Amazon Elastic File System (Amazon EFS) is a scalable file storage that allows for automatic data encryption at rest and in transit. You can access information from an AWS EFS volume, within a specific region, no matter which availability zone. The cluster can be distributed across availability zones instead of having it in one location and replicating it across multiple times.
Palette handles setting up the AWS EFS as a volume with ease when adding the PersistentVolume storage container. Palette will dynamically provision the AWS EFS storage layer for the worker node.
There are two ways to add AWS EFS to Palette:
- Add EFS as a CSI layer in AWS/EKS.
- Add EFS as an Add-on layer, which will create a new storage class using the AWS EFS file system.
- Create the Identity and Access Management (IAM) role that allows the driver to manage AWS EFS access points. See the Introducing Amazon EFS CSI dynamic provisioning blog for information on
EFSCSIControllerIAMPolicy
.
- Have a filesystem created and available before you provision AWS EFS to Palette.
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["elasticfilesystem:DescribeAccessPoints","elasticfilesystem:DescribeFileSystems"],"Resource": "*"},{"Effect": "Allow","Action": ["elasticfilesystem:CreateAccessPoint"],"Resource": "*","Condition": {"StringLike": {"aws:RequestTag/efs.csi.aws.com/cluster": "true"}}},{"Effect": "Allow","Action": "elasticfilesystem:DeleteAccessPoint","Resource": "*","Condition": {"StringEquals": {"aws:ResourceTag/efs.csi.aws.com/cluster": "true"}}}]
While adding the AWS EFS layer, the following parameters can be configured:
Name | Supported Values | Default Value | Description |
---|---|---|---|
storageClassName | spectro-storage-class | AWS Volume type to be used. | |
isDefaultClass | true | Toggle for Default class. | |
fileSystemId | This is the File System under which access points are created. It should be created prior to this setup. This is a mandatory field and needs to be set to a pre-created AWS EFS volume. Other values can be at the default setting. | ||
provisioningMode | efs-ap | efs-ap | The type of volume provisioned by AWS EFS. For now, this is the only access point supported. |
directoryPerms | 700 | Directory permissions for Access Point root directory creation. | |
gidRangeStart | 1000 | Starting range of the Portable Operating System Interface(POSIX) group Id to be applied for access point root directory creation (optional). | |
gidRangeEnd | 2000 | End range of the POSIX group Id (optional). | |
basePath | /base_efs | Path under which access points for dynamic provisioning is created. If this parameter is not specified, access points are created under the root directory of the file system. |
Storage Class
Storage classes created by Palette will be with the name spectro-storage-class and can be fetched from kubectl using the following CLI command:
kubectl get storageclass
PersistentVolumeClaim
The kubectl describes pvc
${PVC_NAME} command output is as follows:
`$ PVC_NAME=efs; kubectl describe pvc ${PVC_NAME}`Name: efsNamespace: defaultStorageClass: aws-efsStatus: PendingVolume:Labels:<none>Annotations: kubectl.kubernetes.io/last-applied-configuration:{"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{"volume.beta.kubernetes.io/storage-class":"aws-efs"},"name":"..."}volume.beta.kubernetes.io/storage-class: aws-efsFinalizers: [kubernetes.io/pvc-protection]Capacity:Access Modes:Events:| Type | Reason | Age | From | Message || ------- | ------------------ | ------------------ | --------------------------- | ------------------------ || Warning | ProvisioningFailed | 43s (x12 over 11m) | persistentvolume-controller | no volume plugin matched |Mounted By: <none>
See the following information on all AWS EFS parameters:
Example of an IAM Policy:
To learn more info about Storage Classes see following link: