Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1438

AWS efs-dir provisioning mode (TechPreview)

XMLWordPrintable

    • Product / Portfolio Work
    • None
    • 0% To Do, 25% In Progress, 75% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • M
    • None
    • None

      Feature Overview (aka. Goal Summary)  

      Add a new provisioning method for AWS EFS CSI driver that, instead of creating EFS access points would create sub-directories per PV. 

       

      We will start with a tech preview support status.

       

      This is important, as currently we can't set UID/GID & permissions (i.e chown/chmod) because current dynamic provisioning create a sub EFS access point and it's not possible to chown from a top level access point. Customers want a way to set their own permissions from the top level directory.

       

      In these EFS Access Points, the PosixUser is set automatically, there is currently no possibility to disable this behaviour as this is managed on the EFS side.

      More details in this KB https://access.redhat.com/solutions/7011821

      Goals (aka. expected user outcomes)

      A new provisioning method has been proposed upstream a while ago but never got merged. This new provisioning creates a sub directory per PV allowing users to set their own permissions.

      https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/732

      The goal of this feature is to revamp the PR, analyse the code, do a rebase and manage to get it merged

      Requirements (aka. Acceptance Criteria):

      Code is merged, is passing the general regression CI for EFS volumes + ability to define permissions/ownership.

       

      Deployment considerations List applicable specific needs (N/A = not applicable)
      Self-managed, managed, or both both
      Classic (standalone cluster) Apply to AWS only
      Hosted control planes Yes
      Multi node, Compact (three node), or Single node (SNO), or all Can be all but usually not SNO
      Connected / Restricted Network Both
      Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) x86
      Operator compatibility AWS EFS CSI operator
      Backport needed (list applicable versions) no
      UI need (e.g. OpenShift Console, dynamic plugin, OCM) no
      Other (please specify)  

      Use Cases (Optional):

      As a user I want to be able to define my own set of permission/ownership when attaching an AWS EFS volume via the CSI driver.

      Questions to Answer (Optional):

      How to get upstream acceptance

      Out of Scope

      Limited to the efs-dir provisioning method for the EFS CSI driver. If this does not solve the requirements we will need to revisit this feature and write a new provisioning method.

      Background

       

      More background and customer's cases links in the RFE

      https://issues.redhat.com/browse/RFE-2907

      Customer Considerations

      This should not replace the current provisioning method but instead offer an alternative one.

      Documentation Considerations

      Add a new section in the OCP AWS EFS CSI driver guide that explains what this new provisioning method do and how to configure and use it. Document limitations if any.

      Interoperability Considerations

      This can be offered to ROSA customers.

              rh-gs-gcharot Gregory Charot
              rh-gs-gcharot Gregory Charot
              None
              None
              Maxim Patlasov Maxim Patlasov
              Maxim Patlasov Maxim Patlasov
              Penghao Wang Penghao Wang
              Lisa Pettyjohn Lisa Pettyjohn
              None
              Maxim Patlasov Maxim Patlasov
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: