Connect file storage to a Managed Kubernetes cluster in a different pool

Last update: June 04 2026

If you plan to use file storage for backing up data, we recommend creating the storage and the Managed Kubernetes cluster in pools from different availability zones or regions to increase fault tolerance. If the file storage and the cluster are in different pools, you must configure private network connectivity at the L3 level via a global router.

1. Create a global router.

2. Connect a network and subnet for a Managed Kubernetes cluster to the global router.

3. Connect a network and subnet for the file storage to the global router.

4. Assign an IP address to a Managed Kubernetes cluster node.

5. Add a route on the Managed Kubernetes cluster node.

6. Add a route in the file storage subnet.

7. Create file storage.

8. Mount the file storage to the Managed Kubernetes cluster.

See an example of connecting file storage to a Managed Kubernetes cluster in another pool.

If you need to increase disk space using file storage, we recommend creating the storage in the same pool as the Managed Kubernetes cluster. See more details in the guide Connect file storage to a Managed Kubernetes cluster in one pool.

Example of connecting file storage to a Managed Kubernetes cluster

For example, you need to connect file storage in pool ru-2 to a Managed Kubernetes cluster in pool ru-8.

1. Create a global router.

2. Connect two private networks to the global router — 192.168.0.0/29 with gateway 192.168.0.1 for pool ru-8 and 172.16.0.0/29 with gateway 172.16.0.1 for pool ru-2.

3. Assign an address from the 192.168.0.0/29 subnet to the Managed Kubernetes cluster node, for example 192.168.0.2.

4. Add a route on the Managed Kubernetes cluster node in pool ru-8 — to the 172.16.0.0/29 subnet via gateway 192.168.0.1.

5. Create file storage in the 172.16.0.0/29 subnet.

6. Mount the file storage to the Managed Kubernetes cluster.

1. Create a global router

1. In the Control panel, in the top menu, click Products and select Global Router.
2. Click Create router. A limit of five global routers is set for each account.
3. Enter the router name.
4. Click Create.
5. If the router was created with the status ERROR or is stuck in one of the statuses, create a ticket.

2. Connect a network and subnet for the Managed Kubernetes cluster to the router

You need to create a global router network and subnet for the project and cloud platform pool where the Managed Kubernetes cluster is created.

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

Connect a new network

1. In the control panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Cloud Platform service.

6. Select the location where the Managed Kubernetes cluster was created.

7. Select the project where the Managed Kubernetes cluster was created.

8. Enter a subnet name. It will only be used in the control panel.

9. Enter the CIDR — the IP address and subnet mask. The subnet must meet the following conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • do not overlap with other subnets added to this router — there must be no identical IP addresses in the subnets of one router;
   • if a Managed Kubernetes cluster on cloud servers is included in the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is included in the network — with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used in Managed Kubernetes internal addressing, and their use may lead to conflicts in the global router network.

10. Enter the gateway IP or leave the first address from the subnet that is assigned by default. Do not assign this address to your devices so as not to disrupt network operation.

11. Enter the service IPs or leave the last addresses from the subnet that are assigned by default. Do not assign these addresses to your devices so as not to disrupt network operation.

12. Click Create network.

13. Optional: check the network topology on the global router. In the control panel, on the top menu, click Products and select Global Router. Open the page for the required router and click Network map.

Connect an existing network

1. Ensure that the network is not already added to any of the account's global routers. In the control panel, from the top menu, click Products → Cloud Servers → Network → Private networks tab → ensure that the network card does not have the Global Router tag.

2. Ensure that the subnet meets the following conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • do not overlap with other subnets added to this router — there must be no identical IP addresses in the subnets of one router;
   • if a Managed Kubernetes cluster on cloud servers is included in the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is included in the network — with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used in Managed Kubernetes internal addressing, and their use may lead to conflicts in the global router network.

3. In the control panel, on the top menu, click Products and select Cloud Servers.

4. Go to Network → Private networks tab.

5. From the network menu, select Connect to Global Router.

6. Select a global router.

7. For each of the network subnets, enter the IP address that will be assigned to the router, or leave the first free address from the subnet that is assigned by default. Do not assign this address to your devices so as not to disrupt network operation. The last two free subnet addresses will be reserved as service addresses.

8. Click Connect. Do not close the window until the message appears that the network is connected. After that, in the control panel:

   • the network will appear in the Selectel Global Router section on the page of the router you connected it to. You can view it in the control panel: from the top menu, click Products → Global Router → router page;
   • the network will have a Global Router tag. You can view it in the control panel: from the top menu, click Products → Cloud Servers → cloud server page → Network section → network card.

3. Connect a network and subnet for the file storage to the router

You need to create a global router network and subnet for the project and cloud platform pool where the file storage will be created in the future.

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

Connect a new network

1. In the control panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Cloud Platform service.

6. Select the location where the file storage will be created.

7. Select the project where the file storage will be created.

8. Enter a subnet name. It will only be used in the control panel.

9. Enter the CIDR — the IP address and subnet mask. The subnet must meet the following conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • do not overlap with other subnets added to this router — there must be no identical IP addresses in the subnets of one router;
   • if a Managed Kubernetes cluster on cloud servers is included in the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is included in the network — with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used in Managed Kubernetes internal addressing, and their use may lead to conflicts in the global router network.

10. Enter the gateway IP or leave the first address from the subnet that is assigned by default. Do not assign this address to your devices so as not to disrupt network operation.

11. Enter the service IPs or leave the last addresses from the subnet that are assigned by default. Do not assign these addresses to your devices so as not to disrupt network operation.

12. Click Create network.

13. Optional: check the network topology on the global router. In the control panel, on the top menu, click Products and select Global Router. Open the router page and click Network map.

Connect an existing network

1. Ensure that the network is not already added to any of the account's global routers. In the control panel, from the top menu, click Products → Cloud Servers → Network → Private networks tab → ensure that the network card does not have the Global Router tag.

2. Ensure that the subnet meets the following conditions:

   • belongs to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • is at least /29, as three addresses will be occupied by Selectel network equipment;
   • does not overlap with other subnets added to this router: the IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
   • if a Managed Kubernetes cluster on cloud servers is included in the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is included in the network — with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used in Managed Kubernetes internal addressing, and their use may lead to conflicts in the global router network.

3. In the control panel, on the top menu, click Products and select Cloud Servers.

4. Go to Network → Private networks tab.

5. From the network menu, select Connect to Global Router.

6. Select a global router.

7. For each of the subnets, enter the IP gateway or leave the first free address from the subnet that is assigned by default. Do not assign this address to your devices so as not to disrupt network operation. The last two free subnet addresses will be reserved as service addresses.

8. Click Connect. Do not close the window until the message appears that the network is connected. After that, in the control panel:

   • the network will appear in the Selectel Global Router section on the page of the router you connected it to. You can view it in the control panel: from the top menu, click Products → Global Router → router page;
   • the network will have a Global Router tag. You can view it in the control panel: from the top menu, click Products → Cloud Servers → cloud server page → Network section → network card.

4. Assign an IP address to a Managed Kubernetes cluster node

Configure a local port on the Managed Kubernetes cluster node that is included in the global router network. Assign an IP address to the port from the subnet that you connected to the global router for the Managed Kubernetes cluster at stage 2.

1. Add the Managed Kubernetes cluster node to the created global router subnet. If you do not have a Managed Kubernetes cluster yet, create one. When creating it, select the global router subnet as the subnet.

2. Apply changes depending on the Apply changes parameter in the Port settings block. You can view the parameter value in the control panel: from the top menu, click Products → Cloud Servers → cloud server page → Ports tab:

   • On server reboot — reboot the node programmatically or manually make changes to the network configuration file on the node;
   • Manually in the network configuration file on the server — manually make changes to the network configuration file on the node.

5. Add a route on the Managed Kubernetes cluster node

On each cluster node, you need to add a static route to the file storage. To do this, in the subnet you connected to the global router for the Managed Kubernetes cluster at stage 2, you need to add a static route to the subnet you connected to the global router for the file storage at stage 3.

Use the Configure static routes in a subnet section of the Static routes guide.

6. Add a route in the file storage subnet

In the subnet you connected to the global router for the file storage at stage 3, you need to add a static route to the subnet you connected to the global router for the Managed Kubernetes cluster at stage 2.

Use the Configure static routes in a subnet section of the Static routes guide.

7. Create file storage

Control panel

1. In the Control panel, from the top menu click Products and select File Storage.

2. Click Create Storage.

3. Enter a name for the storage or keep the automatically generated one.

4. Select a location where the storage will be created.

   If you need to increase disk space with file storage, select the location where your cloud server or Managed Kubernetes cluster is located.

   If you plan to use the storage for backups, we recommend choosing a location different from your primary infrastructure location to increase fault tolerance.

5. Fill in the sections:

   • Subnet
   • Settings
   • Access rules

6. Check the cost of the file storage.

7. Click Create.

Subnet

1. Select a private subnet where the storage will be located. The subnet type depends on what you need to connect the storage to:

   • cloud private subnet — the storage will be available for cloud servers and Managed Kubernetes clusters only in the pool you selected when creating the storage. To connect the storage, you will only need to mount it;
   • global router subnet — the storage will be available for dedicated servers, as well as cloud servers and Managed Kubernetes clusters that are in other pools. To connect the storage, you need to configure network connectivity between the server or cluster and the storage via the global router. See examples of configuring network connectivity in the instructions in the Connect File Storage section.

   Once the storage is created, the subnet cannot be changed.

2. Enter the private IP address for the storage or leave the first available address from the subnet, which is assigned by default. Once the storage is created, the IP address cannot be changed.

Settings

1. Select the file storage type:

   • HDD Basic,
   • SSD Universal,
   • SSD Fast.

   Once the storage is created, the storage type cannot be changed.

2. Specify the storage size: from 50 GB to 50 TB. After creation, you can increase the file storage, but you cannot decrease it.

3. Select a protocol:

   • NFSv4 — for connecting storage to servers running Linux or other Unix-based OS;
   • CIFS SMBv3 — for connecting storage to servers running Windows OS.

   Once the storage is created, the protocol cannot be changed.

Access rules

NFSv4

1. Configure access rules for the file storage:

   • accessible to everyone — the storage will be available for any IP address in the private subnet where it is created;
   • access restricted — the storage will be available only for specific IP addresses or private subnets. If you create the file storage without rules, access will be restricted for all IP addresses.

2. If you selected Access restricted, click Add rule.

3. Enter the IP address or CIDR of the private subnet and select the access level.

   After creating the storage, you can configure new access rules.

CIFS SMBv3

1. Configure access rules for the file storage:

   • accessible to everyone — the storage will be available for any IP address in the private subnet where it is created;
   • access restricted — the storage will be available only for specific IP addresses or private subnets. If you create the file storage without rules, access will be restricted for all IP addresses.

2. If you selected Access restricted, click Add rule.

3. Enter the IP address or CIDR of the private subnet.

   After creating the storage, you can configure new access rules.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a file storage network:

   openstack share network create \
     --name <share_network> \
     --neutron-net-id <net_uuid> \
     --neutron-subnet-id <subnet_uuid>

   Specify:

   • <share_network> — the file storage network name;
   • <net_uuid> — the ID of the private or public network to which the file storage will be connected. You can view the list of networks using the command openstack network list;
   • <subnet_uuid> — the subnet ID. You can view the list of subnets using the command openstack subnet list.

3. Create file storage:

   openstack share create <share_protocol> <share_size>\
     --name <share_name> \
     --share-network <share_network_id> \
     --share-type <share_type_name> 

   Specify:

   • <share_protocol> — the file storage connection protocol, NFSv4 or CIFS SMBv3;
   • <share_size> — the file storage size in GB;
   • <share_name> — the file storage name;
   • <share_network_id> — the ID of the file storage network that you created in step 2. You can view the list of file storage networks using the command openstack share network list;
   • <share_type_name> — file storage type. You can view the list of types using the command openstack share type list.

Terraform

Use the Create File Storage guide in the Terraform documentation.

8. Mount the file storage to the Managed Kubernetes cluster

The mounting process depends on the file storage protocol: NFSv4 or CIFS SMBv3.

NFSv4

1. Create a PersistentVolume.

2. Create a PersistentVolumeClaim.

3. Add file storage to the container.

1. Create a PersistentVolume

1. Connect to the Managed Kubernetes cluster.

2. Create a yaml file with a manifest for the PersistentVolume object:

   apiVersion: v1
   kind: PersistentVolume
   metadata:
     name: pv_name
   spec:
     storageClassName: storageclass_name
     capacity:
       storage: <storage_size>
     accessModes:
       - ReadWriteMany
     nfs:
       path: /shares/share-<mountpoint_uuid>
       server: <filestorage_ip_address>

   Specify:

   • <storage_size> — PersistentVolume size in GB (file storage size), for example 100 Gi. The limit is from 50 GB to 50 TB;
   • <mountpoint_uuid> — mount point ID. You can view it in the control panel: from the top menu, click Products → File Storage → storage page → block Connection → tab GNU/Linux;
   • <filestorage_ip_address> — file storage IP address. You can view it in the control panel: from the top menu, click Products → File Storage → storage page → tab Settings → field IP.

3. Apply the manifest:

   kubectl apply -f <persistent_volume.yaml>

   Specify <persistent_volume.yaml> — the name of the yaml file with the manifest to create the PersistentVolume.

4. Make sure the PersistentVolume object is created:

   kubectl get pv

2. Create a PersistentVolumeClaim

1. Create a yaml file with a manifest for the PersistentVolumeClaim object:

   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: pvc_name
   spec:
     storageClassName: storageclass_name
     accessModes:
       - ReadWriteMany
     resources:
       requests:
         storage: <storage_size>

   Specify <storage_size> — PersistentVolume (file storage) size in GB, for example 100 Gi. The limit is from 50 GB to 50 TB.

2. Apply the manifest:

   kubectl apply -f <persistent_volume_claim.yaml>

   Specify <persistent_volume_claim.yaml> — the name of the yaml file with the manifest to create the PersistentVolumeClaim.

3. Make sure the PersistentVolumeClaim object is created:

   kubectl get pvc

3. Add storage to the container

1. Create a yaml file with a manifest for the Deployment object:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: filestorage_deployment_name
     labels:
       project: filestorage_deployment_name
   spec:
     replicas: 2
     selector:
       matchLabels:
         project: filestorage_project_name
     template:
       metadata:
         labels:
           project: filestorage_project_name
       spec:
         volumes:
           - name: volume_name
             persistentVolumeClaim:
               claimName: pvc_name
         containers:
           - name: container-nginx
             image: nginx:stable-alpine
             ports:
               - containerPort: 80
                 name: "http-server"
             volumeMounts:
               - name: volume_name
                 mountPath: <mount_path>

   Specify <mount_path> — the path to the folder inside the container where the file storage will be mounted.

2. Apply the manifest:

   kubectl apply -f <deployment.yaml>

   Specify <deployment.yaml> — the name of the yaml file with the manifest to create the Deployment.

CIFS SMBv3

1. Install the CSI driver for Samba.

2. Create a secret to store the username and password.

3. Create a StorageClass.

4. Create a PersistentVolumeClaim.

5. Add file storage to the container.

1. Install the CSI driver for Samba

1. Connect to the Managed Kubernetes cluster.

2. Install Helm package manager.

3. Download the CSI driver from GitHub Kubernetes CSI.

4. Install the latest version of the driver:

   helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
   helm install csi-driver-smb csi-driver-smb/csi-driver-smb --namespace kube-system --version v1.4.0

5. Check that the pods are installed and running:

   kubectl --namespace=kube-system get pods --selector="app=csi-smb-controller"

2. Create a secret

File storage does not support access rights differentiation. Access via the CIFS SMBv3 protocol is granted under the guest user.

Create a secret to store the username and password (the default is guest/guest):

kubectl create secret generic smbcreds --from-literal username=guest --from-literal password=guest

3. Create a StorageClass

1. Create a yaml file with a manifest for the StorageClass object:

   apiVersion: storage.k8s.io/v1
   kind: StorageClass
   metadata:
     name: storageclass_name
   provisioner: smb.csi.k8s.io
   parameters:
     source: "//<filestorage_ip_address>/share-<mountpoint_uuid>"
     csi.storage.k8s.io/provisioner-secret-name: "smbcreds"
     csi.storage.k8s.io/provisioner-secret-namespace: "default"
     csi.storage.k8s.io/node-stage-secret-name: "smbcreds"
     csi.storage.k8s.io/node-stage-secret-namespace: "default"
   reclaimPolicy: Delete
   volumeBindingMode: Immediate
   mountOptions:
     - dir_mode=0777
     - file_mode=0777

   Specify:

   • <mountpoint_uuid> — mount point ID. You can view it in the control panel: from the top menu, click Products → File Storage → storage page → block Connection → tab GNU/Linux;
   • <filestorage_ip_address> — file storage IP address. You can view it in the control panel: from the top menu, click Products → File Storage → storage page → tab Settings → field IP.

2. Apply the manifest:

   kubectl apply -f <storage_class.yaml>

   Specify <storage_class.yaml> — the name of the yaml file with the manifest to create the StorageClass.

3. Make sure the StorageClass object is created:

   kubectl get storageclass

4. Create a PersistentVolumeClaim

1. Create a yaml file with a manifest for the PersistentVolumeClaim object:

   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: pvc_name
     annotations:
       volume.beta.kubernetes.io/storage-class: smb
   spec:
     accessModes: ["ReadWriteMany"]
     resources:
       requests:
         storage: <storage_size>

   Specify <storage_size> — PersistentVolume (file storage) size in GB, for example 100 Gi. The limit is from 50 GB to 50 TB.

2. Apply the manifest:

   kubectl apply -f <persistent_volume_claim.yaml>

   Specify <persistent_volume_claim.yaml> — the name of the yaml file with the manifest to create the PersistentVolumeClaim.

3. Make sure the PersistentVolumeClaim object is created:

   kubectl get pvc

5. Add storage to the container

1. Create a yaml file with a manifest for the Deployment object:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: filestorage_deployment_name
     labels:
       project: filestorage_deployment_name
   spec:
     replicas: 2
     selector:
       matchLabels:
         project: filestorage_project_name
     template:
       metadata:
         labels:
           project: filestorage_project_name
       spec:
         volumes:
           - name: volume_name
             persistentVolumeClaim:
               claimName: pvc_name
         containers:
           - name: container-nginx
             image: nginx:stable-alpine
             ports:
               - containerPort: 80
                 name: "http-server"
             volumeMounts:
               - name: volume_name
                 mountPath: <mount_path>

   Specify <mount_path> — the path to the folder inside the container where the file storage will be mounted.

2. Apply the manifest:

   kubectl apply -f <deployment.yaml>

   Specify <deployment.yaml> — the name of the yaml file with the manifest to create the Deployment.