mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
OSDOCS-15637#EFS One Zone support
This commit is contained in:
Lisa Pettyjohn
20
modules/persistent-storage-csi-efs-one-zone-overview.adoc
Normal file
20
modules/persistent-storage-csi-efs-one-zone-overview.adoc
Normal file
@@ -0,0 +1,20 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * storage/persistent_storage/persistent-storage-csi-aws-efs.adoc
|
||||
//
|
||||
:_mod-docs-content-type: CONCEPT
|
||||
[id="efs-one-zone-overview_{context}"]
|
||||
= One Zone file systems overview
|
||||
|
||||
{product-title} supports AWS Elastic File System (EFS) One Zone file system, which is an EFS storage option that stores data redundantly within a single Availability Zone (AZ). This contrasts with the default EFS storage option, which stores data redundantly across multiple AZs within a region.
|
||||
|
||||
Clusters upgraded from {product-title} 4.19 are compatible with the regional EFS volumes.
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
Dynamic provisioning of One Zone volumes is supported only in single-zone clusters. All nodes in the cluster must be in the same AZ as the EFS volume that is used for the dynamic provisioning.
|
||||
|
||||
Manually provisioned One Zone volumes in regional clusters is supported, assuming that the persistent volumes (PVs) have correct `spec.nodeAffinity` that indicates the zone that the volume is in.
|
||||
====
|
||||
|
||||
For Cloud Credential Operator (CCO) Mint mode or Passthrough, no extra configuration is required. However, for Security Token Service (STS), use the procedure in Section _Setting up One Zone file systems with STS_.
|
||||
84
modules/persistent-storage-csi-efs-one-zone-procedure.adoc
Normal file
84
modules/persistent-storage-csi-efs-one-zone-procedure.adoc
Normal file
@@ -0,0 +1,84 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * storage/persistent_storage/persistent-storage-csi-aws-efs.adoc
|
||||
//
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="efs-one-zone-procedure_{context}"]
|
||||
= Setting up One Zone file systems with STS
|
||||
|
||||
The following procedure explains how to set up AWS One Zone file systems with Security Token Service (STS):
|
||||
|
||||
.Prerequisites
|
||||
* Access to the cluster as a user with the cluster-admin role.
|
||||
|
||||
* AWS account credentials
|
||||
|
||||
.Procedure
|
||||
|
||||
To configure One Zone file systems with STS:
|
||||
|
||||
. Create *two* `CredentialsRequests` in the `credrequests` directory following the procedure under Section _Obtaining a role Amazon Resource Name for Security Token Service_.:
|
||||
+
|
||||
* For the *controller* `CredentialsRequest`, follow the procedure without any changes.
|
||||
|
||||
* For the *driver node* `CredentialsRequest` use the following example file:
|
||||
+
|
||||
.Example CredentialsRequest YAML file for driver node
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: cloudcredential.openshift.io/v1
|
||||
kind: CredentialsRequest
|
||||
metadata:
|
||||
annotations:
|
||||
credentials.openshift.io/role-arns-vars: NODE_ROLEARN <1>
|
||||
name: openshift-aws-efs-csi-driver-node
|
||||
namespace: openshift-cloud-credential-operator
|
||||
spec:
|
||||
providerSpec:
|
||||
apiVersion: cloudcredential.openshift.io/v1
|
||||
kind: AWSProviderSpec
|
||||
statementEntries:
|
||||
- action:
|
||||
- elasticfilesystem:DescribeMountTargets
|
||||
- ec2:DescribeAvailabilityZones
|
||||
effect: Allow
|
||||
resource: '*'
|
||||
secretRef:
|
||||
name: node-aws-efs-cloud-credentials
|
||||
namespace: openshift-cluster-csi-drivers
|
||||
serviceAccountNames:
|
||||
- aws-efs-csi-driver-node-sa
|
||||
----
|
||||
<1> Set `metadata.annotations.credentials.openshift.io/role-arns-vars` to `NODE_ROLEARN`.
|
||||
+
|
||||
.Example `ccoctl` output
|
||||
[source,terminal]
|
||||
----
|
||||
2025/08/26 14:05:24 Role arn:aws:iam::269733383066:role/my-arn-1-blll6-openshift-cluster-csi-drivers-aws-efs-cloud-cre created <1>
|
||||
2025/08/26 14:05:24 Saved credentials configuration to: /home/my-arn/project/go/src/github.com/openshift/myinst/aws-sts-compact-1/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
|
||||
2025/08/26 14:05:24 Updated Role policy for Role my-arn-1-blll6-openshift-cluster-csi-drivers-aws-efs-cloud-cre
|
||||
2025/08/26 14:05:24 Role arn:aws:iam::269733383066:role/my-arn-1-blll6-openshift-cluster-csi-drivers-node-aws-efs-clou created <2>
|
||||
2025/08/26 14:05:24 Saved credentials configuration to: manifests/openshift-cluster-csi-drivers-node-aws-efs-cloud-credentials-credentials.yaml
|
||||
2025/08/26 14:05:24 Updated Role policy for Role my-arn-1-blll6-openshift-cluster-csi-drivers-node-aws-efs-clou
|
||||
----
|
||||
<1> Controller Amazon Resource Name (ARN)
|
||||
<2> Driver node ARN
|
||||
|
||||
. Install the AWS EFS CSI driver using the controller ARN created earlier in this procedure.
|
||||
|
||||
. Edit the operator's subscription and add `NODE_ROLEARN` with the driver node's ARN by running a command similar to the following:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc -n openshift-cluster-csi-drivers edit subscription aws-efs-csi-driver-operator
|
||||
...
|
||||
config:
|
||||
env:
|
||||
- name: ROLEARN
|
||||
value: arn:aws:iam::269733383066:role/my-arn-1-blll6-openshift-cluster-csi-drivers-aws-efs-cloud-cre <1>
|
||||
- name: NODE_ROLEARN
|
||||
value: arn:aws:iam::269733383066:role/my-arn-1-blll6-openshift-cluster-csi-drivers-node-aws-efs-clou <2>
|
||||
...
|
||||
----
|
||||
<1> Controller ARN. Already exists.
|
||||
<2> Driver node ARN
|
||||
@@ -22,6 +22,11 @@ Perform this procedure before you install the AWS EFS CSI Driver Operator (see _
|
||||
|
||||
You can obtain the ARN role in multiple ways. The following procedure shows one method that uses the same concept and CCO utility (`ccoctl`) binary tool as cluster installation.
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
If you are using One Zone file system, you need to create two `CredentialRequests`, one for the controller and one for the driver node. For more information, see Section _Setting up One Zone file systems with STS_.
|
||||
====
|
||||
|
||||
To obtain a role ARN for configuring AWS EFS CSI Driver Operator using STS:
|
||||
|
||||
. Extract the `ccoctl` from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
|
||||
|
||||
@@ -27,11 +27,6 @@ This eliminates the need for cluster administrators to pre-provision storage.
|
||||
|
||||
* The _AWS EFS CSI driver_ enables you to create and mount AWS EFS PVs.
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
AWS EFS only supports regional volumes, not zonal volumes.
|
||||
====
|
||||
|
||||
include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
|
||||
|
||||
:FeatureName: AWS EFS
|
||||
@@ -77,6 +72,12 @@ include::modules/persistent-storage-csi-efs-cross-account.adoc[leveloffset=+1]
|
||||
.Additional resources
|
||||
* link:https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output-format.html[Setting the output format in the AWS CLI]
|
||||
|
||||
== One Zone file systems
|
||||
|
||||
include::modules/persistent-storage-csi-efs-one-zone-overview.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/persistent-storage-csi-efs-one-zone-procedure.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/persistent-storage-csi-dynamic-provisioning-aws-efs.adoc[leveloffset=+1]
|
||||
If you have problems setting up dynamic provisioning, see xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#efs-troubleshooting_persistent-storage-csi-aws-efs[AWS EFS troubleshooting].
|
||||
[role="_additional-resources"]
|
||||
|
||||
Reference in New Issue
Block a user