Amazon EFS CSI Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Deploy the Amazon EFS CSI Driver

Ensure you are in the right context, with sufficient permissions, then: 

kubectl apply -k "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/ecr/?ref=release-1.0"

This deploys a CSIDriver and a DaemonSet resources: 

kubectl get csidriver
NAME              CREATED AT
efs.csi.aws.com   2020-06-24T04:29:45Z

kubectl get -n kube-system daemonset
NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                                     AGE
efs-csi-node   3         3         3       3            3           kubernetes.io/arch=amd64,kubernetes.io/os=linux   57d

Deploy the EFS Storage Class

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: efs-sc
provisioner: efs.csi.aws.com

apply -f ./storageclass.yaml
storageclass.storage.k8s.io/efs-sc created
kubectl get sc
NAME            PROVISIONER             AGE
[...]
efs-sc          efs.csi.aws.com         16s

Deploy the EFS Persistent Volume

apiVersion: v1
kind: PersistentVolume
metadata:
  name: efs-pv
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: efs-sc
  csi:
    driver: efs.csi.aws.com
    volumeHandle: fs-99999999

kubectl apply -f persistent-volume.yaml
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
[...]
efs-pv                                     1Gi        RWX            Retain           Available                             efs-sc                  38s

Deploy the Persistent Volume Claim

For a discussion on what combination of storage class and persistent volume names work, see Persistent Volume Claims and Storage Class. Usually one can specify only the storage class, or the storage class and a persistent volume name. 

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: efs-claim
  namespace: test
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: efs-sc
  resources:
    requests:
      storage: 1Gi

kubectl apply -f persistent-volume-claim.yaml
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
[...]
efs-pv                                     1Gi        RWX            Retain           Available                             efs-sc                  38s

Mount in Pod

apiVersion: v1
kind: Pod
metadata:
  name: app1
spec:
  containers:
  - name: app1
    image: busybox
    command: ["/bin/sh"]
    args: ["-c", "while true; do echo $(date -u) >> /data/out1.txt; sleep 5; done"]
    volumeMounts:
    - name: persistent-storage
      mountPath: /data
  volumes:
  - name: persistent-storage
    persistentVolumeClaim:
      claimName: efs-claim

Troubleshooting

The EFS filesystem cannot be mounted on EKS worker nodes

The symptoms include [...]. One of the causes is that the security groups associated with the worker nodes do not allow IP connectivity to/from the mount targets. If possible, try to manually mount the filesystem on the worker nodes, as a test.

Retrieved from "https://kb.novaordis.com/index.php?title=Amazon_EFS_CSI_Operations&oldid=68666"