Manual AKS PV fails with "New-SmbGlobalMapping MountVolume.SetUp failed for volume" error

7/17/2019

I'm trying to mount an azureFile volume on a Windows AKS pod, but I get the error:

kubelet, MountVolume.SetUp failed for volume "fileshare" : New-SmbGlobalMapping failed: fork/exec C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe: The parameter is incorrect., output: ""

My pod.yml looks like:

apiVersion: v1
kind: Pod
metadata:
  name: q-pod-sample-03
  namespace: mq
spec:
  containers:
  - image: test.azurecr.io/q/p:01
    name: q-ctr-sample-03
    imagePullPolicy: "IfNotPresent"
    volumeMounts:
      - name: azfileshare
        mountPath: 'c:/app/app-data' 
  nodeSelector:
    "beta.kubernetes.io/os": windows
  volumes:
  - name: azfs
    azureFile:
      secretName: qastapv-share-01-secret
      shareName: qastapv-share-01
      readOnly: false

My secret.yml looks like:

apiVersion: v1
kind: Secret
metadata:
  name: qastapv-share-01-secret
  namespace: mq
type: Opaque
data:
  azurestorageaccountname: <Base64Str>
  azurestorageaccountkey: <Base64Str>

My PV looks like:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-azfs-q-01
  namespace: mq
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  azureFile:
    secretName: qastapv-share-01-secret
    shareName: qastapv-share-01
    readOnly: false
  mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - uid=1000
  - gid=1000

What I'm missing here? I'm on AKS 1.14.

-- Sam
azure-aks
kubernetes

1 Answer

7/18/2019

As I see, there is something wrong in your yaml file. First, in your pod yaml file:

apiVersion: v1
kind: Pod
metadata:
  name: q-pod-sample-03
  namespace: mq
spec:
  containers:
  - image: test.azurecr.io/q/p:01
    name: q-ctr-sample-03
    imagePullPolicy: "IfNotPresent"
    volumeMounts:
      - name: azfileshare
        mountPath: 'c:/app/app-data' 
  nodeSelector:
    "beta.kubernetes.io/os": windows
  volumes:
  - name: azfileshare         # this name should be the same with the name in volumeMounts
    azureFile:
      secretName: qastapv-share-01-secret
      shareName: qastapv-share-01
      readOnly: false

And I do not know how do you convert the storage account name and the key into base64. So I also show two ways to create the secret in AKS.

One is to use the command to create as below:

kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME --from-literal=azurestorageaccountkey=$STORAGE_KEY

Second is to use the yaml file and convert the storage account name and the key into base64 and input them in the yaml file as below:

echo 'storageAccountName' | base64
echo 'storageAccountKey' | base64

The yaml file as you show and input the output of the above commands.

Follow the above steps, you do not need to create the PV individual.

For more details, see Manually create and use a volume with Azure Files share in Azure Kubernetes Service (AKS). And if you want to use the PV/PVC, take a look at Mount volumes via PV and PVC.

Update:

If you use the yaml file to create the secret, you also need to pay attention to the operating system where convert the string into base64. The different operating system may have different rules for the base64. For you, you use the Windows nodes, so you need to convert the storage account name and the key into base64 on the Windows system. Below is the PowerShell command to convert:

$Name= [System.Text.Encoding]::UTF8.GetBytes("storageAccountName ")
[System.Convert]::ToBase64String($Name )
$Key = [System.Text.Encoding]::UTF8.GetBytes("storageAccountKey")
[System.Convert]::ToBase64String($Key)
-- Charles Xu
Source: StackOverflow