Investigation: Usable EFS solution

[sj-williams]

Background

We have decomissioned our efs-csi-driver from production clusters, because in its current form it is not fit for use within the platform. The reason for turning off is that we know that there has been issues around locking down access to mount points via IRSA, meaning we cannot isolate access to user environments/pods.

At some point in the future, we are likely to have users of the platform querying NFS like storage solutions (data/analytical platform would be interested now if we offered bespoke node group for their NFS use case needs - at time of writing we do not), as from time to time people have asked questions around this feature.

We should dedicate some time to looking to see if there has been any improvements or alternative approaches to achieving EFS integration.

Further information:

https://github.com/ministryofjustice/cloud-platform/issues/3994

https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/774

https://github.com/aws/efs-utils/commit/b5825e6c59f7346c969ad00e65d32c87817ed348

Proposed user journey

Approach

Which part of the user docs does this impact

Communicate changes

• [ ] post for #cloud-platform-update
• [ ] Weeknotes item
• [ ] Show the Thing/P&A All Hands/User CoP
• [ ] Announcements channel

Questions / Assumptions

Definition of done

• [ ] readme has been updated
• [ ] user docs have been updated
• [ ] another team member has reviewed
• [ ] smoke tests are green
• [ ] prepare demo for the team

Reference

How to write good user stories

[sj-williams]

relates to ministryofjustice/cloud-platform#4877