dockerkubernetessambacifs

Accessing CIFS files from pods

We have a docker image that is processing some files on a samba share.

For this we created a cifs share which is mounted to /mnt/dfs and files can be accessed in the container with:

docker run -v /mnt/dfs/project1:/workspace image

Now what I was aked to do is get the container into k8s and to acces a cifs share from a pod a cifs Volume driver usiong FlexVolume can be used. That's where some questions pop up.

I installed this repo as a daemonset

https://k8scifsvol.juliohm.com.br/

and it's up and running.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: cifs-volumedriver-installer
spec:
  selector:
    matchLabels:
      app: cifs-volumedriver-installer
  template:
    metadata:
      name: cifs-volumedriver-installer
      labels:
        app: cifs-volumedriver-installer
    spec:
      containers:
        - image: juliohm/kubernetes-cifs-volumedriver-installer:2.4
          name: flex-deploy
          imagePullPolicy: Always
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /flexmnt
              name: flexvolume-mount
      volumes:
        - name: flexvolume-mount
          hostPath:
            path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/

Next thing to do is add a PeristentVolume, but that needs a capacity, 1Gi in the example. Does this mean that we lose all data on the smb server? Why should there be a capacity for an already existing server?

Also, how can we access a subdirectory of the mount /mnt/dfs from within the pod? So how to access data from /mnt/dfs/project1 in the pod?

Do we even need a PV? Could the pod just read from the host's mounted share?

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mycifspv
spec:
  capacity:
    storage: 1Gi
  flexVolume:
    driver: juliohm/cifs
    options:
      opts: sec=ntlm,uid=1000
      server: my-cifs-host
      share: /MySharedDirectory
    secretRef:
      name: my-secret
  accessModes:
    - ReadWriteMany
Solution

  • Managed to get it working with the fstab/cifs plugin.

    Copy its cifs script to /usr/libexec/kubernetes/kubelet-plugins/volume/exec and give it execute permissions. Also restart kubelet on all nodes.

    https://github.com/fstab/cifs

    Then added

     containers:
 - name: pablo
   image: "10.203.32.80:5000/pablo"
   volumeMounts:
   - name: dfs
     mountPath: /data
 volumes:
 - name: dfs
   flexVolume:
    driver: "fstab/cifs"
    fsType: "cifs"
    secretRef:
      name: "cifs-secret"
    options:
      networkPath: "//dfs/dir"
      mountOptions: "dir_mode=0755,file_mode=0644,noperm"

    Now there is the /data mount inside the container pointing to //dfs/dir