K
Q

Mounting encrypted EFS (AWS) to kubernetes pod

8/13/2018

Trying to mount an encrypted EFS (AWS) to my k8s cluster,

I created everything that is needed (storageclass, PV, PVC) and everything was working fine when the EFS wasn't encrypted.

But now when trying to create the pod I get this error:

 Warning  FailedMount  42s  kubelet, ip-10-10-21-111.ap-southeast-2.compute.internal  Unable to mount volumes for pod "apim-rdbms-6d7c484c88-4xp6l_default(e6a2e36d-9ec4-11e8-b026-0644ba7f9448)": timeout expired waiting for volumes to attach/mount for pod "default"/"apim-rdbms-6d7c484c88-4xp6l". list of unattached/unmounted volumes=[apim-rdbms-efs]

I didn't see any special instructions regarding connecting the pod to encrypted EFS, When tried to mount the nodes to the EFS I had no issue.

Should I install tls on my cluster nodes? Is there a k8s flag I need to use? couldn't find info regarding this.

-- Shachar Hamuzim Rajuan
aws-ebs
kubernetes

Similar Questions

Issue of while Authenticate with Azure Container Registry from Azure Kubernetes Service
Deploy custom_resource_definition on k8s using API
How to include nested value in helm template
Authentication mongo deployed on kubernetes
Exposing a service on EKS using NGINX ingress and issues with load balancer
App not communicating with mysql db pod kubernetes
Copy within pod curl to kubernetes dir

1 Answer

8/14/2018

So the oroblem was that I didn't mount target my efs to security groups that my nodes are assigened to.

After creating the encrypted EFS you need to mount the EFS.You can create one mount target in each Availability Zone in your VPC. All EC2 instances in a VPC within a given Availability Zone share a single mount target for a given file system. If you have multiple subnets in an Availability Zone, you create a mount target in one of the subnets. 

You can see mounting instructions here:

https://docs.aws.amazon.com/efs/latest/ug/manage-fs-access-create-delete-mount-targets.html

-- Shachar Hamuzim Rajuan
Source: StackOverflow