Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-990

Cross Account Support for AWS EFS CSI driver


    • EFS Cross account support
    • False
    • None
    • False
    • Not Selected
    • In Progress
    • OCPSTRAT-347 - CSI Cloud Providers
    • Impediment
    • OCPSTRAT-347CSI Cloud Providers
    • 0% To Do, 0% In Progress, 100% Done

      1. Proposed title of this feature request
      Cross Account Support for AWS EFS CSI driver

      2. What is the nature and description of the request?
      In Cloud environments it becomes populare to split workload into different accounts/organization to implement proper segration of duty and ownership of resources. Thus OpenShift Container Platform 4 - Clusters may resist in one AWS Account for example but resources such as EFS (for specific example here) will and shall be located in the actual consumer AWS Account to have full control over it and also manage access accordingly.

      It's therefore required that OpenShift Container Platform 4 understands this kind of industry trends and offers solution to provide for example EFS that is located in a different account than the OpenShift Container Platform 4 - Cluster is installed.

      3. Why does the customer need this? (List the business requirements here)
      It's a common practice to split for example AWS Accounts into multiple accounts to achive better segreation and ownership of specific resources and services. The upstream AWS EFS CSI Driver repository already has documetnation (see https://github.com/kubernetes-sigs/aws-efs-csi-driver/tree/master/examples/kubernetes/cross_account_mount) to support this use-case. But the Red Hat provided AWS EFS CSI Driver does not yet offer a practial approach to implement this and use EFS volumes from different AWS Accounts.

      To comply with general practice in the industry, it's request to enhance the Red Hat provided AWS EFS CSI Driver to support accessing EFS shares from different AWS accounts by assuming permmissions from the AWS Accounts that granted the same (implementation details are open but should be according best practices).

      4. List any affected packages or components.
      AWS EFS CSI driver

            rhn-engineering-jsafrane Jan Safranek
            rh-gs-gcharot Gregory Charot
            Rohit Patil Rohit Patil
            0 Vote for this issue
            6 Start watching this issue