cloud-platform
cloud-platform copied to clipboard
ministryofjustice
Investigation: Usable EFS solution
Background
We have decomissioned our efs-csi-driver from production clusters, because in its current form it is not fit for use within the platform. The reason for turning off is that we know that there has been issues around locking down access to mount points via IRSA, meaning we cannot isolate access to user environments/pods.
At some point in the future, we are likely to have users of the platform querying NFS like storage solutions (data/analytical platform would be interested now if we offered bespoke node group for their NFS use case needs - at time of writing we do not), as from time to time people have asked questions around this feature.
We should dedicate some time to looking to see if there has been any improvements or alternative approaches to achieving EFS integration.
Further information:
https://github.com/ministryofjustice/cloud-platform/issues/3994
https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/774
https://github.com/aws/efs-utils/commit/b5825e6c59f7346c969ad00e65d32c87817ed348
Proposed user journey
Approach
Which part of the user docs does this impact
Communicate changes
- [ ] post for #cloud-platform-update
- [ ] Weeknotes item
- [ ] Show the Thing/P&A All Hands/User CoP
- [ ] Announcements channel
Questions / Assumptions
Definition of done
- [ ] readme has been updated
- [ ] user docs have been updated
- [ ] another team member has reviewed
- [ ] smoke tests are green
- [ ] prepare demo for the team
Reference
How to write good user stories
