apiVersion: v1
kind: ConfigMap
metadata:
  name: nfs-mount-cm
  namespace: sample-project
  labels:
    app: sample-project
    component: nfs
data:
  # accessLevel: rw, r
  # TODO: what about when the persistent volume is read only, does nfs override access?.
  # https://linux.die.net/man/5/exports
  exports: |
    / *(fsid=0,rw,async,no_subtree_check,no_auth_nlm,insecure,all_squash,anonuid=0,anongid=0)
    /usr/src/app/data *(fsid=100,rw,async,no_subtree_check,no_auth_nlm,insecure,all_squash,anonuid=0,anongid=0)
---
apiVersion: v1
kind: Pod
metadata:
  name: nfs-mount
  labels:
    app: sample-project
    component: nfs
spec:
  containers:
    - name: nfs-mount
      image: k8s.gcr.io/volume-nfs:0.8
      imagePullPolicy: Always
      ports:
      - name: nfs
        containerPort: 2049
      - name: mountd
        containerPort: 20048
      - name: rpcbind
        containerPort: 111
      securityContext:
        privileged: true
      volumeMounts:
        - name: data
          mountPath: /usr/src/app/data
        - name: export-volume
          mountPath: /etc/exports
          subPath: exports
  volumes:
    - name: export-volume
      configMap:
        name: nfs-mount-cm
    - name: data
      persistentVolumeClaim:
        claimName: sample-project-core-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: nfs-mount
  labels:
    app: sample-project
    component: nfs
spec:
  ports:
  - name: nfs
    port: 2049
  - name: mountd
    port: 20048
  - name: rpcbind
    port: 111
  selector:
    app: sample-project
    component: nfs