docker google-cloud-platform google-kubernetes-engine kubernetes-cronjob google-cloud-filestore

Unable to mount google filestore inside a GKE pod directly (without using PV)

I am trying to take backup of Google Filestore to a GCS bucket. I also want to rsync the contents of filestore in primary region to another filestore in secondary region.

For this, I have created a bash script which is working fine in compute engine VM. I have converted that into a docker container which I'm running as a kubernetes cronjob inside a GKE cluster.

But when I run the scripts inside the GKE pod, it is giving me the following error:

root@filestore-backup-1594023480-k9wmn:/# mount 10.52.219.10:/vol1 /mnt/filestore-primary 
mount.nfs: access denied by server while mounting 10.52.219.10:/vol1

I am able to connect to the filestore from the container:

root@filestore-backup-1594023480-k9wmn:/# telnet 10.52.219.10 111 
Trying 10.52.219.10... 
Connected to 10.52.219.10. 
Escape character is '^]'.

The pod ip ranges are also added to the VPC ip range. Filestore has been given full access to allow the VPC. The same script is working fine in compute engine VM.

Why is mounting a google filestore inside a GKE pod not working?

bash script used for taking backup of google filestore:

#!/bin/bash

# Create the GCloud Authentication file if set
    touch /root/gcloud.json
    echo "$GCP_GCLOUD_AUTH" > /root/gcloud.json
    gcloud auth activate-service-account --key-file=/root/gcloud.json


#backup filestore to GCS

DATE=$(date +"%m-%d-%Y-%T")

mkdir -p /mnt/$FILESHARE_MOUNT_PRIMARY
mount $FILESTORE_IP_PRIMARY:/$FILESHARE_NAME_PRIMARY /mnt/$FILESHARE_MOUNT_PRIMARY

gsutil rsync -r /mnt/$FILESHARE_MOUNT_PRIMARY/ gs://$GCP_BUCKET_NAME/$DATE/


#rsync filestore to secondary region

mkdir -p /mnt/$FILESHARE_MOUNT_SECONDARY
mount $FILESTORE_IP_SECONDARY:/$FILESHARE_NAME_SECONDARY /mnt/$FILESHARE_MOUNT_SECONDARY

rsync -avz /mnt/$FILESHARE_MOUNT_PRIMARY/ /mnt/$FILESHARE_MOUNT_SECONDARY/

All the variables are passed as environmental variables in the yaml.

Solution

The reason why you can't access it's because GKE has a different method for consuming filestore than other GCP instances, in order to be able to mount you have to create Persistent Volume and Persistent Volume Claims.

If you need only one static access to the filestore, you can follow this guide to manually set PV and PVC to attach to your application:
- Filestore - Accessing Fileshares from GKE Clusters
If you want to make it more dynamic and ready for broader use, consider using a NFS Client Provisioner. It will create a storageClass that can be reffered on your yamls. In a nutshell a storageClass dinamically provisions the PV and PVCs for each access. You can follow this guide:
- How to deploy GCP Filestore with GKE + Helm
Additionally, you can also use the Filestore CSI driver to enable GKE workloads to dynamically create and mount Filestore volumes without using helm. However, the CSI driver is not a supported Google Cloud product so you should consider if it fits your production environment:
- Kubernetes - GCP Filestore CSI Driver

Choose your path, if you have any questions let me know in the comments.