Dockerized iSCSI Target (Ubuntu 24.04)

This project provides an ephemeral iSCSI target server based on Ubuntu 24.04, running tgt. It exposes two LUNs (ID 1 and 2), each backed by a 10MB sparse file. Data is not persistent and is recreated on every container restart.

Prerequisites

• Docker or Podman
• docker compose or podman-compose
• open-iscsi (for the client/initiator)

Quick Start

1. Build and Start

Docker:

docker compose up -d --build

Podman:

podman compose up -d --build

2. Connect to the Target (Client Side)

The default configuration uses CHAP authentication.

Discovery

Discover the target portals:

sudo iscsiadm -m discovery -t sendtargets -p localhost

Login (Localhost)

If connecting from the same host, you may need to manually force the IP to 127.0.0.1 and configure CHAP credentials before logging in.

1. Delete auto-discovered record (often points to internal container IP):

   sudo iscsiadm -m node -o delete -T iqn.2024-04.com.example:target1

2. Create localhost record:

   sudo iscsiadm -m node -o new -T iqn.2024-04.com.example:target1 -p 127.0.0.1:3260

3. Configure CHAP Credentials: (Default credentials in iscsi.env: user=iscsi, password=iscsi)

   sudo iscsiadm -m node -T iqn.2024-04.com.example:target1 -o update --name node.session.auth.authmethod --value=CHAP
   sudo iscsiadm -m node -T iqn.2024-04.com.example:target1 -o update --name node.session.auth.username --value=iscsi
   sudo iscsiadm -m node -T iqn.2024-04.com.example:target1 -o update --name node.session.auth.password --value=iscsi

4. Login:

   sudo iscsiadm -m node -l

3. Verify LUNs

Check for new block devices:

lsblk
# You should see two 10MB disks (e.g., sdb, sdc)

Configuration

Settings are in iscsi.env:

• TARGET_IQN: Target IQN.
• INITIATOR_IQN: Allowed Initiator IQN (ACL). Comment out to allow ALL.
• INCOMING_USER / INCOMING_PASSWORD: CHAP credentials.
• LUN_IDS: List of LUN IDs to create (default: 1,2).

Accessing via Kubernetes (Kind)

Manifets are provided in the k8s/ directory.

1. Build image:

   docker build -t iscsi-target:latest .

2. Load image into Kind:

   kind load docker-image iscsi-target:latest

3. Deploy:

   kubectl apply -f k8s/configmap.yaml
   kubectl apply -f k8s/deployment.yaml

4. Access:

   From another Pod (In-Cluster)

   You can simply use the service DNS name iscsi-service. Discovery will return the Target Pod's internal IP, which is reachable from other pods.

   # From a client pod
   iscsiadm -m discovery -t sendtargets -p iscsi-service
   iscsiadm -m node -l

   (No manual node record creation is needed inside the cluster).

   From Host (via Port Forward)

   Since the target reports its internal Pod IP (unreachable from host), you must manually override the address.

   1. Start port forward:

      kubectl port-forward svc/iscsi-service 3260:3260

   2. Perform discovery (to localhost):

      sudo iscsiadm -m discovery -t sendtargets -p localhost

   3. Follow the "Login (Localhost)" steps above (delete auto-discovered record, create manual 127.0.0.1 record).