Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Installing Container Storage Interface for S3

Written by
Improved by
Updated at October 9, 2024

Container Storage Interface for S3 (CSI) enables you to dynamically reserve buckets of S3-compatible storages and mount them in Managed Service for Kubernetes cluster pods as persistent volumes (PersistentVolume). The connection is made using the FUSE implementation of the GeeseFS file system.

Getting started

  1. Create a service account with the storage.editor role.

  2. Create a static access key for the service account. Save the key ID and secret key, you will need them when installing the application.

  3. (Optional) To make new volumes fit into a single bucket with different prefixes, create a Yandex Object Storage bucket. Save the bucket name, you will need it when installing the application. Skip this step if you need to create a separate bucket for each volume.

  4. Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

Installation using Yandex Cloud Marketplace

  1. Go to the folder page and select Managed Service for Kubernetes.
  2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
  3. Under Application available for installation, select Container Storage Interface for S3 and click Go to install.
  4. Configure the application:
    • Namespace: Select the kube-system namespace.
    • Application name: Specify the app name, e.g., csi-s3.
    • Create storage class: Select this option to create a new storage class when deploying the application.
    • Create secret: Select this option to create a new secret for a storage class when installing the application.
    • S3 key ID: Copy the service account key ID into this field.
    • S3 secret key: Copy the service account secret key into this field.
    • General S3 bucket for volumes: Specify the name of the general bucket where dynamically allocated volumes will be created. For CSI to create a new bucket for each volume, leave this field blank.
    • S3 service address: Address of the S3 service the application will use. The default address is https://storage.yandexcloud.net.
    • GeeseFS mounting options: Mounting options for GeeseFS. For a complete list of options, see the GeeseFS documentation.
    • Volume cleanup policy: Select the policy to clean up PersistentVolumes when deleting PersistentVolumeClaims:
      • Retain: Retain a volume.
      • Delete: Delete a volume.
    • Storage class name: If you previously selected the Create storage class option, specify the name of the new storage class.
    • Secret name: If you previously selected the Create secret option, specify the name of the new secret to be created for the storage class. Otherwise, specify the name of the existing secret to be used for the storage class.
    • Ignore all taints: Select this option if you want the CSI driver used to mount the file system on nodes to ignore all taints set for the Managed Service for Kubernetes cluster nodes.
  5. Click Install.
  6. Wait for the application to change its status to Deployed.

Installation using a Helm chart

  1. Install Helm v3.8.0 or higher.

  2. Install kubectl and configure it to work with the created cluster.

  3. To install a Helm chart with CSI, run the following command:

    helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/csi-s3/csi-s3 \
  --version 0.42.1 \
  --untar && \
helm install \
  --namespace kube-system \
  --set secret.accessKey=<key_ID> \
  --set secret.secretKey=<secret_key> \
  csi-s3 ./csi-s3/

    Note

    If you are using a Helm version below 3.8.0, append the export HELM_EXPERIMENTAL_OCI=1 && \ string to the command to enable Open Container Initiative (OCI) support in the Helm client.

When installing a CSI application, the only required parameters are secret.accessKey and secret.secretKey. You can skip other parameters or redefine them in the install command using this key: --set <parameter_name>=<new_value>.

The list of parameters available for redefining and their default values are shown in the table below:

Parameter name Description Default value
storageClass.create Whether a new storage class needs to be created true
storageClass.name Storage class name csi-s3
storageClass.singleBucket Use a single bucket for all PersistentVolumeClaims
storageClass.mountOptions GeeseFS mounting options --memory-limit 1000 --dir-mode 0777 --file-mode 0666
storageClass.reclaimPolicy Volume cleanup policy Delete
storageClass.annotations Storage class description
secret.create Whether a new secret needs to be created true
secret.name Secret name csi-s3-secret
secret.accessKey Key ID
secret.secretKey Secret key
secret.endpoint S3 service address https://storage.yandexcloud.net

See also

Previous
Installing cert-manager with the Cloud DNS ACME webhook plugin
Next
Installing Crossplane