K
Q

Need CIFS dynamic PV provisionner restricted to a specific namespace

11/23/2019

I have a kubernetes cluster on baremetal.

I need a CIFS dynamic PV provisionner restricted to a specific namespace. I only want user/pod that have access to namespace_a to be able to store on PV provisioned on CIFS shared_a.

Is there any existing solution available?

Any alternative that would allow me to provision dynamically PV that are backed by a samba nas share while keeping namespace isolation?

Thanks

-- ThatChrisGuy
cifs
kubernetes

Similar Questions

Helm secrets plugin unable to decrypt secrets.yaml encrypted before with GPG key
How to set pod to use all available CPU Cores
Colocate pods in Kubernetes
Not able to expose pod for outside using Service and ingress
Docker increase disk space

1 Answer

11/25/2019

By design PersistentVolumes are not namespaced objects but PersistentVolumeClaim are.

To achieve isolation between namespace and Persistent Volume you can bind PV to PVC. It is one-to-one mapping and it "reserves" volume to specific PVC.

You have to specify claimRef in PersistentVolume's spec field:

ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv1
[...]
spec:
[...]
  claimRef:
    name: claim
    namespace: default

And in PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: claim
spec:
[...]
  volumeName: pv1
-- KFC_
Source: StackOverflow