SCALRCORE-32047 Add Amazon EFS file system support

Scalr · Sep 20, 2024 · f248d78 · f248d78
1 parent 12d0749
commit f248d78
Show file tree

Hide file tree

Showing 8 changed files with 54 additions and 27 deletions.
diff --git a/charts/agent-k8s/README.md b/charts/agent-k8s/README.md
@@ -91,12 +91,13 @@ $ helm upgrade ... \
 Amazon EFS can be used as a shared ReadWriteMany volume instead of a node disk. To configure it, install the `Amazon EFS CSI Driver` via an add-on. See the documentation: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html#efs-install-driver. 
 Ensure the add-on is active before proceeding.
 
-Next, configure the Amazon EFS file system ID using the `agent.efs_id` option:
-Example:
+Next, configure the Amazon EFS file system ID using the `efsVolumeHandle` option:
 
 ```console
 $ helm upgrade ... \
-    --set agent.efs_id="fs-582a03f3"
+    --set efsVolumeHandle="fs-582a03f3"
+    # Alternatively, if using an Access Point:
+    --set efsVolumeHandle="fs-582a03f3::fsap-01e050b7d9a3109d5"
 ```
 
 ## Maintainers
@@ -119,8 +120,6 @@ $ helm upgrade ... \
 | agent.data_home | string | `"/home/kubernetes/flexvolume/agent-k8s"` | The agent working directory on the cluster host node. |
 | agent.debug | bool | `false` | Enable debug logs |
 | agent.disconnect_on_stop | bool | `true` | Determines if the agent should automatically disconnect from the Scalr agent pool when the service is stopping. |
-| agent.efs_id | string | `""` | Amazon EFS file system ID to use EFS storage as data home. |
-| agent.efs_sub_path | string | `""` | Amazon EFS sub path to mount the data home into. If empty - a chart name will be used. |
 | agent.gc_plugins_global_size_limit | int | `2560` | Size limit (in megabytes) of the global plugin cache with providers from the public registries. |
 | agent.gc_plugins_workspace_size_limit | int | `512` | Size limit (in megabytes) of the workspace plugin cache with providers from the private registries. |
 | agent.grace_shutdown_timeout | int | `60` | The timeout in seconds for gracefully shutting down active tasks via the SIGTERM signal. After this timeout, tasks will be terminated with the SIGKILL signal. |
@@ -134,17 +133,20 @@ $ helm upgrade ... \
 | agent.worker_on_stop_action | string | `"drain"` | Defines the SIGTERM/SIGHUP/SIGINT signal handler's shutdown behavior. Options: "drain" or "grace-shutdown" or "force-shutdown". |
 | controllerNodeSelector | object | `{}` | Kubernetes Node Selector for assigning controller agent to specific node in the cluster. Example: `--set controllerNodeSelector."cloud\\.google\\.com\\/gke-nodepool"="scalr-agent-controller-pool"` |
 | controllerTolerations | list | `[]` | Kubernetes Node Selector for assigning worker agents and scheduling agent tasks to specific nodes in the cluster. The selector must match a node's labels for the pod to be scheduled on that node. Expects input structure as per specification <https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core>. Example: `--set controllerTolerations[0].operator=Equal,controllerTolerations[0].effect=NoSchedule,controllerTolerations[0].key=dedicated,controllerTolerations[0].value=scalr-agent-controller-pool` |
+| efsMountOptions | list | `[]` | Amazon EFS mount options to define how the EFS storage volume should be mounted. |
+| efsVolumeHandle | string | `""` | Amazon EFS file system ID to use EFS storage as data home directory. |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"Always"` | The pullPolicy for a container and the tag of the image. |
 | image.repository | string | `"scalr/agent"` | Docker repository for the Scalr Agent image. |
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` |  |
-| podAnnotations | object | `{}` |  |
+| podAnnotations | object | `{}` | The Agent Pods annotations. |
 | resources.limits.cpu | string | `"1000m"` |  |
 | resources.limits.memory | string | `"1024Mi"` |  |
 | resources.requests.cpu | string | `"250m"` |  |
 | resources.requests.memory | string | `"256Mi"` |  |
+| securityContext | object | `{"runAsGroup":0,"runAsUser":0}` | The Agent Pods security context. |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |

diff --git a/charts/agent-k8s/README.md.gotmpl b/charts/agent-k8s/README.md.gotmpl
@@ -83,14 +83,16 @@ $ helm upgrade ... \
 Amazon EFS can be used as a shared ReadWriteMany volume instead of a node disk. To configure it, install the `Amazon EFS CSI Driver` via an add-on. See the documentation: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html#efs-install-driver.  
 Ensure the add-on is active before proceeding.
 
-Next, configure the Amazon EFS file system ID using the `agent.efs_id` option:
-Example:
+Next, configure the Amazon EFS file system ID using the `efsVolumeHandle` option:
 
 ```console
 $ helm upgrade ... \
-    --set agent.efs_id="fs-582a03f3"
+    --set efsVolumeHandle="fs-582a03f3"
+    # Alternatively, if using an Access Point:
+    --set efsVolumeHandle="fs-582a03f3::fsap-01e050b7d9a3109d5"
 ```
 
+
 {{ template "chart.maintainersSection" . }}
 
 {{ template "chart.requirementsSection" . }}

diff --git a/charts/agent-k8s/templates/controller.yaml b/charts/agent-k8s/templates/controller.yaml
@@ -26,6 +26,10 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "agent-k8s.serviceAccountName" . }}
+      securityContext:
+      {{- with .Values.securityContext }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
         - name: agent-k8s
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -85,14 +89,15 @@ spec:
               value: "{{ .Values.workerNodeSelector | toJson | b64enc }}"
             - name: SCALR_KUBERNETES_TASK_TOLERATIONS
               value: "{{ .Values.workerTolerations | toJson | b64enc }}"
-            {{- if .Values.agent.efs_id }}
+            {{- if .Values.efsVolumeHandle }}
             - name: SCALR_KUBERNETES_EFS_CLAIM_NAME
               value: "agent-k8s-efs-claim"
-            - name: SCALR_KUBERNETES_EFS_SUB_PATH
-              value: "{{ .Values.agent.efs_sub_path | default (include "agent-k8s.fullname" .) }}"
             {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: data-home
+              mountPath: "{{ .Values.agent.data_home }}"
       {{- with .Values.controllerNodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -101,4 +106,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      volumes:
+      - name: data-home
+        emptyDir: {}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
diff --git a/charts/agent-k8s/templates/pv.yaml b/charts/agent-k8s/templates/pv.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.agent.efs_id -}}
+{{- if .Values.efsVolumeHandle -}}
 apiVersion: v1
 kind: PersistentVolume
 metadata:
@@ -14,5 +14,5 @@ spec:
   storageClassName: agent-k8s-efs-sc
   csi:
     driver: efs.csi.aws.com
-    volumeHandle: {{ .Values.agent.efs_id }}
+    volumeHandle: {{ .Values.efsVolumeHandle }}
 {{- end }}
diff --git a/charts/agent-k8s/templates/pvc.yaml b/charts/agent-k8s/templates/pvc.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.agent.efs_id -}}
+{{- if .Values.efsVolumeHandle -}}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:

diff --git a/charts/agent-k8s/templates/storageclass.yaml b/charts/agent-k8s/templates/storageclass.yaml
@@ -1,8 +1,16 @@
-{{- if .Values.agent.efs_id -}}
+{{- if .Values.efsVolumeHandle -}}
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: agent-k8s-efs-sc
   namespace: {{ .Release.Namespace | quote }}
 provisioner: efs.csi.aws.com
+reclaimPolicy: Retain
+parameters:
+  provisioningMode: efs-ap
+  directoryPerms: "775"
+mountOptions:
+{{- with .Values.efsMountOptions }}
+  {{- toYaml . | nindent 8 }}
+{{- end }}
 {{- end }}
diff --git a/charts/agent-k8s/templates/worker.yaml b/charts/agent-k8s/templates/worker.yaml
@@ -24,6 +24,10 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "agent-k8s.serviceAccountName" . }}
+      securityContext:
+      {{- with .Values.securityContext }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
         - name: agent-k8s
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -75,20 +79,15 @@ spec:
               value: "{{ .Values.agent.gc_plugins_workspace_size_limit }}"
             - name: SCALR_KUBERNETES_MODE
               value: "worker"
-            {{- if .Values.agent.efs_id }}
+            {{- if .Values.efsVolumeHandle }}
             - name: SCALR_KUBERNETES_EFS_CLAIM_NAME
               value: "agent-k8s-efs-claim"
-            - name: SCALR_KUBERNETES_EFS_SUB_PATH
-              value: "{{ .Values.agent.efs_sub_path | default (include "agent-k8s.fullname" .) }}"
             {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
             - name: data-home
               mountPath: "{{ .Values.agent.data_home }}"
-              {{- if .Values.agent.efs_id }}
-              subPath: "{{ .Values.agent.efs_sub_path | default (include "agent-k8s.fullname" .) }}"
-              {{- end }}
       {{- with .Values.workerNodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -99,7 +98,7 @@ spec:
       {{- end }}
       volumes:
         - name: data-home
-          {{- if .Values.agent.efs_id }}
+          {{- if .Values.efsVolumeHandle }}
           persistentVolumeClaim:
             claimName: agent-k8s-efs-claim
           {{- else }}

diff --git a/charts/agent-k8s/values.yaml b/charts/agent-k8s/values.yaml
@@ -63,10 +63,6 @@ agent:
   kubernetes_task_labels: {}
   # -- Extra annotations to apply to the agent task pods.
   kubernetes_task_annotations: {}
-  # -- Amazon EFS file system ID to use EFS storage as data home.
-  efs_id: ""
-  # -- Amazon EFS sub path to mount the data home into. If empty - a chart name will be used.
-  efs_sub_path: ""
 
 imagePullSecrets: []
 nameOverride: ""
@@ -96,6 +92,18 @@ serviceAccount:
   # -- If not set and create is true, a name is generated using the fullname template
   name: ""
 
+# -- Amazon EFS file system ID to use EFS storage as data home directory.
+efsVolumeHandle: ""
+
+# -- Amazon EFS mount options to define how the EFS storage volume should be mounted.
+efsMountOptions: []
+
+# -- The Agent Pods security context.
+securityContext:
+  runAsUser: 0
+  runAsGroup: 0
+
+# -- The Agent Pods annotations.
 podAnnotations: {}
 
 # -- Provides the amount of grace time prior to the agent-k8s container being forcibly terminated when marked for deletion or restarted.