Since a while I am on a quest to move my legacy cloud to Kubernetes and posted about this already here, here and here. So far I can say that it is a bumpy ride. Soe years ago I had already added some Kubernetes aspects with a much older version, and back then it was a piece of cake. Now run from one problem to the next and only hope I can support somebody in this world by avoiding those problems.
I had in the end decided to go for NFS as shared storage facility, since that seemd to be the easiest way. Technically, it was also pretty easy to set it up. But hey, easy does not make it good. A few days after I brought up the NFS server, I got an email from my cloud provider, stating himself an warning email from the German Federal Office for Information Security (BSI). They keep scanning for open portmapper ports, which is required by NFSv3 (Port 111). Apparently that is now deemed unsafe and should not be used. NFSv4 is supposed to work without that, but I never got that properly working. The client side always only ever worked with NFSv3. So NFS is out of the list.
Next step would be GlusterFS, which is an open source shared network file system and has some nice features. After spending half the day already on that only trying to install it, it turns out this is not really possible on Rocky9. There are plenty of issues from having no repos available through to key signing issues. I could port back and allow SHA1 keys, but going back on security is never a good thing in the cloud.
I could actually switch operating systems. But from experience I can say, that every OS has their own troubles, and I want to stay on Enterprise Linux.
So for now Glusterfs is also out of the list.
However, since I am already having a shared folder on every cluster node based on SSHFS, which points to en external storage box, I’ll try that directly using persistent volumes. After all going to the more advanced kubernetes storage solutions might be costly and not necessary for my little project.
Keep you posted!
Author Profile
