AWS EFS

Amazon Elastic File System (Amazon EFS) is a scalable file storage that allows for automatic data encryption at rest and in transit. You can access information from an AWS EFS volume, within a specific region, no matter which availability zone. The cluster can be distributed across availability zones instead of having it in one location and replicating it across multiple times.

Palette handles setting up the AWS EFS as a volume with ease when adding the PersistentVolume storage container. Palette will dynamically provision the AWS EFS storage layer for the worker node.

Usage

There are two ways to add AWS EFS to Palette:

  1. Add EFS as a CSI layer in AWS/EKS.
  1. Add EFS as an Add-on layer, which will create a new storage class using the AWS EFS file system.

Prerequisites

  • Have a filesystem created and available before you provision AWS EFS to Palette.

Policy Information

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeFileSystems"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticfilesystem:CreateAccessPoint"
],
"Resource": "*",
"Condition": {
"StringLike": {
"aws:RequestTag/efs.csi.aws.com/cluster": "true"
}
}
},
{
"Effect": "Allow",
"Action": "elasticfilesystem:DeleteAccessPoint",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/efs.csi.aws.com/cluster": "true"
}
}
}
]
}

Versions Supported

  • 1.4.0

Notable Parameters

While adding the AWS EFS layer, the following parameters can be configured:

NameSupported ValuesDefault ValueDescription
storageClassNamespectro-storage-classAWS Volume type to be used.
isDefaultClasstrueToggle for Default class.
fileSystemIdThis is the File System under which access points are created. It should be created prior to this setup.
This is a mandatory field and needs to be set to a pre-created AWS EFS volume. Other values can be at the default setting.
provisioningModeefs-apefs-apThe type of volume provisioned by AWS EFS. For now, this is the
only access point supported.
directoryPerms700Directory permissions for Access Point root directory creation.
gidRangeStart1000Starting range of the Portable Operating System Interface(POSIX) group Id to be applied for access point root directory creation (optional).
gidRangeEnd2000End range of the POSIX group Id (optional).
basePath/base_efsPath under which access points for dynamic provisioning is created.
If this parameter is not specified, access points are created under the root directory of the file system.

Troubleshooting

Storage Class

Storage classes created by Palette will be with the name spectro-storage-class and can be fetched from kubectl using the following CLI command:

kubectl get storageclass

PersistentVolumeClaim

The kubectl describes pvc ${PVC_NAME} command output is as follows:

`$ PVC_NAME=efs; kubectl describe pvc ${PVC_NAME}`
Name: efs
Namespace: default
StorageClass: aws-efs
Status: Pending
Volume:
Labels:<none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{"volume.beta.kubernetes.io/
storage-class":"aws-efs"},"name":"..."}
volume.beta.kubernetes.io/storage-class: aws-efs
Finalizers: [kubernetes.io/pvc-protection]
Capacity:
Access Modes:
Events:
| Type | Reason | Age | From | Message |
| ------- | ------------------ | ------------------ | --------------------------- | ------------------------ |
| Warning | ProvisioningFailed | 43s (x12 over 11m) | persistentvolume-controller | no volume plugin matched |
Mounted By: <none>

References

See the following information on all AWS EFS parameters:

Example of an IAM Policy:

To learn more info about Storage Classes see following link: