快速部署Samba共享服務器作為k8s后端存儲

由于Ceph Squid（v19.2.1）?不原生支持直接導出 SMB 服務器?，需通過手動集成 Samba 或其他第三方工具實現? 所以直接部署最簡單的

安裝軟件包
apt install samba

編輯配置文件 vim /etc/samba/smb.conf在最末尾添加以下

# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak [Share]
comment = Shared Folder
path = /srv/samba/share
browsable = yes
read only = no  # 允許寫入
valid users = smbjbl
create mask = 0664  # 客戶端文件權限上限
directory mask = 0775  # 客戶端目錄權限上限
force create mode = 0664  # 強制文件權限
force directory mode = 0775  # 強制目錄權限

重啟服務

#創建目錄
mkdir -p  /srv/samba/share
#創建用戶和設置密碼
useradd -M -s /usr/sbin/nologin smbjbl
smbpasswd -a smbjbl
#查看
pdbedit -L | grep smbjbl# 授權（假設 smbuser 屬于組 smbgroup）
chown -R smbuser:smbgroup /srv/samba/share
chmod -R 0775 /srv/samba/share     # 目錄權限
find /srv/samba/share -type f -exec chmod 0664 {} \;  # 文件權限
#重啟服務
systemctl restart smbd

普通客戶端掛測試必須通過

#安裝掛載工具
apt install cifs-utils -y# smbclient -L //172.16.8.56 -U smbjbl%123456  （用戶%密碼）Sharename       Type      Comment---------       ----      -------print$          Disk      Printer DriversShare           Disk      Shared FolderIPC$            IPC       IPC Service (Samba 4.17.12-Debian)smbjbl          Disk      Home Directories
SMB1 disabled -- no workgroup available
#掛載成功
mount -t cifs //172.16.8.56/Share /mnt/smb -o username=smbjbl,password=123456
# df -h | tail -n 1//172.16.8.56/Share   46G  2.5G   43G   6% /mnt/smb

以下配置SMB-Csi

# 官網
https://github.com/kubernetes-csi/csi-driver-smb/tree/master/charts/v1.17.0helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
helm pull csi-driver-smb csi-driver-smb/csi-driver-smb  --version v1.17.0 --untar

我的values.yaml文件已經替換好國內鏡像了

# egrep -v "^[[:space:]]*#|^$" values.yaml
image:baseRepo: registry.cn-hangzhou.aliyuncs.com/google_containerssmb:repository: ccr.ccs.tencentyun.com/abcdh/abpaytag: smbpullPolicy: IfNotPresentcsiProvisioner:repository: /csi-provisionertag: v5.2.0pullPolicy: IfNotPresentcsiResizer:repository: /csi-resizertag: v1.13.1pullPolicy: IfNotPresentlivenessProbe:repository: /livenessprobetag: v2.15.0pullPolicy: IfNotPresentnodeDriverRegistrar:repository: /csi-node-driver-registrartag: v2.13.0pullPolicy: IfNotPresent#csiproxy:   ----------注釋windows#repository: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy#tag: v1.1.2#pullPolicy: IfNotPresentserviceAccount:create: true # When true, service accounts will be created for you. Set to false if you want to use your own.controller: csi-smb-controller-sanode: csi-smb-node-sa
rbac:create: truename: smb
driver:name: smb.csi.k8s.io
feature:enableGetVolumeStats: trueenableInlineVolume: true
controller:name: csi-smb-controllerreplicas: 1dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirstmetricsPort: 29644livenessProbe:healthPort: 29642runOnMaster: falserunOnControlPlane: falselogLevel: 5workingMountDir: "/tmp"resources:csiProvisioner:limits:memory: 400Mirequests:cpu: 10mmemory: 20MicsiResizer:limits:memory: 400Mirequests:cpu: 10mmemory: 20MilivenessProbe:limits:memory: 100Mirequests:cpu: 10mmemory: 20Mismb:limits:memory: 200Mirequests:cpu: 10mmemory: 20Miaffinity: {}nodeSelector: {}tolerations:- key: "node-role.kubernetes.io/master"operator: "Exists"effect: "NoSchedule"- key: "node-role.kubernetes.io/controlplane"operator: "Exists"effect: "NoSchedule"- key: "node-role.kubernetes.io/control-plane"operator: "Exists"effect: "NoSchedule"- key: "CriticalAddonsOnly"operator: "Exists"effect: "NoSchedule"
node:maxUnavailable: 1logLevel: 5livenessProbe:healthPort: 29643affinity: {}nodeSelector: {}
linux:enabled: truedsName: csi-smb-node # daemonset namednsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirstkubelet: /var/lib/kubeletkrb5CacheDirectory: "" # directory for kerberos credential cache, empty string means default(/var/lib/kubelet/kerberos/)krb5Prefix: "" # prefix for kerberos credential cache, empty string means default(krb5cc_)tolerations:- operator: "Exists"resources:livenessProbe:limits:memory: 100Mirequests:cpu: 10mmemory: 20MinodeDriverRegistrar:limits:memory: 100Mirequests:cpu: 10mmemory: 20Mismb:limits:memory: 200Mirequests:cpu: 10mmemory: 20Mi
windows:enabled: false   -------------修改此處為falseuseHostProcessContainers: truedsName: csi-smb-node-win # daemonset namekubelet: 'C:\var\lib\kubelet'removeSMBMappingDuringUnmount: truetolerations:- key: "node.kubernetes.io/os"operator: "Exists"effect: "NoSchedule"resources:livenessProbe:limits:memory: 150Mirequests:cpu: 10mmemory: 40MinodeDriverRegistrar:limits:memory: 150Mirequests:cpu: 10mmemory: 40Mismb:limits:memory: 600Mirequests:cpu: 10mmemory: 40Micsiproxy:   -------------修改此處為falseenabled: false # required if windows.enabled is true and useHostProcessContainers is false, but may be installed manually alsodsName: csi-proxy-win # daemonset nametolerations: {}affinity: {}username: "NT AUTHORITY\\SYSTEM"nodeSelector:"kubernetes.io/os": windows
customLabels: {}
podAnnotations: {}
podLabels: {}
priorityClassName: system-cluster-critical
securityContext: { seccompProfile: {type: RuntimeDefault} }

在這里插入圖片描述

配置Secret和StorageClass

apiVersion: v1
kind: Secret
metadata:name: smbcredsnamespace: default
type: Opaque
data:username: c21iamJsCg==  <base64 - encoded - username>password: MTIzNDU2Cg== <base64 - encoded - password>
---apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: smb-sc
provisioner: smb.csi.k8s.io
parameters:source: //172.16.8.56/Share. -------服務器地址和共享名csi.storage.k8s.io/provisioner-secret-name: smbcredscsi.storage.k8s.io/provisioner-secret-namespace: defaultcsi.storage.k8s.io/node-stage-secret-name: smbcredscsi.storage.k8s.io/node-stage-secret-namespace: default
volumeBindingMode: Immediate
mountOptions:- dir_mode=0777- file_mode=0777- uid=1001- gid=1001- noserverino

測試

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: smb-pvc
spec:accessModes:- ReadWriteManyresources:requests:storage: 1GistorageClassName: smb-sc
---
kind: Pod
apiVersion: v1
metadata:name: nginx-smbnamespace: default
spec:containers:- image: mcr.microsoft.com/oss/nginx/nginx:1.17.3-alpinename: nginx-smbcommand:- "/bin/sh"- "-c"- while true; do echo $(date) >> /mnt/smb/outfile; sleep 1; donevolumeMounts:- name: smb01mountPath: "/mnt/smb"readOnly: falsevolumes:- name: smb01persistentVolumeClaim:claimName: smb-pvc

在這里插入圖片描述

總結:
SMB? 在 ?跨平臺混合環境? 中不可替代，尤其適合需深度集成 Windows 生態的場景?25。
建議根據集群操作系統分布、性能需求及運維復雜度綜合選擇。

SMB和NFS比較

?優先選擇 NFS 的場景?
?純 Linux 環境?：需高性能共享存儲（如 AI 訓練、日志聚合）?；
?多 Pod 共享讀寫?：如 CI/CD 流水線共享構建目錄?；
?簡化運維?：社區支持成熟，動態供給方案穩定?。?優先選擇 SMB 的場景?
?混合操作系統集群?：含 Windows 節點的 K8S 環境?25；
?企業級權限管理?：需與 Active Directory 集成或細粒度 ACL 控制?5；
?遺留系統整合?：對接已有 Windows 文件服務器?

核心特性對比

特性	NFS	SMB
協議兼容性	原生支持類 Unix 系統，Windows 兼容性較差（需額外配置）?	原生支持 Windows，跨平臺兼容性更優（Linux/macOS 需 cifs-utils）?
性能	在 Linux 環境下性能更高（內核級支持，傳輸效率高）?	處理小文件時性能略低，適合通用文件共享場景?
權限管理	依賴服務端本地文件系統權限，需手動同步 UID/GID?	支持 ACL 細粒度權限控制，與 Windows AD 集成更便捷?
?動態供給支持	成熟（通過 nfs-client-provisioner 實現動態 PV 創建）?	依賴第三方 CSI 驅動（如 smb.csi.k8s.io），配置復雜度較高?
安全性	默認無加密，需結合 Kerberos 或 VPN 增強?	支持 SMB 3.0+ 加密傳輸，安全性更優?

statefulset測試

---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: statefulset-smbnamespace: defaultlabels:app: nginx
spec:serviceName: statefulset-smbreplicas: 1template:metadata:labels:app: nginxspec:nodeSelector:"kubernetes.io/os": linuxcontainers:- name: statefulset-smbimage: mcr.microsoft.com/oss/nginx/nginx:1.19.5command:- "/bin/bash"- "-c"- set -euo pipefail; while true; do echo $(date) >> /mnt/smb/outfile; sleep 1; donevolumeMounts:- name: persistent-storagemountPath: /mnt/smbreadOnly: falseupdateStrategy:type: RollingUpdateselector:matchLabels:app: nginxvolumeClaimTemplates:- metadata:name: persistent-storagespec:storageClassName: smbaccessModes: ["ReadWriteOnce"]resources:requests:storage: 10Gi