By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to Specify the Posix user GID/UID when using EFS CSI in dynamic AP-mode in EKS

1

In a stock EKS cluster, with aws-efs-csi-driver installed, and using the dynamic provisioning storage class, how do we force a specific GID/UID when volumes are created? Thought here is we would probably have more than one sc pointing to the efs. One that is 100% dynamic, just storage, and one (or more) that have a defined gid/uid they pass onto the created EFS Access Point.

**Edit: I mean the POSIX UID and GID. Such as when in the AWS console, creating an access point by hand, the User UID/GID, and then the Owner UID/GID.

https://github.com/kubernetes-sigs/aws-efs-csi-driver

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: efs-sc
provisioner: efs.csi.aws.com
parameters:
  provisioningMode: efs-ap
  fileSystemId: fs-someRandomJunkHere
  directoryPerms: "700"
  gidRangeStart: "1000" # optional
  gidRangeEnd: "2000" # optional
  basePath: "/dynamic_provisioning" # optional
  subPathPattern: "${.PVC.namespace}/${.PVC.name}" # optional
  ensureUniqueDirectory: "true" # optional
  reuseAccessPoint: "false" # optional
Topics
StorageContainersCompute
Tags
Amazon Elastic File SystemAmazon Elastic Kubernetes ServiceContainersKubernetes
Language
English
jeffp2016
asked 6 months ago897 views
1 Answer
2
Accepted Answer

Hello,

Greetings for the day!!

From your correspondence I can understand that you would like to know how to pass a specific GID or UID (POSIX) when using dynamic provisioning with EFS CSI on an EKS cluster.

The EFS CSI driver now supports dynamic provisioning with the ability to specify the user ID and group ID to enforce user identity for all EFS requests. Here is the github page for the EFS CSI driver outlining the parameters that can be set[1a][1b] and the supporting EKS documentation[2]. Parameters named 'uid' and 'gid' are applicable in this case.

Additionally, you can also provide a rand using the parameters 'gidRangeStart' and 'gidRangeEnd' as per[1b]. This range parameters are also specified in the sample you have shared.

Also, the github issue for this feature which is now closed: https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/393

Have a fantastic day ahead!!

Reference:

[1a] - https://github.com/kubernetes-sigs/aws-efs-csi-driver

[1b] - https://github.com/kubernetes-sigs/aws-efs-csi-driver#storage-class-parameters-for-dynamic-provisioning

[2] - https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html

AWS
Shabbar_H
answered 6 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • jeffp2016
    6 months ago

    Okay. Im not sure how many time I read right over that block. I usually skipped to the bottom where it was all about the start/end of uid/gid.

    Thank you!!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content