = /aws/efs/utils