Is it possible to use AWS EFS access points to mount a kubernetes persistent volume in EKS?

Question

First of all to put some context on that question.

• I have an EKS cluster with version >= 1.15
• The EFS - EKS security group / mount target etc. are working properly
• The CSI driver for EFS in EKS is installed and work as expected
• I have deployed a storage class called efs-sc using the EFS CSI driver as a provisioner
• I can access the EFS volume on the pod

But ... it only works if it is the root path / that is defined as the path in the kubernetes persistent volume resource definition.

Example with Terraform 0.12 syntax

resource "kubernetes_persistent_volume" "vol" {
  metadata {
    name = "my-vol"
  }
  spec {
    capacity = {
      storage = "15Gi"
    }
    access_modes = ["ReadWriteMany"]
    storage_class_name = "efs-sc"
    persistent_volume_reclaim_policy = "Recycle"
    persistent_volume_source {
      nfs {
        path = "/" # -> OK it works properly
        # path = "/access-point-path" -> NOT WORKING
        server = var.efs-storage-apt-server
      }
    }
  }
}

When I try to specify the path of my access point the mounting of the volume fails.

The efs access point is configured like this

So is it a limitation? Did I miss something?

I was looking about this solution efs-provisioner but I don't see what this will solve from this current configuration.

Answer 1

There's now documentation available: https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md#create-access-points-in-efs

You'll need to be using the updated EFS CSI driver. The access point is defined under PersistentVolume's volumeHandle. The recent EFS CSI driver no longer supports dynamic binding, hence, the PersistentVolume needs to be created manually for each PersistentVolumeClaim.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: efs-pv1
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: efs-sc
  csi:
    driver: efs.csi.aws.com
    volumeHandle: [FileSystemId]::[AccessPointId]

Answer 2

What seems to be happening is that the path /access-point-path does not exist inside your mounted filesystem.

When you use access points, the path specified by the access point is mounted as the / of the filesystem.

Let's suppose this is the state of your EFS:

|__ access-point-path/

When you mount it in your deployment using access point in /access-point-path, it only sees an empty folder, because the access-point-path folder is now the root directory (/) of your deployment. There is no access-point-path folder to bind.

That's why the / works and the access-point-path/ does not.