Adding TLS mount for EFS - [RFE] #1094
Labels
kind/feature
A feature request
Comments
|
Thanks @TebogoTS.
Do you have any links that mention these packages need to be present for TLS mount to work? Would you be able to capture an |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current situation
When using Flatcar in AWS EKS with AWS EFS by default mount happen with a TLS argument for in-transit encryption, but this does not work.
https://github.com/kubernetes-sigs/aws-efs-csi-driver#encryption-in-transit
Impact
mount failed: exit status 1 Mounting command: mount Mounting arguments: -t efs -o tls fs-xxxxxxx.efs.xx-xxx-x.amazonaws.com :/ /var/lib/kubelet/pods/xxxxxxxx/volumes/kubernetes.io~csi/efs-pv-xxxx/mount
Failed to create self-signed client-side certificate.
Ideal future situation
Adding amazon-efs-utils and stunnel as part of the AMI packages.
Additional information
Currently encryption-in-transit must be disabled for the mount to work.
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
csi:
driver: efs.csi.aws.com
volumeHandle: fs-xxxxxxxx
volumeAttributes:
encryptInTransit: "false"
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-pvc-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: 5Gi
apiVersion: v1
kind: Pod
metadata:
name: efs-app-tls-false
spec:
containers:
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
mountPath: /data
volumes:
persistentVolumeClaim:
claimName: efs-pvc-claim
The text was updated successfully, but these errors were encountered: