Maintainer: Nick Schuch
Kubernetes storage class for automatically provisioning AWS EFS volumes.
This project would not be possible without:
https://github.com/kubernetes-incubator/external-storage
Why not external-storage/aws/efs?
That project uses an existing EFS filesystem and mounts subfolders for each PersistentVolumeClaim.
This project provisions a new EFS filesystem for each PersistentVolumeClaim, giving us:
- Security - Not all stored on the one filesystem
- Reliability - Other applications don't shared the same IOPs budget as your mount
Deploy the provisioner
First we need to deploy our provisioner, this component is responsible for:
- Interfacing with a PersistentVolumeClaim
- Provisioning the required AWS EFS storage
- Returning the information needed to mount the storage
To deploy, create a file called provisioner.yaml with the contents below and run:
kubectl create -f provisioner.yamlkind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: aws-efs-provisioner
namespace: kube-system
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: aws-efs-provisioner
spec:
containers:
- name: aws-efs-provisioner
image: previousnext/k8s-aws-efs:2.0.0
env:
- name: EFS_PERFORMANCE
value: "generalPurpose"
- name: AWS_REGION
value: "ap-southeast-2"
- name: AWS_SECURITY_GROUP
value: "sg-xxxxxxxxx"
- name: AWS_SUBNETS
value: "subnet-xxxxxx,subnet-xxxxxx"Register our provisioner as a Storage Class
Now we are going to register our storage class, this is way for us to map an "identifer" to our provsioner.
In this example we are mapping aws-efs-gp to our storage.skpr.io/aws-efs-generalPurpose provisioner.
To deploy, create a file called class.yaml with the contents below and run:
kubectl create -f class.yamlkind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: aws-efs-gp
provisioner: efs.aws.skpr.io/generalPurposeCreate your first test PersistentVolumeClaim
Now we are going to provision our first claim, this will create an object that tells our provisioner to create us an EFS storage volume.
To deploy, create a file called test.yaml with the contents below and run:
kubectl create -f test.yamlkind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test
annotations:
volume.beta.kubernetes.io/storage-class: "aws-efs-gp"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
# This is not used by the provisioner, but is required by the PVC.
storage: 1MiNow you can inspect the status of the PVC being provisioned with:
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE
test Bound fs-f6e605cf 8E RWX aws-efs-gp 5mNOTE: It will take 5(ish) minutes to get to the below state.
IAM Role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:CreateFileSystem",
"elasticfilesystem:CreateTags",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:CreateMountTarget"
],
"Resource": "*"
}
]
}Credentials
Before using the tool, ensure that you've configured credentials. The best
way to configure credentials on a development machine is to use the
~/.aws/credentials file, which might look like:
[default]
aws_access_key_id = AKID1234567890
aws_secret_access_key = MY-SECRET-KEYYou can learn more about the credentials file from this blog post.
Alternatively, you can set the following environment variables:
AWS_ACCESS_KEY_ID=AKID1234567890
AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY
- Dynamic Provisioning and Storage Classes in Kubernetes
- Kubernetes Incubator: External Storage
- Dave Cheney - Reproducible Builds
- Code lives in the
workspacedirectory
- Dependency management - https://getgb.io
- Build - https://github.com/mitchellh/gox
- Linting - https://github.com/golang/lint
(While in the workspace directory)
Installing a new dependency
gb vendor fetch github.com/foo/barRunning quality checks
make lint testBuilding binaries
make build
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent