Skip to content

codedropau/efs-provisioner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Kubernetes - Storage Class - AWS EFS

CircleCI

Maintainer: Nick Schuch

Kubernetes storage class for automatically provisioning AWS EFS volumes.

This project would not be possible without:

https://github.com/kubernetes-incubator/external-storage

Why not external-storage/aws/efs?

That project uses an existing EFS filesystem and mounts subfolders for each PersistentVolumeClaim.

This project provisions a new EFS filesystem for each PersistentVolumeClaim, giving us:

  • Security - Not all stored on the one filesystem
  • Reliability - Other applications don't shared the same IOPs budget as your mount

Usage

Deploy the provisioner

First we need to deploy our provisioner, this component is responsible for:

  • Interfacing with a PersistentVolumeClaim
  • Provisioning the required AWS EFS storage
  • Returning the information needed to mount the storage

To deploy, create a file called provisioner.yaml with the contents below and run:

kubectl create -f provisioner.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: aws-efs-provisioner
  namespace: kube-system
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: aws-efs-provisioner
    spec:
      containers:
        - name: provisioner
          image: coderdropau/efs-provisioner:latest
          env:
            - name:  EFS_PERFORMANCE
              value: "generalPurpose"
            - name:  AWS_REGION
              value: "ap-southeast-2"
            - name:  AWS_SECURITY_GROUP
              value: "sg-xxxxxxxxx"
            - name:  AWS_SUBNETS
              value: "subnet-xxxxxx,subnet-xxxxxx"

Register our provisioner as a Storage Class

Now we are going to register our storage class, this is way for us to map an "identifer" to our provsioner.

In this example we are mapping aws-efs-gp to our storage.skpr.io/aws-efs-generalPurpose provisioner.

To deploy, create a file called class.yaml with the contents below and run:

kubectl create -f class.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
  name: aws-efs-gp
provisioner: efs.aws.skpr.io/generalPurpose

Create your first test PersistentVolumeClaim

Now we are going to provision our first claim, this will create an object that tells our provisioner to create us an EFS storage volume.

To deploy, create a file called test.yaml with the contents below and run:

kubectl create -f test.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test
  annotations:
    volume.beta.kubernetes.io/storage-class: "aws-efs-gp"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      # This is not used by the provisioner, but is required by the PVC.
      storage: 1Mi

Now you can inspect the status of the PVC being provisioned with:

$ kubectl get pvc
NAME             STATUS    VOLUME        CAPACITY   ACCESSMODES   STORAGECLASS   AGE
test             Bound     fs-f6e605cf   8E         RWX           aws-efs-gp     5m

NOTE: It will take 5(ish) minutes to get to the below state.

AWS Configuration

IAM Role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticfilesystem:DescribeFileSystems",
                "elasticfilesystem:CreateFileSystem",
                "elasticfilesystem:CreateTags",
                "elasticfilesystem:DescribeMountTargets",
                "elasticfilesystem:CreateMountTarget",
                "ec2:DescribeSubnets",
                "ec2:DescribeNetworkInterfaces",
                "ec2:CreateNetworkInterface"
            ],
            "Resource": "*"
        }
    ]
}

Credentials

Before using the tool, ensure that you've configured credentials. The best way to configure credentials on a development machine is to use the ~/.aws/credentials file, which might look like:

[default]
aws_access_key_id = AKID1234567890
aws_secret_access_key = MY-SECRET-KEY

You can learn more about the credentials file from this blog post.

Alternatively, you can set the following environment variables:

AWS_ACCESS_KEY_ID=AKID1234567890
AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY

Development

Tools

Workflow

Running quality checks

make lint test

Building binaries

make build

Resources

About

AWS EFS storage provisioner for Kubernetes

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published