Managing remote mounts for containerized masking

This section describes how to mount an NFS mountpoint inside the Containerized Masking Engine. For information on file mountpoints for Virtual Machine Masking, please refer to Managing File Mounts.

In Containerized Masking, much more control is available to the admin at the Kubernetes layer. That advantage is used to simplify file systems mounts for Containerized Masking. This document will describe the process using NFS as an example mountpoint type.


Filesystem mount points must be mounted as a subdirectory of /var/delphix/masking/remote-mounts/.


In order for Kubernetes to utilize some particular network filesystem, the underlying host will typically need to be able to support that filesystem. In this example, to support mounting NFS filesystems, the underlying OS needs to be able to perform an nfs mount. This is typically enabled by installing the nfs-client package. For example, if the kubernetes cluster runs on top of a debian-type linux distro, the package would need to be installed using apt install nfs-client on each node to ensure all nodes have the necessary utilities to handle mounting NFS filesystems.

Creating the mountpoint connection in Kubernetes

To establish a remote mount using NFS, the first step is creating the NFS connection to the remote NFS host. This is accomplished utilizing a special NFS persistent volume. This can be added to the beginning of the kubernetes-config.yaml file or created as separate config files just for this purpose. If separate config files are created, they will have to be applied before the main Pod config is applied.

Both a Persistent Volume (PV) and Persistent Volumne Claim (PVC) are necessary and the YAML for each of these looks like the following snippets.

NFS Persistent Volume YAML

apiVersion: v1
    kind: PersistentVolume
      name: nfs-pv
        storage: 500Mi
      volumeMode: Filesystem
        - ReadWriteOnce
      storageClassName: nfs-storage
        - hard
        - nfsvers=4.1
        server: <your NFS server host>
        path: <the exported directory on the NFS server, for example /var/tmp/masking-mount>

NFS persistent volume claim YAML

apiVersion: v1
    kind: PersistentVolumeClaim
      name: nfs-pvc
        - ReadWriteOnce
      volumeMode: Filesystem
      storageClassName: nfs-storage
          storage: 500Mi # change corresponding to actual requirements

Using the mountpoint in the pod configuration

Next, the recently created NFS PVC must get mounted into the application container. This is achieved by editing the existing Pod config YAML and adding 2 objects. First, attaching the PVC to the pod as a volume. Second, linking that volume into the application container. This is demonstrated in the excerpt below.

Excerpt of kubernetes-config.yaml to show support for NFS volumes

    # Example of volume definition per Persistent Volume Claim
      - name: nfs-pv-storage
          claimName: nfs-pvc
      - image: delphix-masking-app:
        name: app
          - containerPort: 8284
            name: http
          - name: masking-persistent-storage
            mountPath: /var/delphix/masking
            subPath: masking
          - name: masking-persistent-storage
            mountPath: /var/delphix/postgresql
            subPath: postgresql
            # Example of mounting an external volume
            # Mount path is the directory on the `app` container to be mounted to the
            # remote provided Persistent Volume.
            # It should always start with the `/var/delphix/masking/remote-mounts`
            # and to be followed with customer named sub-directory per mount.
            # That sub-directory will automatically be created on the Masking Engine `app` container.
          - name: nfs-pv-storage
            mountPath: /var/delphix/masking/remote-mounts/nfs_example

Using the mountpoint in the UI

Once a properly configured Pod is started, the configured NFS filesystem can be accessed in the UI using the same process that was previously used for non-containerized instances documented in Managing Remote Mounts for VM Masking Engines. The one sticking point is that these mount points (in the dropdown list) by default are named "mountpoint_1", "mountpoint_2", etc.

It is possible to rename the default mount point names to something more friendly. This is done via the PUT /mount-filesystem/{mountID} API endpoint. 

The /mount-filesystem API has a large set of functionality that is used to manage filesystem mounts in the Virtual Machine deployment of the Masking Engine. For Containerized Masking, most of that functionality is handled by Kubernetes itself rendering the API tasks useless and therefore disabled. The only functionality available in Containerized is the endpoint that allows you to update an existing mount and only to update its name.

Other types of filesystem mountpoint

The above example has used NFS, but it is possible to mount any filesystem that Kubernetes will support. To mount CIFS or some other supported remote filesystem is possible so long as the same general procedure is followed including:

  • creating the various Kubernetes objects (such as the PV and PVC)

  • mounting it under the /var/delphix/masking/remote-mounts/ required path

Known limitations

  • You can't configure mount point manually (i.e. using API endpoints). Only mount points provided by Kubernetes will be detected.

  • Customized mount points can't be synced from Appliance Masking Engine. If the sync bundle contains any mount point created via API - importing that bundle to containerized Masking Engine will fail.

  • Masking Sync is incapable of altering your various Kubernetes config YAML files which is the only way to mount a filesystem in Containerized Masking.

  • You can't edit existing mount points at containerized Masking Engine.

  • Mount points are named automatically by Masking Engine

  • You can delete (via API mountFilesystem) only those mount points which are not provided by Kubernetes (for example were synced in), and not associated with any existing connector.

Local file masking troubleshooting

If Masking Engine is not responsive at <your-masking-engine-URL>:30080/masking - there might be need to troubleshoot. If you are not sure what's the name of the masking pod you can find all pods in the given Kubernetes's cluster by running kubectl get pod command. The one with the word masking will be the desired pod. If multiple masking pods are run on the same instance - look for

delphix-masking-* names, Pod status could be seen by running kubectl get pod <your-masking-pod-name>. If not all 3 containers are in the running status - let's get the description of the pod: kubectl describe pod delphix-masking-0. In the output of the above command there is the health information for each container, their status and the latest errors that prevented the pod from a successful startup. Most probably those errors will give a hint on what went wrong. If Masking Engine was working fine prior to adding the Local File Masking configuration, the error reasons could be (but not limited to):

  • the configured remote Persistent Volume is not accessible

  • the directory configured for remote Persistent Volume doesn't exist

  • the yaml files entries you've added are not correctly indented (yaml files are indentation sensitive). After fixing the found problem and tearing down all created Kubernetes instances (in the opposite order) - start applying those again.

If Masking Engine application is up and running, but the configured masking job fails - verify the write permissions are granted to the masking target directory (on the corresponding mounted Persistent Volume).

