Skip to content

Create EFS volume on aws for k8s cluster

Install AWS-csi-efs driver

Link here

Bash
kubectl apply -k "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=release-1.5"

VPC var

Bash
vpc_id=$(aws eks describe-cluster \
--name clustername \
--query "cluster.resourcesVpcConfig.vpcId" \
--output text)

CIDR var

Bash
cidr_range=$(aws ec2 describe-vpcs \
--vpc-ids $vpc_id \
--query "Vpcs[].CidrBlock" \
--output text)

Create Sec groups

Bash
security_group_id=$(aws ec2 create-security-group \
--group-name EFS-sec-group-wl \
--description "EFS sec group wl" \
--vpc-id $vpc_id \
--output text)

Authorize Sec groups

Bash
aws ec2 authorize-security-group-ingress \
--group-id $security_group_id \
--protocol tcp \
--port 2049 \
--cidr $cidr_range

Create an Amazon EFS file system for your Amazon EKS cluster.

Bash
file_system_id=$(aws efs create-file-system \
--region eu-west-1 \
--performance-mode generalPurpose \
--query 'FileSystemId' \
--tags Key=Name,Value=whiteLabeling \
--output text)

Check Subnets of the cluster

List-subnets

Bash
aws ec2 describe-subnets \
--filters "Name=vpc-id,Values=$vpc_id" \
--query 'Subnets[*].{SubnetId: SubnetId,AvailabilityZone: AvailabilityZone,CidrBlock: CidrBlock}' \
--output table
Bash Session
|                           DescribeSubnets                          |
+------------------+--------------------+----------------------------+
| AvailabilityZone |     CidrBlock      |         SubnetId           |
+------------------+--------------------+----------------------------+
|  region-codec    |  192.168.128.0/19  |  subnet-EXAMPLE6e421a0e97  |
|  region-codeb    |  192.168.96.0/19   |  subnet-EXAMPLEd0503db0ec  |
|  region-codec    |  192.168.32.0/19   |  subnet-EXAMPLEe2ba886490  |
|  region-codeb    |  192.168.0.0/19    |  subnet-EXAMPLE123c7c5182  |
|  region-codea    |  192.168.160.0/19  |  subnet-EXAMPLE0416ce588p  |
+------------------+--------------------+----------------------------+

Bash
aws efs create-mount-target
    --file-system-id $file_system_id \
    --subnet-id subnet-EXAMPLEe2ba886490 \
    --security-groups $security_group_id
   

Bash
for subnet in subnet-0e25697ae8f2234ae subnet-0e25697ae8f2234ae subnet-0b87146c1d05b2148 subnet-0af3e56e52a70153d subnet-05441b00b8bbf667c subnet-0e3141e873976c2c2; do aws efs create-mount-target --file-system-id $file_system_id --subnet-id $subnet --security-groups $security_group_id; done

or one by one

Bash
aws efs create-mount-target
--file-system-id $file_system_id \
--subnet-id subnet-0e25697ae8f2234ae \
--security-groups $security_group_id