`readwritemany` shared drive on GKE?

I have a Kubernetes-based JupyterHub deployed on Google Cloud. My Hub has a shared drive that is accessible to all users so they can quickly share files, access common datasets etc.

Google PVs don’t support readwritemany access and Google Filestore is too expensive. However, after some searching I found the Kubernetes example here that has allowed me to create an NFS server providing readwritemany access backed by a standard Google persistent disk.

This approach has worked well for several years and it’s saved my organisation a lot of money compared to Filestore. However, getting this to work involves running the NFS server with

  privileged: true

(see here).

I have recently been told by one of our cloud administrators that this represents a security vulnerability and they would like me to switch to something else.

My questions:

  • Does anyone know how to setup a readwritemany NFS without using a privileged security context?

  • If this is not possible, are there any other alternatives that achieve the same thing (i.e. readwritemany access on GCE) without having to pay for Filestore?

I’m reluctant to give up on the NFS solution as it’s worked well for so long, but if there are security issues I’ll need to find an alternative.

I guess this is a common problem. What are others doing? Do you all just pay for Filestore? :dollar: :slightly_smiling_face: