Network File share access on GKE cluster - Windows node pool

Question

We are Containerizing dotnet application on GKE cluster(Windows node-pool). We have a requirement, where multiple pods can access same shared space(persistent volume). Also it should support "ReadWriteMany" AccessMode. We have explored below option:

1. GCE Persistent disk accessed by Persistent volume.(It doesn't support ReadWriteMany. Only one pod can access the disk).
2. Network File Share(NFS). Currently not supported for windows node pools.
3. Filestore fits the solutions but expensive and managed by google.

We are looking other options to fit our requirement. Please help.

Answer 1

You are right by saying that NFS isn't yet supported on Windows, at least, not for the built-in client v4. So as long as there is no support for NFS v4, Kubernetes team could not start up this work in k8s. source

With this constraint, the only solution I can see remains the Filestore.

Answer 2

I've been trying to solve the same problem - accessing shared filesystem from 2 Windows pods (ASP.NET application on IIS + console application). I wasn't able to use the Filestore because it requires an NFSClient ( Install-WindowsFeature NFS-Client ) and I couldn't install it into the containers (during container build or runtime) since it requires a computer restart - maybe i'm missing sth here.

The options I've found:

1. If you need to create a simple temporary demo application that can run on single VM you can run both pods on a single instance, create a Persistent Disk, attach it to the instance with gcloud compute instances attach-disk , RDP into the instance, mount the disk and provide the disk to the pods as a hostPath. That's the solution I'm using now.

2. Create an SMB share (on a separate VM or using a Docker container https://hub.docker.com/r/dperson/samba/ and access it from the pods using New-SmbMapping -LocalPath $shareletter -RemotePath $dhcpshare -Username $shareuser -Password $sharepasswd -Persistent $true . This solution worked for my console application but the web application couldn't access the files (even though I've set the application pool on IIS to run as Local System). The SMB could also be mounted from the instance using the New-SmbGlobalMapping - the flexvolume does that https://github.com/microsoft/K8s-Storage-Plugins/tree/master/flexvolume/windows . I haven't explored that option and I think it would have the same problem (IIS not seeing the files).

3. I think the best (most secure and reliable) solution would be to setup an Active Directory Domain Controller and SMB share on separate VM and provide access to it to the containers using gMSA: https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts https://kubernetes.io/docs/tasks/configure-pod-container/configure-gmsa/ That doesn't seem easy though.