POSIX access in a multi region DR scenario

[dumlutimuralp]

Is your feature request related to a problem?/Why is this needed

The Amazon EFS CSI Driver does not provide the capability to configure a user defined POSIX access to the EFS access point per PVC. Currently you have three options.

1. You configure a uid/gid in the Storage Class object and then each PVC gets created with the same uid/gid.
2. You configure a gidRange and the EFS CSI Driver assigns the next value available from that range to the PVC.
3. You do not configure any of the above and then EFS CSI Driver assigns any value to the PVC.

In a multi region DR using EKS with EFS scenario the applications in each region must have access to the same file content with the same POSIX access. EFS CSI Driver' s subpath parameter makes the same file content avaiable. But the same POSIX access is only possible when you configure uid/gid in the StorageClass object level (Option 1 above). This means that EFFS CSI Driver will assign uid/gid to the access point of each PVC. If you use Option 2 or Option 3 above then it is impossible to make sure that the same application deployment in each region will have the same POSIX access to the same file content on the EFS layer.

For example, EKS Cluster 1 in Region 1 has two applications. Efs-app1 and Efs-app2. Efs-app1 is created before Efs-app2. So Efs-app1' s PVC' s POSIX is assigned as 1000, and Efs-app2' s POSIX is assigned as 1001. Next you created Efs-app2 before Efs-app1 and as a result Efs-app2 gets the POSIX as 1000, and Efs-app1 gets the POSIX as 1001. So In Region 1 Efs-app1 writes data to the file path on EFS with POSIX 1000, and then Efs-app1 in Region 2 is not able to access the same file path because it has a different POSIX assgined to it.

/feature

Describe the solution you'd like in detail A clear and concise description of what you want to happen.

There should be a simple logic to be implemented in the EFS CSI Driver where based on the string/pattern used in the subpath , a hash should be calculated as an output. Thathash should correspond to a unique numerical value which is to be used for the POSIX. As a result the value will always be the same in both EKS clusters in each region hence the applications in each region would have access to the same file path with the same POSIX type.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. Have not thought of any other.

Additional context Add any other context or screenshots about the feature request here.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[dumlutimuralp]

/remove-lifecycle stale