Login/Register
Accessing CIFS files from pods
Asked Answered
Solved dockerkubernetessambacifs
C

3

1

We have a docker image that is processing some files on a samba share.

For this we created a cifs share which is mounted to /mnt/dfs and files can be accessed in the container with:

docker run -v /mnt/dfs/project1:/workspace image

Now what I was aked to do is get the container into k8s and to acces a cifs share from a pod a cifs Volume driver usiong FlexVolume can be used. That's where some questions pop up.

I installed this repo as a daemonset

https://k8scifsvol.juliohm.com.br/

and it's up and running.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: cifs-volumedriver-installer
spec:
  selector:
    matchLabels:
      app: cifs-volumedriver-installer
  template:
    metadata:
      name: cifs-volumedriver-installer
      labels:
        app: cifs-volumedriver-installer
    spec:
      containers:
        - image: juliohm/kubernetes-cifs-volumedriver-installer:2.4
          name: flex-deploy
          imagePullPolicy: Always
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /flexmnt
              name: flexvolume-mount
      volumes:
        - name: flexvolume-mount
          hostPath:
            path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/

Next thing to do is add a PeristentVolume, but that needs a capacity, 1Gi in the example. Does this mean that we lose all data on the smb server? Why should there be a capacity for an already existing server?

Also, how can we access a subdirectory of the mount /mnt/dfs from within the pod? So how to access data from /mnt/dfs/project1 in the pod?

Do we even need a PV? Could the pod just read from the host's mounted share?

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mycifspv
spec:
  capacity:
    storage: 1Gi
  flexVolume:
    driver: juliohm/cifs
    options:
      opts: sec=ntlm,uid=1000
      server: my-cifs-host
      share: /MySharedDirectory
    secretRef:
      name: my-secret
  accessModes:
    - ReadWriteMany
Convenience answered 21/5, 2021 at 7:33 Comment(0)
C
1

Managed to get it working with the fstab/cifs plugin.

Copy its cifs script to /usr/libexec/kubernetes/kubelet-plugins/volume/exec and give it execute permissions. Also restart kubelet on all nodes.

https://github.com/fstab/cifs

Then added

 containers:
 - name: pablo
   image: "10.203.32.80:5000/pablo"
   volumeMounts:
   - name: dfs
     mountPath: /data
 volumes:
 - name: dfs
   flexVolume:
    driver: "fstab/cifs"
    fsType: "cifs"
    secretRef:
      name: "cifs-secret"
    options:
      networkPath: "//dfs/dir"
      mountOptions: "dir_mode=0755,file_mode=0644,noperm"

Now there is the /data mount inside the container pointing to //dfs/dir

Convenience answered 21/5, 2021 at 12:30 Comment(0)
C
2

No, that field has no effect on the FlexVol plugin you linked. It doesn't even bother parsing out the size you pass in :)

Coinsure answered 21/5, 2021 at 7:50 Comment(0)
C
1

Managed to get it working with the fstab/cifs plugin.

Copy its cifs script to /usr/libexec/kubernetes/kubelet-plugins/volume/exec and give it execute permissions. Also restart kubelet on all nodes.

https://github.com/fstab/cifs

Then added

 containers:
 - name: pablo
   image: "10.203.32.80:5000/pablo"
   volumeMounts:
   - name: dfs
     mountPath: /data
 volumes:
 - name: dfs
   flexVolume:
    driver: "fstab/cifs"
    fsType: "cifs"
    secretRef:
      name: "cifs-secret"
    options:
      networkPath: "//dfs/dir"
      mountOptions: "dir_mode=0755,file_mode=0644,noperm"

Now there is the /data mount inside the container pointing to //dfs/dir

Convenience answered 21/5, 2021 at 12:30 Comment(0)
C
1

This is a working example with juliohm/cifs driver. Bellow you have the details for the secret, persistent volume, persistent volume claim, pod and docker image used for testing.

apiVersion: v1
data:
  password: CwqVGc4aA==
  username: RFU1Q=
kind: Secret
metadata:
  name: smbcredsisaint
type: juliohm/cifs
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: cifspv
spec:
  storageClassName: none
  capacity:
    storage: 1Gi
  flexVolume:
    driver: juliohm/cifs
    options:
      opts: dir_mode=0666,file_mode=0666,uid=1000,gid=1000,noperm
      server: SERVER_IP
      share: /SHARE
      passwdMethod: env
    secretRef:
      name: smbcredsisaint
  accessModes:
    - ReadWriteMany

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cifspv-claim
spec:
  resources:
    requests:
      storage: 1Gi
  volumeName: cifspv
  storageClassName: none
  accessModes:
    - ReadWriteMany
---
apiVersion: v1
kind: Pod
metadata:
  name: cifs-test-pod
spec:
  containers:
    - name: test-container
      image: harbor/testcifs:latest
      imagePullPolicy: Always
      volumeMounts:
        - name: cifs-volume
          mountPath: /mnt/test
  volumes:
    - name: cifs-volume
      persistentVolumeClaim:
        claimName: cifspv-claim

testcifs docker image:

FROM busybox
CMD ["sh", "-c", "ls /mnt/test; sleep 120"]
Catalonia answered 22/8, 2023 at 5:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.