diff --git a/Dockerfile b/Dockerfile index f986958f0..3dcc84a93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ ENV EFS_CLIENT_SOURCE=$client_source RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} make aws-efs-csi-driver FROM amazonlinux:2.0.20210219.0 -RUN yum install amazon-efs-utils-1.28.2-1.amzn2.noarch -y +RUN yum install amazon-efs-utils-1.30.1-1.amzn2.noarch -y # At image build time, static files installed by efs-utils in the config directory, i.e. CAs file, need # to be saved in another place so that the other stateful files created at runtime, i.e. private key for diff --git a/pkg/driver/efs_watch_dog.go b/pkg/driver/efs_watch_dog.go index d4f42900c..65fa8b900 100644 --- a/pkg/driver/efs_watch_dog.go +++ b/pkg/driver/efs_watch_dog.go @@ -26,9 +26,17 @@ import ( "k8s.io/klog" ) -// https://github.com/aws/efs-utils/blob/v1.28.2/dist/efs-utils.conf +// https://github.com/aws/efs-utils/blob/v1.30.2/dist/efs-utils.conf const ( efsUtilsConfigTemplate = ` +# +# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved. +# +# Licensed under the MIT License. See the LICENSE accompanying this file +# for the specific language governing permissions and limitations under +# the License. +# + [DEFAULT] logging_level = INFO logging_max_bytes = 1048576 @@ -37,14 +45,10 @@ logging_file_count = 10 state_file_dir_mode = 750 [mount] -dns_name_format = {fs_id}.efs.{region}.{dns_name_suffix} +dns_name_format = {az}.{fs_id}.efs.{region}.{dns_name_suffix} dns_name_suffix = amazonaws.com #The region of the file system when mounting from on-premises or cross region. -{{if .Region -}} -region = {{.Region -}} -{{else -}} #region = us-east-1 -{{- end}} stunnel_debug_enabled = false #Uncomment the below option to save all stunnel logs for a file system to the same file #stunnel_logs_file = /var/log/amazon/efs/{fs_id}.stunnel.log @@ -60,17 +64,25 @@ stunnel_check_cert_validity = false port_range_lower_bound = 20049 port_range_upper_bound = 20449 +# Optimize read_ahead_kb for Linux 5.4+ +optimize_readahead = true + + [mount.cn-north-1] dns_name_suffix = amazonaws.com.cn + [mount.cn-northwest-1] dns_name_suffix = amazonaws.com.cn + [mount.us-iso-east-1] dns_name_suffix = c2s.ic.gov +stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem [mount.us-isob-east-1] dns_name_suffix = sc2s.sgov.gov +stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem [mount-watchdog] enabled = true @@ -80,9 +92,6 @@ unmount_grace_period_sec = 30 # Set client auth/access point certificate renewal rate. Minimum value is 1 minute. tls_cert_renewal_interval_min = 60 -[client-info] -source={{.EfsClientSource}} - [cloudwatch-log] # enabled = true log_group_name = /aws/efs/utils @@ -248,7 +257,7 @@ func (w *execWatchdog) runLoop(stopCh <-chan struct{}) { for { select { case <-stopCh: - klog.Info("stopping...") + //klog.Info("stopping...") break default: err := w.exec() diff --git a/pkg/driver/efs_watch_dog_test.go b/pkg/driver/efs_watch_dog_test.go index 0f0c60620..daf1bb468 100644 --- a/pkg/driver/efs_watch_dog_test.go +++ b/pkg/driver/efs_watch_dog_test.go @@ -23,6 +23,14 @@ import ( const ( expectedEfsUtilsConfig = ` +# +# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved. +# +# Licensed under the MIT License. See the LICENSE accompanying this file +# for the specific language governing permissions and limitations under +# the License. +# + [DEFAULT] logging_level = INFO logging_max_bytes = 1048576 @@ -31,7 +39,7 @@ logging_file_count = 10 state_file_dir_mode = 750 [mount] -dns_name_format = {fs_id}.efs.{region}.{dns_name_suffix} +dns_name_format = {az}.{fs_id}.efs.{region}.{dns_name_suffix} dns_name_suffix = amazonaws.com #The region of the file system when mounting from on-premises or cross region. #region = us-east-1 @@ -50,17 +58,25 @@ stunnel_check_cert_validity = false port_range_lower_bound = 20049 port_range_upper_bound = 20449 +# Optimize read_ahead_kb for Linux 5.4+ +optimize_readahead = true + + [mount.cn-north-1] dns_name_suffix = amazonaws.com.cn + [mount.cn-northwest-1] dns_name_suffix = amazonaws.com.cn + [mount.us-iso-east-1] dns_name_suffix = c2s.ic.gov +stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem [mount.us-isob-east-1] dns_name_suffix = sc2s.sgov.gov +stunnel_cafile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem [mount-watchdog] enabled = true @@ -70,9 +86,6 @@ unmount_grace_period_sec = 30 # Set client auth/access point certificate renewal rate. Minimum value is 1 minute. tls_cert_renewal_interval_min = 60 -[client-info] -source=k8s - [cloudwatch-log] # enabled = true log_group_name = /aws/efs/utils