Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-03-18 20:18:01 +00:00
parent c5c22ed5f5
commit a5618d008a
1 changed files with 322 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

322
samba-files/samba-fileserver.yaml Normal file
View File

@@ -0,0 +1,322 @@
apiVersion: v1
kind: Namespace
metadata:
name: samba-files
---
apiVersion: v1
kind: Secret
metadata:
name: samba-files-join
namespace: samba-files
type: Opaque
stringData:
username: "Administrator"
password: "4IsTheMindKiller"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: samba-files-config
namespace: samba-files
data:
smb.conf: |
[global]
server role = member server
security = ADS
realm = UNDERCLOUD.LOCAL
workgroup = UNDERCLOUD
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
password server = samba-ad.samba-directory.svc
winbind use default domain = yes
winbind refresh tickets = yes
winbind enum users = no
winbind enum groups = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config UNDERCLOUD : backend = rid
idmap config UNDERCLOUD : range = 10000-999999
server min protocol = SMB2
disable spoolss = yes
load printers = no
printing = bsd
printcap name = /dev/null
map to guest = never
log level = 2
[data]
path = /data
read only = no
browseable = yes
valid users = @"UNDERCLOUD\Domain Users"
force group = "UNDERCLOUD\Domain Users"
create mask = 0660
directory mask = 0770
---
apiVersion: v1
kind: ConfigMap
metadata:
name: samba-files-krb5
namespace: samba-files
data:
krb5.conf: |
[libdefaults]
default_realm = UNDERCLOUD.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = true
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
[realms]
UNDERCLOUD.LOCAL = {
kdc = samba-ad.samba-directory.svc
admin_server = samba-ad.samba-directory.svc
}
[domain_realm]
.undercloud.local = UNDERCLOUD.LOCAL
undercloud.local = UNDERCLOUD.LOCAL
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: samba-files
namespace: samba-files
labels:
app: samba-files
spec:
replicas: 1
selector:
matchLabels:
app: samba-files
template:
metadata:
labels:
app: samba-files
spec:
shareProcessNamespace: true
terminationGracePeriodSeconds: 30
initContainers:
- name: wait-for-ad
image: quay.io/samba.org/samba-server:v0.8
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-ec"]
args:
- |
set -euxo pipefail
until getent hosts samba-ad.samba-directory.svc >/dev/null; do
echo "waiting for samba-ad dns"
sleep 5
done
until bash -c "</dev/tcp/samba-ad.samba-directory.svc/389" 2>/dev/null; do
echo "waiting for samba-ad ldap"
sleep 5
done
until bash -c "</dev/tcp/samba-ad.samba-directory.svc/636" 2>/dev/null; do
echo "waiting for samba-ad ldaps"
sleep 5
done
- name: join-domain
image: quay.io/samba.org/samba-server:v0.8
imagePullPolicy: IfNotPresent
env:
- name: JOIN_USER
valueFrom:
secretKeyRef:
name: samba-files-join
key: username
- name: JOIN_PASSWORD
valueFrom:
secretKeyRef:
name: samba-files-join
key: password
command: ["/bin/bash", "-ec"]
args:
- |
set -euxo pipefail
mkdir -p /run/samba /var/cache/samba /data
chmod 2770 /data
cp /krb5/krb5.conf /etc/krb5.conf
if net ads testjoin >/dev/null 2>&1; then
echo "already joined"
exit 0
fi
net ads join \
-S samba-ad.samba-directory.svc \
-U "${JOIN_USER}%${JOIN_PASSWORD}"
net ads testjoin
volumeMounts:
- name: samba-config
mountPath: /etc/samba/smb.conf
subPath: smb.conf
- name: krb5-config
mountPath: /krb5/krb5.conf
subPath: krb5.conf
- name: samba-state
mountPath: /var/lib/samba
- name: samba-cache
mountPath: /var/cache/samba
- name: samba-run
mountPath: /run/samba
- name: share-data
mountPath: /data
containers:
- name: winbindd
image: quay.io/samba.org/samba-server:v0.8
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-ec"]
args:
- |
set -euxo pipefail
cp /krb5/krb5.conf /etc/krb5.conf
exec winbindd --foreground --no-process-group
volumeMounts:
- name: samba-config
mountPath: /etc/samba/smb.conf
subPath: smb.conf
- name: krb5-config
mountPath: /krb5/krb5.conf
subPath: krb5.conf
- name: samba-state
mountPath: /var/lib/samba
- name: samba-cache
mountPath: /var/cache/samba
- name: samba-run
mountPath: /run/samba
readinessProbe:
exec:
command: ["/bin/bash", "-ec", "wbinfo -t"]
initialDelaySeconds: 10
periodSeconds: 10
- name: smbd
image: quay.io/samba.org/samba-server:v0.8
imagePullPolicy: IfNotPresent
ports:
- name: smb
containerPort: 445
protocol: TCP
- name: netbios-ssn
containerPort: 139
protocol: TCP
command: ["/bin/bash", "-ec"]
args:
- |
set -euxo pipefail
cp /krb5/krb5.conf /etc/krb5.conf
until wbinfo -t; do
echo "waiting for winbind"
sleep 5
done
exec smbd --foreground --no-process-group
volumeMounts:
- name: samba-config
mountPath: /etc/samba/smb.conf
subPath: smb.conf
- name: krb5-config
mountPath: /krb5/krb5.conf
subPath: krb5.conf
- name: samba-state
mountPath: /var/lib/samba
- name: samba-cache
mountPath: /var/cache/samba
- name: samba-run
mountPath: /run/samba
- name: share-data
mountPath: /data
readinessProbe:
tcpSocket:
port: 445
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: samba-config
configMap:
name: samba-files-config
- name: krb5-config
configMap:
name: samba-files-krb5
- name: samba-cache
emptyDir: {}
- name: samba-run
emptyDir: {}
- name: samba-state
persistentVolumeClaim:
claimName: samba-files-state
- name: share-data
persistentVolumeClaim:
claimName: samba-files-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: samba-files-state
namespace: samba-files
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: cephfs-hyper
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: samba-files-data
namespace: samba-files
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Gi
storageClassName: cephfs-hyper-slow
---
apiVersion: v1
kind: Service
metadata:
name: samba-files
namespace: samba-files
labels:
app: samba-files
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv6
- IPv4
ipFamilyPolicy: PreferDualStack
type: ClusterIP
selector:
app: samba-files
ports:
- name: smb
port: 445
protocol: TCP
targetPort: 445
- name: netbios-ssn
port: 139
protocol: TCP
targetPort: 139