-
Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
Feature Overview (aka. Goal Summary)
Add a new provisioning method for AWS EFS CSI driver that, instead of creating EFS access points, this new provisioning method would create sub-directories per PV.
We will start with a tech preview support status.
This is important, as currently we can't set UID/GID & permissions (i.e chown/chmod) because current dynamic provisioning create a sub EFS access point and it's not possible to chown from a top level access point. Customers want a way to set their own permissions from the top level directory.
In these EFS Access Points, the PosixUser is set automatically, there is currently no possibility to disable this behaviour as this is managed on the EFS side.
More details in this KB https://access.redhat.com/solutions/7011821
Goals (aka. expected user outcomes)
A new provisioning method has been proposed upstream a while ago but never got merged. This new provisioning creates a sub directory per PV allowing users to set their own permissions.
https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/732
The goal of this feature is to revamp the PR, analyse the code, do a rebase and manage to get it merged
Requirements (aka. Acceptance Criteria):
Code is merged, is passing the general regression CI for EFS volumes + ability to define permissions/ownership.
Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed. Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.
Deployment considerations | List applicable specific needs (N/A = not applicable) |
Self-managed, managed, or both | both |
Classic (standalone cluster) | Apply to AWS only |
Hosted control planes | Yes |
Multi node, Compact (three node), or Single node (SNO), or all | Can be all but usually not SNO |
Connected / Restricted Network | Both |
Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) | x86 |
Operator compatibility | AWS EFS CSI operator |
Backport needed (list applicable versions) | |
UI need (e.g. OpenShift Console, dynamic plugin, OCM) | |
Other (please specify) |
Use Cases (Optional):
Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.
As a user I want to be able to define my own set of permission/ownership when attaching an AWS EFS volume via the CSI driver.
Questions to Answer (Optional):
Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.
<your text here>
Out of Scope
Limited to the efs-dir provisioning method for the EFS CSI driver. If this does not solve the requirements we will need to revisit this feature and write a new provisioning method.
Background
More background and customer's cases links in the RFE
https://issues.redhat.com/browse/RFE-2907
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
This should not replace the current provisioning method but instead offer an alternative one.
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.
Add a new section in the OCP AWS EFS CSI driver guide that explains what this new provisioning method do and how to configure and use it. Document limitations if any.
Interoperability Considerations
Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.
This can be offered to ROSA customers.
- is depended on by
-
RFE-2907 add ability to chown/chmod on files/directories behind an EFS access point
- Accepted
- links to