1

I'm fairly new to kubernetes and docker, so be patient with me.

I am trying to mount a Windows share in linux which is contained in docker, which is a kubernetes pod.

I managed to get all the correct permissions in kubernetes and docker to mount the share manually. However I need this to be done via the Dockerfile, since it needs to be automated.

This is my Dockerfile:

WORKDIR /app
COPY ./start-script.sh ./start-script.sh

RUN apt-get update && apt-get install -y cifs-utils
RUN mkdir Windows-Share
# RUN mount.cifs <Window share folder> /app/Windows-Share/ -o username=<username>,password=<password>,domain=<domain>

ENTRYPOINT ["bash", "./start-script.sh"]

Here is my start-script.sh:

#!/bin/bash
mount.cifs <Window share folder> /app/Windows-Share/ -o username=<username>,password=<password>,domain=<domain>
exec dotnet <dotnet dll>

Now it should be noted that I don't have access to any of the docker commands, they are all handled by kubernetes. After kubernetes creates the pod the logs will show:

mount error(13): Permission denied

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

This confuses me because if I log into the kubernetes pod and run the mount command manually it mounts fine. What am I missing?

Community
  • 1
  • 1
kumar5
  • 158
  • 1
  • 2
  • 8

2 Answers2

1

I had the same issue. Mount worked on server itself, in running the images as docker container but not in running the images as kubernetes deployment. In my case it helped to add a security context to the deployment with privileges and some linux capabilities:

securityContext:
        capabilities:
          add:
            - SYS_ADMIN
            - DAC_READ_SEARCH
            - NET_BIND_SERVICE
        privileged: true
C.Lechner
  • 19
  • 5
0

The right approach tends to be to provide appropriate storage setup outside your container, rather than trying to mount things in your container. In the specific case of Kubernetes this means setting up appropriate Volumes and then mounting them in your pod spec.

There's not an out-of-the-box SMB/CIFS Volume driver, but it looks like Microsoft publishes Kubernetes storage plugins that can help.

David Maze
  • 130,717
  • 29
  • 175
  • 215
  • 1
    I think this is useful information, however it doesn't answer the question. Point in case: I ended up here, because I've been waiting for one month (!) now for DigitalOcean to look into why our pods time out attaching volumes. So instead I routed around DO support and tried to mount the NFS share directly - with the same result as @kumar. So back to square one: why do I get a permission denied? Note that I am root inside the pod. – Tomáš Pospíšek Jul 01 '19 at 14:34