Inside the AWS EFS CSI Driver: What Really Happens When a PVC Is Created?

2026-06-05 2026-06-05 AWS Kubernetes , AWS , EFS , CSI 316 字 | 1 分钟

A deep dive into the AWS EFS CSI Driver architecture, explaining the complete workflow when a Kubernetes PVC is created—from filesystem and mount targets to access points and dynamic provisioning.

When I first started working with the AWS EFS CSI Driver on EKS, I had a number of questions:

  • Why can the CSI Driver be installed before an EFS filesystem exists?
  • Does the CSI Driver create Mount Targets automatically?
  • What’s the difference between a Mount Target and an Access Point?
  • For static provisioning, do I still need the CSI Driver?
  • What’s the difference between the Controller and Node Plugin?

This article walks through the complete workflow and explains what actually happens when a Kubernetes PVC is created.

High-Level Architecture

AWS EFS CSI Driver Workflow

EFS Components Explained

EFS Filesystem

The filesystem is the actual storage.

Mount Targets

Mount Targets provide network connectivity.

Think of them as the entrances to an office building.

Access Points

Access Points provide filesystem views and permissions.

Think of them as assigned rooms inside the office building.

Who Creates What?

Resource Created By
EFS Filesystem Platform Team / Terraform
Mount Targets Platform Team / Terraform
Security Groups Platform Team / Terraform
Access Points EFS CSI Controller
PV (Dynamic) EFS CSI Controller
PV (Static) User

Dynamic Provisioning Workflow

PVC
 ↓
EFS CSI Controller
 ↓
Create Access Point
 ↓
Create PV
 ↓
Bind PVC
Created by CSI Driver NOT Created by CSI Driver
Access Point Filesystem
PV Mount Targets
Security Groups

Controller vs Node Plugin

Controller Node Plugin
Dynamic provisioning Mounting EFS into pods
Access Point creation NFS operations
PV creation

The Most Useful Mental Model

EFS Analogy

The platform team builds the building and installs the doors.

The EFS CSI Driver assigns rooms and helps users enter the building.

It does not construct the building itself.

Conclusion

Infrastructure resources:

  • EFS Filesystem
  • Mount Targets
  • Security Groups

Application resources:

  • Access Points
  • PVCs
  • PVs

The CSI Driver sits in the middle, bridging Kubernetes storage requests with AWS EFS APIs.

版权声明
作者: xawei
post.copyright.created_at: 2026-06-05
post.copyright.updated_at: 2026-06-05
链接: https://xawei.xyz/2026/06/05/aws-efs-csi-driver-deep-dive/
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。
post.tags:
# Kubernetes # AWS # EFS # CSI
Understanding Cross-Origin Resource Sharing (CORS): Problems and Solutions
目录
  1. High-Level Architecture
  2. EFS Components Explained
    1. EFS Filesystem
    2. Mount Targets
    3. Access Points
  3. Who Creates What?
  4. Dynamic Provisioning Workflow
  5. Controller vs Node Plugin
  6. The Most Useful Mental Model
  7. Conclusion

Start typing to search...

ESC to close to navigate to select