Closed jear closed 7 months ago
Is this the same as https://github.com/kubernetes-csi/csi-driver-nfs/issues/390?
this is indeed similar : the solution should be k8s-distro agnostic ( because users don't necessarily have an account in a public cloud ), i.e. from an IAM perspective, uid/gid is coming from external AD/LDAP... Today my solution is to store the ssh private key in an external secret management system ( Vault ) and store the token to access Vault in an opaque secret, injected by trusted users.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/reopen
/remove-lifecycle rotten
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
I still have SSH tunnel to access NFSv3 mounts.
Typically :
This solution is requiring privileged securityContext set to true. To avoid I need to use NFS CSI driver.
The solution would consist to add SSH tunnels support to this CSI project.
Describe alternatives you've considered https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner https://stackoverflow.com/questions/64574328/how-to-mount-kerberised-nfs-on-kubernetes https://docs.docker.com.xy2401.com/ee/ucp/kubernetes/storage/use-nfs-volumes/