How to add EFS Provisioner in AWS EkS for Kubernetes

bySystem Engineer -
0

This page describes the process to deploy the EFS Provisioner Pod and a PVC to the Kubernetes cluster using EFS on AWS.


 

Actions

Open the file efs-provisioner-deployment.yaml in an editor, scroll down to the bottom of the file and replace the following three placeholder strings with the respective values from your EFS file system settings. Do not change any of the other environment variables in the file.

    efs-provisioner

    apiVersion: v1

    kind: Namespace

    metadata:

    name: storage

    ---

    apiVersion: v1

    kind: ServiceAccount

    metadata:

    name: efs-provisioner

    namespace: storage

    ---

    apiVersion: rbac.authorization.k8s.io/v1

    kind: ClusterRole

    metadata:

    name: efs-provisioner

    rules:

    - apiGroups: [""]

    resources: ["persistentvolumes"]

    verbs: ["get", "list", "watch", "create", "delete"]

    - apiGroups: [""]

    resources: ["persistentvolumeclaims"]

    verbs: ["get", "list", "watch", "update"]

    - apiGroups: ["storage.k8s.io"]

    resources: ["storageclasses"]

    verbs: ["get", "list", "watch"]

    - apiGroups: [""]

    resources: ["events"]

    verbs: ["create", "update", "patch"]

    ---

    apiVersion: rbac.authorization.k8s.io/v1

    kind: ClusterRoleBinding

    metadata:

    name: efs-provisioner

    roleRef:

    apiGroup: rbac.authorization.k8s.io

    kind: ClusterRole

    name: efs-provisioner

    subjects:

    - kind: ServiceAccount

    name: efs-provisioner

    namespace: storage

    ---

    kind: Role

    apiVersion: rbac.authorization.k8s.io/v1

    metadata:

    name: leader-locking-efs-provisioner

    namespace: storage

    rules:

    - apiGroups: [""]

    resources: ["endpoints"]

    verbs: ["get", "list", "watch", "create", "update", "patch"]

    ---

    kind: RoleBinding

    apiVersion: rbac.authorization.k8s.io/v1

    metadata:

    name: leader-locking-efs-provisioner

    namespace: storage

    roleRef:

    apiGroup: rbac.authorization.k8s.io

    kind: Role

    name: leader-locking-efs-provisioner

    subjects:

    - kind: ServiceAccount

    name: efs-provisioner

    namespace: storage

    ---

    apiVersion: apps/v1

    kind: Deployment

    metadata:

    name: efs-provisioner

    namespace: storage

    spec:

    replicas: 1

    selector:

    matchLabels:

    app: efs-provisioner

    strategy:

    type: Recreate

    template:

    metadata:

    labels:

    app: efs-provisioner

    spec:

    serviceAccount: efs-provisioner

    containers:

    - name: efs-provisioner

    image: eksworkshop/efs-provisioner:latest

    env:

    - name: FILE_SYSTEM_ID

    valueFrom:

    configMapKeyRef:

    name: efs-provisioner-config

    key: file.system.id

    - name: AWS_REGION

    valueFrom:

    configMapKeyRef:

    name: efs-provisioner-config

    key: aws.region

    - name: DNS_NAME

    valueFrom:

    configMapKeyRef:

    name: efs-provisioner-config

    key: dns.name

    optional: true

    - name: PROVISIONER_NAME

    valueFrom:

    configMapKeyRef:

    name: efs-provisioner-config

    key: provisioner.name

    volumeMounts:

    - name: pv-volume

    mountPath: /efs-mount

    volumes:

    - name: pv-volume

    nfs:

    server: fs-076cbc85.efs.us-east-1.amazonaws.com

    path: /

    ---

    apiVersion: v1

    kind: ConfigMap

    metadata:

    name: efs-provisioner-config

    namespace: storage

    data:

    file.system.id: fs-076cbc85

    aws.region: us-east-1

    provisioner.name: aws.io/aws-efs

    dns.name: ""

    Deploy the provisioner pod and PVC with the following set of commands.

    efs-pvc.yaml

    efs-pvc

    ---

    kind: StorageClass

    apiVersion: storage.k8s.io/v1

    metadata:

    name: elastic

    provisioner: aws.io/aws-efs

    ---

    kind: PersistentVolumeClaim

    apiVersion: v1

    metadata:

    name: efs-storage-claim

    namespace: storage

    annotations:

    volume.beta.kubernetes.io/storage-class: elastic

    spec:

    accessModes:

    - ReadWriteMany

    resources:

    requests:

    storage: 1Mi

    Deploy the provisioner pod and PVC Collapse source

    kubectl apply -f efs-provisioner-deployment.yaml

    kubectl apply -f efs-pvc.yaml

    \efs> kubectl apply -f efs-provisioner-deployment.yaml

    namespace/storage created

    serviceaccount/efs-provisioner created

    clusterrole.rbac.authorization.k8s.io/efs-provisioner created

    clusterrolebinding.rbac.authorization.k8s.io/efs-provisioner created

    role.rbac.authorization.k8s.io/leader-locking-efs-provisioner created

    rolebinding.rbac.authorization.k8s.io/leader-locking-efs-provisioner created

    deployment.apps/efs-provisioner created

    configmap/efs-provisioner-config created

    \efs> kubectl apply -f efs-pvc.yaml

    storageclass.storage.k8s.io/elastic created

    persistentvolumeclaim/efs-storage-claim created

    Next, check if a PVC resource was created. The output from the command should look similar to what is shown below, with the STATUS field set to Bound.

    kubectl get pvc -n storage

    Output:

    Collapse source

    NAME                STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE

    efs-storage-claim   Bound    pvc-8e470e71-5a24-11ea-9a37-0a95e5bfd098   1Mi        RWX            elastic        9

    PS C:\Users\naya0320\environment\efs> kubectl get pods -n storage

    NAME                               READY   STATUS    RESTARTS   AGE

    efs-provisioner-5c5f5d9869-vft54   1/1 Running   0          6s

    PS C:\Users\naya0320\environment\efs> kubectl get pv

    NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                       STORAGECLASS   REASON   AGE

    pvc-01dd9ee5-7331-46e0-ba3a-88ebf8aaf3e3   1Mi        RWX            Delete           Bound    storage/efs-storage-claim elastic                 48s

    image-2020-08-24-22-06-04-414

     

    You may launch a command shell within the EFS Provisioner pod and inspect the local directory /efs-mount.

    Note that this is the directory within the pod on to which /data directory of the EFS file system was mounted.

    Run the following set of commands to first get the name of the EFS Provisioner pod and then open up a command shell within the pod. Note that the pod name will be different in your environment.

    kubectl get pods -n storage

    kubectl exec -it efs-provisioner-849b6f77cb-rn9jb -n storage -- /bin/sh

    At the command shell within the pod, run the following command.

    ls -al /efs-mount
    • A sub-directory would have been created under /efs-mount to back the PV resource listed above.
    • The name of this directory, which in this example is efs-storage-claim-pvc-8e470e71-5a24-11ea-9a37-0a95e5bfd098, is constructed based on the name and ID attributes of the corresponding PVC. Whenever a new instance of PVC is created, the EFS Provisioner will dynamically create a PV instance as well as create a child directory under / directory of the EFS file system to back that PV.
    • There is always a one-to-one correspondance between a PV and a PVC.

    Hit Ctrl^D to exit out of the pod back to your CLI.

    Checks

    • A PV corresponding to the above PVC is dynamically created. Check its status with the following command.


      kubectl get pv

      > kubectl get storageclass

      NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE

      aws-efs example.com/aws-efs Delete Immediate false 11s

    Post-Actions

    Deploy some test pods.

    You can verify on AWS the size is getting increased once we start using it.

    Tags:

    Post a Comment

    Previous Post Next Post