Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-1986

Use efs-proxy instead of stunnel

XMLWordPrintable

    • Use efs-proxy instead of stunnel
    • 1
    • False
    • None
    • False
    • Not Selected
    • To Do

      Epic Goal*

      Update AWS EFS CSI driver to use efs-proxy instead of stunnel.

       
      Why is this important? (mandatory)

      Upstream is moving away from stunnel and starts using a new efs-proxy to encrypt traffic between the cloud and EFS volume mount on a VM.

       
      Scenarios (mandatory) 

      Provide details for user scenarios including actions to be performed, platform specifications, and user personas.  

      1. As OCP user that has EFS CSI driver installed, I update to a new version of the driver in OLM and I do not see any difference in my EFS volumes and workloads that use it. The change of encryption tunnel is totally opaque to me.
      2. As OCP engineer, I can build AWS EFS CSI driver and efs-utils (downstream fork) with efs-proxy, i.e. I can build and ship a Rust binary.

       
      Dependencies (internal and external) (mandatory)

      • Rust buildchain available in ART pipeline to build a new efs-utils base image. We do not need to build+ship RPM.
      • Alternatively, efs-utils available as RHEL9 RPM package - there are traces of the package in Brew and dist-git

      Contributing Teams(and contacts) (mandatory) 

      Our expectation is that teams would modify the list below to fit the epic. Some epics may not need all the default groups but what is included here should accurately reflect who will be involved in delivering the epic.

      • Development - 
      • Documentation -
      • QE - 
      • PX - 
      • Others -

      Acceptance Criteria (optional)

      • AWS EFS CSI driver works with efs-proxy as a fresh install.
      • AWS EFS CSI driver works with efs-proxy after update from a version that used stunnel.

      Drawbacks or Risk (optional)

      efs-proxy is a new code that has not been thoroughly tested.

      Done - Checklist (mandatory)

      The following points apply to all epics and are what the OpenShift team believes are the minimum set of criteria that epics should meet for us to consider them potentially shippable. We request that epic owners modify this list to reflect the work to be completed in order to produce something that is potentially shippable.

      • CI Testing -  Basic e2e automationTests are merged and completing successfully
      • Documentation - Content development is complete.
      • QE - Test scenarios are written and executed successfully.
      • Technical Enablement - Slides are complete (if requested by PLM)
      • Engineering Stories Merged
      • All associated work items with the Epic are closed
      • Epic status should be “Release Pending” 

            rh-ee-rhrmo Richard Hrmo
            rhn-engineering-jsafrane Jan Safranek
            Rohit Patil Rohit Patil
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: