search

kubernetes-sigs / aws-efs-csi-driver

CSI Driver for Amazon EFS https://aws.amazon.com/efs/
Apache License 2.0
703 stars 539 forks source link

Discover EFS `fileSystemId` / `volumeHandle` instead of specifying it #1052

Open nitrocode opened 1 year ago

nitrocode commented 1 year ago

Is your feature request related to a problem? Please describe. I create EFS volumes in terraform, grab the ID, and then add it to the values file to use the EFS

Describe the solution you'd like in detail I'd like to add a set of unique tags on my EFS and then specify a way of discovering the EFS ID without having to hard code the EFS ID

# specs/pv.yaml using static
-    volumeHandle: fs-582a03f3
+    volumeHandleDiscovery:
+      tags:
+        service: titan
+        env: dev
# specs/sc.yaml using dynamic
-  fileSystemId: fs-92107410
+  fileSystemDiscovery:
+    tags:
+      service: titan
+      env: dev

Describe alternatives you've considered

1. terraform

Create the entire k8s release in terraform so the EFS is created and passed in to a helm_resource so we do not have to hard code this value.

2. initContainer ?

As a workaround, is it possible to use some kind of initContainer using the aws-cli container to retrieve the efs ID on-the-fly, save it as an env var, and make it accessible to the pv/pvc/sc ?

Additional context

RyanStan commented 1 year ago

/kind feature

Thank you @nitrocode for the feature request. This is an interesting idea, but since tags aren't guaranteed to be unique, we're concerned that the wrong filesystem could be mounted which would be a security concern.

nitrocode commented 1 year ago

Hi Ryan! Thanks for commenting. You are correct, the tags would need to be unique.

In terraform, if you use a singular data source with tags and it matches more than one EFS, it throws an error. That's something that could be implemented here too.

Example of aws_efs_file_system data source

# this fails if an efs doesn't contain both tags
# this fails if multiple matching efs are discovered
# this only succeeds if a single matching efs is discovered
data "aws_efs_file_system" "selected" {
  tags = {
    env     = "dev"
    service = "titan"
  }
}

In my opinion, if the user chooses to discover the EFS volume (which should be optional) then it should be on the user to assign the EFS a high cardinality attribute (such as a tag or multiple tags ANDed together) to correctly identify a single EFS volume, right?

So if this feature was implemented similar to terraform and no EFS volume was discovered or multiple were discovered, then I would imagine the driver would throw an error. I'd imagine the driver would succeed only if a single EFS was discovered.

RyanStan commented 1 year ago

Interesting, I didn't realize Terraform supported that. I can definitely see this being useful. Let's use this issue to track whether others would like this feature as well.

k8s-triage-robot commented 7 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

nitrocode commented 7 months ago

/remove-lifecycle stale

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

nitrocode commented 4 months ago

/remove-lifecycle stale

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

nitrocode commented 1 month ago

/remove-lifecycle stale