Connect file storage to a Managed Kubernetes cluster in another pool

Last update: May 27 2025

Connect file storage to a Managed Kubernetes cluster in another pool

If you plan to use file storage for backups, we recommend that you create the storage and the Managed Kubernetes cluster in pools from different availability zones or regions to improve fault tolerance. If the file storage and the Managed Kubernetes cluster are in different pools, you must configure private network connectivity at the L3 level through a global router to connect the storage.

1. Create a global router.

2. Connect the network and subnet for the Managed Kubernetes cluster to the global router.

3. Connect the network and subnet for the file storage to the global router.

4. Assign an IP address on the Managed Kubernetes cluster node.

5. Write routes on the node of the Managed Kubernetes cluster. You can add routes only through technical support.

6. Create file storage.

7. Mount the file storage to the Managed Kubernetes cluster.

See an example of connecting file storage to a Managed Kubernetes cluster in a different pool.

If you need to increase disk space with file storage, we recommend creating the storage in the same pool as the Managed Kubernetes cluster. For more information, see Connect file storage to a Managed Kubernetes cluster in the same pool.

Example of connecting file storage to a Managed Kubernetes cluster⁠

For example, you need to connect file storage in pool ru-2 to a Managed Kubernetes cluster in pool ru-8.

1. Create a global router.

2. Connect two private networks to the global router — 192.168.0.0.0/29 with gateway 192.168.0.1 for pool ru-8 and 172.16.0.0.0/29 with gateway 172.16.0.1 for pool ru-2.

3. Assign an address from the 192.168.0.0.0/29 subnet to a Managed Kubernetes cluster node, such as 192.168.0.2.

4. Write a route on the Managed Kubernetes cluster node in the ru-8 pool — to subnet 172.16.0.0.0/29 via gateway 192.168.0.1.

5. Create a file store on the 172.16.0.0.0/29 subnet.

6. Mount the file storage to the Managed Kubernetes cluster.

1. Create a global router⁠

1. In the Control Panel, on the top menu, click Products and select Global Router.
2. Click Create router. Each account has a limit of five global routers.
3. Enter the name of the router.
4. Click Create.
5. If the router is created with ERROR status or hangs in one of the statuses, create a ticket.

2. Connect the network and subnet for the Managed Kubernetes cluster to the router⁠

For your information

If the cloud platform network is connected to a global router, you can only manage it on the global router page.

You need to create a global router network and subnet to that project and cloud platform pool where the Managed Kubernetes cluster is created.

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

Connect a new network

1. In the Control Panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab.

3. Click Create Network.

4. Enter a network name, this will only be used in the control panel.

5. Select a Cloud Platform service.

6. Select the pool where the Managed Kubernetes cluster is created.

7. Select the project in which the Managed Kubernetes cluster is created.

8. Enter the subnet name — this will only be used in the control panel.

9. Enter the CIDR — IP address and subnet mask. The subnet must meet the conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • Do not overlap with other subnets added to this router: The IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
   • If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges 10.250.0.0.0/16, 10.10.0.0.0/16 and 10.96.0.0.0/12. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.

10. Enter the gateway IP or leave the first address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network.

11. Enter service IPs or leave the last addresses from the subnet assigned by default. Do not assign these addresses to your devices to avoid disrupting the network.

12. Click Create Network.

13. Optional: Check the network topology on the Global Router. In the Control Panel, on the top menu, click Products and select Global Router. Open the page for the desired router and click Network Map.

Connect existing network

1. Check that the network has not yet been added to any of the account's global routers. In the Control Panel, in the top menu, click Products → Cloud Servers → Network → Private Networks tab → check that there is no Global Router tag in the network card.

2. Verify that the subnet meets the conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • Do not overlap with other subnets added to this router: The IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
   • If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges 10.250.0.0.0/16, 10.10.0.0.0/16 and 10.96.0.0.0/12. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.

3. In the Control panel, on the top menu, click Products and select Cloud Servers.

4. Go to Network → Private Networks tab.

5. From the menu of the network, select Connect to Global Router.

6. Select the global router.

7. For each of the network subnets, enter the IP address that will be assigned to the router, or leave the first available address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network. The last two free subnet addresses will be reserved as service addresses.

8. Click Connect. Do not close the window until you see a message that the network is connected. After that, in the Control Panel:

   • The network will appear in the Selectel Global Router section of the router page of the router you connected it to. You can view it in the control panel: from the top menu, click Products → Global Router → Router page;
   • the network will have the Global Router tag. You can view it in the Control Panel: in the top menu, click Products → Cloud Servers → Cloud Server page → Network section → Network card.

3. Connect a network and subnet to the router for file storage⁠

For your information

If the cloud platform network is connected to a global router, you can only manage it on the global router page.

You need to create a global router network and subnet to that project and cloud platform pool where the file storage will be created in the future.

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

Connect a new network

1. In the Control Panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab.

3. Click Create Network.

4. Enter a network name, this will only be used in the control panel.

5. Select a Cloud Platform service.

6. Select the pool where the file storage will be created.

7. Select the project where the file storage will be created.

8. Enter the subnet name — this will only be used in the control panel.

9. Enter the CIDR — IP address and subnet mask. The subnet must meet the conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • Do not overlap with other subnets added to this router: The IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
   • If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges 10.250.0.0.0/16, 10.10.0.0.0/16 and 10.96.0.0.0/12. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.

10. Enter the gateway IP or leave the first address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network.

11. Enter service IPs or leave the last addresses from the subnet assigned by default. Do not assign these addresses to your devices to avoid disrupting the network.

12. Click Create Network.

13. Optional: Check the network topology on the Global Router. In the control panel, on the top menu, click Products, and then click Global Router. Open the router page and click Network Map.

Connect existing network

1. Check that the network has not yet been added to any of the account's global routers. In the Control Panel, in the top menu, click Products → Cloud Servers → Network → Private Networks tab → check that there is no Global Router tag in the network card.

2. Verify that the subnet meets the conditions:

   • belongs to the RFC 1918 private address range: 10.0.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0.0/16;
   • is at least /29, as three addresses will be occupied by Selectel network equipment;
   • does not overlap with other subnets added to this router: the IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
   • If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges 10.250.0.0.0/16, 10.10.0.0.0/16 and 10.96.0.0.0/12. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.

3. In the dashboard, on the top menu, click Products and select Cloud Servers.

4. Go to Network → Private Networks tab.

5. From the menu of the network, select Connect to Global Router.

6. Select the global router.

7. For each of the subnets, enter the gateway IP or leave the first available address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network. The last two free addresses of the subnet will be reserved as service addresses.

8. Click Connect. Do not close the window until you see a message that the network is connected. After that, in the Control Panel:

   • The network will appear in the Selectel Global Router section of the router page of the router you connected it to. You can view it in the control panel: from the top menu, click Products → Global Router → Router page;
   • the network will have the Global Router tag. You can view it in the control panel: in the top menu, click Products → Cloud Servers → Cloud Server page → Network section → Network card.

4. Assign an IP address to a Managed Kubernetes cluster node⁠

Configure a local port on the Managed Kubernetes cluster node that is included in the global router network. On the port, assign an IP address from the subnet you created on the global router for the corresponding pool.

1. Add a Managed Kubernetes cluster node to the created subnet of the global router. If you do not already have a Managed Kubernetes cluster, create one. When creating it, select the Global Router subnet as the subnet.

2. Apply changes depending on the Apply Changes parameter in the Ports Configuration block . You can view the value of the parameter in the Control Panel: top menu Products → Cloud Servers → Cloud Server page → Ports tab:

   • When the server reboots. — programmatically reboot the node or manually make changes in the network configuration file on the node;
   • Manually in the network configuration file on the server — Manually make changes to the network configuration file on the node.

5. Write routes on the Managed Kubernetes cluster node⁠

If you have created a new Managed Kubernetes cluster and added a node to an existing global router network, you do not need to specify routes. In this case, the node will be immediately available to other devices on the network.

If you are adding an existing node to the global router network, you must specify static routes to all subnets that you want to communicate with. To do this, create a ticket.

6. Create file storage⁠

Control panel

1. In the Control Panel, on the top menu, click Products and select File Storage.

2. Click Create Storage.

3. Enter a name for the repository or leave the name that is automatically created.

4. Select the region and pool segment where the storage will be created.

   If you need to increase disk space with file storage, select a pool segment from the pool that hosts the cloud server or Managed Kubernetes cluster.

   If you plan to use storage to store backups, we recommend selecting a pool segment from a different availability zone or region to improve fault tolerance.

5. Fill in the blocks:

   • Subnetwork
   • Settings
   • Access rules

6. Check out the price of file storage.

7. Click Create.

Subnetwork⁠

1. Select the private subnet where the storage will be located. The type of subnet depends on what you want to connect the storage to:

   • cloud private subnet — the storage will be available to Managed Kubernetes cloud servers and clusters only in the pool you selected when creating the storage. You will only need to mount the storage to connect it;
   • global router subnet — the storage will be available for dedicated servers, as well as cloud servers and Managed Kubernetes clusters that are located in other pools. To connect the storage, you need to configure network connectivity between the server or cluster and the storage through the global router. See the Connect File Storage section for examples of how to configure network connectivity.

   Once the repository is created, the subnet cannot be changed.

2. Enter a private IP address for the vault or leave the first available address from the subnet assigned by default. Once the storage is created, the IP address cannot be changed.

Settings⁠

1. Select the type of file storage:

   • HDD Basic,
   • SSD Universal,
   • SSD Fast.

   Once created, the storage type cannot be changed.

2. Specify the storage size: from 50 GB to 50 TB. Once created, you can increase the file storage, but you cannot decrease it.

3. Select a protocol:

   • NFSv4 — for connecting storage to servers with Linux-based OS and other Unix systems;
   • CIFS SMBv3 — for connecting the storage to Windows servers.

   Once the repository is created, the protocol cannot be changed.

Access rules⁠

NFSv4

1. Configure the file storage access rules:

   • available to all — the storage will be available to any IP address of the private subnet in which it is created;
   • access restricted — the storage will be available only to specific IP addresses or private subnets. If you create a file storage without rules, access will be restricted to all IP addresses.

2. If you selected Restricted Access, click Add Rule.

3. Enter the IP address or CIDR of the private subnet, select the access level.

   After creating the repository, you can configure new access rules.

CIFS SMBv3

1. Configure the file storage access rules:

   • available to all — the storage will be available to any IP address of the private subnet in which it is created;
   • access restricted — the storage will be available only to specific IP addresses or private subnets. If you create a file storage without rules, access will be restricted to all IP addresses.

2. If you selected Restricted Access, click Add Rule.

3. Enter the IP address or CIDR of the private subnet.

   After creating the repository, you can configure new access rules.

Terraform

Use the Create File Storage instructions in the Terraform documentation.

7. Mount file storage to a Managed Kubernetes cluster⁠

The mount process depends on the file storage protocol: NFSv4 or CIFS SMBv3.

NFSv4

1. Create PersistentVolume.

2. Create a PersistentVolumeClaim.

3. Add file storage to the container.

1. Create PersistentVolume⁠

1. Connect to a Managed Kubernetes cluster.

2. Create a yaml file with a manifest for the PersistentVolume object:

   apiVersion: v1
   kind: PersistentVolume
   metadata:
     name: pv_name
   spec:
     storageClassName: storageclass_name
     capacity:
       storage: <storage_size>
     accessModes:
       - ReadWriteMany
     nfs:
       path: /shares/share-<mountpoint_uuid>
       server: <filestorage_ip_address>

   Specify:

   • <storage_size> — PersistentVolume size in GB (file storage size), e.g. 100 Gi. The limit is from 50 GB to 50 TB;
   • <mountpoint_uuuid> — The ID of the mountpoint. You can look in control panel: in the top menu, click Products → File Storage → Storage page → Block Connection → tab GNU/Linux;
   • <filestorage_ip_address> — IP address of the file storage. You can view it in control panel: in the top menu, click Products → File Storage → Storage page → tab Settings → field IP.

3. Apply the manifest:

   kubectl apply -f <persistent_volume.yaml>

   Specify <persistent_volume.yaml> is the name of the manifest yaml file to create the PersistentVolume.

4. Make sure that a PersistentVolume object is created:

   kubectl get pv

2. Create a PersistentVolumeClaim⁠

1. Create a yaml file with a manifest for the PersistentVolumeClaim object:

   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: pvc_name
   spec:
     storageClassName: storageclass_name
     accessModes:
       - ReadWriteMany
     resources:
       requests:
         storage: <storage_size>

   Specify <storage_size> — PersistentVolume (file storage) size in GB, for example 100 Gi. The limit is from 50 GB to 50 TB.

2. Apply the manifest:

   kubectl apply -f <persistent_volume_claim.yaml>

   Specify <persistent_volume_claim.yaml> is the name of the manifest yaml file to create the PersistentVolumeClaim.

3. Ensure that a PersistentVolumeClaim object is created:

   kubectl get pvc

3. Add storage to a container⁠

1. Create a yaml file with a manifest for the Deployment object:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: filestorage_deployment_name
     labels:
       project: filestorage_deployment_name
   spec:
     replicas: 2
     selector:
       matchLabels:
         project: filestorage_project_name
     template:
       metadata:
         labels:
           project: filestorage_project_name
       spec:
         volumes:
           - name: volume_name
             persistentVolumeClaim:
               claimName: pvc_name
         containers:
           - name: container-nginx
             image: nginx:stable-alpine
             ports:
               - containerPort: 80
                 name: "http-server"
             volumeMounts:
               - name: volume_name
                 mountPath: <mount_path>

   Specify <mount_path> — the path to the folder inside the container to which the file store will be mounted.

2. Apply the manifest:

   kubectl apply -f <deployment.yaml>

   Specify <deployment.yaml> is the name of the yaml file with the manifest to create the Deployment..

CIFS SMBv3

1. Install the CSI driver for Samba.

2. Create a secret to store the login and password.

3. Create StorageClass.

4. Create a PersistentVolumeClaim.

5. Add file storage to the container.

1. Install the CSI driver for Samba⁠

1. Connect to a Managed Kubernetes cluster.

2. Install the Helm package manager.

3. Download the CSI driver from GitHub Kubernetes CSI.

4. Install the latest driver version:

   helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
   helm install csi-driver-smb csi-driver-smb/csi-driver-smb --namespace kube-system --version v1.4.0

5. Check that the pods are installed and running:

   kubectl --namespace=kube-system get pods --selector="app=csi-smb-controller"

2. Create a secret⁠

The file storage does not support differentiation of access rights. Access via CIFS SMBv3 protocol is performed under the guest user.

Create a secret to store the login and password ( guest/guest by default):

kubectl create secret generic smbcreds --from-literal username=guest --from-literal password=guest

3. Create StorageClass⁠

1. Create a yaml file with a manifest for the StorageClass object:

   apiVersion: storage.k8s.io/v1
   kind: StorageClass
   metadata:
     name: storageclass_name
   provisioner: smb.csi.k8s.io
   parameters:
     source: "//<filestorage_ip_address>/share-<mountpoint_uuid>"
     csi.storage.k8s.io/provisioner-secret-name: "smbcreds"
     csi.storage.k8s.io/provisioner-secret-namespace: "default"
     csi.storage.k8s.io/node-stage-secret-name: "smbcreds"
     csi.storage.k8s.io/node-stage-secret-namespace: "default"
   reclaimPolicy: Delete
   volumeBindingMode: Immediate
   mountOptions:
     - dir_mode=0777
     - file_mode=0777

   Specify:

   • <mountpoint_uuuid> — The ID of the mountpoint. You can look in control panel: in the top menu, click Products → File Storage → Storage page → Block Connection → tab GNU/Linux;
   • <filestorage_ip_address> — IP address of the file storage. You can view it in control panel: in the top menu, click Products → File Storage → Storage page → tab Settings → field IP.

2. Apply the manifest:

   kubectl apply -f <storage_class.yaml>

   Specify <storage_class.yaml> is the name of the yaml file with the manifest to create the StorageClass.

3. Make sure that the StorageClass object is created:

   kubectl get storageclass

4. Create a PersistentVolumeClaim⁠

1. Create a yaml file with a manifest for the PersistentVolumeClaim object:

   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: pvc_name
     annotations:
       volume.beta.kubernetes.io/storage-class: smb
   spec:
     accessModes: ["ReadWriteMany"]
     resources:
       requests:
         storage: <storage_size>

   Specify <storage_size> — PersistentVolume (file storage) size in GB, for example 100 Gi. The limit is from 50 GB to 50 TB.

2. Apply the manifest:

   kubectl apply -f <persistent_volume_claim.yaml>

   Specify <persistent_volume_claim.yaml> is the name of the manifest yaml file to create the PersistentVolumeClaim.

3. Ensure that the PersistentVolumeClaim object is created:

   kubectl get pvc

5. Add storage to a container⁠

1. Create a yaml file with a manifest for the Deployment object:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: filestorage_deployment_name
     labels:
       project: filestorage_deployment_name
   spec:
     replicas: 2
     selector:
       matchLabels:
         project: filestorage_project_name
     template:
       metadata:
         labels:
           project: filestorage_project_name
       spec:
         volumes:
           - name: volume_name
             persistentVolumeClaim:
               claimName: pvc_name
         containers:
           - name: container-nginx
             image: nginx:stable-alpine
             ports:
               - containerPort: 80
                 name: "http-server"
             volumeMounts:
               - name: volume_name
                 mountPath: <mount_path>

   Specify <mount_path> — the path to the folder inside the container to which the file store will be mounted.

2. Apply the manifest:

   kubectl apply -f <deployment.yaml>

   Specify <deployment.yaml> is the name of the yaml file with the manifest to create the Deployment..