Skip to main content

Kubernetes Container Storage Interface (CSI): Samba - Deploy SMB CSI via Helm, Create example PVC and Pod

1006 words·
Kubernetes CSI Kubectl Helm Samba
Table of Contents
Kubernetes-Components - This article is part of a series.
Part 1: Rancher Kubernetes Management Platform: Cert Manager Helm Deployment, Rancher Helm Deployment with Rancher CA certificate, Export Root CA Certificate, Ingress Resource, Access Rancher with TLS Encryption
Part 2: Velero Open-Source Kubernetes Backups: Velero Helm Deployment, Backup and Restore a Kubernetes Namespace from an AWS S3 Bucket
Part 3: Kubernetes Deployment Components: Pods - Multi Container Pod Example, Container Networking Within a Pod; Replication Controller; Services - ClusterIP, NodePort & LoadBalancer Services, Services for Pods, Replication Controllers, External Resources & Deployments
Part 4: Kubernetes Resource Management: Define Resource Requests and Limits; Deploy Kubernetes Metrics Server, Verify Resource Usage with kubectl top
Part 5: Kubernetes Security: Immutable Deployment - Deploy Container with ReadOnly-Filesystem and Writable-Volume
Part 6: Kubernetes Security: Pod Security Admission (PSA) - Overview, Enforce Pod Security Standard at a Namespace; Example Nginx Pod SecurityContext for Restricted PSS
Part 7: Kubernetes Volumes: Nginx Pod and Deployment Examples with NFS Volume, Pod and Deployment Examples with EmptyDir Volume, Deployment Example with PersistentVolume, External Storage Provider with NFS
Part 8: Kubernetes Secrets: Opaque Secret Configuration, Pod Examples with Environment Variable Secrets and Volume Secrets; SSH Authentication Secret with Pod Example
Part 9: Kubernetes Horizontal Pod Autoscaling: Install Kubernetes Metrics Server, Example Deployment with Horizontal Pod Autoscaler (HPA)
Part 10: Kubernetes DNS: CoreDNS custom Hosts entry (K3s & K8s Version), Deployment with custom Hosts entry; Backup and Restore the CoreDNS ConfigMap; DNS Troubleshooting
Part 11: Kubernetes Liveness & Readiness Probes: TCP Readiness Probes (Single Pod and Multi Pod Dependency), TCP Liveness Probe
Part 12: Kubernetes Network Policies: Ingress and Egress Policy Examples
Part 13: Kubernetes Role Based Access Control (RBAC): RBAC Overview, Create Service Account, Example Role and RoleBinding
Part 14: Kubernetes Kubeconfig: Create example Kubeconfig with new (RBAC) Service Account and ClusterRole / ClusterRole Binding
Part 15: Kubernetes Container Storage Interface (CSI): NFS CSI Driver Example, Dynamically create PersistentVolumes using a CSI StorageClass and PVC
Part 16: Kubernetes Container Storage Interface (CSI): Ceph CSI Driver Example, Dynamically provision RBD Images in a Ceph Storage Pool
Part 17: Kubernetes Container Storage Interface (CSI): Longhorn Distributed Block Storage System - Deploy Longhorn via Helm Chart, Define Custom Storage Mountpoints; StorageClass & PVC Example
Part 18: This Article
Part 19: Kubernetes Etcd Snapshot: Etcd Snapshot and Restore with Etcdctl, Verify Etcd Member Health; Etcdctl Commands
Part 20: Kubernetes Helm Charts: Create a Custom Helm Chart
Part 21: Kubernetes Kustomize: Kustomize Configuration Management Example
Part 22: Kubernetes ReplicaSets & DaemonSets: Overview, Example ReplicaSets and DaemonSets with and without NodeSelector & Node Labeling
Part 23: Kubernetes Jobs: Jobs Overview, Basic Non-parallel & Parallel Job Examples; CronJob & RBAC Example that Restarts a Deployment
Part 24: Kubernetes Commands: Cluster Nodes, Namespaces, LimitRange Resource Limits, Pods, Deployments, Replication Controllers, Services, HPA, Secrets, Cronjobs, Helm, Logs, K9s TUI

Overview
#

In this tutorial I’m using the following Kubernetes cluster, deployed with Kubeadm:

# Kubernetes cluster
NAME      STATUS   ROLES           AGE    VERSION    INTERNAL-IP     EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION     CONTAINER-RUNTIME
ubuntu1   Ready    control-plane   118d   v1.28.11   192.168.30.10   <none>        Ubuntu 24.04 LTS   6.8.0-36-generic   containerd://1.7.18
ubuntu2   Ready    worker          118d   v1.28.11   192.168.30.11   <none>        Ubuntu 24.04 LTS   6.8.0-36-generic   containerd://1.7.18
ubuntu3   Ready    worker          118d   v1.28.11   192.168.30.12   <none>        Ubuntu 24.04 LTS   6.8.0-36-generic   containerd://1.7.18

192.168.30.90 # Samba server, Ubuntu 22.04



Samba Server Setup
#

Install Samba
# 

# Install Samba
sudo apt install samba -y

Create a Samba User
#

Create a new user for the Samba share:

# Create a user that can access the Samba share
sudo useradd -M -s /sbin/nologin k8s-samba

# Add the user to the Samba group
sudo usermod -aG sambashare k8s-samba

Define a Samba password for the user:

# Define a Samba password for the "k8s-samba" user (in the Samba database)
sudo smbpasswd -a k8s-samba

# Shell output:
New SMB password: # Define a pw like "my-secure-pw"
Retype new SMB password: # Define a pw like "my-secure-pw"
Added user k8s-samba

Enable the user:

# Enable the Samba user
sudo smbpasswd -e k8s-samba

# Shell output:
Enabled user k8s-samba.

Create an Example Share
#

Create a folder for the share:

# Create a folder for the Share
sudo mkdir -p /srv/samba/k8s-share

# Set permissions
sudo chown :sambashare /srv/samba/k8s-share
sudo chmod 2770 /srv/samba/k8s-share

Add the share to the Samba configuration:

# Edit Samba config
sudo vi /etc/samba/smb.conf

[k8s-share]
   path = /srv/samba/k8s-share
   browseable = yes
   read only = no
   guest ok = no
   valid users = @sambashare

Restart Samba Server
# 

# Restart Samba
sudo service smbd restart

# Verify Samba Status
systemctl status smbd

Connect to Samba Share from a Client
#

Test the Samba share from a Linux server:

# Install Samba client
sudo apt install smbclient -y

# Connect to Samba share
smbclient //192.168.30.90/k8s-share -U k8s-samba

# Create a new directory
mkdir testfolder

# Exit the session
exit

Verify the folder in the Samba share:

# Verify the new folder on the Samba server
sudo ls -la /srv/samba/k8s-share

# Shell output:
total 12
drwxrws--- 3 root      sambashare 4096 Nov  1 10:27 .
drwxr-xr-x 3 root      root       4096 Nov  1 10:02 ..
drwxr-sr-x 2 k8s-samba sambashare 4096 Nov  1 10:27 testfolde



CSI Samba Installation
#

Install CSI Samba
#

Add Samba CSI Helm Chart
# 

# Add the Samba CSI Helm chart
helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
helm repo update

Install the Samba CSI Driver
# 

# Install the Samba CSI driver
helm install csi-driver-smb csi-driver-smb/csi-driver-smb --namespace kube-system

# Shell output:
NAME: csi-driver-smb
LAST DEPLOYED: Fri Nov  1 10:40:02 2024
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The CSI SMB Driver is getting deployed to your cluster.

To check CSI SMB Driver pods status, please run:

  kubectl --namespace=kube-system get pods --selector="app.kubernetes.io/name=csi-driver-smb" --watch

Verify Samba CSI Driver Deployment
# 

# List Samba CSI pods
kubectl --namespace=kube-system get pods --selector="app.kubernetes.io/name=csi-driver-smb"

# Shell output:
NAME                                  READY   STATUS    RESTARTS   AGE
csi-smb-controller-5944596fc9-lggnt   3/3     Running   0          56s
csi-smb-node-bz4vv                    3/3     Running   0          56s
csi-smb-node-rkz55                    3/3     Running   0          56s
csi-smb-node-wr4hf                    3/3     Running   0          56s

Create Kubernetes Secret for Samba Credentials
#

Base64 Encode the Samba Credentials
# 

# Encode the Samba user
echo -n 'k8s-samba' | base64

# Shell output:
azhzLXNhbWJh

# Encode the Samba password
echo -n 'my-secure-pw' | base64

# Shell output:
bXktc2VjdXJlLXB3

Create Kubernetes Secret
# 

# Create a manifest for the secret:
vi smb-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: smb-secret
  namespace: default
type: Opaque
data:
  username: azhzLXNhbWJh
  password: bXktc2VjdXJlLXB3

# Create the secret
kubectl apply -f smb-secret.yaml

Verify the Secret
# 

# List secrets
kubectl get secret

# Shell output:
NAME         TYPE     DATA   AGE
smb-secret   Opaque   2      61s

StorageClass
#

Define a StorageClass for Samba CSI
# 

# Create a manifest for the StorageClass
vi smb-storageclass.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: smb-csi
provisioner: smb.csi.k8s.io
parameters:
  source: "//192.168.30.90/k8s-share"  # Define Samba share
  csi.storage.k8s.io/node-stage-secret-name: "smb-secret" # Define Samba credential secret
  csi.storage.k8s.io/node-stage-secret-namespace: "default" # Define Samba credential secret namespace
mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - vers=3.0  # Define Samba version
reclaimPolicy: Delete

# Create the StorageClass
kubectl apply -f smb-storageclass.yaml

Verify the StorageClass
# 

# List StorageClasses
kubectl get sc

# Shell output:
NAME      PROVISIONER      RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
smb-csi   smb.csi.k8s.io   Delete          Immediate           false                  18s



Test the Samba CSI
#

Example PVC
#

Create Example PVC
#

This PersistentVolumeClaim (PVC) will use the parent folder of the Samba share.

# Create a manifest for the PVC
vi smb-pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: smb-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: smb-csi
  resources:
    requests:
      storage: 1Gi

kubectl apply -f smb-pvc.yaml

Verify the PVC & PV
# 

# List PVCs
kubectl get pvc

# Shell output:
NAME      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
smb-pvc   Bound    pvc-b09582ba-c259-4067-9846-122ff37ac915   1Gi        RWX            smb-csi        40s

# List PVs
kubectl get pv

# Shell output:
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS   REASON   AGE
pvc-b09582ba-c259-4067-9846-122ff37ac915   1Gi        RWX            Delete           Bound    default/smb-pvc   smb-csi                 50s

Example Pod
#

The following pod will create a “hello.txt” file on the Samba share:

# Create a manifest for the example pod
vi smb-test-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: smb-test-pod
spec:
  containers:
  - name: app
    image: busybox
    command: [ "sh", "-c", "echo 'Hello from Kubernetes PVC' > /mnt/smb/hello.txt; sleep 3600" ]
    volumeMounts:
    - mountPath: "/mnt/smb"
      name: smb-volume
  volumes:
  - name: smb-volume
    persistentVolumeClaim:
      claimName: smb-pvc

# Deploy the example pod
kubectl apply -f smb-test-pod.yaml

Verify the Example File
# 

# List files on the Samba share:
sudo ls -la /srv/samba/k8s-share

# Shell output:
total 16
drwxrws--- 3 root      sambashare 4096 Nov  1 11:02 .
drwxr-xr-x 3 root      root       4096 Nov  1 10:02 ..
-rwxr--r-- 1 k8s-samba sambashare   26 Nov  1 11:02 hello.txt
drwxr-sr-x 2 k8s-samba sambashare 4096 Nov  1 10:27 testfolder

# Cat the hello.txt file
sudo cat /srv/samba/k8s-share/hello.txt

# Shell output:
Hello from Kubernetes PVC



Delete Resources
# 

# Delete the example pod
kubectl delete pod smb-test-pod

# Delete PVC
kubectl delete pvc smb-pvc

# Verify the PV is deleted
kubectl get pv

# Shell output:
No resources found



Links # 

# Official Documentation
https://github.com/kubernetes-csi/csi-driver-smb/tree/master/charts
Kubernetes-Components - This article is part of a series.
Part 1: Rancher Kubernetes Management Platform: Cert Manager Helm Deployment, Rancher Helm Deployment with Rancher CA certificate, Export Root CA Certificate, Ingress Resource, Access Rancher with TLS Encryption
Part 2: Velero Open-Source Kubernetes Backups: Velero Helm Deployment, Backup and Restore a Kubernetes Namespace from an AWS S3 Bucket
Part 3: Kubernetes Deployment Components: Pods - Multi Container Pod Example, Container Networking Within a Pod; Replication Controller; Services - ClusterIP, NodePort & LoadBalancer Services, Services for Pods, Replication Controllers, External Resources & Deployments
Part 4: Kubernetes Resource Management: Define Resource Requests and Limits; Deploy Kubernetes Metrics Server, Verify Resource Usage with kubectl top
Part 5: Kubernetes Security: Immutable Deployment - Deploy Container with ReadOnly-Filesystem and Writable-Volume
Part 6: Kubernetes Security: Pod Security Admission (PSA) - Overview, Enforce Pod Security Standard at a Namespace; Example Nginx Pod SecurityContext for Restricted PSS
Part 7: Kubernetes Volumes: Nginx Pod and Deployment Examples with NFS Volume, Pod and Deployment Examples with EmptyDir Volume, Deployment Example with PersistentVolume, External Storage Provider with NFS
Part 8: Kubernetes Secrets: Opaque Secret Configuration, Pod Examples with Environment Variable Secrets and Volume Secrets; SSH Authentication Secret with Pod Example
Part 9: Kubernetes Horizontal Pod Autoscaling: Install Kubernetes Metrics Server, Example Deployment with Horizontal Pod Autoscaler (HPA)
Part 10: Kubernetes DNS: CoreDNS custom Hosts entry (K3s & K8s Version), Deployment with custom Hosts entry; Backup and Restore the CoreDNS ConfigMap; DNS Troubleshooting
Part 11: Kubernetes Liveness & Readiness Probes: TCP Readiness Probes (Single Pod and Multi Pod Dependency), TCP Liveness Probe
Part 12: Kubernetes Network Policies: Ingress and Egress Policy Examples
Part 13: Kubernetes Role Based Access Control (RBAC): RBAC Overview, Create Service Account, Example Role and RoleBinding
Part 14: Kubernetes Kubeconfig: Create example Kubeconfig with new (RBAC) Service Account and ClusterRole / ClusterRole Binding
Part 15: Kubernetes Container Storage Interface (CSI): NFS CSI Driver Example, Dynamically create PersistentVolumes using a CSI StorageClass and PVC
Part 16: Kubernetes Container Storage Interface (CSI): Ceph CSI Driver Example, Dynamically provision RBD Images in a Ceph Storage Pool
Part 17: Kubernetes Container Storage Interface (CSI): Longhorn Distributed Block Storage System - Deploy Longhorn via Helm Chart, Define Custom Storage Mountpoints; StorageClass & PVC Example
Part 18: This Article
Part 19: Kubernetes Etcd Snapshot: Etcd Snapshot and Restore with Etcdctl, Verify Etcd Member Health; Etcdctl Commands
Part 20: Kubernetes Helm Charts: Create a Custom Helm Chart
Part 21: Kubernetes Kustomize: Kustomize Configuration Management Example
Part 22: Kubernetes ReplicaSets & DaemonSets: Overview, Example ReplicaSets and DaemonSets with and without NodeSelector & Node Labeling
Part 23: Kubernetes Jobs: Jobs Overview, Basic Non-parallel & Parallel Job Examples; CronJob & RBAC Example that Restarts a Deployment
Part 24: Kubernetes Commands: Cluster Nodes, Namespaces, LimitRange Resource Limits, Pods, Deployments, Replication Controllers, Services, HPA, Secrets, Cronjobs, Helm, Logs, K9s TUI