An operator for Samba as a service on PVCs in kubernetes.
This project implements the samba-operator. It it responsible for the
SmbCommonConfig custom resources:
SmbSharedescribes an SMB Share that will be used to share data with clients.
SmbSecurityConfigdescribes domain and/or user based security properties for one or more shares
SmbCommonConfigdescribes general configuration properties for smb shares
Trying it out (Quick Start)
You need to have a kubernetes cluster running. For example, minikube is sufficient.
If you wish to use Active Directory domain based security you need one or more domain controllers that are visible to Pods within the Kubernetes cluster.
If you wish to access shares from outside the Kubernetes cluster your cluster
must support Services with type
Start the operator
In order to install the CRDs, other resources, and start the operator, invoke:
To use your own image, use:
make deploy IMG=<my-registry/and/image:tag>
To delete the operator and CRDs from the cluster, run:
Alternatively, if you do not wish to use make tools to deploy the operator, you can also use the kubectl command in the following manner.
kubectl apply -k config/default
To remove the operator and all related resources, use:
kubectl delete -k config/default
Creating new Shares
Use a PVC you define
A share can be created that uses pre-existing PVCs, ones that are not directly managed by the operator.
Assuming you have a PVC named
mypvc, you can create a new SmbShare using
the example YAML below:
apiVersion: samba-operator.samba.org/v1alpha1 kind: SmbShare metadata: name: smbshare1 spec: storage: pvc: name: "mypvc" readOnly: false
Use a PVC embedded in the SmbShare
A share can be created that embeds a PVC definition. In this case the operator will automatically manage the PVC along with the share. This example assumes you have a default storage class enabled.
apiVersion: samba-operator.samba.org/v1alpha1 kind: SmbShare metadata: name: smbshare2 spec: storage: pvc: spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi readOnly: false
Testing it with a Local Connection
Assuming a local Linux-based environment you can test out a connection to the
container by forwarding the SMB port and using a local install of
to access the share:
$ kubectl get pods NAME READY STATUS RESTARTS AGE my-smbservice-7f779ddc8c-nb6k6 1/1 Running 0 62m samba-operator-5758b4dbbf-gk9pk 1/1 Running 0 70m $ kubectl port-forward pod/my-smbservice-7f779ddc8c-nb6k6 4455:445 Forwarding from 127.0.0.1:4455 -> 445 Forwarding from [::1]:4455 -> 445 Handling connection for 4455
$ smbclient -p 4455 -U sambauser //localhost/share Enter SAMBA\sambauser's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Fri Aug 28 14:43:26 2020 .. D 0 Fri Aug 28 14:32:53 2020 x A 359386 Fri Aug 28 14:35:18 2020 gefcanilant A 5141264 Fri Aug 28 14:43:26 2020 4184064 blocks of size 1024. 4141292 blocks available smb: \>
Above we forward the normal SMB port to an unprivileged local port, assuming you'll be running this as a normal user.
For additional details on how to set up shares that can authenticate via Active Directory, or use a load balancer, etc please refer to the Samba Operator Documentation.
Containers on quay.io
The container from this codebase is published on quay.io too.