-
Notifications
You must be signed in to change notification settings - Fork 548
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update README and add more examples (#18)
- Loading branch information
Cheng Pan
authored
Feb 11, 2019
1 parent
979ac0b
commit a6ef1bb
Showing
13 changed files
with
237 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
## Encryption in Transit | ||
This example shows how to make a static provisioned EFS PV mounted inside container with encryption in transit enabled. | ||
|
||
**Note**: this example required Kubernetes v1.13+ | ||
|
||
### Edit [Persistence Volume Spec](pv.yaml) | ||
|
||
``` | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: efs-pv | ||
spec: | ||
capacity: | ||
storage: 5Gi | ||
volumeMode: Filesystem | ||
accessModes: | ||
- ReadWriteOnce | ||
persistentVolumeReclaimPolicy: Recycle | ||
storageClassName: efs-sc | ||
mountOptions: | ||
- tls | ||
csi: | ||
driver: efs.csi.aws.com | ||
volumeHandle: [FileSystemId] | ||
``` | ||
Note that encryption in transit is enabled using mount option `tls`. Replace `VolumeHandle` with `FileSystemId` of the EFS filesystem that needs to be mounted. | ||
|
||
You can find it using AWS CLI: | ||
``` | ||
aws efs describe-file-systems | ||
``` | ||
|
||
### Deploy the Example | ||
Create PV, persistence volume claim (PVC) and storage class: | ||
``` | ||
kubectl apply -f examples/kubernetes/encryption_in_transit/storageclass.yaml | ||
kubectl apply -f examples/kubernetes/encryption_in_transit/pv.yaml | ||
kubectl apply -f examples/kubernetes/encryption_in_transit/claim.yaml | ||
kubectl apply -f examples/kubernetes/encryption_in_transit/pod.yaml | ||
``` | ||
|
||
### Check EFS filesystem is used | ||
After the objects are created, verify that pod is running: | ||
|
||
``` | ||
kubectl get pods | ||
``` | ||
|
||
Also you can verify that data is written onto EFS filesystem: | ||
|
||
``` | ||
kubectl exec -ti app -- tail -f /data/out.txt | ||
``` |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
## Multiple Pods Read Write Many | ||
This example shows how to create a static provisioned EFS PV and access it from multiple pods with RWX access mode. | ||
|
||
### Edit Persistent Volume | ||
Edit persistent volume using sample [spec](pv.yaml): | ||
``` | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: efs-pv | ||
spec: | ||
capacity: | ||
storage: 5Gi | ||
volumeMode: Filesystem | ||
accessModes: | ||
- ReadWriteMany | ||
persistentVolumeReclaimPolicy: Recycle | ||
storageClassName: efs-sc | ||
csi: | ||
driver: efs.csi.aws.com | ||
volumeHandle: [FileSystemId] | ||
``` | ||
Replace `volumeHandle` with `FileSystemId` of the EFS filesystem that needs to be mounted. Note that the access mode is `RWX` which means the PV can be read and write from multiple pods. | ||
|
||
You can get `FileSystemId` using AWS CLI: | ||
|
||
``` | ||
aws efs describe-file-systems | ||
``` | ||
|
||
### Deploy the Example Application | ||
Create PV, persistence volume claim (PVC), storageclass and the pods that consume the PV: | ||
``` | ||
kubectl apply -f examples/kubernetes/multiple_pods/storageclass.yaml | ||
kubectl apply -f examples/kubernetes/multiple_pods/pv.yaml | ||
kubectl apply -f examples/kubernetes/multiple_pods/claim.yaml | ||
kubectl apply -f examples/kubernetes/multiple_pods/pod1.yaml | ||
kubectl apply -f examples/kubernetes/multiple_pods/pod2.yaml | ||
``` | ||
|
||
Both pod1 and pod2 are writing to the same EFS filesystem at the same time. | ||
|
||
### Check the Application uses EFS filesystem | ||
After the objects are created, verify that pod is running: | ||
|
||
``` | ||
kubectl get pods | ||
``` | ||
|
||
Also verify that data is written onto EFS filesystem: | ||
|
||
``` | ||
kubectl exec -ti app1 -- tail -f /data/out1.txt | ||
kubectl exec -ti app2 -- tail -f /data/out2.txt | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,4 +12,4 @@ spec: | |
storageClassName: efs-sc | ||
csi: | ||
driver: efs.csi.aws.com | ||
volumeHandle: fs-d26a037a | ||
volumeHandle: fs-4af69aab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
## Static Provisioning | ||
This example shows how to make a static provisioned EFS PV mounted inside container. | ||
|
||
### Edit [Persistence Volume Spec](pv.yaml) | ||
|
||
``` | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: efs-pv | ||
spec: | ||
capacity: | ||
storage: 5Gi | ||
volumeMode: Filesystem | ||
accessModes: | ||
- ReadWriteOnce | ||
persistentVolumeReclaimPolicy: Recycle | ||
storageClassName: efs-sc | ||
csi: | ||
driver: efs.csi.aws.com | ||
volumeHandle: [FileSystemId] | ||
``` | ||
Replace `VolumeHandle` with `FileSystemId` of the EFS filesystem that needs to be mounted. | ||
|
||
You can find it using AWS CLI: | ||
``` | ||
aws efs describe-file-systems | ||
``` | ||
|
||
### Deploy the Example Application | ||
Create PV, persistence volume claim (PVC) and storage class: | ||
``` | ||
kubectl apply -f examples/kubernetes/static_provisioning/storageclass.yaml | ||
kubectl apply -f examples/kubernetes/static_provisioning/pv.yaml | ||
kubectl apply -f examples/kubernetes/static_provisioning/claim.yaml | ||
kubectl apply -f examples/kubernetes/static_provisioning/pod.yaml | ||
``` | ||
|
||
### Check EFS filesystem is used | ||
After the objects are created, verify that pod is running: | ||
|
||
``` | ||
kubectl get pods | ||
``` | ||
|
||
Also you can verify that data is written onto EFS filesystem: | ||
|
||
``` | ||
kubectl exec -ti app -- tail -f /data/out.txt | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
name: efs-claim | ||
spec: | ||
accessModes: | ||
- ReadWriteOnce | ||
storageClassName: efs-sc | ||
resources: | ||
requests: | ||
storage: 5Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: efs-app | ||
spec: | ||
containers: | ||
- name: app | ||
image: centos | ||
command: ["/bin/sh"] | ||
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"] | ||
volumeMounts: | ||
- name: persistent-storage | ||
mountPath: /data | ||
volumes: | ||
- name: persistent-storage | ||
persistentVolumeClaim: | ||
claimName: efs-claim |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: efs-pv | ||
spec: | ||
capacity: | ||
storage: 5Gi | ||
volumeMode: Filesystem | ||
accessModes: | ||
- ReadWriteOnce | ||
persistentVolumeReclaimPolicy: Recycle | ||
storageClassName: efs-sc | ||
csi: | ||
driver: efs.csi.aws.com | ||
volumeHandle: fs-4af69aab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
kind: StorageClass | ||
apiVersion: storage.k8s.io/v1 | ||
metadata: | ||
name: efs-sc | ||
provisioner: efs.csi.aws.com |