Docker Community Forums

Share and learn in the Docker community.

NFS mount inside docker container bypassing the host

Hi All,

I’m new to docker and containerization concepts; the task at hand requires me to explore potential options where a NFS share can be mounted directly into a docker run container BYPASSING the host completely i.e. host would not know anything about the NFS share(s) mounted in any container hosted on it.

One option I discovered googling on the web is as follows:

  1. Launch docker container with ‘–privileged=true’ flag.
  2. Install nfs-utils for *nix based container images.
  3. mount the share inside the container using usual *nix mount command; for-instance:
    “mount -t nfs example.tw:/target/ /srv -o nolock”

Few questions I wanted advice on:

  1. Is there a way to achieve this WITHOUT launching the container in ‘privileged’ mode?
  2. Does the solution works fine for containers running Windows images?
  3. Are there better ways to achieve the same?

Thanks.

A1: You can create a docker volume that mount the nfs volume on container start.

The command should look like this:

docker volume create \
   --driver local \
   --opt type=nfs \
   --opt o=addr=192.168.x.y,nfsvers=4 \
   --opt device=:/exported/share \
   name-of-your-volume

Of course you need to change the ip in addr to the ip of your nfs server, the nfsvers to the nfs version you use, device to the export you want to mount and the name of your volume.

Then use the volume when starting a container:

docker run -v name-of-your-volume:/path/in/container image:tag

A2: No idea.
A3: see A1.

Thanks for your inputs.

Few more question if I may ask regarding the docker volume:

  1. Is this feature available in all docker version OR one needs to be running some specific version to get it?
  2. My understanding reading docker volume is; container OS image doesn’t need to install any dependency modules to access the NFS share; is this correct?

Thanks again for your reply and suggestions.

A1: It is available in Docker CE and Docker EE. I would be surprised if it is not available in Docker packages distributed by os venders, but then again: how much do I know… I never used any of the os vendor packages.
A2: The volume will be mountend into the container target path when the container is started. The container itself does not have do anything or need to know anything about the remote share.

Sounds good. Thanks again for all help!