dockerkubernetessambacifs

Accessing CIFS files from pods


We have a docker image that is processing some files on a samba share.

For this we created a cifs share which is mounted to /mnt/dfs and files can be accessed in the container with:

docker run -v /mnt/dfs/project1:/workspace image

Now what I was aked to do is get the container into k8s and to acces a cifs share from a pod a cifs Volume driver usiong FlexVolume can be used. That's where some questions pop up.

I installed this repo as a daemonset

https://k8scifsvol.juliohm.com.br/

and it's up and running.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: cifs-volumedriver-installer
spec:
  selector:
    matchLabels:
      app: cifs-volumedriver-installer
  template:
    metadata:
      name: cifs-volumedriver-installer
      labels:
        app: cifs-volumedriver-installer
    spec:
      containers:
        - image: juliohm/kubernetes-cifs-volumedriver-installer:2.4
          name: flex-deploy
          imagePullPolicy: Always
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /flexmnt
              name: flexvolume-mount
      volumes:
        - name: flexvolume-mount
          hostPath:
            path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/

Next thing to do is add a PeristentVolume, but that needs a capacity, 1Gi in the example. Does this mean that we lose all data on the smb server? Why should there be a capacity for an already existing server?

Also, how can we access a subdirectory of the mount /mnt/dfs from within the pod? So how to access data from /mnt/dfs/project1 in the pod?

Do we even need a PV? Could the pod just read from the host's mounted share?

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mycifspv
spec:
  capacity:
    storage: 1Gi
  flexVolume:
    driver: juliohm/cifs
    options:
      opts: sec=ntlm,uid=1000
      server: my-cifs-host
      share: /MySharedDirectory
    secretRef:
      name: my-secret
  accessModes:
    - ReadWriteMany

Solution

  • Managed to get it working with the fstab/cifs plugin.

    Copy its cifs script to /usr/libexec/kubernetes/kubelet-plugins/volume/exec and give it execute permissions. Also restart kubelet on all nodes.

    https://github.com/fstab/cifs

    Then added

     containers:
     - name: pablo
       image: "10.203.32.80:5000/pablo"
       volumeMounts:
       - name: dfs
         mountPath: /data
     volumes:
     - name: dfs
       flexVolume:
        driver: "fstab/cifs"
        fsType: "cifs"
        secretRef:
          name: "cifs-secret"
        options:
          networkPath: "//dfs/dir"
          mountOptions: "dir_mode=0755,file_mode=0644,noperm"
    

    Now there is the /data mount inside the container pointing to //dfs/dir