-
Notifications
You must be signed in to change notification settings - Fork 508
-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EKS] unable to deploy the aws-efs-csi-driver #1111
[EKS] unable to deploy the aws-efs-csi-driver #1111
Comments
The issue seems to have appeared in kubernetes-sigs/aws-efs-csi-driver@b3baff82, which added an attempt to persist a key to This is incompatible with Bottlerocket in two ways:
We end up with errors like this on the host:
Ideally the EFS CSI driver would persist to a different location. |
thank you I created an issue with the aws-efs-csi-driver repo: |
I'm going to re-open this issue and use it as the main issue, of which we are starting to see duplicates. This issue describes the problem crisply and links to the underlying cause, which we need to fix. |
I tried a patched version of the EFS CSI driver, basically like in this PR kubernetes-sigs/aws-efs-csi-driver#247, but I was trying to use a 'konfiguration' as was discussed in that PR. That got me past the avc denial, but then I found:
That error is opaque, I can't make out what the issue is. It's possible that my EFS/security-group setup is incorrect, or something else about Bottlerocket is at issue. Not sure. Edit: I may have had an incorrect security group setup kubernetes-sigs/aws-efs-csi-driver#192 (comment) |
Progress Update: the error shown above was likely due to some misconfiguration of security groups. When proceeding more meticulously and carefully, I have been able to prove that changing the directory location allows the EFS CSI driver to work on Bottlerocket. We have a plan to change the directory location in the CSI driver's code and specs in a way that will be backward compatible with (non-Bottlerocket) nodes that may already have EFS mounts. Don't have an ETA yet, but we are actively working on it. |
Fyi, I can confirm that when I deploy csi-driver with version tag v1.0.0, I encounter no errors on both AL2(amazon linux2) and Bottlerocket(version
|
@farshad-hobsons, yes my update might not have been clear. I can get it to work on Bottlerocket when I edit the pod-spec to use We can't change the spec in this way though because pre-existing (non-Bottlerocket) mounts whose configs were already written to a certain directory would hang if we change the config directory out from under them. So we're working on a change to the CSI's Go code to detect and continue to use the existing directory, when present, else use a new preferred location that is Bottlerocket-friendly. |
Update, the fix just merged kubernetes-sigs/aws-efs-csi-driver#286, I still need to find out how/when the change will be released. |
Update, the fix is in the release process now kubernetes-sigs/aws-efs-csi-driver#315 |
This is almost certainly released and done, but I haven't had a chance to re-test yet. |
@bcressey has verified this. Closing. |
I deployed a sample EKS with bottlerocket cluster using the
sample-eksctl.yaml
and tried to deploy the aws-csi-driver using the documentation on the github pageImage I'm using:
1.0.0
What I expected to happen:
aws-efs-csi in running state
What actually happened:
logs
How to reproduce the problem:
and when the cluster is ready:
The text was updated successfully, but these errors were encountered: