Installing Container Storage Interface for S3
Container Storage Interface for S3 (CSI) enables you to dynamically reserve buckets of S3-compatible storages and mount them in Managed Service for Kubernetes cluster pods as persistent volumes (PersistentVolume). The connection is made using the FUSE
Getting started
-
Create a static access key for the service account. Save the key ID and secret key, you will need them when installing the application.
-
(Optional) To make new volumes fit into a single bucket with different prefixes, create a Yandex Object Storage bucket. Save the bucket name, you will need it when installing the application. Skip this step if you need to create a separate bucket for each volume.
-
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
Installation using Yandex Cloud Marketplace
- Go to the folder page
and select Managed Service for Kubernetes. - Click the name of the Managed Service for Kubernetes cluster you need and select the
Marketplace tab. - Under Application available for installation, select Container Storage Interface for S3 and click Go to install.
- Configure the application:
- Namespace: Select the
kube-system
namespace. - Application name: Specify the app name, e.g.,
csi-s3
. - Create storage class: Select this option to create a new storage class when deploying the application.
- Create secret: Select this option to create a new secret for a storage class when installing the application.
- S3 key ID: Copy the service account key ID into this field.
- S3 secret key: Copy the service account secret key into this field.
- General S3 bucket for volumes: Specify the name of the general bucket where dynamically allocated volumes will be created. For CSI to create a new bucket for each volume, leave this field blank.
- S3 service address: Address of the S3 service the application will use. The default address is
https://storage.yandexcloud.net
. - GeeseFS mounting options: Mounting options for GeeseFS. For a complete list of options, see the GeeseFS documentation
. - Volume cleanup policy: Select the policy to clean up PersistentVolumes when deleting PersistentVolumeClaims:
- Retain: Retain a volume.
- Delete: Delete a volume.
- Storage class name: If you previously selected the Create storage class option, specify the name of the new storage class.
- Secret name: If you previously selected the Create secret option, specify the name of the new secret to be created for the storage class. Otherwise, specify the name of the existing secret to be used for the storage class.
- Ignore all taints: Select this option if you want the CSI driver used to mount the file system on nodes to ignore all taints set for the Managed Service for Kubernetes cluster nodes.
- Namespace: Select the
- Click Install.
- Wait for the application to change its status to
Deployed
.
Installation using a Helm chart
-
Install Helm
v3.8.0 or higher. -
Install kubectl
and configure it to work with the created cluster. -
To install a Helm chart
with CSI, run the following command:helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/csi-s3/csi-s3 \ --version 0.35.5 \ --untar && \ helm install \ --namespace kube-system \ --set secret.accessKey=<key_ID> \ --set secret.secretKey=<secret_key> \ csi-s3 ./csi-s3/
Note
If you are using a Helm version below 3.8.0, append the
export HELM_EXPERIMENTAL_OCI=1 && \
string to the command to enable Open Container Initiative (OCI) support in the Helm client.
When installing a CSI application, the only required parameters are secret.accessKey
and secret.secretKey
. You can skip other parameters or redefine them in the install command using this key: --set <parameter_name>=<new_value>
.
The list of parameters available for redefining and their default values are shown in the table below:
Parameter name | Description | Default value |
---|---|---|
storageClass.create |
Whether a new storage class needs to be created | true |
storageClass.name |
Storage class name | csi-s3 |
storageClass.singleBucket |
Use a single bucket for all PersistentVolumeClaims | |
storageClass.mountOptions |
GeeseFS mounting options | --memory-limit 1000 --dir-mode 0777 --file-mode 0666 |
storageClass.reclaimPolicy |
Volume cleanup policy | Delete |
storageClass.annotations |
Storage class description | |
secret.create |
Whether a new secret needs to be created | true |
secret.name |
Secret name | csi-s3-secret |
secret.accessKey |
Key ID | |
secret.secretKey |
Secret key | |
secret.endpoint |
S3 service address | https://storage.yandexcloud.net |