Installing Container Storage Interface for S3

Container Storage Interface for S3 (CSI) enables you to dynamically reserve buckets of S3-compatible storages and mount them in Managed Service for Kubernetes cluster pods as persistent volumes (PersistentVolume). The connection is made using the FUSE implementation of the GeeseFS file system.

You can install container Storage Interface for S3 in the following ways:

• Using Cloud Marketplace in the management console
• Using a Helm chart from the remote Cloud Marketplace storage
• Using a Helm chart from the remote GitHub storage

Getting startedGetting started

1. Create a service account with the storage.editor role.

2. Create a static access key for the service account. Save the key ID and secret key, you will need them when installing the application.

3. (Optional) To make new volumes fit into a single bucket with different prefixes, create a Yandex Object Storage bucket. Save the bucket name, you will need it when installing the application. Skip this step if you need to create a separate bucket for each volume.

4. Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

   Warning

   The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

Installation in the management console using Cloud MarketplaceInstallation in the management console using Cloud Marketplace

1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
3. Under Application available for installation, select Container Storage Interface for S3 and click Go to install.
4. Configure the application:

   • Namespace: Select the kube-system namespace.

     Warning

     The application works correctly only with the kube-system namespace.

   • Application name: Specify the app name, e.g., csi-s3.

   • Create storage class: Select this option to create a new storage class when deploying the application.

   • Create secret: Select this option to create a new secret for a storage class when installing the application.

   • S3 key ID: Copy the service account key ID into this field.

   • S3 secret key: Copy the service account secret key into this field.

   • General S3 bucket for volumes: Specify the name of the general bucket where dynamically allocated volumes will be created. For CSI to create a new bucket for each volume, leave this field blank.

   • S3 service address: Address of the S3 service the application will use. The default address is https://storage.yandexcloud.net.

   • GeeseFS mounting options: Mounting options for GeeseFS. For a complete list of options, see the GeeseFS documentation.

   • Volume cleanup policy: Select the policy to clean up PersistentVolumes when deleting PersistentVolumeClaims:

     • Retain: Retain a volume.
     • Delete: Delete a volume.

   • Storage class name: If you previously selected the Create storage class option, specify the name of the new storage class.

   • Secret name: If you previously selected the Create secret option, specify the name of the new secret to be created for the storage class. Otherwise, specify the name of the existing secret to be used for the storage class.

   • Ignore all taints: Select this option if you want the CSI driver used to mount the file system on nodes to ignore all taints set for the Managed Service for Kubernetes cluster nodes.

5. Click Install.
6. Wait for the application to change its status to Deployed.

Installation using a Helm chart from the Cloud Marketplace repositoryInstallation using a Helm chart from the Cloud Marketplace repository

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with CSI, run the following command, specifying the parameters of the key you created earlier:

   helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/csi-s3/csi-s3 \
     --version 0.42.1 \
     --untar && \
   helm install \
     --namespace kube-system \
     --set secret.accessKey=<key_ID> \
     --set secret.secretKey=<secret_key> \
     csi-s3 ./csi-s3/
   

   Note

   If you are using a Helm version below 3.8.0, append the export HELM_EXPERIMENTAL_OCI=1 && \ string to the command to enable Open Container Initiative (OCI) support in the Helm client.

   You can also set additional Container Storage Interface parameters for S3.

Installation using a Helm chart from the GitHub repositoryInstallation using a Helm chart from the GitHub repository

The GitHub repository hosts the most current version of the Container Storage Interface for S3 with Object Storage support.

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with CSI, run the following command:

   helm repo add yandex-s3 https://yandex-cloud.github.io/k8s-csi-s3/charts && \
   helm repo update && \
   helm pull yandex-s3/csi-s3 --untar && \
   helm install \
     --namespace kube-system \
     --set secret.accessKey=<key_ID> \
     --set secret.secretKey=<secret_key> \
     csi-s3 ./csi-s3/
   

   You can also set additional Container Storage Interface parameters for S3.

Parameters for installation using a Helm chartParameters for installation using a Helm chart

When installing a Container Storage Interface for S3 application, the only required parameters are secret.accessKey and secret.secretKey. You can skip other parameters or redefine them in the install command using this key: --set <parameter_name>=<new_value>.

See the table below for a list of redefinable parameters and their default values:

See alsoSee also

• CSI specification
• Container Storage Interface for S3 with Object Storage support in GitHub
• Integration with Object Storage
• CSI Use cases
• Working with persistent and dynamic volumes in Kubernetes