aws-efs-csi-driver
aws-efs-csi-driver copied to clipboard
kubernetes-sigs
Discover EFS `fileSystemId` / `volumeHandle` instead of specifying it
Is your feature request related to a problem? Please describe. I create EFS volumes in terraform, grab the ID, and then add it to the values file to use the EFS
Describe the solution you'd like in detail I'd like to add a set of unique tags on my EFS and then specify a way of discovering the EFS ID without having to hard code the EFS ID
# specs/pv.yaml using static
- volumeHandle: fs-582a03f3
+ volumeHandleDiscovery:
+ tags:
+ service: titan
+ env: dev
# specs/sc.yaml using dynamic
- fileSystemId: fs-92107410
+ fileSystemDiscovery:
+ tags:
+ service: titan
+ env: dev
Describe alternatives you've considered
1. terraform
Create the entire k8s release in terraform so the EFS is created and passed in to a helm_resource so we do not have to hard code this value.
2. initContainer ?
As a workaround, is it possible to use some kind of initContainer using the aws-cli container to retrieve the efs ID on-the-fly, save it as an env var, and make it accessible to the pv/pvc/sc ?
Additional context
- There is SSL discovery in the aws-load-balancer-controlelr so why not EFS discovery in the aws-efs-csi-driver
- https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html
/kind feature
Thank you @nitrocode for the feature request. This is an interesting idea, but since tags aren't guaranteed to be unique, we're concerned that the wrong filesystem could be mounted which would be a security concern.
Hi Ryan! Thanks for commenting. You are correct, the tags would need to be unique.
In terraform, if you use a singular data source with tags and it matches more than one EFS, it throws an error. That's something that could be implemented here too.
Example of aws_efs_file_system data source
# this fails if an efs doesn't contain both tags
# this fails if multiple matching efs are discovered
# this only succeeds if a single matching efs is discovered
data "aws_efs_file_system" "selected" {
tags = {
env = "dev"
service = "titan"
}
}
In my opinion, if the user chooses to discover the EFS volume (which should be optional) then it should be on the user to assign the EFS a high cardinality attribute (such as a tag or multiple tags ANDed together) to correctly identify a single EFS volume, right?
So if this feature was implemented similar to terraform and no EFS volume was discovered or multiple were discovered, then I would imagine the driver would throw an error. I'd imagine the driver would succeed only if a single EFS was discovered.
Interesting, I didn't realize Terraform supported that. I can definitely see this being useful. Let's use this issue to track whether others would like this feature as well.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale