How to Mount CIFS Windows Share to Kubernetes Pod with Flexvolume


When setting up my bare-metal Kubernetes cluster I initially used a NFS provisioner with a Windows NFS share for my PV, however Windows NFS shares often cause more issues than they solve. Given this I decided to use CIFS as a work around.


In order to use CIFS mounts on Kubernetes there are a few things you need to do on each node, including the master.

First install the required packages on each node

sudo apt install cifs-utils jq

On all nodes run the following command

mkdir -p "$VOLUME_PLUGIN_DIR/fstab~cifs"
cd "$VOLUME_PLUGIN_DIR/fstab~cifs"
curl -L -O
chmod 755 cifs

Check if the installation was successful with the following command on each node

$VOLUME_PLUGIN_DIR/fstab~cifs/cifs init

Kubectl Commands

Create base64 encoded credentials for share

echo -n username | base64
echo -n password | base64

Create a secret.yml file and replace username and password with the aboved hashed output

apiVersion: v1
kind: Secret
  name: cifs-secret
  namespace: default
type: fstab/cifs
  username: 'ZXhhbXBsZQ=='
  password: 'bXktc2VjcmV0LXBhc3N3b3Jk'

Apply Kubernetes secret

kubectl apply -f secret.yml

Kubernetes Deployment

I have included a sample deployment of Organizr, more information about Organizr can be found here

apiVersion: apps/v1
kind: Deployment
name: organizr
namespace: default
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
app: organizr
maxSurge: 0
maxUnavailable: 100%
type: RollingUpdate
creationTimestamp: null
app: organizr organizr
- env:
- name: PGID
value: "1000"
- name: PUID
value: "1000"
image: organizr/organizr
imagePullPolicy: Always
name: organizr
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- mountPath: /config
name: config
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
- flexVolume:
driver: fstab/cifs
fsType: cifs
mountOptions: dir_mode=0777,file_mode=0777,iocharset=utf8,noperm,nounix,rw
networkPath: <CIFS_SHARE_PATH>
name: cifs-secret
name: config

Related Posts

Terraform Tips & Tricks – Part 1 – Building A Constant Reference

One of the most common problems I see in large organizations when working with terraform is consistency. When we have a large amount of resources being managed…

Istio Architecture Diagram

Everything You Ever Wanted to Know About Istio but Were Afraid to Ask

Istio is a powerful service mesh that integrates natively with Kubernetes, I have been using Istio as my service mesh, ingress, and egress gateways on my personal…

Envoy Modules Solar Monitoring Grafana Dashboard

How to Monitor Your Enphase Home Solar System with Telegraf

How to collect metrics from an Enphase Envoy PV system, with telegraf and influxdb.

Anthos on Bare Metal Architecture Diagram

How to Deploy Anthos on Bare Metal On-Prem

Introduction The main advantage of Anthos on BM over Anthos on VMWare for on-prem deployments is the ability to run Anthos clusters without a hypervisor license. Cluster…

OPA Gatekeeper Architecture

OPA Gatekeeper: Bringing Law and Order to Kubernetes

Introduction Open Policy Agent (OPA) is a policy based control agent that is able to be integrated on various platforms. For the sake of this document we…

Anthos GKE Cluster Traffic Diagram

How to Setup Anthos on GKE Autopilot with Private Certificate Authority

What You Will Create The guide will set up the following: 2 Private GKE autopilot clusters with master global access ASM with multicluster mesh IstioIngress gateway to…

Leave a Reply