Unable to mount windows file share to linux application pods on Azure AKS

[silandrew]

Im unable to mount windows file share to Linux application pods on Azure AKS, network file share is on Windows Server 2008r2 in datacenter to application pods in deployment on Azure AKS cluster? I'm using Nginx as load balancer. I've tried to use CIFS but this doesn't work.
, I was able to mount this share from this sabnet where AKS nodes are with cifs comand

this is KAS config config
kubectl create secret generic smbcreds --from-literal username=ddd --from-literal password="ddd" --type="microsoft.com/sm

• pv config

apiVersion: v1
kind: PersistentVolume #First run this to map Azure FS
metadata:
  name: xxx
  # The label is used for matching the exact claim
  labels:
    usage: test
spec:
  storageClassName: "smb"
  capacity:
    storage: 2Ti
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
    - dir_mode=0777
    - file_mode=0777
    - vers=3.0
  csi:
    driver: smb.csi.k8s.io
    readOnly: false  # Replace with your secret name
    volumeHandle: smb-volumeid
    volumeAttributes:
      source: "//x.x.x.x/test"
    nodeStageSecretRef:
      name: smbcreds

• pvc config

kind: PersistentVolumeClaim # After creating 
apiVersion: v1
metadata:
  name: test-pvc
  namespace: test
  # Set this annotation to NOT let Kubernetes automatically create
  # a persistent volume for this volume claim.
  annotations:
    volume.beta.kubernetes.io/storage-class: "smb"
spec:
  # storageClassName: ""
  # volumeName: test-pv
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 2Ti
  selector:
    # To make sure we match the claim with the exact volume, match the label
    matchLabels:
      usage:test 
------
application deployment

apiVersion: apps/v1
kind: Deployment
metadata:
name: test
namespace: test
labels:
app: test
spec:
replicas: 1
progressDeadlineSeconds: 300
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
# Pod specification
volumes:
- name: test #
persistentVolumeClaim:
claimName: test-pvc
- name: secrets-store-inline
csi:
driver: smb.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: ""
nodePublishSecretRef: # Only required when using service principal mode
name: secrets-store-creds # Only required when using service principal mode
containers:
- name: portal
# Below are image locations for two different Azure Subs
#image: axxxx:latest
image: actxxxx:1180
imagePullPolicy: Always
# the readiness probe details
livenessProbe:
httpGet:
path: /monitor.cfm
port: 80
initialDelaySeconds: 300
periodSeconds: 300
readinessProbe:
httpGet: # make an HTTP request
port: 80 # port to use
path: /monitor.cfm # endpoint to hit
scheme: HTTP # or HTTPS
initialDelaySeconds: 50 # how long to wait before checking
periodSeconds: 30 # how long to wait between checks
successThreshold: 1 # how many successes to hit before accepting
failureThreshold: 2 # how many failures to accept before failing
timeoutSeconds: 10 # how long to wait for a response
resources:
limits:
memory: 768M
requests:
memory: 256M
cpu: 100m
ports:
- name: http
containerPort: 80
protocol: TCP
volumeMounts:
- name: test
mountPath: "/opt/content"
#- name: secrets-store-inline
# mountPath: "/secrets"
# readOnly: true

apiVersion: v1
kind: Service # a way for the outside world to reach the Pods
metadata:

any Pods with matching labels are included in this Service

name: test
namespace: test
labels:
app: test
spec:
#type: LoadBalancer
type: ClusterIP
ports:

• name: http
  port: 80
  targetPort: 80

protocol: TCP

- name: https

port: 443

targetPort: 443

protocol: TCP

selector:
app: test

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
namespace: test
annotations:
# kubernetes.io/ingress.lallow-http: "false"
# defines controller implementing this ingress resource: https://docs.microsoft.com/en-us/azure/dev-spaces/how-to/ingress-https-traefik
# ingress.class annotation is being deprecated in Kubernetes 1.18: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
# For backwards compatibility, when this annotation is set, precedence is given over the new field ingressClassName under spec.
kubernetes.io/ingress.class: ingress-test
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
n
spec:
#ingressClassName: "ingress-ttt"
tls:

• hosts:
  • "*.xxxx"
    secretName: ingress-tls-csi
    rules:
• host: "*.xxxxx"
  http:
  paths:
  • path: /
    pathType: Prefix
    backend:
    service:
    name: test
    port:
    number: 80

---

[andyzhangx]

pls provide pod error msg, and also get driver logs on the node, follow by: https://github.com/kubernetes-csi/csi-driver-smb/blob/master/docs/csi-debug.md#case2-volume-mountunmount-failed

[andyzhangx]

try set namespace: default since it cannot find the namespace

    nodeStageSecretRef:
      name: smbcreds
      namespace: default

[silandrew]

when Ive removed --type="microsoft.com/smb" when Ive created secret I Have following error

MountVolume.MountDevice failed for volume "pv-smb" : rpc error: code = Internal desc = volume(unique-volumeid) mount "//172.20.14.50/WWWroot" on "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/pv-smb/globalmount" failed with mount failed: exit status 32...

[andyzhangx]

get driver logs on the node, follow by: https://github.com/kubernetes-csi/csi-driver-smb/blob/master/docs/csi-debug.md#case2-volume-mountunmount-failed

[silandrew]

Ive resolved by removing from pv.yaml config mountOptions:
- dir_mode=0777
- file_mode=0777
- vers=3.0

[andyzhangx]

so your smb server does not support vers=3.0?