11. Kubernetes – CSI Driver for VAST

  • Updated on Jan 28, 2026
  • 3 minute(s) read
Prev Next

Prerequisites

Before running the script, ensure that:

  • Python 3.6+ is installed on your machine.

  • You have network access to the VAST Cluster API (https://<VMS IP>/api)

  • API credentials (admin username and password) that have sufficient permissions

  • pip installed

  • VAST CSI v2.6 and Kubernetes cluster with Helm & kubectl set up.

  • Network access from Kubernetes to cluster Virtual IP(s) specific to the target tenant.

VAST Configuration via Web UI

Step 1: Create a New Tenant

  • Navigate to Settings → Tenants.

  • Click Create Tenant.

  • Enter name (e.g., prod) and optional description.

  • Click Create.

The screenshot shows the process to create a new tenant in a cluster, focusing on setting up general configurations and user provider access. Users can define the tenant's name and URL, specify login details, and select providers such as VAST Provider or Active Directory for authentication.

Create a New Tenant

During Tenant Creation, you can check Create default view policies and Enable Trash Folder.

The advanced protocol settings screen allows users to configure various file access protocols, including NFSv4.2 and SMB, with options such as enabling secured labels, trash folder creation, native authentication, and signing requirements.

Create default view policies and Enable Trash Folder

Step 2: Create a Dedicated VIP Pool for the Tenant

  • Navigate to Network Access → Virtual IP Pools.

  • Click Create VIP Pool.

  • Set a unique name (e.g., vippool-tenant-prod) and define the IP range.

  • Select the previously created tenant (prod).

  • Configure the DNS name if needed.

  • Click Create.

The screenshot displays the "Add Virtual IP Pool" interface, where users can configure settings such as tenant selection and resource preferences to manage virtual IP pools effectively within their network infrastructure.

Create a Dedicated VIP Pool for the Tenant

  • Set the protocol to NFS and define relevant export rules (e.g., subnet restrictions).

  • Enable quota settings if needed.

  • Click Create.

Step 3: Create a View

  • You can then navigate to Element Store → View.

  • Create a view.

  • Select the Tenant Name.

  • Assign the relevant View policy.

The image displays the "Search View Configuration" interface, where users can set up tenant-specific views with options to specify policies and paths. The configuration includes fields such as Tenant name (prod), Path selection, Policy Name, QoS policy selection, NFS alias input, and SMB share name entry.

Create a View

Step 4: Create a Role for the CSI Driver

  • Navigate to Administrators → Roles.

  • Select Logical + Security

  • Click Create Role.

  • Set a name (e.g., csi-admin-tenant-prod) and role type: Tenant Admin.

  • Scope the role to the tenant prod.

  • Click Create.

The image depicts a role creation interface where an administrator is configuring access permissions for a tenant in a production environment, specifically granting 'Logical' and 'Security' categories rights while excluding other realms like 'Realm', 'Applications', 'Database', 'Events', 'Hardware', 'Monitoring', and 'Settings'.

Create a Role for the CSI Driver

Step 5: Create a VMS Manager

  • Navigate to Administrators → Managers.

  • Click Create Manager.

  • Name: admin-tenant-prod.

  • Assign the role csi-admin-tenant-prod.

  • Set password

  • Unselect the ‘read_only’ option.

  • Click Create.

The image showcases a user interface for creating manager configuration, where fields such as username, first name, last name, password, and tenant selection are visible. The selected role is 'Tenant Admin,' with options to proceed by clicking the 'Create' button at the bottom right corner.

Create a VMS Manager

You should repeat these steps on each Tenant that you need to create

Before proceeding to the next step, please verify that you can log in to the tenant with the Tenant Admin.


VASTCSI Configuration and Installation

To use a secret as part of the VastCsi installation, we need to create an API token for the Tenant Admin.
Will do that by leveraging the Vastpy-cli

Vastpy Installation

Install vastpy and vastpy-cli

pip install vastpy

This installs both the Python SDK and vastpy-cli tool.

Authentication

You can authenticate using environment variables:

export VMS_USER=admin 
export VMS_PASSWORD=your_password 
export VMS_ADDRESS=VMS_IP

Generate an API token for the tenant admin

vastpy-cli   --user TENANT_ADMIN  \
--password 'PASSWORD'   \
--tenant-name TENANT_NAME   \
post apitokens owner=admina name=Token_Name

Example :

vastpy-cli   --user admina  \
 --password 'P@ssw0rd'   \
 --tenant-name ten-a   \
 post apitokens owner=admina name=new‑token9898

Expected Result :

property |value
---------+------------------------------------------+
id       |4cOJvV3K
token    |4cOJvV3K.86LVzOs7TI6pZYh2DVivJUh9mwqLgRyh

VastCSI Installation

Please follow the official procedure for installing VastCsi

VastCsi installation VAST CSI driver 2.6 Administrators Guide

Configuration Files preparation

  1. Prepare values.yaml

Values.yaml 
verifySsl: false
storageClassDefaults:
    volumeNameFormat: "csi:{namespace}:{name}:{id}"
    ephemeralVolumeNameFormat: "csi:{namespace}:{name}:{id}"
storageClasses:
  vastdata-filesystem-TEN-A:
    vipPool: "vip-pool1-TEN-A"
    secretName: "SECRET-TEN-A"
    secretNamespace: "NS"
    storagePath: "/VIEW_PATH_TEN_A"
    viewPolicy: "POLICY-TEN-A"
  vastdata-filesystem-TEN-B:
    vipPool: "vip-pool1-TEN-B"
    secretName: "SECRET-TEN-B"
    storagePath: "/VIEW_PATH_TEN_B"
    viewPolicy: "POLICY-TEN-B"

  1. Create a secret token-based put command.

    1. kubectl command

kubectl create secret generic vast-mgmt-ten-a -n vast-csi \
--from-literal=token=TOKEN_ID \
--from-literal=endpoint=VMS_IP/NAME

You should repeat this step and generate a secret per Tenant.
e.g: vast-mgmt-ten-B

VastCsi Installation using Helm installation.

helm install csi-driver vastcsi/vastcsi -f values-ten-prod.yaml -n vast-csi

VastCSI Validation

  1. To validate, please create a PVC and a pod

pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: vast-pvc-prod
  namespace: vast-csi-ten-prod
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: vastdata-filesystem-ten-prod

  1. Create pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: csi-fs-ten-prod
  namespace: vast-csi-ten-prod
spec:
  containers:
    - name: app-container
      image: nginx
      volumeMounts:
        - name: data
          mountPath: /mnt/data
  volumes:
    - name: data
      persistentVolumeClaim:
        claimName: vast-pvc-prod

  1. Create PVC + Pod and validate

kubectl create -f p*.yaml

Check that pvc + pod creation using VastUi in the created Tenant

  1. Once validated, you can delete the PVC+pod.

kubectl delete -f p*.yaml

Appendix: Working with ApiToken using Vastpy-cli

Generate

You can generate ApiToken by using:

Example:

vastpy-cli   --user admina  \ 
	 --password 'P@ssw0rd'   \ 
	 --tenant-name ten-a   \ 
 post apitokens owner=admina name=new token9898

Expected Result :

property |value
---------+------------------------------------------+
id       |4cOJvV3K
token    |4cOJvV3K.86LVzOs7TI6pZYh2DVivJUh9mwqLgRyh

List

Example:

vastpy-cli get apitokens --tenant-name ten-a --user admina --password P@ssw0rd

Revoke

Example:

vastpy-cli \
  --user admina \
  --password 'P@ssw0rd' \
  --address v133 \
  --tenant-name ten-a \
  patch apitokens/4cOJvV3K/revoke
  
"API token 4cOJvV3K has been revoked"

Related articles