Skip to main content

Kubernetes Container Storage Interface (CSI): Samba - Deploy SMB CSI via Helm, Create example PVC and Pod

1006 words·
Kubernetes CSI Kubectl Helm Samba
Table of Contents
Kubernetes-CSI - This article is part of a series.
Part 4: This Article

Overview
#

In this tutorial I’m using the following Kubernetes cluster, deployed with Kubeadm:

# Kubernetes cluster
NAME      STATUS   ROLES           AGE    VERSION    INTERNAL-IP     EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION     CONTAINER-RUNTIME
ubuntu1   Ready    control-plane   118d   v1.28.11   192.168.30.10   <none>        Ubuntu 24.04 LTS   6.8.0-36-generic   containerd://1.7.18
ubuntu2   Ready    worker          118d   v1.28.11   192.168.30.11   <none>        Ubuntu 24.04 LTS   6.8.0-36-generic   containerd://1.7.18
ubuntu3   Ready    worker          118d   v1.28.11   192.168.30.12   <none>        Ubuntu 24.04 LTS   6.8.0-36-generic   containerd://1.7.18

192.168.30.90 # Samba server, Ubuntu 22.04



Samba Server Setup
#

Install Samba
#

# Install Samba
sudo apt install samba -y

Create a Samba User
#

Create a new user for the Samba share:

# Create a user that can access the Samba share
sudo useradd -M -s /sbin/nologin k8s-samba

# Add the user to the Samba group
sudo usermod -aG sambashare k8s-samba

Define a Samba password for the user:

# Define a Samba password for the "k8s-samba" user (in the Samba database)
sudo smbpasswd -a k8s-samba

# Shell output:
New SMB password: # Define a pw like "my-secure-pw"
Retype new SMB password: # Define a pw like "my-secure-pw"
Added user k8s-samba

Enable the user:

# Enable the Samba user
sudo smbpasswd -e k8s-samba

# Shell output:
Enabled user k8s-samba.

Create an Example Share
#

Create a folder for the share:

# Create a folder for the Share
sudo mkdir -p /srv/samba/k8s-share

# Set permissions
sudo chown :sambashare /srv/samba/k8s-share
sudo chmod 2770 /srv/samba/k8s-share

Add the share to the Samba configuration:

# Edit Samba config
sudo vi /etc/samba/smb.conf
[k8s-share]
   path = /srv/samba/k8s-share
   browseable = yes
   read only = no
   guest ok = no
   valid users = @sambashare

Restart Samba Server
#

# Restart Samba
sudo service smbd restart

# Verify Samba Status
systemctl status smbd

Connect to Samba Share from a Client
#

Test the Samba share from a Linux server:

# Install Samba client
sudo apt install smbclient -y
# Connect to Samba share
smbclient //192.168.30.90/k8s-share -U k8s-samba

# Create a new directory
mkdir testfolder

# Exit the session
exit

Verify the folder in the Samba share:

# Verify the new folder on the Samba server
sudo ls -la /srv/samba/k8s-share

# Shell output:
total 12
drwxrws--- 3 root      sambashare 4096 Nov  1 10:27 .
drwxr-xr-x 3 root      root       4096 Nov  1 10:02 ..
drwxr-sr-x 2 k8s-samba sambashare 4096 Nov  1 10:27 testfolde



CSI Samba Installation
#

Install CSI Samba
#

Add Samba CSI Helm Chart
#

# Add the Samba CSI Helm chart
helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
helm repo update

Install the Samba CSI Driver
#

# Install the Samba CSI driver
helm install csi-driver-smb csi-driver-smb/csi-driver-smb --namespace kube-system

# Shell output:
NAME: csi-driver-smb
LAST DEPLOYED: Fri Nov  1 10:40:02 2024
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The CSI SMB Driver is getting deployed to your cluster.

To check CSI SMB Driver pods status, please run:

  kubectl --namespace=kube-system get pods --selector="app.kubernetes.io/name=csi-driver-smb" --watch

Verify Samba CSI Driver Deployment
#

# List Samba CSI pods
kubectl --namespace=kube-system get pods --selector="app.kubernetes.io/name=csi-driver-smb"

# Shell output:
NAME                                  READY   STATUS    RESTARTS   AGE
csi-smb-controller-5944596fc9-lggnt   3/3     Running   0          56s
csi-smb-node-bz4vv                    3/3     Running   0          56s
csi-smb-node-rkz55                    3/3     Running   0          56s
csi-smb-node-wr4hf                    3/3     Running   0          56s

Create Kubernetes Secret for Samba Credentials
#

Base64 Encode the Samba Credentials
#

# Encode the Samba user
echo -n 'k8s-samba' | base64

# Shell output:
azhzLXNhbWJh
# Encode the Samba password
echo -n 'my-secure-pw' | base64

# Shell output:
bXktc2VjdXJlLXB3

Create Kubernetes Secret
#

# Create a manifest for the secret:
vi smb-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: smb-secret
  namespace: default
type: Opaque
data:
  username: azhzLXNhbWJh
  password: bXktc2VjdXJlLXB3
# Create the secret
kubectl apply -f smb-secret.yaml

Verify the Secret
#

# List secrets
kubectl get secret

# Shell output:
NAME         TYPE     DATA   AGE
smb-secret   Opaque   2      61s

StorageClass
#

Define a StorageClass for Samba CSI
#

# Create a manifest for the StorageClass
vi smb-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: smb-csi
provisioner: smb.csi.k8s.io
parameters:
  source: "//192.168.30.90/k8s-share"  # Define Samba share
  csi.storage.k8s.io/node-stage-secret-name: "smb-secret" # Define Samba credential secret
  csi.storage.k8s.io/node-stage-secret-namespace: "default" # Define Samba credential secret namespace
mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - vers=3.0  # Define Samba version
reclaimPolicy: Delete
# Create the StorageClass
kubectl apply -f smb-storageclass.yaml

Verify the StorageClass
#

# List StorageClasses
kubectl get sc

# Shell output:
NAME      PROVISIONER      RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
smb-csi   smb.csi.k8s.io   Delete          Immediate           false                  18s



Test the Samba CSI
#

Example PVC
#

Create Example PVC
#

This PersistentVolumeClaim (PVC) will use the parent folder of the Samba share.

# Create a manifest for the PVC
vi smb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: smb-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: smb-csi
  resources:
    requests:
      storage: 1Gi
kubectl apply -f smb-pvc.yaml

Verify the PVC & PV
#

# List PVCs
kubectl get pvc

# Shell output:
NAME      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
smb-pvc   Bound    pvc-b09582ba-c259-4067-9846-122ff37ac915   1Gi        RWX            smb-csi        40s
# List PVs
kubectl get pv

# Shell output:
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS   REASON   AGE
pvc-b09582ba-c259-4067-9846-122ff37ac915   1Gi        RWX            Delete           Bound    default/smb-pvc   smb-csi                 50s

Example Pod
#

The following pod will create a “hello.txt” file on the Samba share:

# Create a manifest for the example pod
vi smb-test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: smb-test-pod
spec:
  containers:
  - name: app
    image: busybox
    command: [ "sh", "-c", "echo 'Hello from Kubernetes PVC' > /mnt/smb/hello.txt; sleep 3600" ]
    volumeMounts:
    - mountPath: "/mnt/smb"
      name: smb-volume
  volumes:
  - name: smb-volume
    persistentVolumeClaim:
      claimName: smb-pvc
# Deploy the example pod
kubectl apply -f smb-test-pod.yaml

Verify the Example File
#

# List files on the Samba share:
sudo ls -la /srv/samba/k8s-share

# Shell output:
total 16
drwxrws--- 3 root      sambashare 4096 Nov  1 11:02 .
drwxr-xr-x 3 root      root       4096 Nov  1 10:02 ..
-rwxr--r-- 1 k8s-samba sambashare   26 Nov  1 11:02 hello.txt
drwxr-sr-x 2 k8s-samba sambashare 4096 Nov  1 10:27 testfolder
# Cat the hello.txt file
sudo cat /srv/samba/k8s-share/hello.txt

# Shell output:
Hello from Kubernetes PVC



Delete Resources
#

# Delete the example pod
kubectl delete pod smb-test-pod

# Delete PVC
kubectl delete pvc smb-pvc
# Verify the PV is deleted
kubectl get pv

# Shell output:
No resources found



Links #

# Official Documentation
https://github.com/kubernetes-csi/csi-driver-smb/tree/master/charts
Kubernetes-CSI - This article is part of a series.
Part 4: This Article