K
Q

Accessing Azure File Share from local Kubernetes cluster

12/10/2019
OS: Windows 10  
Kubernetes version: 1.14.8  
Helm version: 3  
Docker Desktop version: 2.1.0.5

Trying to deploy a Kubernetes cluster using a Helm-chart that contains a pod that connects to a statically provisioned Azure File Share. Deploying to an Azure Kubernetes cluster works, but when we try to deploy the cluster locally on docker-desktop it gets the error message when trying to mount the share:

Unable to mount volumes for pod "": timeout expired waiting for volumes to attach or mount for pod "". list of unmounted volumes=[servicecatalog-persistent-storage]. list of unattached volumes=[interactor-properties servicecatalog-persistent-storage default-token-9fp7j]

Mounting arguments: -t cifs -o username=,password=,file_mode=0777,dir_mode=0777,vers=3.0 //.file.core.windows.net/spps /var/lib/kubelet/pods/44a70ebf-1b26-11ea-ab13-00155d0a4406/volumes/kubernetes.io~azure-file/servicecatalog-spp-pv Output: mount error(11): Resource temporarily unavailable

Helm charts (removed redundant information):

Deployment:

apiVersion: apps/v1
kind: Deployment
spec:
    spec:
      containers:
        - name: {{ .Release.Name }}-{{ .Chart.Name }}
          volumeMounts:
            - name: servicecatalog-persistent-storage
              mountPath: /data/sppstore
      volumes:
        - name: servicecatalog-persistent-storage
          persistentVolumeClaim:
            claimName: servicecatalog-pv-claim

Persistent Storage / Claims:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: servicecatalog-spp-pv
  labels:
    usage: servicecatalog-spp-pv
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  azureFile:
    secretName: azurefile-secret
    shareName: spps
    readOnly: false

---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: servicecatalog-pv-claim
  annotations:
    volume.beta.kubernetes.io/storage-class: ""
  storageClass: 
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  selector:
    matchLabels:
      usage: servicecatalog-spp-pv

Secret:

apiVersion: v1
kind: Secret
metadata:
  name: azurefile-secret
type: Opaque
data:
  azurestorageaccountname: <acc name>
  azurestorageaccountkey:<acc key>

We have tried:

  • Using the Azure File Diagnostics to ensure ports are open and we are able to connect from our machine. link
  • Connecting using Azure Storage Explorer (works)

Microsoft says that connecting to an Azure File Share locally requires SMB 3.0 for security reasons which Windows 10 supports, but Kubernetes seems to use CIFS (which is a dialect of SMB?), but we cant figure out if its supported for access to Azure File Share. Any ideas?

-- Marius Wiik
azure
azure-files
helmfile
kubernetes
kubernetes-helm

Similar Questions

k8s hpa can't get the cpu information
How to create K8S deployment in specific namespace?
helm init has been removed in version 3
What is importance of labelling a k8s resource and then applying selector on label in spec on same k8s resource?
Connect from container to localhost
Lots of connection logs after open ports of k8s service

1 Answer

12/10/2019

The recommended way to mount an Azure file share on Linux is using SMB 3.0. By default, Azure Files requires encryption in transit, which is only supported by SMB 3.0. Azure Files also supports SMB 2.1, which does not support encryption in transit, but you may not mount Azure file shares with SMB 2.1 from another Azure region or on-premises for security reasons.

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux

so if you are using smb 2.1 you can only mount the file share from inside the same region. not from local workstation or from another azure region

since your cifs mount mentions vers=3.0 - I would assume this should work in your case. check storage account network access restrictions? or your network restrictions. say port 445, or other concerns mentioned in the linked article

-- 4c74356b41
Source: StackOverflow