Repository: https://github.com/sharedvolume/shared-volume-controller
Releases: https://github.com/sharedvolume/shared-volume-controller/releases
A Kubernetes operator that manages shared volumes with NFS server integration, enabling seamless data sharing across pods and namespaces with automatic data synchronization from various sources.
- SharedVolume: Namespace-scoped shared volumes for data sharing within a namespace
- ClusterSharedVolume: Cluster-scoped shared volumes for cross-namespace data sharing
- NFS Integration: Automatic NFS server provisioning and management via NFS Server Controller
- Multi-Source Sync: Support for syncing data from SSH, Git, HTTP, and S3 sources
- Admission Webhooks: Built-in validation and mutation webhooks for resource management
- Pod Injection: Automatic volume mounting in pods through admission webhooks
- Real-time Sync: Configurable sync intervals for keeping data up-to-date
- Storage Flexibility: Support for various storage classes and access modes
- Kubernetes cluster (v1.19+)
- kubectl configured to access your cluster
- Cluster admin permissions
- NFS Server Controller (installed automatically)
-
Install the CRDs and operator:
kubectl apply -f https://github.com/sharedvolume/shared-volume-controller/releases/latest/download/install.yaml
-
Verify the installation:
kubectl get deployment -n shared-volume-controller-system kubectl get crd sharedvolumes.sv.sharedvolume.io clustersharedvolumes.sv.sharedvolume.io
apiVersion: sv.sharedvolume.io/v1alpha1
kind: SharedVolume
metadata:
name: my-shared-volume
namespace: default
spec:
mountPath: "/shared"
storage:
capacity: "10Gi"
accessMode: "ReadWrite"
storageClassName: "standard"apiVersion: sv.sharedvolume.io/v1alpha1
kind: SharedVolume
metadata:
name: git-shared-volume
namespace: default
spec:
mountPath: "/git-data"
storage:
capacity: "5Gi"
storageClassName: "fast-ssd"
source:
git:
url: "https://github.com/example/data-repo.git"
branch: "main"
syncInterval: "5m"Apply the configuration:
kubectl apply -f shared-volume.yamlapiVersion: v1
kind: Pod
metadata:
name: app-pod
namespace: default
annotations:
sv.sharedvolume.io/mount: "my-shared-volume:/app/shared"
spec:
containers:
- name: app
image: nginx
# Volume will be automatically mounted at /app/sharedapiVersion: v1
kind: Pod
metadata:
name: manual-pod
namespace: default
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: shared-data
mountPath: /data
volumes:
- name: shared-data
nfs:
server: my-shared-volume-nfs.default.svc.cluster.local
path: /shared| Field | Type | Description | Required |
|---|---|---|---|
mountPath |
string | Mount path inside the NFS server | Yes |
storage.capacity |
string | Storage capacity (e.g., "10Gi") | Yes |
storage.accessMode |
string | Access mode (ReadWrite/ReadOnly) | No |
storageClassName |
string | StorageClass name for dynamic provisioning | No |
source |
object | Data source configuration (Git, SSH, HTTP, S3) | No |
syncInterval |
string | Sync interval (e.g., "5m", "1h") | No |
syncTimeout |
string | Sync operation timeout (e.g., "120s") | No |
nfsServer |
object | Custom NFS server configuration | No |
Similar to SharedVolume but cluster-scoped, allowing cross-namespace access.
source:
git:
url: "https://github.com/example/repo.git"
branch: "main"
user: "username"
passwordFromSecret:
name: "git-credentials"
key: "password"source:
ssh:
host: "server.example.com"
port: 22
user: "ubuntu"
path: "/remote/data"
privateKeyFromSecret:
name: "ssh-key"
key: "private-key"source:
s3:
endpointUrl: "https://s3.amazonaws.com"
bucketName: "my-bucket"
path: "data/"
region: "us-west-2"
accessKeyFromSecret:
name: "s3-credentials"
key: "access-key"
secretKeyFromSecret:
name: "s3-credentials"
key: "secret-key"source:
http:
url: "https://example.com/data.zip"apiVersion: sv.sharedvolume.io/v1alpha1
kind: ClusterSharedVolume
metadata:
name: shared-configs
spec:
mountPath: "/configs"
storage:
capacity: "2Gi"
storageClassName: "standard"
source:
git:
url: "https://github.com/company/k8s-configs.git"
branch: "production"
syncInterval: "10m"# In namespace "app1"
apiVersion: v1
kind: Pod
metadata:
name: app1-pod
namespace: app1
annotations:
sv.sharedvolume.io/mount: "shared-configs:/etc/configs"
spec:
containers:
- name: app
image: myapp:v1
---
# In namespace "app2"
apiVersion: v1
kind: Pod
metadata:
name: app2-pod
namespace: app2
annotations:
sv.sharedvolume.io/mount: "shared-configs:/etc/configs"
spec:
containers:
- name: app
image: myapp:v2- Go 1.24+
- Docker
- kubectl
- Kind (for local testing)
-
Clone the repository:
git clone https://github.com/sharedvolume/shared-volume-controller.git cd shared-volume-controller -
Build the manager:
make build
-
Run tests:
make test -
Build Docker image:
make docker-build IMG=shared-volume-controller:dev
-
Install CRDs:
make install
-
Run the controller locally:
make run
-
Deploy to cluster:
make deploy IMG=shared-volume-controller:dev
We welcome contributions! Please see our Contributing Guidelines for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
The Shared Volume Controller consists of:
- SharedVolume Controller: Manages namespace-scoped shared volumes and their lifecycle
- ClusterSharedVolume Controller: Manages cluster-scoped shared volumes for cross-namespace access
- Pod Cleanup Controller: Handles cleanup of resources when pods are deleted
- Admission Webhooks: Validates and mutates SharedVolume/ClusterSharedVolume resources and pods
- Volume Syncer Integration: Integrates with the Volume Syncer for data synchronization
- NFS Server Integration: Works with NFS Server Controller for storage provisioning
- Creation: User creates SharedVolume/ClusterSharedVolume
- Validation: Admission webhooks validate the resource
- NFS Provisioning: Controller creates NFS server via NFS Server Controller
- Storage Setup: PVC and storage resources are created
- Data Sync: If source is specified, volume syncer begins syncing data
- Ready State: Volume becomes available for pod mounting
- Pod Injection: Admission webhooks automatically mount volumes in annotated pods
Check resource status:
# List SharedVolumes
kubectl get sharedvolumes
kubectl get sv # shortname
# List ClusterSharedVolumes
kubectl get clustersharedvolumes
kubectl get csv # shortname
# Detailed status
kubectl describe sharedvolume my-shared-volumeExample output:
NAME PHASE NFS ADDRESS
my-shared-volume Ready my-shared-volume-nfs.default.svc.cluster.local
git-shared-volume Ready git-shared-volume-nfs.default.svc.cluster.local
-
SharedVolume stuck in Pending phase:
- Check NFS Server Controller is installed and running
- Verify storage class exists:
kubectl get storageclass - Check controller logs for detailed errors
-
Data synchronization failures:
- Verify source credentials are correct and accessible
- Check network policies allow outbound connections
- Review volume syncer logs:
kubectl logs -l app=volume-syncer
-
Pod mounting issues:
- Ensure pods have proper annotations for automatic mounting
- Verify SharedVolume is in Ready phase
- Check NFS client utilities in pod images
-
Webhook admission failures:
- Ensure webhook certificates are valid and not expired
- Check webhook service is running and accessible
- Verify RBAC permissions for webhook operations
# Controller logs
kubectl logs -n shared-volume-controller-system deployment/shared-volume-controller-controller-manager
# Webhook logs
kubectl logs -n shared-volume-controller-system deployment/shared-volume-controller-controller-manager
# NFS server logs
kubectl logs -l app=nfs-server -A# Check resource events
kubectl describe sharedvolume my-shared-volume
# List related resources
kubectl get nfsservers,pvc,services -l sharedvolume.io/managed-by=shared-volume-controller
# Check webhook configuration
kubectl get validatingwebhookconfiguration,mutatingwebhookconfiguration- SharedVolumes are namespace-scoped and respect RBAC permissions
- ClusterSharedVolumes require cluster-level permissions to create
- Sensitive source credentials should be stored in Kubernetes secrets
- NFS traffic is unencrypted by default - consider network policies for security
- Volume syncer pods may require elevated permissions for certain source types
- Regularly rotate credentials and update source configurations
- Adjust
syncIntervalbased on data change frequency - Use appropriate
syncTimeoutfor large data transfers - Choose optimal storage classes for your workload requirements
- Consider resource limits for volume syncer pods
- Monitor NFS server performance and scale replicas if needed
This project is licensed under the MIT License - see the LICENSE file for details.
- Issues: Report bugs and feature requests on GitHub Issues
- Discussions: Join community discussions on GitHub Discussions
- Documentation: Detailed docs in the docs/ directory
- Security: Report security vulnerabilities privately to security@sharedvolume.io
- NFS Server Controller - Manages NFS servers in Kubernetes
- Volume Syncer - Handles data synchronization from various sources
- NFS Server Image - Container image for NFS servers
Built with Kubebuilder and inspired by the Kubernetes community's best practices for operators and volume management.
