Deploying Ignition on VAST Block CSI Driver

New
  • Published on Apr 14, 2026
  • 4 minute(s) read
Prev Next

Intro

This guide provides step-by-step instructions for deploying Ignition SCADA/HMI platform on Kubernetes using VAST Block CSI Driver for persistent storage.

Prerequisites

Before starting, ensure you have:

  • Kubernetes cluster (v1.20+) with kubectl configured

  • Helm (v3.0+) installed

  • VAST Cluster 5.3+ with:

    • NVMe subsystem configured and associated with a VAST cluster view.

    • VMS user with appropriate permissions.

    • Virtual IP pool configured.

  • Network connectivity between Kubernetes nodes and VAST cluster.

Part 1: Deploy VAST Block CSI Driver

Note: The full deployment procedure for the VAST Block CSI Driver is documented in the VAST Block CSI Driver Documentation. Follow those instructions to deploy the CSI driver, then return here to configure the storage class and deploy Ignition.

Storage Class Requirements

When deploying the VAST Block CSI Driver, ensure you create a storage class named vastdata-block that Ignition will use. Include the following in your Helm values file:

storageClasses:
  vastdata-block:
    vipPool: "<VIP_POOL_NAME>"
    subsystem: "<NVME_SUBSYSTEM_NAME>"
    fsType: "ext4"
    allowVolumeExpansion: true
    reclaimPolicy: "Delete"

Placeholder

Description

Example

<VIP_POOL_NAME>

VAST Virtual IP Pool name

vippool-1

<NVME_SUBSYSTEM_NAME>

VAST NVMe Subsystem name

block-subsystem

Verify CSI Driver Installation

Before proceeding to deploy Ignition, verify the CSI driver is running and the storage class exists:

kubectl get pods -n vast-csi
kubectl get storageclass vastdata-block

Expected output should show all CSI pods in Running state and the storage class with the provisioner block.csi.vastdata.com

Part 2: Deploy Ignition

Step 2.1: Create Ignition Namespace

kubectl create ns ignition

Step 2.2: Create Ignition Values File

The Ignition Helm chart uses a StatefulSet that automatically creates its own PVC. We configure it to use VAST Block storage via values.yaml:

# Ignition Helm Values for VAST Block CSI
# File: values.yaml

# Accept Ignition EULA (required)
commissioning:
  acceptIgnitionEULA: true
  edition: standard

# Storage Configuration - use VAST Block CSI storage class
statefulset:
  # Storage class for the data volume
  dataVolumeStorageClass: "vastdata-block"
  # Storage size (adjust as needed)
  dataVolumeStorageSize: 10Gi

# Gateway configuration
gateway:
  # Preconfigure init container settings
  preconfigure:
    enabled: true
    seedDataVolume: true
    # Run preconfigure as root to handle block volume permissions
    extraSpec:
      securityContext:
        runAsUser: 0
        runAsGroup: 0

  # Add init container to fix ownership AFTER preconfigure seeds the data
  # This runs after preconfigure but before the main gateway container
  initContainers:
    - name: fix-permissions
      image: busybox:latest
      command:
        - sh
        - -c
        - |
          echo "Fixing permissions for Ignition user (2003)..."
          chown -R 2003:2003 /data
          chmod -R 755 /data
          echo "Permissions fixed."
      securityContext:
        runAsUser: 0
      volumeMounts:
        - name: data
          mountPath: /data

# Pod security context - run main container as Ignition user (2003)
podSecurityContext:
  runAsUser: 2003
  runAsGroup: 2003
  fsGroup: 2003

Note on Volume Permissions: Block CSI volumes are formatted with root ownership. The configuration above:

  1. Runs the preconfigure init container as root so it can seed the data volume

  2. Adds a fix-permissions init container to chown files to user 2003

  3. Runs the main Ignition container as user 2003 (the Ignition default)

Step 2.3: Deploy Ignition via Helm

Add the Inductive Automation Helm repository:

helm repo add inductiveautomation https://charts.ia.io
helm repo update

Install Ignition:

helm install ignition inductiveautomation/ignition \
    -n ignition \
    -f values.yaml

Expected output:

NAME: ignition
LAST DEPLOYED: <timestamp>
NAMESPACE: ignition
STATUS: deployed
REVISION: 1

Part 3: Validation

Step 3.1: Verify CSI Driver Pods

kubectl get pods -n vast-csi

All pods should be in the Running state with all containers ready.

Step 3.2: Verify Storage Class

kubectl get storageclass vastdata-block -o yaml

Confirm the provisioner is block.csi.vastdata.com.

Step 3.3: Verify PVC is Bound

kubectl get pvc -n ignition
kubectl describe pvc data-ignition-gateway-0 -n ignition

Ensure status is Bound and the volume is provisioned. The PVC is automatically created by the StatefulSet.

Step 3.4: Verify Ignition Deployment

Check Ignition pods:

kubectl get pods -n ignition

Expected output:

NAME                 READY   STATUS    RESTARTS   AGE
ignition-gateway-0   1/1     Running   0          2m

Check init container logs (should show successful permission fix):

kubectl logs ignition-gateway-0 -n ignition -c preconfigure
kubectl logs ignition-gateway-0 -n ignition -c fix-permissions

Check pod logs:

kubectl logs -n ignition -l app.kubernetes.io/name=ignition --tail=50

Step 3.5: Access Ignition Web Interface

Option A: Port Forward (for testing)

kubectl port-forward svc/ignition 8088:8088 -n ignition

Access Ignition at: http://localhost:8088

Option B: Create a LoadBalancer Service

kubectl patch svc ignition -n ignition -p '{"spec": {"type": "LoadBalancer"}}'

Get the external IP:

kubectl get svc ignition -n ignition

Troubleshooting

Common Issues

PVC stuck in Pending state

Check CSI driver logs:

kubectl logs -n vast-csi -l app.kubernetes.io/name=vastblock --tail=100

Common causes:

  • Incorrect VAST credentials in the secret.

  • NVMe subsystem not configured.

  • VIP pool not reachable.

Pod cannot mount volume

Check events:

kubectl describe pod -n ignition <pod-name>

Check node CSI driver:

kubectl logs -n vast-csi -l app=csi-vast-node --tail=100

Connection to VAST cluster fails

Verify the secret:

kubectl get secret vast-mgmt -n vast-csi -o yaml

Test connectivity from a pod:

kubectl run test-connectivity --rm -it --image=busybox -- wget -O- http://<VAST_VMS_HOSTNAME>

Useful Commands

# View all resources in ignition namespace
kubectl get all -n ignition

# View CSI driver resources
kubectl get all -n vast-csi

# Describe storage class
kubectl describe storageclass vastdata-block

# View PV details
kubectl get pv

# Check CSI driver version
helm list -n vast-csi

Quick Reference

File Summary

File

Purpose

vast-block-values.yaml

VAST Block CSI Driver Helm configuration

values.yaml

Ignition Helm configuration (includes storage class and permission fixes)

Command Summary

# Deploy VAST Block CSI
kubectl create ns vast-csi
kubectl create secret generic vast-mgmt --from-literal=endpoint='...' --from-literal=username='...' --from-literal=password='...' -n vast-csi
helm repo add vastblock https://vast-data.github.io/vast-csi
helm install vastdata-block-csi vastblock/vastblock -f vast-block-values.yaml -n vast-csi

# Deploy Ignition (PVC is auto-created by StatefulSet)
kubectl create ns ignition
helm repo add inductiveautomation https://charts.ia.io
helm install ignition inductiveautomation/ignition -n ignition -f values.yaml

# Get admin password
kubectl get secret -n ignition ignition-gateway-admin-password --template='{{ printf "%s\n" (index .data "gateway-admin-password" | base64decode) }}'

  

# Access Ignition
kubectl port-forward svc/ignition 8088:8088 -n ignition

References

Related articles