Cannot mount CIFS storage on k8s cluster

Deerenaros asked:

I have to mount CIFS storage, trying to use flexvolume, fstab/cifs, but I have no idea what i’m doing wrong.

Using microk8s v1.18

[email protected]:~/yamls# cat pod.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: cifs-secret
  namespace: default
type: fstab/cifs
data:
  username: 'xxxxxxxxxxx='
  password: 'xxxxxxxxxxxxxxxxxxxxxx=='
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: busybox
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: test
      mountPath: /data
  volumes:
  - name: test
    flexVolume:
      driver: "fstab/cifs"
      fsType: "cifs"
      secretRef:
        name: "cifs-secret"
      options:
        networkPath: "//srv/storage"
        mountOptions: "dir_mode=0755,file_mode=0644,noperm"

But

[email protected]:~/yamls# kubectl apply -f pod.yaml 
pod/busybox configured
The Secret "cifs-secret" is invalid: type: Invalid value: "fstab/cifs": field is immutable

On changing type of secret to Opaque I get this

Events:
  Type     Reason       Age                   From                                      Message
  ----     ------       ----                  ----                                      -------
  Normal   Scheduled    <unknown>             default-scheduler                         Successfully assigned default/busybox to spb-airsys-services.spb.rpkb.ru
  Warning  FailedMount  17m (x23 over 48m)    kubelet, master  MountVolume.SetUp failed for volume "test" : Couldn't get secret default/cifs-secret err: Cannot get secret of type fstab/cifs

What I have to use with CIFS driver on Secret? Why this is so hard? Is it changing API or else? Why API version changing from version to version, is it invented in order to give version compability?

And, in future, what can you suggest to NFS mounting? Even more, which practices do you use to provide mounts’ snapshots (or any other backup system)?

My answer:


If a secret is marked as immutable when created, it cannot be changed; it can only be deleted and recreated. You’ll need to delete the old immutable secret first.

kubectl delete secret cifs-secret

If you intend to be able to change the secret, you should not mark it as immutable. You appear to not have done so in this YAML, but it seems that you had done so previously.

Existing pods that use the secret will keep doing so after it is deleted; they also will need to be recreated to use a newly created secret even if it has the same name.

You should separate secret creation from pod creation and use different YAML files for these. This will not only allow you to use immutable secrets and prevent problems like this from recurring, it also allows you to separate concerns and deploy your pod to different environments (e.g. development, production) each of which may have different secrets.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.