Mount EFS file system to EKS containers
2020年04月29日
Use the following command to deploy the Amazon EFS CSI driver to an Amazon EKS cluster.
~]$ kubectl apply -k "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
Create an Amazon EFS file system for your Amazon EKS cluster
Locate the VPC ID for your Amazon EKS cluster. You can find this ID in the Amazon EKS console, or you can use the following AWS CLI command. Replace the cluster name (ekscluster01) to suit your environment.
~]$ aws eks describe-cluster --name ekscluster01 --query "cluster.resourcesVpcConfig.vpcId" --output text
Locate the CIDR range for your cluster's VPC. You can find this using the following AWS CLI command.
~]$ aws ec2 describe-vpcs --vpc-ids vpc-******* --query "Vpcs[].CidrBlock" --output text
Create a security group that allows inbound NFS traffic for your Amazon EFS mount points. Then, add a rule to your security group to allow inbound NFS traffic from your VPC CIDR range. (Step 3 and 4)
Create the Amazon EFS file system for your Amazon EKS cluster. (Step 5)
Retrieve your Amazon EFS file system ID. You can find this using the following AWS CLI command.
$ aws efs describe-file-systems --query "FileSystems[*].FileSystemId" --output text
Create pv.yaml file and replace the volumeHandle value with your Amazon EFS file system ID.
$ vim efs-pv.yaml
Because Amazon EFS is an elastic file system, it does not enforce any file system capacity limits. The actual storage capacity value in persistent volumes and persistent volume claims is not used when creating the file system. However, since storage capacity is a required field in Kubernetes, you must specify a valid value, such as, 5Gi in this example. This value does not limit the size of your Amazon EFS file system.
$ kubectl apply -f efs-pv.yaml
persistentvolume/efs-pv created
List the persistent volumes in the default namespace. Look for a persistent volume with the [namespace]/efs-claim claim.
$ kubectl get pv
When you create a PVC, you request a specific amount of storage (5 Gi), specify the required access mode (ReadWriteMany), and create a storage class (efs-sc) to describe and classify the storage.
$ vim efs-claim.yaml
In this example, PV is dynamically provisioned using a StorageClass object.
$ vim efs-storageclass.yaml
Deploy the efs-storageclass class, efs-claim persistent volume claim, and efs-pv persistent volume.
$ kubectl apply -f efs-storageclass.yaml
$ kubectl apply -f efs-claim.yaml
Modify the deployment definition.
vim blog-deployment.yaml
Replace the above AWS account ID (123456789012) with your own.
kubectl apply -f blog-deployment.yaml
Describe the persistent volume.
$ kubectl describe pv efs-pv
playbook]$ kubectl get pods
Verify that the pod is successfully writing data to the volume.
playbook]$ kubectl exec -ti blog-deployment-58d49d8457-kk58p -- ls /blogdata
References
Amazon EFS CSI driver
The Amazon EFS Container Storage Interface (CSI) driver provides a CSI interface that allows Amazon EKS clusters to manage the lifecycle of Amazon EFS file systems.
This topic shows you how to deploy the Amazon EFS CSI Driver to your Amazon EKS cluster and verify that it works.
There are some new concepts introduced in this post, i.e. PV, PVC and storage class. In short, PV provisions persistent storage for a cluster, PVC can be used to request PV resources, and storage class dynamically provisions storage resource, i.e. PV.
Without further ado, let's begin our journey.
Login to the central management host to operate K8S cluster.
$ kubectl config view --minify | grep namespace:
namespace: blog
Use the following command to deploy the Amazon EFS CSI driver to an Amazon EKS cluster.
~]$ kubectl apply -k "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
daemonset.apps/efs-csi-node created csidriver.storage.k8s.io/efs.csi.aws.com createdPS: If encounter below error, make sure git is installed on the local server.
error: no 'git' program on path: exec: "git": executable file not found in $PATH$ sudo yum install -y git
Create an Amazon EFS file system for your Amazon EKS cluster
Locate the VPC ID for your Amazon EKS cluster. You can find this ID in the Amazon EKS console, or you can use the following AWS CLI command. Replace the cluster name (ekscluster01) to suit your environment.
~]$ aws eks describe-cluster --name ekscluster01 --query "cluster.resourcesVpcConfig.vpcId" --output text
vpc-******
Locate the CIDR range for your cluster's VPC. You can find this using the following AWS CLI command.
~]$ aws ec2 describe-vpcs --vpc-ids vpc-******* --query "Vpcs[].CidrBlock" --output text
10.0.0.0/16
Create a security group that allows inbound NFS traffic for your Amazon EFS mount points. Then, add a rule to your security group to allow inbound NFS traffic from your VPC CIDR range. (Step 3 and 4)
Create the Amazon EFS file system for your Amazon EKS cluster. (Step 5)
Retrieve your Amazon EFS file system ID. You can find this using the following AWS CLI command.
$ aws efs describe-file-systems --query "FileSystems[*].FileSystemId" --output text
fs-fd******
Create pv.yaml file and replace the volumeHandle value with your Amazon EFS file system ID.
$ vim efs-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: fs-fd******
NBBecause Amazon EFS is an elastic file system, it does not enforce any file system capacity limits. The actual storage capacity value in persistent volumes and persistent volume claims is not used when creating the file system. However, since storage capacity is a required field in Kubernetes, you must specify a valid value, such as, 5Gi in this example. This value does not limit the size of your Amazon EFS file system.
$ kubectl apply -f efs-pv.yaml
persistentvolume/efs-pv created
List the persistent volumes in the default namespace. Look for a persistent volume with the [namespace]/efs-claim claim.
$ kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE efs-pv 5Gi RWX Retain Bound blog/efs-claim efs-sc 52d
When you create a PVC, you request a specific amount of storage (5 Gi), specify the required access mode (ReadWriteMany), and create a storage class (efs-sc) to describe and classify the storage.
$ vim efs-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
In this example, PV is dynamically provisioned using a StorageClass object.
$ vim efs-storageclass.yaml
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: efs-sc provisioner: efs.csi.aws.com
Deploy the efs-storageclass class, efs-claim persistent volume claim, and efs-pv persistent volume.
$ kubectl apply -f efs-storageclass.yaml
storageclass.storage.k8s.io/efs-sc created
$ kubectl apply -f efs-claim.yaml
persistentvolumeclaim/efs-claim created
Modify the deployment definition.
vim blog-deployment.yaml
spec:
...
template:
metadata:
labels:
app: "blog"
spec:
containers:
- image: 123456789012.dkr.ecr.us-west-2.amazonaws.com/blog:latest
imagePullPolicy: Always
name: "blog"
ports:
- containerPort: 80
volumeMounts:
- name: persistent-storage-efs
mountPath: /blogdata
volumes:
- name: persistent-storage-efs
persistentVolumeClaim:
claimName: efs-claim
PSReplace the above AWS account ID (123456789012) with your own.
kubectl apply -f blog-deployment.yaml
Describe the persistent volume.
$ kubectl describe pv efs-pv
Name: efs-pv
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"PersistentVolume","metadata":{"annotations":{},"name":"efs-pv"},"spec":{"accessModes":["ReadWriteMany"],"capaci...
pv.kubernetes.io/bound-by-controller: yes
Finalizers: [kubernetes.io/pv-protection]
StorageClass: efs-sc
Status: Bound
Claim: blog/efs-claim
Reclaim Policy: Retain
Access Modes: RWX
VolumeMode: Filesystem
Capacity: 5Gi
Node Affinity: <none>
Message:
Source:
Type: CSI (a Container Storage Interface (CSI) volume source)
Driver: efs.csi.aws.com
VolumeHandle: fs-fd******
ReadOnly: false
VolumeAttributes: <none>
Events: <none>
playbook]$ kubectl get pods
NAME READY STATUS RESTARTS AGE blog-deployment-58d49d8457-kk58p 1/1 Running 0 3m18s
Verify that the pod is successfully writing data to the volume.
playbook]$ kubectl exec -ti blog-deployment-58d49d8457-kk58p -- ls /blogdata
References
Amazon EFS CSI driver