{"id":430,"date":"2025-09-11T11:48:38","date_gmt":"2025-09-11T11:48:38","guid":{"rendered":"https:\/\/blog.ngocha.biz\/?p=430"},"modified":"2025-09-11T11:48:38","modified_gmt":"2025-09-11T11:48:38","slug":"setup-efs-csi-driver-eks","status":"publish","type":"post","link":"https:\/\/blog.ngocha.biz\/?p=430","title":{"rendered":"How to Use AWS EFS on EKS with the EFS CSI Driver (Step-by-Step)"},"content":{"rendered":"

In this guide, you will learn to provision Amazon EFS as persistent storage for an Amazon EKS cluster. It includes dynamic and static provisioning, StorageClass, PVC, and a practical example.<\/p>\n

Here is what we are going to do.<\/p>\n

    \n
  1. Enable the EFS CSI driver addon<\/li>\n
  2. Create an EFS filesystem<\/li>\n
  3. Create a StorageClass for EFS Dynamic provisioning.<\/li>\n
  4. Deploy a sample app to test the EFS based PVC using Dynamic provisioing.<\/li>\n
  5. Try out Static Provisioning on the existing EFS file system<\/li>\n<\/ol>\n

    Lets dive in!<\/p>\n

    Use Case<\/h2>\n

    There are many use cases where you might need EFS backed storage for your applications running on AWS EKS.<\/p>\n

    The main advantage of using the EFS as persistent storage is that it is a Network File System (NFS), so multiple worker nodes can share the same storage space.<\/p>\n

    Unlike EBS volumes<\/a> which can only be attached to one pod at a time, EFS supports concurrent access from multiple Kubernetes pods<\/a> (ReadWriteMany<\/code><\/strong> access mode), making it ideal for use cases requiring shared storage.<\/p>\n

    What is Amazon EFS CSI Driver?<\/h2>\n

    EKS does not natively support EFS volumes out of the box.<\/p>\n

    To use EFS, you need to enable the EFS CSI driver add-on provided by AWS. It is a plugin which allows Kubernetes to use Amazon EFS file systems as persistent storage.<\/p>\n

    Once you enable it, you will be able to create EFS based persistent volumes using the EFS storage class.<\/p>\n

    Prerequisites<\/h2>\n

    The following are the prerequisites to follow this guide.<\/p>\n

      \n
    1. AWS CLI<\/a> (v2.18.10 or later) installed with admin privileges to the EKS service [Local Machine]<\/li>\n
    2. Existing EKS cluster or create a new one with this guide –> Create AWS EKS Cluster Using eksctl<\/a><\/li>\n
    3. EKSCTL (v0.193.0 or later) utility installed on your workstation [Local Machine]<\/li>\n
    4. Kubectl<\/a> –> A suitable version as the EKS cluster should be present on the local machine [Local Machine]<\/li>\n<\/ol>\n

      Install the EFS CSI Driver (eksctl + alternatives)<\/h2>\n

      You can add parameters to the eksctl<\/code><\/strong> manifest <\/a>to install the EFS CSI driver. This is the easiest method if you are creating the EKS cluster with the driver.<\/p>\n

      \n
      \ud83d\udca1<\/div>\n
      Other methods for installing the CSI Driver, such as via Helm<\/a>, YAML manifest<\/a>, Eksctl manifest, or UI.<\/div>\n<\/div>\n

      EKSCTL Manifest Installation<\/h3>\n

      To enable the EFS CSI Driver, add the following parameters under the addons<\/code> section of the eksctl<\/strong> manifest.<\/p>\n

      \"efs<\/figure>\n

      Note:<\/strong> Ensure the addonsConfig.autoApplyPodIdentityAssociations<\/code> paramenter is set to true<\/code> to work this plugin with the Pod Identity Agent Plugin.<\/strong><\/p><\/blockquote>\n

      \n
      \ud83d\udca1<\/div>\n
      Pod Identity Agent <\/strong><\/b>is another EKS plugin that helps pods get the IAM permissions to access the AWS resources.<\/p>\n

      Ensure the Pod Identity Agent Plugin<\/strong><\/b> is present in the cluster by listing the available plugins aws eks list-addons --cluster-name ${CLUSTER_NAME} --region ${REGION}<\/code><\/div>\n<\/div>\n

      \n
      \ud83d\udc49<\/div>\n
      If you already have an EKS cluster deployed by the Eksctl manifest, but want to update it with the plugin configuration, you can use the following command.<\/p>\n

      eksctl create cluster -f your-cluster.yaml --update-config<\/code><\/div>\n<\/div>\n

      Validating the Installation<\/h3>\n

      Once the installation is completed, we can list the pods in the kube-system<\/code> namespace to ensure the EFS CSI controller and node pods are running properly.<\/p>\n

      kubectl -n kube-system get po<\/code><\/pre>\n
      \"The<\/figure>\n
      The status of the EFS CSI Driver controller and agent pods ensures that the deployment is properly done.<\/p>\n
      Create EFS (file system, security groups, mount targets)<\/h2>\n
      Unlike the EBS CSI driver, EFS CSI will not provision EFS<\/strong> itself, instead it will create access points inside the EFS as per the pod requirements. <\/p>\n
      So we need to manually create an EFS. We will use aws cli to create EFS.<\/p>\n
      \n
      Note: <\/strong><\/b>If you already have an EFS, you can directly jump into the Storage Class<\/strong><\/b> creation, or you can follow the steps.<\/div>\n<\/div>\n
      Set the Filesystem name and region as the environment variable<\/p>\n
      EFS_NAME=EKSEFSFileSystem\nEFS_CREATION_TOKEN=eks-efs\nREGION=us-west-2<\/code><\/pre>\n
      Use the following command to create an EFS using the CLI.<\/p>\n
      aws efs create-file-system \\\n    --performance-mode generalPurpose \\\n    --throughput-mode bursting \\\n    --encrypted \\\n    --creation-token ${EFS_CREATION_TOKEN} \\\n    --region ${REGION} \\\n    --tags Key=Name,Value=${EFS_NAME}<\/code><\/pre>\n