Merge pull request #4 from freegroup/freegroup-patch-1

fixing #3

Dockerfile

@@ -2,27 +2,30 @@
 # The FUSE driver needs elevated privileges, run Docker with --privileged=true
 ###############################################################################
 
-FROM alpine:3.3
+FROM alpine:latest
 
 ENV MNT_POINT /var/s3
+ENV IAM_ROLE=none
 ENV S3_REGION ''
 
-ARG S3FS_VERSION=v1.83
+VOLUME /var/s3
 
-RUN apk --update --no-cache add fuse alpine-sdk automake autoconf libxml2-dev fuse-dev curl-dev git bash; \
+
+ARG S3FS_VERSION=v1.84
+
+RUN apk --update add bash fuse libcurl libxml2 libstdc++ libgcc alpine-sdk automake autoconf libxml2-dev fuse-dev curl-dev git; \
     git clone https://github.com/s3fs-fuse/s3fs-fuse.git; \
     cd s3fs-fuse; \
     git checkout tags/${S3FS_VERSION}; \
     ./autogen.sh; \
-    ./configure --prefix=/usr; \
+    ./configure --prefix=/usr ; \
     make; \
     make install; \
     make clean; \
     rm -rf /var/cache/apk/*; \
     apk del git automake autoconf;
 
-RUN mkdir -p "$MNT_POINT"
+RUN sed -i s/"#user_allow_other"/"user_allow_other"/g /etc/fuse.conf
 
-CMD echo "${AWS_KEY}:${AWS_SECRET_KEY}" > /etc/passwd-s3fs && \
-    chmod 0400 /etc/passwd-s3fs && \
-    /usr/bin/s3fs $S3_BUCKET $MNT_POINT -f -o endpoint=${S3_REGION},allow_other,use_cache=/tmp,max_stat_cache_size=1000,stat_cache_expire=900,retries=5,connect_timeout=10
+COPY docker-entrypoint.sh /
+CMD /docker-entrypoint.sh

docker-entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+set -o errexit
+set -o errtrace
+IFS=$'\n\t'
+
+export S3_ACL=${S3_ACL:-private}
+
+mkdir -p ${MNT_POINT}
+
+if [ "$IAM_ROLE" == "none" ]; then
+  export AWSACCESSKEYID=${AWSACCESSKEYID:-$AWS_KEY}
+  export AWSSECRETACCESSKEY=${AWSSECRETACCESSKEY:-$AWS_SECRET_KEY}
+
+  echo "${AWS_KEY}:${AWS_SECRET_KEY}" > /etc/passwd-s3fs
+  chmod 0400 /etc/passwd-s3fs
+
+  echo 'IAM_ROLE is not set - mounting S3 with credentials from ENV'
+  /usr/bin/s3fs  ${S3_BUCKET} ${MNT_POINT} -d -d -f -o endpoint=${S3_REGION},allow_other,retries=5
+  echo 'started...'
+else
+  echo 'IAM_ROLE is set - using it to mount S3'
+  /usr/bin/s3fs ${S3_BUCKET} ${MNT_POINT} -d -d -f -o endpoint=${S3_REGION},iam_role=${IAM_ROLE},allow_other,retries=5
+fi

yaml/daemonset.yaml

@@ -12,9 +12,16 @@ spec:
     spec:
       containers:
       - name: s3fuse
-        image: cp-enablement.docker.repositories.sap.ondemand.com/kube-s3
+        image: freegroup/kube-s3
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/bin/sh","-c","umount -f /var/s3"]
         securityContext:
           privileged: true
+          capabilities:
+            add:
+            - SYS_ADMIN
         # use ALL  entries in the config map as environment variables
         envFrom:
         - configMapRef:
@@ -24,12 +31,10 @@ spec:
           mountPath: /dev/fuse
         - name: mntdatas3fs
           mountPath: /var/s3:shared
-      imagePullSecrets:
-      - name: artifactory
       volumes:
       - name: devfuse
         hostPath:
           path: /dev/fuse
       - name: mntdatas3fs
         hostPath:
-          path: /mnt/data-s3fs
+          path: /mnt/data-s3-fs

yaml/example_pod.yaml

@@ -11,7 +11,15 @@ spec:
     volumeMounts:
     - name: mntdatas3fs
       mountPath: /var/s3:shared
+    livenessProbe:
+      exec:
+        command: ["ls", "/var/s3"]
+      failureThreshold: 3
+      initialDelaySeconds: 10
+      periodSeconds: 5
+      successThreshold: 1
+      timeoutSeconds: 1
   volumes:
   - name: mntdatas3fs
     hostPath:
-      path: /mnt/data-s3fs
+      path: /mnt/data-s3-fs