Skip to content

Latest commit

 

History

History
120 lines (100 loc) · 9.49 KB

README.md

File metadata and controls

120 lines (100 loc) · 9.49 KB

helm-samba4

Helm Chart and Dockerfile for Samba4 based on alpine:latest.

This Chart is fully-featured and enables some neat features :

  • Shares persistentVolumes, hostPaths, flexVolumes and arbritrary volumes that might not even have k8s drivers yet via samba/cifs
  • Creates users based on values provided or doesn't
  • Works with it's own automated build docker image or with the #1 hit for samba on dockerhub (even though that has no autobuild, has only ever been built once and only has a :latest tag. You've been warned!)

Users

The chart will provision you smb users automatically based on the samba.users values. This is the recommended way of dealing with users using this chart. example values.yaml settings for the samba.users block :

samba:
  users:
  - username: myuser
    password: hunter2
  - username: myotheruser
    password: CorrectBatteryHorseStaple

Setting these values via a secrets management system is recommended.

Storage

Most of this chart's cleverness is around the volume selection. If you set persistence.enabled to true, it then looks at the value of persistence.type and acts accordingly. The data volume is mounted in the container under /data.

persistence.type Description Behaviour
pvc Use an existing or new PVC for data If persistence.pvc.existingClaim is set, then the chart uses that. If not, it creates a PVC based on persistence.pvc.size (default 8Gi), persistence.pvc.accessMode (default ReadWriteOnce), and persistence.pvc.storageClass (default blank, default class for your cluster)
hostPath Use a hostPath type mount Suitable for single-machine clusters or setups that have a host-based shared filesystem (e.g. nfs). Looks at persistence.pvc.hostPath to create the mount. NOTE: using this you must also set privatePersistence up with a different path or different class of persistence or your smb passwords will be accessible via smb!
flexVolume Use a flexVolume driver to provide persistence If you are using an out-of-tree persistent data plugin, you will want this. It will set a flexVolume mount using what yaml you provide in persistence.flexVolume directly
other Use something unexpected As with the flexVolume option, this simply allows you to put raw yaml in persistence.other and it will be used directly. This obviously is very powerful but can leave you with very broken deployment objects.

privatePersistence

This image optionally uses a second mount for samba's "private" storage (/var/lib/samba and /etc/passwd) so users can be persisted between pod restarts. If you wish to manage your users manually and allow them to change their own passwords for instance you may set privatePersistence.enabled to true

If you don't specify any other privatePersistence options, the chart does it's best to do something appropriate. If you want to set options, it's exactly the same as the above persistent storage.

These are the rules it uses -

  • if you use hostPath for your main storage, the privatePersistence is mounted as .smbprivate/ underneath it.
  • if you use persistence.type.pvc without setting privatepersistence.pvc.size, it uses a default of 20Mi for private data
  • if you use persistence.pvc.existingClaim and not privatePersistence.pvc.existingClaim, the chart will attempt to use defaults for the pvc that it creates.
  • if you use flexVolume or other for the persistence type and don't set a privatePersistence block of the same type, the chart will simply fail

smb.conf

The container's smb.conf is loaded in via a configmap and is templated for some basic settings (single share).

Much like the samba.users config above, you can create samba.global.extraLines and samba.share.extraLines and add extra entries for the lines you wish to add. For example your values.yaml may contain something like this (don't use that setting btw unless you know exactly what you're doing!):

samba:
  global:
    workgroup: HOMEGROUP
    extraLines:
    - key: fake oplocks
      value: yes
    - key: fstype
      value: Samba 
  share:
    nameOverride: bigdisk
    extraLines:
    - key: force user
      value: martyn
    - key: valid users
      value: martyn

Other configuration

Parameter Description Default
affinity Affinity block for Node Affinity {}
fullnameOverride Full name override for helm chart ""
image.lacksK8sScript Image is a plain alpine image with only samba starting in foreground mode, we need a script adding false
image.pullPolicy Standard kubernetes option "IfNotPresent"
image.repository Which image to pull. Recommend you don't change this, but e.g. stanback/alpine-samba also works "imartyn/samba4k8s"
image.tag Which tag of the above image to use "stable"
livenessProbe.enabled Check for samba liveness using smbclient true
nameOverride Full name override for helm chart ""
nodeSelector nodeSelector block for Node Affinity {}
persistence.enabled Persist /data/ across pod restarts false
persistence.type Must be set to one of pvc,hostPath,flexVolume or other if persistence.enabled is true "emptyDir"
persistence.pvc.existingClaim Share an existing PVC via samba Create a new pvc (dependant on persistence.enabled)
persistence.pvc.accessMode If persistence.pvc.existingClaim is NOT set and persistence.enabled is AND persistence.type is "pvc", chart creates a PVC with this accessMode "readWriteOnce"
persistence.pvc.size If persistence.pvc.existingClaim is NOT set and persistence.enabled is AND persistence.type is "pvc", chart creates a PVC with this size "8Gi"
persistence.pvc.storageClass If persistence.pvc.existingClaim is NOT set and persistence.enabled is AND persistence.type is "pvc", chart creates a PVC with this storageClass "-"
persistence.other If persistence.type is "other", deployment references a Volume with this block of yaml {}
persistence.flexVolume If persistence.type is "other", deployment references a Volume of type flexVolume with this block of yaml {}
privatePersistence.* see storage description in readme. {}
privatePersistence.pvc.size see storage description in readme. "20Mi"
replicaCount Number of pods that the Deployment should launch. NOTE: locking may be an issue if you have more than one, and you must use a storage that works from more than one pod. 1
resources resources block for pod resources as described in the Kubernetes documentation {}
samba.global.workgroup Set the "WORKGROUP" that the samba server appears in. Note that these images don't run nmbd so it's mostly irellevant. "WORKGROUP"
samba.global.server_string The string that samba announces itself as "%h server (Samba, Alpine)"
samba.global.security This maps to the samba [global] section's security flag "user"
samba.global.map_to_guest This maps to the samba [global] section's map_to_guest flag "Bad User"
samba.global.encrypt_passwords This maps to the samba [global] section's encrypt_passwords flag "yes"
samba.global.server_role This maps to the samba [global] section's server_role flag "standalone"
samba.global.smb_ports This maps to the samba [global] section's smb_ports flag "445
samba.global.log_level This maps to the samba [global] section's log_level flag "3"
samba.global.extraLines Extra lines to add to the [global] section in an array of key: some_param, value:some_value form that becomes some_param = some_value blank
samba.share.nameOverride Set the share name that is the exposed storage "data"
samba.share.comment Set the comment that is listed alongside the share "ZFS"
samba.share.browseable Does the share become visible when you visit the server with an smb client "yes"
samba.share.writable Is the share writeable by default (i.e. not readonly) "yes"
samba.share.extraLines Extra lines to add to the [<<share>>] section in an array of key: some_param, value:some_value form that becomes some_param = some_value blank
samba.users Array of username: and password: items that are created on startup. Stored in a kubernetes secret. See "Users" section of the readme.md []
service.port Service port that is advertised to the cluster 445
service.type Service type to expose to the cluster (or the world if you are that foolish) "ClusterIP"
tolerations tolerations block for Node Affinity []

Why?

Because why not? The use cases are actually multiple:

  • Home/LAB setup with windows clients
  • Kubernetes actually allows you to use volumes of type cifs, this might be a useful way of sharing a PVC in an environment where you have no ReadWriteMany cloudprovider
  • A lot of backup applications have SMB as a target, having SMB storage in your cluster so you only ever have to back up your PVCs is quite nice.