由于Ceph Squid（v19.2.1）‌不原生支持直接导出 SMB 服务器‌，需通过手动集成 Samba 或其他第三方工具实现‌ 所以直接部署最简单的

安装软件包
apt install samba

• 编辑配置文件 vim /etc/samba/smb.conf在最末尾添加以下

# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak [Share]
comment = Shared Folder
path = /srv/samba/share
browsable = yes
read only = no  # 允许写入
valid users = smbjbl
create mask = 0664  # 客户端文件权限上限
directory mask = 0775  # 客户端目录权限上限
force create mode = 0664  # 强制文件权限
force directory mode = 0775  # 强制目录权限

• 重启服务

#创建目录
mkdir -p  /srv/samba/share
#创建用户和设置密码
useradd -M -s /usr/sbin/nologin smbjbl
smbpasswd -a smbjbl
#查看
pdbedit -L | grep smbjbl# 授权（假设 smbuser 属于组 smbgroup）
chown -R smbuser:smbgroup /srv/samba/share
chmod -R 0775 /srv/samba/share     # 目录权限
find /srv/samba/share -type f -exec chmod 0664 {} \;  # 文件权限
#重启服务
systemctl restart smbd

普通客户端挂测试必须通过

#安装挂载工具
apt install cifs-utils -y# smbclient -L //172.16.8.56 -U smbjbl%123456  （用户%密码）Sharename       Type      Comment---------       ----      -------print$          Disk      Printer DriversShare           Disk      Shared FolderIPC$            IPC       IPC Service (Samba 4.17.12-Debian)smbjbl          Disk      Home Directories
SMB1 disabled -- no workgroup available
#挂载成功
mount -t cifs //172.16.8.56/Share /mnt/smb -o username=smbjbl,password=123456
# df -h | tail -n 1//172.16.8.56/Share   46G  2.5G   43G   6% /mnt/smb

以下配置SMB-Csi

# 官网
https://github.com/kubernetes-csi/csi-driver-smb/tree/master/charts/v1.17.0helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
helm pull csi-driver-smb csi-driver-smb/csi-driver-smb  --version v1.17.0 --untar

我的values.yaml文件已经替换好国内镜像了

# egrep -v "^[[:space:]]*#|^$" values.yaml
image:baseRepo: registry.cn-hangzhou.aliyuncs.com/google_containerssmb:repository: ccr.ccs.tencentyun.com/abcdh/abpaytag: smbpullPolicy: IfNotPresentcsiProvisioner:repository: /csi-provisionertag: v5.2.0pullPolicy: IfNotPresentcsiResizer:repository: /csi-resizertag: v1.13.1pullPolicy: IfNotPresentlivenessProbe:repository: /livenessprobetag: v2.15.0pullPolicy: IfNotPresentnodeDriverRegistrar:repository: /csi-node-driver-registrartag: v2.13.0pullPolicy: IfNotPresent#csiproxy:   ----------注释windows#repository: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy#tag: v1.1.2#pullPolicy: IfNotPresentserviceAccount:create: true # When true, service accounts will be created for you. Set to false if you want to use your own.controller: csi-smb-controller-sanode: csi-smb-node-sa
rbac:create: truename: smb
driver:name: smb.csi.k8s.io
feature:enableGetVolumeStats: trueenableInlineVolume: true
controller:name: csi-smb-controllerreplicas: 1dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirstmetricsPort: 29644livenessProbe:healthPort: 29642runOnMaster: falserunOnControlPlane: falselogLevel: 5workingMountDir: "/tmp"resources:csiProvisioner:limits:memory: 400Mirequests:cpu: 10mmemory: 20MicsiResizer:limits:memory: 400Mirequests:cpu: 10mmemory: 20MilivenessProbe:limits:memory: 100Mirequests:cpu: 10mmemory: 20Mismb:limits:memory: 200Mirequests:cpu: 10mmemory: 20Miaffinity: {}nodeSelector: {}tolerations:- key: "node-role.kubernetes.io/master"operator: "Exists"effect: "NoSchedule"- key: "node-role.kubernetes.io/controlplane"operator: "Exists"effect: "NoSchedule"- key: "node-role.kubernetes.io/control-plane"operator: "Exists"effect: "NoSchedule"- key: "CriticalAddonsOnly"operator: "Exists"effect: "NoSchedule"
node:maxUnavailable: 1logLevel: 5livenessProbe:healthPort: 29643affinity: {}nodeSelector: {}
linux:enabled: truedsName: csi-smb-node # daemonset namednsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirstkubelet: /var/lib/kubeletkrb5CacheDirectory: "" # directory for kerberos credential cache, empty string means default(/var/lib/kubelet/kerberos/)krb5Prefix: "" # prefix for kerberos credential cache, empty string means default(krb5cc_)tolerations:- operator: "Exists"resources:livenessProbe:limits:memory: 100Mirequests:cpu: 10mmemory: 20MinodeDriverRegistrar:limits:memory: 100Mirequests:cpu: 10mmemory: 20Mismb:limits:memory: 200Mirequests:cpu: 10mmemory: 20Mi
windows:enabled: false   -------------修改此处为falseuseHostProcessContainers: truedsName: csi-smb-node-win # daemonset namekubelet: 'C:\var\lib\kubelet'removeSMBMappingDuringUnmount: truetolerations:- key: "node.kubernetes.io/os"operator: "Exists"effect: "NoSchedule"resources:livenessProbe:limits:memory: 150Mirequests:cpu: 10mmemory: 40MinodeDriverRegistrar:limits:memory: 150Mirequests:cpu: 10mmemory: 40Mismb:limits:memory: 600Mirequests:cpu: 10mmemory: 40Micsiproxy:   -------------修改此处为falseenabled: false # required if windows.enabled is true and useHostProcessContainers is false, but may be installed manually alsodsName: csi-proxy-win # daemonset nametolerations: {}affinity: {}username: "NT AUTHORITY\\SYSTEM"nodeSelector:"kubernetes.io/os": windows
customLabels: {}
podAnnotations: {}
podLabels: {}
priorityClassName: system-cluster-critical
securityContext: { seccompProfile: {type: RuntimeDefault} }

配置Secret和StorageClass

apiVersion: v1
kind: Secret
metadata:name: smbcredsnamespace: default
type: Opaque
data:username: c21iamJsCg==  <base64 - encoded - username>password: MTIzNDU2Cg== <base64 - encoded - password>
---apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: smb-sc
provisioner: smb.csi.k8s.io
parameters:source: //172.16.8.56/Share. -------服务器地址和共享名csi.storage.k8s.io/provisioner-secret-name: smbcredscsi.storage.k8s.io/provisioner-secret-namespace: defaultcsi.storage.k8s.io/node-stage-secret-name: smbcredscsi.storage.k8s.io/node-stage-secret-namespace: default
volumeBindingMode: Immediate
mountOptions:- dir_mode=0777- file_mode=0777- uid=1001- gid=1001- noserverino

测试

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: smb-pvc
spec:accessModes:- ReadWriteManyresources:requests:storage: 1GistorageClassName: smb-sc
---
kind: Pod
apiVersion: v1
metadata:name: nginx-smbnamespace: default
spec:containers:- image: mcr.microsoft.com/oss/nginx/nginx:1.17.3-alpinename: nginx-smbcommand:- "/bin/sh"- "-c"- while true; do echo $(date) >> /mnt/smb/outfile; sleep 1; donevolumeMounts:- name: smb01mountPath: "/mnt/smb"readOnly: falsevolumes:- name: smb01persistentVolumeClaim:claimName: smb-pvc

• 总结:
  SMB‌ 在 ‌跨平台混合环境‌ 中不可替代，尤其适合需深度集成 Windows 生态的场景‌25。
  建议根据集群操作系统分布、性能需求及运维复杂度综合选择。

SMB和NFS比较

‌优先选择 NFS 的场景‌
‌纯 Linux 环境‌：需高性能共享存储（如 AI 训练、日志聚合）‌；
‌多 Pod 共享读写‌：如 CI/CD 流水线共享构建目录‌；
‌简化运维‌：社区支持成熟，动态供给方案稳定‌。‌优先选择 SMB 的场景‌
‌混合操作系统集群‌：含 Windows 节点的 K8S 环境‌25；
‌企业级权限管理‌：需与 Active Directory 集成或细粒度 ACL 控制‌5；
‌遗留系统整合‌：对接已有 Windows 文件服务器‌

• 核心特性对比

特性	NFS	SMB
协议兼容性	原生支持类 Unix 系统，Windows 兼容性较差（需额外配置）‌	原生支持 Windows，跨平台兼容性更优（Linux/macOS 需 cifs-utils）‌
性能	在 Linux 环境下性能更高（内核级支持，传输效率高）‌	处理小文件时性能略低，适合通用文件共享场景‌
权限管理	依赖服务端本地文件系统权限，需手动同步 UID/GID‌	支持 ACL 细粒度权限控制，与 Windows AD 集成更便捷‌
‌动态供给支持	成熟（通过 nfs-client-provisioner 实现动态 PV 创建）‌	依赖第三方 CSI 驱动（如 smb.csi.k8s.io），配置复杂度较高‌
安全性	默认无加密，需结合 Kerberos 或 VPN 增强‌	支持 SMB 3.0+ 加密传输，安全性更优‌

statefulset测试

---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: statefulset-smbnamespace: defaultlabels:app: nginx
spec:serviceName: statefulset-smbreplicas: 1template:metadata:labels:app: nginxspec:nodeSelector:"kubernetes.io/os": linuxcontainers:- name: statefulset-smbimage: mcr.microsoft.com/oss/nginx/nginx:1.19.5command:- "/bin/bash"- "-c"- set -euo pipefail; while true; do echo $(date) >> /mnt/smb/outfile; sleep 1; donevolumeMounts:- name: persistent-storagemountPath: /mnt/smbreadOnly: falseupdateStrategy:type: RollingUpdateselector:matchLabels:app: nginxvolumeClaimTemplates:- metadata:name: persistent-storagespec:storageClassName: smbaccessModes: ["ReadWriteOnce"]resources:requests:storage: 10Gi