Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
None

Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
AWS EFS Zonal volume support
Story Points:
1

Target Version:
None
Release Blocker:
None
Sprint:
None

Make sure the CSI driver node daemonset has permission to:

efs.DescribeMountTargets
ec2.DescribeAvailabilityZones

Currently, the daemonset Pod use node's AWS identity, which does not have permissions to do so.

Investigate:

Update the node's role (Jan thinks it's created during installation and never updated).
Or, add need a new role in AWS (= new CredentialsRequest) + assign it to the node driver pods. Adding new CredentialsRequest needs manual work of cluster admin during upgrade when using STS. The cluster admin must create the role in AWS + its secret in OCP before the driver upgrade!

links to

openshift/csi-operator#389: STOR-2479: Add CredentialsRequest for the EFS node DaemonSet

openshift/library-go#1974: STOR-2479: Allow CredentialsRequestController to check custom env. vars

Assignee:: Unassigned

Reporter:: Jan Safranek

Need Info From:: None

Contributors:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/05/28 11:10 AM

Updated:: 2025/07/03 2:28 PM