Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 68034dec6d1f6cc507351b7a35b2a5cb052c0b0c / . / samba / samba.yaml
blob: 375078a7f12a65a891a9c3358a6e0a66dda723c5 [file] [log] [blame]
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200[diff] [blame]1---
2apiVersion: apps/v1
3kind: Deployment
4
5metadata:
6 name: samba
7 namespace: mulk
8 labels:
9 name: samba
10 k8s-app: samba
11
12spec:
13 replicas: 1
14
15 strategy:
16 type: Recreate
17
18 selector:
19 matchLabels:
20 k8s-app: samba
21 name: samba
22
23 template:
24 metadata:
25 labels:
26 name: samba
27 k8s-app: samba
28
29 spec:
30 imagePullSecrets:
31 - name: portus-token
32
33 volumes:
34 - name: homes
35 persistentVolumeClaim:
36 claimName: samba-homes
37 - name: samba-smbpasswd
38 secret:
39 secretName: samba-smbpasswd
40 defaultMode: 0600
41 items:
42 - key: smbpasswd
43 path: smbpasswd
44 mode: 0600
45 - name: samba-config
46 configMap:
47 name: samba-config
48 - name: sshd-config
49 secret:
50 secretName: sshd-config
51 defaultMode: 0600
52
53 hostNetwork: true
54
55 containers:
56 - name: master
57 image: docker.benkard.de/mulk/samba:5fdaazgkjc73m6pjahxgfc9xxymrcd8i
58 imagePullPolicy: Always
59 resources:
60 limits:
61 cpu: 2000m
62 memory: 300Mi
63 requests:
64 cpu: 10m
65 memory: 300Mi
66 volumeMounts:
67 - name: homes
68 mountPath: /home
69 - name: samba-smbpasswd
70 mountPath: /vol/samba-smbpasswd/smbpasswd
71 subPath: smbpasswd
72 readOnly: true
73 - name: samba-config
74 mountPath: /vol/samba-config
75 readOnly: true
76 - name: sshd-config
77 mountPath: /vol/sshd-config
78 readOnly: true
79 ports:
80 - containerPort: 445
81 name: smb
82 protocol: TCP
83 hostPort: 445
84 - containerPort: 22445
85 name: ssh
86 protocol: TCP
87 hostPort: 22445
88
89---
90apiVersion: v1
91kind: PersistentVolumeClaim
92
93metadata:
94 name: samba-homes
95 namespace: mulk
96
97 labels:
98 name: samba-homes
99 k8s-app: samba
100
101 annotations:
102 volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
103
104spec:
105 accessModes:
106 - ReadWriteOnce
107
108 resources:
109 requests:
110 storage: 1Ti
111
112 storageClassName: local-path
113
114---
115kind: ConfigMap
116apiVersion: v1
117
118metadata:
119 name: samba-config
120 namespace: mulk
121
122 labels:
123 k8s-app: samba
124
125data:
126 smb.conf: |
127 [global]
128 log file = /dev/stdout
129 load printers = no
130 printcap name = /dev/null
131 unix password sync = no
132 preserve case = yes
133 short preserve case = yes
134 default case = lower
135 workgroup = MSTPLUS
136 passdb backend = smbpasswd:/var/lib/samba/private/smbpasswd
137 disable spoolss = yes
138 unix extensions = yes
139 map to guest = bad user
140 #usershare allow guests = yes
141 multicast dns register = yes
142 mdns name = netbios
143 acl allow execute always = yes
144
145 spotlight = no
146 rpc_server:mdsvc = embedded
147
148 [homes]
149 path = /home/%S
150 read only = no
151 browseable = no
152 valid users = %S
153
154 vfs objects = catia fruit streams_xattr
155
156 durable handles = yes
157 kernel oplocks = no
158 kernel share modes = no
159 posix locking = yes
160
161 #create mask = 0664
162 #force create mode = 0644
163 #directory mask = 2755
164 #force directory mode = 2755
165 #directory security mask = 2755
166 #force directory security mode = 2755
167 inherit acls = yes
168 inherit permissions = yes
169 strict locking = no
170 follow symlinks = yes
171 wide links = no
172 ea support = yes
173 #acl allow execute always = yes
174
175 spotlight backend = noindex
176
177 fruit:aapl = yes
178 fruit:time machine = yes
179 #fruit:model = TimeCapsule
180 fruit:advertise_fullsync = true
181 fruit:copyfile = yes
182 fruit:resource = xattr
183 fruit:metadata = stream
184 fruit:locking = none
185 fruit:encoding = native
186 fruit:wipe_intentionally_left_blank_rfork = yes
187 fruit:delete_empty_adfiles = yes
188 fruit:veto_appledouble = no
189 fruit:time machine max size = 500G
190---