Debian slim + AWS CLI + NFS Client docker image for Kubernetes
This docker image contains:
- Debian Bullseye Slim
- NFS client/tools
- AWS CLI
Pass in the following environment variables for AWS CLI credientals.
AWS_ACCESS_KEY_ID– Specifies an AWS access key associated with an IAM user or role.AWS_SECRET_ACCESS_KEY– Specifies the secret key associated with the access key. This is essentially the "password" for the access key.AWS_DEFAULT_REGION– Specifies the AWS Region to send the request to.
For more options you can configure with environment variables refer to: AWS Environment Variables
To mount an NFS share to the /data folder inside the container pass in the following environment variables:
NFS_SHARE- the mount IP/hostname and path e.g. 10.0.0.11:/NFSNFS_OPTS- (optional) NFS options that will be added to the mount command-line e.g.-o rowould result in a mount command ofmount.nfs4 -o ro 10.0.0.11:/NFS
To run an AWS S3 command set the following environment variable with command line options. Prior to running aws s3 <options>
the container changes into the /data folder using cd /data.
AWS_CMD- AWS S3 command options
The container will exit afterward.
For example:
AWS_CMD=sync * s3://mybucket --exclude *.tmp
will sync the NFS share to the AWS S3 bucket s3://mybucket
Mounting NFS shared inside docker contaier
With Docker and, Kubernetes you will likely see an Operation not permitted error when trying
to mount NFS shares.
You will need the CAP_SYS_ADMIN capability, which is stripped by Docker and Kubernetes when it
creates the container.
For Docker add the flag --cap-add sys_admin to your docker run command-line as thus:
docker run -d --name nfs-client --cap-add sys_admin recipedude/bullseye-aws-nfs-clients:latest
Add a securityContext stanza to add SYS_ADMIN priveleges.
containers:
- name: nfs-backup-aws
securityContext:
capabilities:
add: ["SYS_ADMIN"]