kubernetes-volume-drivers | Kubernetes volume drivers for Azure | Azure library
kandi X-RAY | kubernetes-volume-drivers Summary
kandi X-RAY | kubernetes-volume-drivers Summary
This repository lists all Kubernetes volume drivers on Azure:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of kubernetes-volume-drivers
kubernetes-volume-drivers Key Features
kubernetes-volume-drivers Examples and Code Snippets
Community Discussions
Trending Discussions on kubernetes-volume-drivers
QUESTION
Many of my workflows use pod iam roles. As documented here, I must include fsGroup in order for non-root containers to read the generated identity token. The problem with this is when I additionally include pvc’s that point to cifs pv’s, the volumes fail to mount because they time out. Seemingly this is because Kubelet tries to chown all of the files on the volume, which takes too much time and causes the timeout. Questions…
- Why doesnt Kubernetes try to chown all of the files when hostPath is used instead of a pvc? All of the workflows were fine until I made the switch to use pvcs from hostPath, and now the timeout issue happens.
- Why does this problem happen on cifs pvcs but not nfs pvcs? I have noticed that nfs pvcs continue to mount just fine and the fsGroup seemingly doesn’t take effect as I don’t see the group id change on any of the files. However, the cifs pvcs can no longer be mounted seemingly due to the timeout issue. If it matters, I am using the native nfs pv lego and this cifs flexVolume plugin that has worked great up until now.
Overall, the goal of this post is to better understand how Kubernetes determines when to chown all of the files on a volume when fsGroup is included in order to make a good design decision going forward. Thanks for any help you can provide!
Kubernetes Chowning Files References
https://docs.microsoft.com/en-us/azure/aks/troubleshooting
Since gid and uid are mounted as root or 0 by default. If gid or uid are set as non-root, for example 1000, Kubernetes will use chown to change all directories and files under that disk. This operation can be time consuming and may make mounting the disk very slow.
...By default, Kubernetes recursively changes ownership and permissions for the contents of each volume to match the fsGroup specified in a Pod's securityContext when that volume is mounted. For large volumes, checking and changing ownership and permissions can take a lot of time, slowing Pod startup.
ANSWER
Answered 2020-Oct-29 at 20:17I posted this question on the Kubernetes Repo a while ago and it was recently answered in the comments.
The gist is fsgroup support is implemented and decided on per plugin. They ignore it for nfs
, which is why I have never seen Kubelet chown files on nfs pvcs. For FlexVolume plugins, a plugin can opt-out of fsGroup based permission changes by returning FSGroup false
. So, that is why Kubelet was trying to chown the cifs pvcs -- the FlexVolume plugin I am using does not return fsGroup false
.
So, in the end you don't need to worry about this for nfs
, and if you are using a FlexVolume plugin for a shared file system, you should make sure it returns fsGroup false
if you don't want Kubelet to chown all of the files.
QUESTION
The following problem occurs on a Kubernetes cluster with 1 master and 3 nodes and also on a single-machine Kubernetes.
I set up the Kubernetes with flexvolume smb support (https://github.com/Azure/kubernetes-volume-drivers/tree/master/flexvolume/smb). When I apply a new pod with flexvolume the Node mounts the smb share as expected. But the Pod points his share to some docker directory on the Node.
My installation:
- latest CentOS 7
- latest Kubernetes v1.14.0
(https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) - disabled SELinux and disabled firewall
- Docker 1.13.1
- jq and cifs-utils
- https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/smb/deployment/smb-flexvol-installer/smb installed to /usr/libexec/kubernetes/kubelet-plugins/volume/exec/microsoft.com~smb and executable
smb-secret.yaml
...ANSWER
Answered 2019-Apr-15 at 09:19I upgraded Docker to the latest validated Version 18.06 and everything works well now.
To install it follow the instructions on Get Docker CE for CentOS.
QUESTION
I am trying to enable a FlexVolume driver on Microk8s on Ubuntu.
To do that, it seems I have to edit the kubelet.service file. This is supposed to be stored in /etc/systemd/system/kubelet.service but it is't present in my installation.
Where is it stored for Microk8s? Surely it has kubelet running somewhere?
...ANSWER
Answered 2019-Jan-12 at 10:53The microk8s kubelet
service is present at the following location:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install kubernetes-volume-drivers
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page