From 622addc911689223cd9f2b67e0d4f79494a011eb Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 6 Mar 2017 16:40:34 -0500 Subject: [PATCH] Update README.md --- efs/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/efs/README.md b/efs/README.md index f9a16dcd..715e71c2 100644 --- a/efs/README.md +++ b/efs/README.md @@ -1,5 +1,10 @@ # efs-provisioner +## Prerequisites +* An IAM user assigned the AmazonElasticFileSystemReadOnlyAccess policy (or better) +* An EFS file system in your cluster's region +* [Mount targets](http://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html) and [security groups](http://docs.aws.amazon.com/efs/latest/ug/accessing-fs-create-security-groups.html) such that any node (in any zone in the cluster's region) can mount the EFS file system by its [File system DNS name](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html) + ## Deployment Create a configmap containing the [**File system ID**](http://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html) and Amazon EC2 region of the EFS file system you wish to provision NFS PVs from, plus the name of the provisioner, which administrators will specify in the `provisioner` field of their `StorageClass(es)`, e.g. `provisioner: example.com/aws-efs`. @@ -11,7 +16,7 @@ $ kubectl create configmap efs-provisioner \ --from-literal=provisioner.name=example.com/aws-efs ``` -Create a secret containing AWS credentials for the provisioner to use. The credentials will be used only once at startup to check that the EFS file system you specified in the configmap actually exists. +Create a secret containing the AWS credentials of a user assigned the AmazonElasticFileSystemReadOnlyAccess policy. The credentials will be used by the provisioner only once at startup to check that the EFS file system you specified in the configmap actually exists. ```console $ kubectl create secret generic aws-credentials \