Specify filesystemID from kubernetes secret

[zevisert-aaico]

Is your feature request related to a problem? Please describe.

It's annoying to specify the EFS filesystemID to PVs or StorageClasses

Describe the solution you'd like in detail

I would like to be able to populate the filesystemID from a secret or configmap, maybe like:

kind: StorageClass 
apiVersion: storage.k8s.io/v1 
metadata: 
  name: efs-sc 
provisioner: efs.csi.aws.com 
parameters: 
  provisioningMode: efs-ap 
  fileSystemIdSecretRef: # <-- this is the ask
    name: my-filesystem-secret
    namespace: some-namespace
    key: id

Describe alternatives you've considered

• None, I guess. We just hard-code the filesystem ID into our PV

Additional context

The ask is similar to #1052 where the OP is creating a resource in terraform with some specific AWS tags. I'm using crossplane and we deploy a filesystem from this custom resource:

apiVersion: efs.aws.upbound.io/v1beta1
kind: FileSystem
metadata:
  name: filesystem
spec:
  providerConfigRef:
    name: crossplane-aws
  forProvider:
    region: ${AWS_REGION}
    creationToken: ${EKS_CLUSTER_NAME}-filesystem
    performanceMode: generalPurpose
    throughputMode: bursting

It has the ability to write details about the created resource to a secret, so this is an in-cluster discovery mechanism instead of discovering via AWS tags

[wangnyue]

Hello, thanks to bring this up. We will take this as backlog item.

[zevisert-aaico]

Great news @wangnyue, thank you!

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[zevisert-aaico]

I looked at this a bit today, I don't think my request will work as is, since v1.StorageClass.parameters is of type map[string]string, and my request was so populate the ID from a structured format like:

...
parameters: 
  provisioningMode: efs-ap 
  fileSystemIdSecretRef: # <-- this is the ask
    name: my-filesystem-secret
    namespace: some-namespace
    key: id

Instead, maybe it becomes something like:

...
parameters: 
  provisioningMode: efs-ap 
  fileSystemIdSecretRef: <namespace?>/<name>/<key>

/remove-lifecycle rotten

[DavidXU12345]

@aliyajo is actively working on that