aws-efs-csi-driver
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for aws-efs-csi-driver.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
nameOverride: ""
6
fullnameOverride: ""
7
useFIPS: false
8
portRangeUpperBound: "21049"
9
debugLogs: false
10
image:
11
repository: cgr.dev/chainguard-private/aws-efs-csi-driver
12
tag: latest@sha256:258895b2f8f73529b58c34fba477e3145b1531c65e693f315eac32a64a54d285
13
pullPolicy: IfNotPresent
14
sidecars:
15
livenessProbe:
16
image:
17
repository: cgr.dev/chainguard-private/kubernetes-csi-livenessprobe
18
tag: latest@sha256:106657011005c819beccef4c7732b4b3b88e56c6f2c4eb92111108cce66165b4
19
pullPolicy: IfNotPresent
20
resources: {}
21
securityContext:
22
readOnlyRootFilesystem: true
23
allowPrivilegeEscalation: false
24
nodeDriverRegistrar:
25
image:
26
repository: cgr.dev/chainguard-private/kubernetes-csi-node-driver-registrar
27
tag: latest@sha256:365f6956c449c9d4c6abdba7920eabb2b74095040dee580eb453a2070aa0ec68
28
pullPolicy: IfNotPresent
29
resources: {}
30
securityContext:
31
readOnlyRootFilesystem: true
32
allowPrivilegeEscalation: false
33
csiProvisioner:
34
image:
35
repository: cgr.dev/chainguard-private/kubernetes-csi-external-provisioner
36
tag: latest@sha256:f0fdd80a49aa52c12c0808070ff77ce1f359176f9b0918dd1fb34b479add48f8
37
pullPolicy: IfNotPresent
38
resources: {}
39
securityContext:
40
readOnlyRootFilesystem: true
41
allowPrivilegeEscalation: false
42
additionalArgs: []
43
imagePullSecrets: []
44
## Controller deployment variables
45
controller:
46
# Specifies whether a deployment should be created
47
create: true
48
# Name of the CSI controller service
49
name: efs-csi-controller
50
# Number of replicas for the CSI controller service deployment
51
replicaCount: 2
52
# Number for the log level verbosity
53
logLevel: 2
54
# If set, add pv/pvc metadata to plugin create requests as parameters.
55
extraCreateMetadata: true
56
# Add additional tags to access points
57
tags: {}
58
# environment: prod
59
# region: us-east-1
60
# Enable if you want the controller to also delete the
61
# path on efs when deleteing an access point
62
deleteAccessPointRootDir: false
63
podAnnotations: {}
64
podLabels: {}
65
hostNetwork: false
66
priorityClassName: system-cluster-critical
67
dnsPolicy: ClusterFirst
68
dnsConfig: {}
69
additionalLabels: {}
70
resources: {}
71
# We usually recommend not to specify default resources and to leave this as a conscious
72
# choice for the user. This also increases chances charts run on environments with little
73
# resources, such as Minikube. If you do want to specify resources, uncomment the following
74
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
75
# limits:
76
# cpu: 100m
77
# memory: 128Mi
78
# requests:
79
# cpu: 100m
80
# memory: 128Mi
81
revisionHistoryLimit: 10
82
nodeSelector: {}
83
tolerations:
84
- key: CriticalAddonsOnly
85
operator: Exists
86
- key: efs.csi.aws.com/agent-not-ready
87
operator: Exists
88
affinity: {}
89
env: []
90
volumes: []
91
volumeMounts: []
92
socketDirVolume:
93
emptyDir: {}
94
# Specifies whether a service account should be created
95
serviceAccount:
96
create: true
97
name: efs-csi-controller-sa
98
annotations: {}
99
## Enable if EKS IAM for SA is used
100
# eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
101
healthPort: 9909
102
regionalStsEndpoints: false
103
# Pod Disruption Budget
104
podDisruptionBudget:
105
enabled: false
106
# maxUnavailable: 1
107
minAvailable: 1
108
unhealthyPodEvictionPolicy: IfHealthyBudget
109
# securityContext on the controller pod
110
securityContext:
111
runAsNonRoot: false
112
runAsUser: 0
113
runAsGroup: 0
114
fsGroup: 0
115
# securityContext on the controller container
116
# Setting privileged=false will cause the "delete-access-point-root-dir" controller option to fail
117
containerSecurityContext:
118
privileged: true
119
leaderElectionRenewDeadline: 10s
120
leaderElectionLeaseDuration: 15s
121
# Timeout for Create/DeleteVolume calls to Controller. We recommend increasing for high concurrency workloads
122
timeout: 15s
123
# Number of concurrent threads controller will handle at once.
124
workerThreads: 100
125
# TSCs without the label selector stanza
126
#
127
# Example:
128
#
129
# topologySpreadConstraints:
130
# - maxSkew: 1
131
# topologyKey: topology.kubernetes.io/zone
132
# whenUnsatisfiable: ScheduleAnyway
133
# - maxSkew: 1
134
# topologyKey: kubernetes.io/hostname
135
# whenUnsatisfiable: ScheduleAnyway
136
topologySpreadConstraints: []
137
# Enable reading filesystem IDs from configmap/secret
138
fileSystemIdRefs:
139
enabled: false
140
# rollingUpdate for controller deployment strategy
141
rollingUpdate: {}
142
# maxUnavailable: 1
143
# maxSurge: 1
144
## Node daemonset variables
145
node:
146
# Number for the log level verbosity
147
logLevel: 2
148
volMetricsOptIn: false
149
volMetricsRefreshPeriod: 240
150
volMetricsFsRateLimit: 5
151
hostAliases: {}
152
# For cross VPC EFS, you need to poison or overwrite the DNS for the efs volume as per
153
# https://docs.aws.amazon.com/efs/latest/ug/efs-different-vpc.html#wt6-efs-utils-step3
154
# implementing the suggested solution found here:
155
# https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/240#issuecomment-676849346
156
# EFS Vol ID, IP, Region
157
# "fs-01234567":
158
# ip: 10.10.2.2
159
# region: us-east-2
160
priorityClassName: system-node-critical
161
dnsPolicy: ClusterFirst
162
dnsConfig: {}
163
# Example config which uses the AWS nameservers
164
# dnsPolicy: "None"
165
# dnsConfig:
166
# nameservers:
167
# - 169.254.169.253
168
podLabels: {}
169
podAnnotations: {}
170
additionalLabels: {}
171
resources: {}
172
# limits:
173
# cpu: 100m
174
# memory: 128Mi
175
# requests:
176
# cpu: 100m
177
# memory: 128Mi
178
revisionHistoryLimit: 10
179
nodeSelector: {}
180
tolerations:
181
- operator: Exists
182
affinity:
183
nodeAffinity:
184
requiredDuringSchedulingIgnoredDuringExecution:
185
nodeSelectorTerms:
186
- matchExpressions:
187
- key: eks.amazonaws.com/compute-type
188
operator: NotIn
189
values:
190
- fargate
191
- hybrid
192
# Specifies whether a service account should be created
193
serviceAccount:
194
create: true
195
name: efs-csi-node-sa
196
annotations: {}
197
## Enable if EKS IAM for SA is used
198
# eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
199
# Disable mutating permissions for the node service account.
200
# When disableMutation is true, some features of the EFS CSI Driver node pods will not function, such as taint removal.
201
# Primarily useful in particularly security-sensitive environments, or on multi-tenant clusters that isolate tenants by node.
202
disableMutation: false
203
healthPort: 9809
204
# securityContext on the node pod
205
securityContext:
206
# The node pod must be run as root to bind to the registration/driver sockets
207
runAsNonRoot: false
208
runAsUser: 0
209
runAsGroup: 0
210
fsGroup: 0
211
env: []
212
volumes: []
213
volumeMounts: []
214
kubeletPath: /var/lib/kubelet
215
# rollingUpdate for node deamonset updateStrategy.
216
rollingUpdate: {}
217
# maxSurge: 0
218
# maxUnavailable: 20%
219
220
# Comma-separated section:key=value overrides for efs-utils.conf.
221
# Example: "mount-watchdog:stunnel_health_check_interval_min=1,mount-watchdog:tls_cert_renewal_interval_min=30"
222
efsUtilsConfOverrides: ""
223
# Comma-separated section:key=value overrides for s3files-utils.conf.
224
# Example: "proxy:read_bypass_denylist_size=20000"
225
s3filesUtilsConfOverrides: ""
226
storageClasses: []
227
# Add StorageClass resources like:
228
# - name: efs-sc
229
# annotations:
230
# # Use that annotation if you want this to your default storageclass
231
# storageclass.kubernetes.io/is-default-class: "true"
232
# parameters:
233
# provisioningMode: efs-ap
234
# fileSystemId: fs-1122aabb
235
# directoryPerms: "700"
236
# gidRangeStart: "1000"
237
# gidRangeEnd: "2000"
238
# basePath: "/dynamic_provisioning"
239
# subPathPattern: "/subPath"
240
# ensureUniqueDirectory: true
241
# reclaimPolicy: Delete
242
# volumeBindingMode: Immediate
243
244
# Specifies whether to use helm hooks to apply the CSI driver
245
useHelmHooksForCSIDriver: true
246
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.