Installing Container Storage Interface for S3

Container Storage Interface for S3 (CSI) enables you to dynamically reserve buckets of S3-compatible storages and mount them in Managed Service for Kubernetes cluster pods as persistent volumes (PersistentVolume). The connection is made using the FUSE implementation of the GeeseFS file system.

You can install Container Storage Interface for S3 in the following ways:

• Using Cloud Marketplace in the management console
• Using a Helm chart from the Cloud Marketplace repository
• Using a Helm chart from the GitHub repository

Getting startedGetting started

1. Create a service account with the storage.editor role.

2. Create a static access key for the service account. Save the key ID and secret key; you will need them when installing the application.

3. Optionally, create a Yandex Object Storage bucket to place new volumes into a single bucket with different prefixes. Save the bucket name; you will need it when installing the application. Skip this step if you need to create a separate bucket for each volume.

4. Make sure the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If a rule is missing, add it.

   Warning

   The configuration of security groups determines performance and availability of the cluster and the services and applications running in it.

Installation in the management console using Cloud MarketplaceInstallation in the management console using Cloud Marketplace

1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
3. Under Application available for installation, select Container Storage Interface for S3 and click Go to install.
4. Configure the application:

   • Namespace: Select the kube-system namespace.

     Warning

     The application works correctly only with the kube-system namespace.

   • Application name: Specify the application name, e.g., csi-s3.

   • Create storage class: Select this option to create a new storage class when deploying the application.

   • Create secret: Select this option to create a new secret for a storage class when installing the application.

   • S3 key ID: Copy and paste the service account key ID into this field.

   • S3 secret key: Copy and paste the service account secret key into this field.

   • General S3 bucket for volumes: Specify the name of the general bucket to contain your dynamically provisioned volumes. For CSI to create a new bucket for each volume, leave this field blank.

   • S3 service address: Address of the S3 service the application will use. The default is https://storage.yandexcloud.net.

   • GeeseFS mounting options: Mounting options for GeeseFS. For a complete list of options, see our GeeseFS guide.

   • Volume cleanup policy: Select the policy to clean up PersistentVolumes when deleting PersistentVolumeClaims:

     • Retain: Retain a volume.
     • Delete: Delete a volume.

   • Storage class name: If you selected Create storage class, specify the name for the new storage class.

   • Secret name: If you selected Create secret, specify the name for the new secret for the storage class. Otherwise, specify the name of the existing secret to use for the storage class.

   • Ignore all taints: Select this option if you want the CSI driver used to mount the file system on nodes to ignore all taints set for the Managed Service for Kubernetes cluster nodes.

5. Click Install.
6. Wait for the application to change its status to Deployed.

Installation using a Helm chart from the Cloud Marketplace repositoryInstallation using a Helm chart from the Cloud Marketplace repository

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with CSI, run the following command, specifying the parameters of the key you created earlier:

   helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/csi-s3/csi-s3 \
     --version 0.43.3 \
     --untar && \
   helm install \
     --namespace kube-system \
     --set secret.accessKey=<key_ID> \
     --set secret.secretKey=<secret_key> \
     csi-s3 ./csi-s3/
   

   Note

   If you are using a Helm version below 3.8.0, add the export HELM_EXPERIMENTAL_OCI=1 && \ string at the beginning of the command to enable Open Container Initiative (OCI) support in the Helm client.

   You can also set additional parameters for Container Storage Interface for S3.

Installation using a Helm chart from the GitHub repositoryInstallation using a Helm chart from the GitHub repository

The GitHub repository contains the latest version of Container Storage Interface for S3 with Object Storage support.

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with CSI, run this command:

   helm repo add yandex-s3 https://yandex-cloud.github.io/k8s-csi-s3/charts && \
   helm repo update && \
   helm pull yandex-s3/csi-s3 --untar && \
   helm install \
     --namespace kube-system \
     --set secret.accessKey=<key_ID> \
     --set secret.secretKey=<secret_key> \
     csi-s3 ./csi-s3/
   

   You can also set additional parameters for Container Storage Interface for S3.

   Learn more about upgrading from different versions of k8s-csi-s3.

Parameters for installation using a Helm chartParameters for installation using a Helm chart

When installing Container Storage Interface for S3 application, the only required parameters are secret.accessKey and secret.secretKey. You can skip other parameters or redefine them in the install command using this key: --set <parameter_name>=<new_value>.

See the table below for a list of redefinable parameters and their default values:

See alsoSee also

• CSI specification
• Container Storage Interface for S3 with Object Storage support in GitHub
• Integration with Object Storage
• CSI use cases
• Working with persistent and dynamic volumes in Kubernetes