-
Notifications
You must be signed in to change notification settings - Fork 125
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding support for sec=krb5 mounting
When mounting with kerberos security, ticket cache is expected to be set up on the host, pointing to the /var/lib/kubelet/kubernetes/krb5cc_${uid}. Credential cache is then taken from the creds secret and written to the file, that is available to the host for using.
- Loading branch information
Oleksandr Ierenkov
authored and
Oleksandr Ierenkov
committed
May 3, 2023
1 parent
91c55ab
commit 56f6742
Showing
5 changed files
with
327 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
annotations: | ||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io | ||
name: pv-smb-krb5 | ||
spec: | ||
capacity: | ||
storage: 100Gi | ||
accessModes: | ||
- ReadWriteMany | ||
persistentVolumeReclaimPolicy: Retain | ||
storageClassName: smb | ||
mountOptions: | ||
- sec=krb5 | ||
- cruid=1000 | ||
- seal | ||
- vers=3.0 | ||
- nosuid | ||
- noexec | ||
- dir_mode=0777 | ||
- file_mode=0777 | ||
- uid=1001 | ||
- gid=1001 | ||
- noperm | ||
- mfsymlinks | ||
- cache=strict | ||
- noserverino # required to prevent data corruption | ||
csi: | ||
driver: smb.csi.k8s.io | ||
readOnly: false | ||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name} | ||
# make sure this value is unique for every share in the cluster | ||
volumeHandle: smb-server.default.svc.cluster.local/share## | ||
volumeAttributes: | ||
source: "//smb-server.default.svc.cluster.local/share" | ||
nodeStageSecretRef: | ||
name: smbcreds-krb5 | ||
namespace: default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters