I have to mount CIFS storage, trying to use flexvolume, fstab/cifs, but I have no idea what i’m doing wrong.
Using microk8s v1.18
[email protected]:~/yamls# cat pod.yaml apiVersion: v1 kind: Secret metadata: name: cifs-secret namespace: default type: fstab/cifs data: username: 'xxxxxxxxxxx=' password: 'xxxxxxxxxxxxxxxxxxxxxx==' --- apiVersion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: - name: busybox image: busybox command: - sleep - "3600" imagePullPolicy: IfNotPresent volumeMounts: - name: test mountPath: /data volumes: - name: test flexVolume: driver: "fstab/cifs" fsType: "cifs" secretRef: name: "cifs-secret" options: networkPath: "//srv/storage" mountOptions: "dir_mode=0755,file_mode=0644,noperm"
[email protected]:~/yamls# kubectl apply -f pod.yaml pod/busybox configured The Secret "cifs-secret" is invalid: type: Invalid value: "fstab/cifs": field is immutable
On changing type of secret to
Opaque I get this
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned default/busybox to spb-airsys-services.spb.rpkb.ru Warning FailedMount 17m (x23 over 48m) kubelet, master MountVolume.SetUp failed for volume "test" : Couldn't get secret default/cifs-secret err: Cannot get secret of type fstab/cifs
What I have to use with CIFS driver on Secret? Why this is so hard? Is it changing API or else? Why API version changing from version to version, is it invented in order to give version compability?
And, in future, what can you suggest to NFS mounting? Even more, which practices do you use to provide mounts’ snapshots (or any other backup system)?
If a secret is marked as immutable when created, it cannot be changed; it can only be deleted and recreated. You’ll need to delete the old immutable secret first.
kubectl delete secret cifs-secret
If you intend to be able to change the secret, you should not mark it as immutable. You appear to not have done so in this YAML, but it seems that you had done so previously.
Existing pods that use the secret will keep doing so after it is deleted; they also will need to be recreated to use a newly created secret even if it has the same name.
You should separate secret creation from pod creation and use different YAML files for these. This will not only allow you to use immutable secrets and prevent problems like this from recurring, it also allows you to separate concerns and deploy your pod to different environments (e.g. development, production) each of which may have different secrets.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.