github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-10 12:32:03 +00:00
Code Issues Projects Releases Wiki Activity

Fix volumes/test/nfs: Needs to run insecure to allow container connections

Browse Source 
Since this is a container service port anyways, "insecure" is a bit of
a red herring. There's no real security relevance to the incoming port
numbers for the NFS server pod.

This lets us get rid of the examples/nfs/exporter Docker build
(@jsafrane's personal image).
This commit is contained in:
Zach Loafman 2015-10-23 11:24:59 -07:00
parent 17fd5f2536
commit b71bc4e480
6 changed files with 3 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
examples/nfs/exporter/Dockerfile
View File

@ -1,11 +0,0 @@
FROM fedora:21
MAINTAINER Jan Safranek <jsafrane@redhat.com>
EXPOSE 2049/tcp
RUN yum -y install nfs-utils && yum clean all
ADD run_nfs /usr/local/bin/
RUN chmod +x /usr/local/bin/run_nfs
ENTRYPOINT ["/usr/local/bin/run_nfs"]

48
examples/nfs/exporter/README.md
View File

@ -1,48 +0,0 @@
<!-- BEGIN MUNGE: UNVERSIONED_WARNING -->
<!-- BEGIN STRIP_FOR_RELEASE -->
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
width="25" height="25">
<h2>PLEASE NOTE: This document applies to the HEAD of the source tree</h2>
If you are using a released version of Kubernetes, you should
refer to the docs that go with that version.
<strong>
The latest 1.0.x release of this document can be found
[here](http://releases.k8s.io/release-1.0/examples/nfs/exporter/README.md).
Documentation for other releases can be found at
[releases.k8s.io](http://releases.k8s.io).
</strong>
--
<!-- END STRIP_FOR_RELEASE -->
<!-- END MUNGE: UNVERSIONED_WARNING -->
# NFS-exporter container
Inspired by https://github.com/cpuguy83/docker-nfs-server. Rewritten for
Fedora.
Serves NFS4 exports, defined on command line. At least one export must be defined!
Usage::
docker run -d --name nfs --privileged jsafrane/nfsexporter /path/to/share /path/to/share2 ...
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/examples/nfs/exporter/README.md?pixel)]()
<!-- END MUNGE: GENERATED_ANALYTICS -->

72
examples/nfs/exporter/run_nfs
View File

@ -1,72 +0,0 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
function start()
{
# prepare /etc/exports
seq=0
for i in "$@"; do
echo "$i *(rw,sync,no_root_squash,insecure,fsid=$seq)" >> /etc/exports
seq=$(($seq + 1))
echo "Serving $i"
done
# from /lib/systemd/system/proc-fs-nfsd.mount
mount -t nfsd nfds /proc/fs/nfsd
# from /lib/systemd/system/nfs-config.service
/usr/lib/systemd/scripts/nfs-utils_env.sh
# from /lib/systemd/system/nfs-mountd.service
. /run/sysconfig/nfs-utils
/usr/sbin/rpc.mountd $RPCMOUNTDARGS
# from /lib/systemd/system/nfs-server.service
. /run/sysconfig/nfs-utils
/usr/sbin/exportfs -r
/usr/sbin/rpc.nfsd -N 2 -N 3 -V 4 -V 4.1 $RPCNFSDARGS
echo "NFS started"
}
function stop()
{
echo "Stopping NFS"
# from /lib/systemd/system/nfs-server.service
/usr/sbin/rpc.nfsd 0
/usr/sbin/exportfs -au
/usr/sbin/exportfs -f
# from /lib/systemd/system/nfs-mountd.service
kill $( pidof rpc.mountd )
# from /lib/systemd/system/proc-fs-nfsd.mount
umount /proc/fs/nfsd
echo > /etc/exports
exit 0
}
trap stop TERM
start "$@"
# Ugly hack to do nothing and wait for SIGTERM
while true; do
read
done

3
examples/nfs/nfs-server-rc.yaml
View File

@ -13,8 +13,7 @@ spec:
spec: spec:
containers: containers:
- name: nfs-server - name: nfs-server
# TODO(zmerlynn): change to gcr.io/google_containers/volume-nfs image: gcr.io/google_containers/volume-nfs
image: jsafrane/nfs-data
ports: ports:
- name: nfs - name: nfs
containerPort: 2049 containerPort: 2049

2
test/images/volumes-tester/nfs/Makefile
View File

@ -1,6 +1,6 @@
all: push all: push
TAG = 0.3 TAG = 0.4
container: container:
docker build -t gcr.io/google_containers/volume-nfs . # Build new image and automatically tag it as latest docker build -t gcr.io/google_containers/volume-nfs . # Build new image and automatically tag it as latest

2
test/images/volumes-tester/nfs/run_nfs.sh
View File

@ -20,7 +20,7 @@ function start()
# prepare /etc/exports # prepare /etc/exports
for i in "$@"; do for i in "$@"; do
# fsid=0: needed for NFSv4 # fsid=0: needed for NFSv4
echo "$i *(rw,fsid=0,no_root_squash)" >> /etc/exports echo "$i *(rw,fsid=0,insecure,no_root_squash)" >> /etc/exports
echo "Serving $i" echo "Serving $i"
done done