2

I am trying to map an SMB network storage to Docker, in a development environment, to make it available to containers, in the same way as a shared local drive. This means, for the entire Docker VM, not individual containers. Another application needs the network storage through SMB access, but is in another domain, so I can't share anything from my local drives to it. Windows network drives also don't work with Docker.

The current workaround is to open nested shells on Docker, to access the VM and then mount the network storage. I tried this as a Windows batch file, but it stops at the first shell prompt and does not input anymore via "echo".

docker run --rm -it --privileged --pid=host justincormack/nsenter1
echo ctr -n services.linuxkit task exec -t --exec-id foo docker-ce /bin/sh
echo mkdir host_mnt/mystorage
echo mkdir host_mnt/mystorage/Videos
echo mkdir host_mnt/mystorage/Videos/my-private-storage
echo mount -v -t cifs -o username=myname,password=p@s$w0rd,file_mode=0777,dir_mode=0777,vers=2.0,uid=1234,gid=1234 //mystorage.mycompany.com/Videos/my-private-storage /host_mnt/mystorage/Videos/my-private-storage
echo exit
echo exit

Typing this into the console (without the "echo"s) requires deletion/restart of Docker containers afterwards.

Is there any way to map a network drive to Docker easily and upon Docker startup? Or any other way to easily use an SMB resource?

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Erik Hart
  • 1,114
  • 1
  • 13
  • 28

1 Answers1

0

I think the biggest problem you're going to face is that the entire Moby VM used for Docker for Windows has a read-only filesystem. If you were to just attempt to do the mount directly from Moby itself, you would get the it's missing the helper applications for CIFS / NFS. 

mount: /mnt: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.

In most environments, we would just install cifs-utils or nfs-common, but because it's a read only filesystem, I can't think of a way to get that working.

Dockstar
  • 1,005
  • 11
  • 15
  • The commands work when I execute them step by step, containers can access the network storage, read and write. But they're lost after ending Docker, and must be re-entered after every start, following by a restart of the consuming containers (through Kubernetes pod deletion). I know these shells access the Moby VM, but don't know the actual toolset. I'm new to Docker/Kubernetes, and installed it in a "dumb" way, just following instructions. I don't remember installing specific components, but there are mount.cifs/.nfs and others in the sbin directory. – Erik Hart Oct 31 '18 at 16:41
  • Yeah mount.cifs and nfs are just the targets for the mount binary to know what target (-t) you're using. Those remote protocols also actually require other pieces of software to function correctly, which looks like the VM itself is missing. Probably on purpose to keep it small, or as a security concern. Moby is an oddball, because it's too limited for my tastes. A container you build may be able to access CIFS / SMB without issue, because the image itself has all of the required binaries, but the host is a different beast. – Dockstar Oct 31 '18 at 17:02
  • Kubernetes and Docker for Windows are two different beasts altogether. Docker is still the containerization engine for Kubernetes, but that may change. A better test would be for you to setup minikube and work with Kubernetes locally to find a way to get the volume defined that way. Historically, what I've done to deal with this in a Swarm environment is use Ansible to mount the CIFS shares to each host, and pass it through as a bind mount – Dockstar Oct 31 '18 at 17:05