flexarr is a Kubernetes FlexVolume driver designed for heterogeneous homelab environments. It mounts a share over CIFS from a NAS device, but if the pod is running on the NAS device itself, it uses a local direct mount instead.
- Kubernetes cluster
jq
,cifs-utils
, andutil-linux
packages installed on all nodes
-
Install the required packages on all nodes. On Debian:
sudo apt update && sudo apt install -y jq cifs-utils util-linux
-
Copy the
flexarr
script to your FlexVolume directory:sudo mkdir -p /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ninefives.online~flexarr/ sudo cp flexarr /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ninefives.online~flexarr/ sudo chmod +x /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ninefives.online~flexarr/flexarr
-
Apply the DaemonSet configuration:
kubectl apply -k .
-
Verify the DaemonSet is running:
kubectl get pods -n kube-system -l name=flexarr-installer -o wide
-
Create a secret for CIFS credentials:
apiVersion: v1 kind: Secret metadata: name: flexarr-cifs-secret type: ninefives.online/flexarr stringData: username: your-username password: your-password
-
Create a PersistentVolume (PV):
apiVersion: v1 kind: PersistentVolume metadata: name: flexarr-pv spec: capacity: storage: 1Gi accessModes: - ReadWriteMany flexVolume: driver: "ninefives.online/flexarr" fsType: "cifs" # required secretRef: name: flexarr-cifs-secret options: nasHostname: "nas.example.com" nasLocalPath: "/local/path" nasNetworkPath: "//nas.example.com/share"
Note: Currently, only 'cifs' is supported as the fsType. Future versions may support additional network filesystems.
-
Create a PersistentVolumeClaim (PVC):
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: flexarr-pvc spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi volumeName: flexarr-pv
-
Use the PVC in your Pod:
apiVersion: v1 kind: Pod metadata: name: flexarr-test spec: containers: - name: test-container image: busybox volumeMounts: - name: flexarr-storage mountPath: /mnt/flexarr volumes: - name: flexarr-storage persistentVolumeClaim: claimName: flexarr-pvc
You might also wish to add a
nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
preference on the hostname of your NAS. In the future we may ship a mutating webhook to add this automatically.
- Check the logs of the flexarr-installer DaemonSet pods:
kubectl logs -n kube-system -l name=flexarr-installer
- Verify the flexarr script is present and executable on all nodes:
ls -l /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ninefives.online~flexarr/flexarr
- Check the Kubernetes events for mount-related issues:
kubectl get events --sort-by='.lastTimestamp'
- The flexarr script handles sensitive information (CIFS credentials). Ensure that the script file has appropriate permissions and is only writable by the necessary system users.
- Use Kubernetes Secrets to manage CIFS credentials.
- Bind mounts are spooky. Use with caution.
- Any mount errors will log your credentials to the local system journal. k8s itself logs the full argv of the volume plugin on any error, which includes your secrets.
For more detailed information on FlexVolume, please refer to the Kubernetes FlexVolume Documentation and the OpenShift FlexVolume Documentation.
☢️ 😱 DO NOT USE THIS PROGRAM. 😱 ☢️
This program is not a program of honor.
No highly esteemed function is executed here.
What is here is dangerous and repulsive to us.
The danger is still present, in your time, as it was in ours,
without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
This program is best shunned and left unused (but it is free software,
and you are welcome to redistribute it under certain conditions).
😱 ☢️ DO NOT USE THIS PROGRAM. ☢️ 😱
This program is licensed under the Sandia Message Public License,
sublicense GNU Affero General Public License version 3.0 (sandia-AGPL-3.0).
You may obtain a copy of the License(s) at
https://github.com/cdanis/sandia-public-license and
https://www.gnu.org/licenses/agpl-3.0.html
Contributions are welcome! Please feel free to submit a Pull Request.