aws-efs-csi-driver
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for aws-efs-csi-driver.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
nameOverride: ""
6
fullnameOverride: ""
7
useFIPS: false
8
portRangeUpperBound: "21049"
9
debugLogs: false
10
image:
11
repository: cgr.dev/chainguard-private/aws-efs-csi-driver
12
tag: latest@sha256:1f728fcc60f4d578208d1538829d8ead88eb1e557b7f03e65bc870e5f1d305e0
13
pullPolicy: IfNotPresent
14
sidecars:
15
livenessProbe:
16
image:
17
repository: cgr.dev/chainguard-private/kubernetes-csi-livenessprobe
18
tag: latest@sha256:6b2e0a464d2b64df1fdf3a0db8299d160989c30074e4b768a9b490936d5754d4
19
pullPolicy: IfNotPresent
20
resources: {}
21
securityContext:
22
readOnlyRootFilesystem: true
23
allowPrivilegeEscalation: false
24
nodeDriverRegistrar:
25
image:
26
repository: cgr.dev/chainguard-private/kubernetes-csi-node-driver-registrar
27
tag: latest@sha256:a62374d5650221d2a1fe7d7f17f5f5c5acbe0f216453d25cfd6983b18f511837
28
pullPolicy: IfNotPresent
29
resources: {}
30
securityContext:
31
readOnlyRootFilesystem: true
32
allowPrivilegeEscalation: false
33
csiProvisioner:
34
image:
35
repository: cgr.dev/chainguard-private/kubernetes-csi-external-provisioner
36
tag: latest@sha256:6eca1c378cbf38833ca4ac18500f2d5eb7ece131a14c2298adcf1ca545b1c02f
37
pullPolicy: IfNotPresent
38
resources: {}
39
securityContext:
40
readOnlyRootFilesystem: true
41
allowPrivilegeEscalation: false
42
additionalArgs: []
43
imagePullSecrets: []
44
## Controller deployment variables
45
controller:
46
# Specifies whether a deployment should be created
47
create: true
48
# Name of the CSI controller service
49
name: efs-csi-controller
50
# Number of replicas for the CSI controller service deployment
51
replicaCount: 2
52
# Number for the log level verbosity
53
logLevel: 2
54
# If set, add pv/pvc metadata to plugin create requests as parameters.
55
extraCreateMetadata: true
56
# Add additional tags to access points
57
tags: {}
58
# environment: prod
59
# region: us-east-1
60
# Enable if you want the controller to also delete the
61
# path on efs when deleteing an access point
62
deleteAccessPointRootDir: false
63
podAnnotations: {}
64
podLabels: {}
65
hostNetwork: false
66
priorityClassName: system-cluster-critical
67
dnsPolicy: ClusterFirst
68
dnsConfig: {}
69
additionalLabels: {}
70
resources: {}
71
# We usually recommend not to specify default resources and to leave this as a conscious
72
# choice for the user. This also increases chances charts run on environments with little
73
# resources, such as Minikube. If you do want to specify resources, uncomment the following
74
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
75
# limits:
76
# cpu: 100m
77
# memory: 128Mi
78
# requests:
79
# cpu: 100m
80
# memory: 128Mi
81
revisionHistoryLimit: 10
82
nodeSelector: {}
83
tolerations:
84
- key: CriticalAddonsOnly
85
operator: Exists
86
- key: efs.csi.aws.com/agent-not-ready
87
operator: Exists
88
affinity: {}
89
env: []
90
volumes: []
91
volumeMounts: []
92
socketDirVolume:
93
emptyDir: {}
94
# Specifies whether a service account should be created
95
serviceAccount:
96
create: true
97
name: efs-csi-controller-sa
98
annotations: {}
99
## Enable if EKS IAM for SA is used
100
# eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
101
healthPort: 9909
102
regionalStsEndpoints: false
103
# Liveness probe configuration for the controller
104
livenessProbe:
105
httpGet:
106
path: /healthz
107
port: healthz
108
initialDelaySeconds: 10
109
timeoutSeconds: 3
110
periodSeconds: 10
111
failureThreshold: 5
112
# Readiness probe configuration for the controller (optional)
113
readinessProbe: {}
114
# httpGet:
115
# path: /healthz
116
# port: healthz
117
# initialDelaySeconds: 10
118
# timeoutSeconds: 3
119
# periodSeconds: 10
120
# failureThreshold: 3
121
# Startup probe configuration for the controller (optional)
122
startupProbe: {}
123
# httpGet:
124
# path: /healthz
125
# port: healthz
126
# initialDelaySeconds: 10
127
# timeoutSeconds: 3
128
# periodSeconds: 10
129
# failureThreshold: 30
130
# Pod Disruption Budget
131
podDisruptionBudget:
132
enabled: false
133
# maxUnavailable: 1
134
minAvailable: 1
135
unhealthyPodEvictionPolicy: IfHealthyBudget
136
# securityContext on the controller pod
137
securityContext:
138
runAsNonRoot: false
139
runAsUser: 0
140
runAsGroup: 0
141
fsGroup: 0
142
# securityContext on the controller container
143
# Setting privileged=false will cause the "delete-access-point-root-dir" controller option to fail
144
containerSecurityContext:
145
privileged: true
146
leaderElectionRenewDeadline: 10s
147
leaderElectionLeaseDuration: 15s
148
# Timeout for Create/DeleteVolume calls to Controller. We recommend increasing for high concurrency workloads
149
timeout: 15s
150
# Number of concurrent threads controller will handle at once.
151
workerThreads: 100
152
# TSCs without the label selector stanza
153
#
154
# Example:
155
#
156
# topologySpreadConstraints:
157
# - maxSkew: 1
158
# topologyKey: topology.kubernetes.io/zone
159
# whenUnsatisfiable: ScheduleAnyway
160
# - maxSkew: 1
161
# topologyKey: kubernetes.io/hostname
162
# whenUnsatisfiable: ScheduleAnyway
163
topologySpreadConstraints: []
164
# Enable reading filesystem IDs from configmap/secret
165
fileSystemIdRefs:
166
enabled: false
167
# rollingUpdate for controller deployment strategy
168
rollingUpdate: {}
169
# maxUnavailable: 1
170
# maxSurge: 1
171
## Node daemonset variables
172
node:
173
# Number for the log level verbosity
174
logLevel: 2
175
volMetricsOptIn: false
176
volMetricsRefreshPeriod: 240
177
volMetricsFsRateLimit: 5
178
hostAliases: {}
179
# For cross VPC EFS, you need to poison or overwrite the DNS for the efs volume as per
180
# https://docs.aws.amazon.com/efs/latest/ug/efs-different-vpc.html#wt6-efs-utils-step3
181
# implementing the suggested solution found here:
182
# https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/240#issuecomment-676849346
183
# EFS Vol ID, IP, Region
184
# "fs-01234567":
185
# ip: 10.10.2.2
186
# region: us-east-2
187
priorityClassName: system-node-critical
188
dnsPolicy: ClusterFirst
189
dnsConfig: {}
190
# Example config which uses the AWS nameservers
191
# dnsPolicy: "None"
192
# dnsConfig:
193
# nameservers:
194
# - 169.254.169.253
195
podLabels: {}
196
podAnnotations: {}
197
additionalLabels: {}
198
resources: {}
199
# limits:
200
# cpu: 100m
201
# memory: 128Mi
202
# requests:
203
# cpu: 100m
204
# memory: 128Mi
205
revisionHistoryLimit: 10
206
nodeSelector: {}
207
tolerations:
208
- operator: Exists
209
affinity:
210
nodeAffinity:
211
requiredDuringSchedulingIgnoredDuringExecution:
212
nodeSelectorTerms:
213
- matchExpressions:
214
- key: eks.amazonaws.com/compute-type
215
operator: NotIn
216
values:
217
- fargate
218
- hybrid
219
# Specifies whether a service account should be created
220
serviceAccount:
221
create: true
222
name: efs-csi-node-sa
223
annotations: {}
224
## Enable if EKS IAM for SA is used
225
# eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
226
# Disable mutating permissions for the node service account.
227
# When disableMutation is true, some features of the EFS CSI Driver node pods will not function, such as taint removal.
228
# Primarily useful in particularly security-sensitive environments, or on multi-tenant clusters that isolate tenants by node.
229
disableMutation: false
230
healthPort: 9809
231
# Liveness probe configuration for the node
232
livenessProbe:
233
httpGet:
234
path: /healthz
235
port: healthz
236
initialDelaySeconds: 10
237
timeoutSeconds: 3
238
periodSeconds: 2
239
failureThreshold: 5
240
# Readiness probe configuration for the node (optional)
241
readinessProbe: {}
242
# httpGet:
243
# path: /healthz
244
# port: healthz
245
# initialDelaySeconds: 10
246
# timeoutSeconds: 3
247
# periodSeconds: 2
248
# failureThreshold: 3
249
# Startup probe configuration for the node (optional)
250
startupProbe: {}
251
# httpGet:
252
# path: /healthz
253
# port: healthz
254
# initialDelaySeconds: 10
255
# timeoutSeconds: 3
256
# periodSeconds: 2
257
# failureThreshold: 30
258
# securityContext on the node pod
259
securityContext:
260
# The node pod must be run as root to bind to the registration/driver sockets
261
runAsNonRoot: false
262
runAsUser: 0
263
runAsGroup: 0
264
fsGroup: 0
265
env: []
266
volumes: []
267
volumeMounts: []
268
kubeletPath: /var/lib/kubelet
269
# rollingUpdate for node deamonset updateStrategy.
270
rollingUpdate: {}
271
# maxSurge: 0
272
# maxUnavailable: 20%
273
274
# Comma-separated section:key=value overrides for efs-utils.conf.
275
# Example: "mount-watchdog:stunnel_health_check_interval_min=1,mount-watchdog:tls_cert_renewal_interval_min=30"
276
efsUtilsConfOverrides: ""
277
# Comma-separated section:key=value overrides for s3files-utils.conf.
278
# Example: "proxy:read_bypass_denylist_size=20000"
279
s3filesUtilsConfOverrides: ""
280
storageClasses: []
281
# Add StorageClass resources like:
282
# - name: efs-sc
283
# annotations:
284
# # Use that annotation if you want this to your default storageclass
285
# storageclass.kubernetes.io/is-default-class: "true"
286
# parameters:
287
# provisioningMode: efs-ap
288
# fileSystemId: fs-1122aabb
289
# directoryPerms: "700"
290
# gidRangeStart: "1000"
291
# gidRangeEnd: "2000"
292
# basePath: "/dynamic_provisioning"
293
# subPathPattern: "/subPath"
294
# ensureUniqueDirectory: true
295
# reclaimPolicy: Delete
296
# volumeBindingMode: Immediate
297
298
# Specifies whether to use helm hooks to apply the CSI driver
299
useHelmHooksForCSIDriver: true
300
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.