From 7e87c9f027af9dad7ff2ccabdc38d57a69876fe7 Mon Sep 17 00:00:00 2001
From: Jeffrey Clark <h0tw1r3@users.noreply.github.com>
Date: Thu, 22 May 2025 14:38:02 -0500
Subject: [PATCH] fix mounting volumes with FIPS enabled

---
 charts/aws-efs-csi-driver/templates/controller-deployment.yaml | 2 ++
 charts/aws-efs-csi-driver/templates/node-daemonset.yaml        | 2 ++
 docs/README.md                                                 | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/charts/aws-efs-csi-driver/templates/controller-deployment.yaml b/charts/aws-efs-csi-driver/templates/controller-deployment.yaml
index 573e9e33f..d830fa7d9 100644
--- a/charts/aws-efs-csi-driver/templates/controller-deployment.yaml
+++ b/charts/aws-efs-csi-driver/templates/controller-deployment.yaml
@@ -93,6 +93,8 @@ spec:
             {{- if .Values.useFIPS }}
             - name: AWS_USE_FIPS_ENDPOINT
               value: "true"
+            - name: FIPS_ENABLED
+              value: "true"
             {{- end }}
             - name: PORT_RANGE_UPPER_BOUND
               value: "{{ .Values.portRangeUpperBound }}"
diff --git a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
index 324350ce0..b12cd8ee4 100644
--- a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
+++ b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
@@ -91,6 +91,8 @@ spec:
             {{- if .Values.useFIPS }}
             - name: AWS_USE_FIPS_ENDPOINT
               value: "true"
+            - name: FIPS_ENABLED
+              value: "true"
             {{- end }}
             - name: PORT_RANGE_UPPER_BOUND
               value: "{{ .Values.portRangeUpperBound }}"
diff --git a/docs/README.md b/docs/README.md
index c554dfc94..3a225292f 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -254,7 +254,7 @@ This procedure requires Helm V3 or later. To install or upgrade Helm, see [Using
 
    To force the Amazon EFS CSI driver to use FIPS for mounting the file system, add the following argument.
    ```sh
-   --set useFips=true
+   --set useFIPS=true
    ```
 **Note**  
 `hostNetwork: true` (should be added under spec/deployment on kubernetes installations where AWS metadata is not reachable from pod network. To fix the following error `NoCredentialProviders: no valid providers in chain` this parameter should be added.)