Has Anyone Used Freenas NFS for Kubernetes PVC?

[inman.turbo]

So the problem is the service attempts to mount the path to the claim which is created under the shared dataset, rather than mounting the dataset directly. How would one get this working?

Code:

mount.nfs: access denied by server while mounting  nas2.localdomain:/mnt/Pool2/playground/default-gitea-volume-claim-pvc-cb290896-7c89-4b44-97fa-2efcd5a69553  

In this case the actual share or dataset is @ /mnt/Pool2/playground/ which where the dynamic storage class has it mounted when it created the default-gitea-volume-claim-pvc-cb290896-7c89-4b44-97fa-2efcd5a69553 for the gitea service.

On a linux nsf server it can work using `no_root_squash` and `insecure` options on the export. I have no idea how to get this working with freenas and can't find any references to help with it. Security is not a concern in this case this is a firewalled development environment.

 

[KrisBee]

FreeNAS the equivalent of no_root_squash is to create the NFS share with "maproot user" set to "root" and "maproot group" set to "wheel". Linux "insecure" option is aobut port used by client, is that relevant - possibly if firewalled? But if the mount path is created dynamically on the client, how do you mount a path which does not re-exist on FreeNAS?

 

[Andrew T Schnable]

I use: https://github.com/nmaupu/freenas-provisioner

 

[inman.turbo]

Thank you both. I'll have a look at nmaupu/freenas-provisioner. It looks like it uses the freenas REST api to dynamically create datasets?

 

[inman.turbo]

I must be dense, but my impression of the freenas-provisioner after many many tries with it is that it just doesn't work. The README is very clear on how to get it working either. This is killing me, not being able to get any kind of kubernetes storage backed by freenas.

I've tried everything

Code:

      securityContext:
        fsGroup: 820
      containers:
      - name: gitea
        image: gitea/gitea:latest
        ports:
        - containerPort: 3000
          name: gitea
        - containerPort: 22
          name: git-ssh
        volumeMounts:
        - mountPath: /data
          name: git-data
      volumes:
      - name: git-data
        nfs:
          server: nas2.local
          path: /mnt/Pool2/playground

for a share owned by GUID/UID 820 on freenas doesn't work either:

Code:

./setup: line 9: /data/git/.ssh/environment: Permission denied
Generating /data/ssh/ssh_host_ed25519_key...
chmod: /data/git/.ssh/environment: Permission denied
Saving key "/data/ssh/ssh_host_ed25519_key" failed: Permission denied
Generating /data/ssh/ssh_host_rsa_key...
chown: /data/gitea/conf/app.ini: Operation not permitted
Saving key "/data/ssh/ssh_host_rsa_key" failed: Permission denied
Generating /data/ssh/ssh_host_dsa_key...
chown: /data/gitea/conf: Operation not permitted
chown: /data/gitea/conf: Operation not permitted
Saving key "/data/ssh/ssh_host_dsa_key" failed: Permission denied
Generating /data/ssh/ssh_host_ecdsa_key...
Saving key "/data/ssh/ssh_host_ecdsa_key" failed: Permission denied
chown: /data/gitea/log: Operation not permitted
chown: /data/gitea/log: Operation not permitted
chown: /data/ssh/*: Permission denied
chmod: /data/ssh: Operation not permitted
chown: /data/gitea: Operation not permitted
chown: /data/gitea: Operation not permitted
chmod: /data/ssh/*: Permission denied
Unable to load host key: /data/ssh/ssh_host_ed25519_key
Unable to load host key: /data/ssh/ssh_host_rsa_key
Unable to load host key: /data/ssh/ssh_host_dsa_key
Unable to load host key: /data/ssh/ssh_host_ecdsa_key
sshd: no hostkeys available -- exiting.
chown: /data/git/.ssh: Permission denied
chown: /data/git: Operation not permitted
chown: /data/git: Operation not permitted
chmod: /data/gitea: Operation not permitted
chmod: /data/git: Operation not permitted
2020/09/11 18:36:33 cmd/web.go:108:runWeb()  Starting Gitea on PID: 16
2020/09/11 18:36:33 ...s/setting/setting.go:725:NewContext() [F] error saving generating JWT secret to custom config: open /data/gitea/conf/app.ini: permission denied

 

[inman.turbo]

For anyone looking who comes across this, I am now using https://github.com/democratic-csi/democratic-csi, and I highly recommend it.