aws-efs-csi-driver
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for aws-efs-csi-driver.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
nameOverride: ""
6
fullnameOverride: ""
7
useFIPS: false
8
portRangeUpperBound: "21049"
9
debugLogs: false
10
image:
11
repository: cgr.dev/chainguard-private/aws-efs-csi-driver
12
tag: latest@sha256:491dcc77640373968cc79a79f252ecdb3c868dc017cd1ba0232d76036c3c0881
13
pullPolicy: IfNotPresent
14
sidecars:
15
livenessProbe:
16
image:
17
repository: cgr.dev/chainguard-private/kubernetes-csi-livenessprobe
18
tag: latest@sha256:22a0de2184c13cd470b78a7c1a6443305e39e646e5229832c1fcd395e5f742aa
19
pullPolicy: IfNotPresent
20
resources: {}
21
securityContext:
22
readOnlyRootFilesystem: true
23
allowPrivilegeEscalation: false
24
nodeDriverRegistrar:
25
image:
26
repository: cgr.dev/chainguard-private/kubernetes-csi-node-driver-registrar
27
tag: latest@sha256:93f65084168e747618cb104fa4f1212807db37aed3f9b2fd18f69e6e00382ab7
28
pullPolicy: IfNotPresent
29
resources: {}
30
securityContext:
31
readOnlyRootFilesystem: true
32
allowPrivilegeEscalation: false
33
csiProvisioner:
34
image:
35
repository: cgr.dev/chainguard-private/kubernetes-csi-external-provisioner
36
tag: latest@sha256:3ce49e127de9fb7a0d805ac4e3048616dc751fc4fbe5d78cdb698b3a7a23f618
37
pullPolicy: IfNotPresent
38
resources: {}
39
securityContext:
40
readOnlyRootFilesystem: true
41
allowPrivilegeEscalation: false
42
additionalArgs: []
43
imagePullSecrets: []
44
## Controller deployment variables
45
controller:
46
# Specifies whether a deployment should be created
47
create: true
48
# Name of the CSI controller service
49
name: efs-csi-controller
50
# Number of replicas for the CSI controller service deployment
51
replicaCount: 2
52
# Number for the log level verbosity
53
logLevel: 2
54
# If set, add pv/pvc metadata to plugin create requests as parameters.
55
extraCreateMetadata: true
56
# Add additional tags to access points
57
tags: {}
58
# environment: prod
59
# region: us-east-1
60
# Enable if you want the controller to also delete the
61
# path on efs when deleteing an access point
62
deleteAccessPointRootDir: false
63
podAnnotations: {}
64
podLabels: {}
65
hostNetwork: false
66
priorityClassName: system-cluster-critical
67
dnsPolicy: ClusterFirst
68
dnsConfig: {}
69
additionalLabels: {}
70
resources: {}
71
# We usually recommend not to specify default resources and to leave this as a conscious
72
# choice for the user. This also increases chances charts run on environments with little
73
# resources, such as Minikube. If you do want to specify resources, uncomment the following
74
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
75
# limits:
76
# cpu: 100m
77
# memory: 128Mi
78
# requests:
79
# cpu: 100m
80
# memory: 128Mi
81
revisionHistoryLimit: 10
82
nodeSelector: {}
83
tolerations:
84
- key: CriticalAddonsOnly
85
operator: Exists
86
- key: efs.csi.aws.com/agent-not-ready
87
operator: Exists
88
affinity: {}
89
env: []
90
volumes: []
91
volumeMounts: []
92
socketDirVolume:
93
emptyDir: {}
94
# Specifies whether a service account should be created
95
serviceAccount:
96
create: true
97
name: efs-csi-controller-sa
98
annotations: {}
99
## Enable if EKS IAM for SA is used
100
# eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
101
healthPort: 9909
102
regionalStsEndpoints: false
103
# Pod Disruption Budget
104
podDisruptionBudget:
105
enabled: false
106
# maxUnavailable: 1
107
minAvailable: 1
108
unhealthyPodEvictionPolicy: IfHealthyBudget
109
# securityContext on the controller pod
110
securityContext:
111
runAsNonRoot: false
112
runAsUser: 0
113
runAsGroup: 0
114
fsGroup: 0
115
# securityContext on the controller container
116
# Setting privileged=false will cause the "delete-access-point-root-dir" controller option to fail
117
containerSecurityContext:
118
privileged: true
119
leaderElectionRenewDeadline: 10s
120
leaderElectionLeaseDuration: 15s
121
# Timeout for Create/DeleteVolume calls to Controller. We recommend increasing for high concurrency workloads
122
timeout: 15s
123
# Number of concurrent threads controller will handle at once.
124
workerThreads: 100
125
# TSCs without the label selector stanza
126
#
127
# Example:
128
#
129
# topologySpreadConstraints:
130
# - maxSkew: 1
131
# topologyKey: topology.kubernetes.io/zone
132
# whenUnsatisfiable: ScheduleAnyway
133
# - maxSkew: 1
134
# topologyKey: kubernetes.io/hostname
135
# whenUnsatisfiable: ScheduleAnyway
136
topologySpreadConstraints: []
137
# Enable reading filesystem IDs from configmap/secret
138
fileSystemIdRefs:
139
enabled: false
140
# rollingUpdate for controller deployment strategy
141
rollingUpdate: {}
142
# maxUnavailable: 1
143
# maxSurge: 1
144
## Node daemonset variables
145
node:
146
# Number for the log level verbosity
147
logLevel: 2
148
volMetricsOptIn: false
149
volMetricsRefreshPeriod: 240
150
volMetricsFsRateLimit: 5
151
hostAliases: {}
152
# For cross VPC EFS, you need to poison or overwrite the DNS for the efs volume as per
153
# https://docs.aws.amazon.com/efs/latest/ug/efs-different-vpc.html#wt6-efs-utils-step3
154
# implementing the suggested solution found here:
155
# https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/240#issuecomment-676849346
156
# EFS Vol ID, IP, Region
157
# "fs-01234567":
158
# ip: 10.10.2.2
159
# region: us-east-2
160
priorityClassName: system-node-critical
161
dnsPolicy: ClusterFirst
162
dnsConfig: {}
163
# Example config which uses the AWS nameservers
164
# dnsPolicy: "None"
165
# dnsConfig:
166
# nameservers:
167
# - 169.254.169.253
168
podLabels: {}
169
podAnnotations: {}
170
additionalLabels: {}
171
resources: {}
172
# limits:
173
# cpu: 100m
174
# memory: 128Mi
175
# requests:
176
# cpu: 100m
177
# memory: 128Mi
178
revisionHistoryLimit: 10
179
nodeSelector: {}
180
tolerations:
181
- operator: Exists
182
affinity:
183
nodeAffinity:
184
requiredDuringSchedulingIgnoredDuringExecution:
185
nodeSelectorTerms:
186
- matchExpressions:
187
- key: eks.amazonaws.com/compute-type
188
operator: NotIn
189
values:
190
- fargate
191
- hybrid
192
# Specifies whether a service account should be created
193
serviceAccount:
194
create: true
195
name: efs-csi-node-sa
196
annotations: {}
197
## Enable if EKS IAM for SA is used
198
# eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role
199
# Disable mutating permissions for the node service account.
200
# When disableMutation is true, some features of the EFS CSI Driver node pods will not function, such as taint removal.
201
# Primarily useful in particularly security-sensitive environments, or on multi-tenant clusters that isolate tenants by node.
202
disableMutation: false
203
healthPort: 9809
204
# securityContext on the node pod
205
securityContext:
206
# The node pod must be run as root to bind to the registration/driver sockets
207
runAsNonRoot: false
208
runAsUser: 0
209
runAsGroup: 0
210
fsGroup: 0
211
env: []
212
volumes: []
213
volumeMounts: []
214
kubeletPath: /var/lib/kubelet
215
# rollingUpdate for node deamonset updateStrategy.
216
rollingUpdate: {}
217
# maxSurge: 0
218
# maxUnavailable: 20%
219
storageClasses: []
220
# Add StorageClass resources like:
221
# - name: efs-sc
222
# annotations:
223
# # Use that annotation if you want this to your default storageclass
224
# storageclass.kubernetes.io/is-default-class: "true"
225
# parameters:
226
# provisioningMode: efs-ap
227
# fileSystemId: fs-1122aabb
228
# directoryPerms: "700"
229
# gidRangeStart: "1000"
230
# gidRangeEnd: "2000"
231
# basePath: "/dynamic_provisioning"
232
# subPathPattern: "/subPath"
233
# ensureUniqueDirectory: true
234
# reclaimPolicy: Delete
235
# volumeBindingMode: Immediate
236
237
# Specifies wether to use helm hooks to apply the CSI driver
238
useHelmHooksForCSIDriver: true
239
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.