Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement mount options support #5

Merged
merged 2 commits into from
Jan 2, 2019
Merged

Implement mount options support #5

merged 2 commits into from
Jan 2, 2019

Conversation

leakingtapan
Copy link
Contributor

@leakingtapan leakingtapan commented Jan 2, 2019
edited
Loading

This enables EFS encryption in transit using tls as mount option.

Testing Done

Tested on k8s v1.13 which has CSI mount option support implemented

Used PV:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: efs-pv
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  storageClassName: efs-sc
  mountOptions:
    - tls
  csi:
    driver: efs.csi.aws.com
    volumeHandle: fs-4af69aab

Verified that tls mount option is set during mount in EFS driver log:

I0102 21:36:13.615038       1 node.go:43] NodePublishVolume: called with args volume_id:"fs-4af69aab" target_path:"/var/lib/kubelet/pods/6641820f-0ed6-11e9-820b-0ae1b2749708/volumes/kubernetes.io~csi/efs-pv/mount" volume_capability:<mount:<mount_flags:"tls" > access_mode:<mode:SINGLE_NODE_WRITER > >
I0102 21:36:13.615098       1 node.go:82] NodePublishVolume: creating dir /var/lib/kubelet/pods/6641820f-0ed6-11e9-820b-0ae1b2749708/volumes/kubernetes.io~csi/efs-pv/mount
I0102 21:36:13.615114       1 node.go:87] NodePublishVolume: mounting fs-4af69aab:/ at /var/lib/kubelet/pods/6641820f-0ed6-11e9-820b-0ae1b2749708/volumes/kubernetes.io~csi/efs-pv/mount with options [tls]

And data is written onto EFS with no issue:

>>  kubectl exec -ti app -- tail -f /data/out.txt                                                                                                                               
Wed Jan 2 21:41:36 UTC 2019
Wed Jan 2 21:41:41 UTC 2019
Wed Jan 2 21:41:46 UTC 2019
Wed Jan 2 21:41:51 UTC 2019
Wed Jan 2 21:41:56 UTC 2019
Wed Jan 2 21:42:01 UTC 2019

@leakingtapan leakingtapan force-pushed the mount-option branch 2 times, most recently from 37a9e2e to 7bb84ff Compare January 2, 2019 22:09
@leakingtapan leakingtapan merged commit 9cec291 into kubernetes-sigs:master Jan 2, 2019
@leakingtapan leakingtapan deleted the mount-option branch January 2, 2019 23:07
jsafrane pushed a commit to jsafrane/aws-efs-csi-driver that referenced this pull request Sep 2, 2021
@openshift-merge-robot
Merge pull request kubernetes-sigs#5 from jsafrane/base-image
35a6bd3 
UPSTREAM: <carry>: Use a base image with efs-utils
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@leakingtapan