Configuring Persistent Volume for storing configuration, logs, settings license and policies

A Persistent Volume (PV) is a piece of storage in the cluster provisioned by administrators or is dynamically provisioned using Storage Classes.

Creating a Persistent Volume on Kubernetes Cluster

You can create a Persistent Volume (PV) using the following set of commands:
  • kubectl apply -f storage-class.yaml
  • kubectl apply -f pv.yaml
  • kubectl apply -f pvc.yaml
To check whether the Persistent Volume (PV) is created successfully, use the following command for Kubernetes:
kubectl get pv
Sample output:
A Persistent Volume of type AWS EFS CSI for SPE AWS Agent. The following storage-class.yaml and pv.yaml structure should be used to create the Persistent Volume:
  • storage-class.yaml (name : spe-storage) apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: spe-storage provisioner: efs.csi.aws.com allowVolumeExpansion: true parameters: protocol: nfs
  • pv.yaml (name spe-vloume) apiVersion: v1 kind: PersistentVolume metadata: name: spe-volume spec: capacity: storage: 5Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: spe-storage csi: driver: efs.csi.aws.com readOnly: false volumeHandle: FILE-ID
  • pvc.yaml apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "spe-volume-claim" annotations: "helm.sh/resource-policy": delete spec: storageClassName: spe-storage volumeName: "spe-volume" accessModes: - "ReadWriteMany" resources: requests: storage: "1Gi"

Configuring Persistent Volume

AWS S3 Connector requires the following input to be configured inside the Persistent Volume as a prerequisites:
  • spe-data
    • license
    • policy
  • agent-data
    • aws-s3/config
      • awsconfig.json
      • assets.csv
      • roleArns.csv
Mount PV to create below structure inside Persistent Volume
  • /<mount_point>/spe-data
  • /<mount_point>/agent-data
Sample for the above folder can be found under the Helm Package that is shipped with the AWS SPE Connector. Use local directory with 777 permissions or appropriate permissions for container.
How do I configure
/<mount_point>/spe-data
?
To configure
/<mount_point>/spe-data
  1. Place the license file inside below path
    /<mount_point>/spe-data/license/
In  case you want to modify the policy file, place the scanner policy inside the below path
/<mount_point>/spe-data/policy/
  • You can copy the file from the Helm Package.
How do I configure
/<mount_point>/agent-data
?
Sample files can be found under Helm Package/agent-data. To configure
/<mount_point>/agent-data
  1. Place the
    assets.csv
    inside below path
    • /<mount_point>/agent-data/aws-s3/config/
    • You can find more information here - 
      aws-s3/config/assets.csv.
  2. Place the
    awsconfig.json
    inside below path
    • /<mount_point>/agent-data/aws-s3/config/
    • You can find more information here -
      aws-s3/config/awsconfig.json