​
DirectorySecurity Advisories
Sign In
Directory
aws-efs-csi-driver-fips logoFIPS

aws-efs-csi-driver-fips

Last changed

Sign In for Updates

Get notified of upcoming product changes, critical vulnerability notifications and patches and more.

Sign In
Versions
Overview
Provenance
Specifications
SBOM
Vulnerabilities
Advisories

AWS EFS CSI Driver FIPS image. Allows Kubernetes clusters to mount and manage Amazon Elastic File System (EFS) volumes, providing scalable and persistent shared storage.

Download this Image

The image is available on cgr.dev:

docker pull cgr.dev/UPDATE-CGR_REGISTRY/aws-efs-csi-driver-fips:latest

Installation

IAM permissions

EFS CSI driver requires IAM permissions to interact with your filesystem. This includes an IAM role and policies, as well as a service account and annotation to assume the role.

Refer to the Create an IAM role section of the upstream documentation for steps.

Install via helm

For full instruction, refer to the helm chart documentation.

Below is an example, of how to use the helm chart, using the Chainguard image, and enabling useFips=true, which instructs the EFS CSI driver to use the FIPS service endpoint for AWS EFS:

Add the helm repo:

helm repo add aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver/
helm repo update

Install the chart:

helm upgrade --install aws-efs-csi-driver --namespace kube-system aws-efs-csi-driver/aws-efs-csi-driver \
  --set controller.serviceAccount.create=false \
  --set controller.serviceAccount.name=efs-csi-controller-sa \
  --set image.repository=cgr.dev/<UPDATE-REGISTRY>/aws-efs-csi-driver-fips \
  --set image.tag=latest \
  --set useFips=true

Installation via EKS add-on

EKS supports installation of the efs-csi-driver as an EKS add-on. There are instructions in the upstream documentation.

If you've chosen this installation method, there are two caveats to be aware of:

  1. You cannot specify a custom image whilst installing via EKS add-on
  2. You cannot specify the useFips argument to force the EFS CSI to use FIPS endpoints

You'll need to patch the efs-csi-controller deployment to use the Chainguard image, however this is a step you'll need to repeat each time that you re-deploy or upgrade the version via EKS add-ons.

Additionally, you'll need to patch the DaemonSets to set AWS_USE_FIPS_ENDPOINT=true. For reference, here is what the helm chart is doing: efs-csi-driver helm chart

Licenses

Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:

  • Apache-2.0

  • Artistic-1.0-Perl

  • BSD-1-Clause

  • BSD-2-Clause

  • BSD-3-Clause

  • BSD-4-Clause-UC

  • CC-PDDC

For a complete list of licenses, please refer to this Image's SBOM.

Software license agreement

Compliance

This is a FIPS validated image for FedRAMP compliance.

This image is STIG hardened and scanned against the DISA General Purpose Operating System SRG with reports available.

Learn more about STIGsGet started with STIGs

Related images

Category
FIPS
STIG
application
kubernetes

Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images