Terraform module for deploying aws-efs-csi-driver inside a pre-existing EKS cluster and creating an EFS file system in AWS.
The Amazon Elastic File System Container Storage Interface (CSI) Driver implements the CSI specification for container orchestrators to manage the lifecycle of Amazon EFS file systems.
module "efs_csi_driver" {
source = "git::https://github.com/DNXLabs/terraform-aws-eks-efs-csi-driver.git"
vpc_id = module.vpc.vpc_id
vpc_cidr_block = module.vpc.vpc_cidr_block
vpc_subnet_ids = module.vpc.public_subnet_ids
cluster_name = module.eks_cluster.cluster_id
cluster_identity_oidc_issuer = module.eks_cluster.cluster_oidc_issuer_url
cluster_identity_oidc_issuer_arn = module.eks_cluster.oidc_provider_arn
}
Before the example, you need to:
- Get yourself familiar with how to setup Kubernetes on AWS and how to create EFS file system.
- Install EFS CSI driver and create an EFS file system and its storage class using this module.
Note: Make sure that the EFS file system is accessible from Kubernetes cluster. This can be achieved by creating the file system inside the same VPC as Kubernetes cluster or using VPC peering.
- Static provisioning
- Dynamic provisioning
- Encryption in transit
- Accessing the file system from multiple pods
- Consume EFS in StatefulSets
- Mount subpath
- Use Access Points
One of the advantages of using EFS is that it provides encryption in transit support using TLS. Using encryption in transit, data will be encrypted during its transition over the network to the EFS service. This provides an extra layer of defence-in-depth for applications that requires strict security compliance.
Encryption in transit is enabled by default in the master branch version of the driver. To disable it and mount volumes using plain NFSv4, set volumeAttributes field encryptInTransit to "false" in your persistent volume manifest. For an example manifest, see Encryption in Transit Example.
Note Kubernetes version 1.13+ is required if you are using this feature in Kubernetes.
Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 3.13, < 4.0 |
helm | >= 1.0, < 3.0 |
kubectl | >= 1.9.4 |
kubernetes | >= 1.10.0, < 3.0.0 |
Name | Version |
---|---|
helm | >= 1.0, < 3.0 |
kubectl | >= 1.9.4 |
kubernetes | >= 1.10.0, < 3.0.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_namespace | Whether to create k8s namespace with name defined by namespace . |
bool |
true |
no |
create_storage_class | Whether to create Storage class for EFS CSI driver. | bool |
true |
no |
enabled | n/a | bool |
true |
no |
helm_chart_name | Amazon EFS CSI Driver chart name. | string |
"aws-efs-csi-driver" |
no |
helm_chart_release_name | Amazon EFS CSI Driver release name. | string |
"aws-efs-csi-driver" |
no |
helm_chart_repo | Amazon EFS CSI Driver repository name. | string |
"https://kubernetes-sigs.github.io/aws-efs-csi-driver/" |
no |
helm_chart_version | Amazon EFS CSI Driver chart version. | string |
"2.2.0" |
no |
mod_dependency | Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable. | any |
null |
no |
namespace | Kubernetes namespace to deploy EKS Spot termination handler Helm chart. | string |
"kube-system" |
no |
service_account_name | Amazon EFS CSI Driver service account name. | string |
"aws-efs-csi-driver" |
no |
settings | Additional settings which will be passed to the Helm chart values, see https://github.com/kubernetes-sigs/aws-efs-csi-driver. | map |
{} |
no |
storage_class_name | Storage class name for EFS CSI driver. | string |
"efs-sc" |
no |
Name | Description | Type |
---|---|---|
efs_file_system_id | The id of the EFS file system created by this module. | string |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.