Create a Helm Chart Configuration File for VAST CSI Driver

  • Updated on Jan 30, 2026
  • Published on Jan 26, 2026
  • 4 minute(s) read
Prev Next

In Helm-based deployments, VAST CSI Driver's Helm chart configuration file lets you override default installation settings provided in the chart with parameters that are specific to your environment.

The configuration file is a YAML file typically named values.yaml, although you can use any arbitrary name for it.

Create a Configuration File

Create a YAML file as follows (see also the example below):

Note

For a detailed reference for parameters and values, refer to https://github.com/vast-data/vast-csi/blob/v2.6/charts/vastcsi/values.yaml.

secretName: "<secret>"
endpoint: "<endpoint>"
verifySsl: true|false
sslCertsSecretName: "<SSL secret>"
deletionVipPool: "<deletion virtual IP pool>"
deletionViewPolicy: "<deletion view policy>"

StorageClassDefaults:
  <option 1>
  <option 2>
  ...
  <option n>

storageClasses:
  <storage class name 1>:
    <option 1>
    <option 2>
    ...
    <option n>
  <storage class name 2>:
    <option 1>
    <option 2>
    ...
    <option n>
 ...
  <storage class name n>:
    <option 1>
    <option 2>
    ...
    <option n>

In the YAML file:

  1. Set global or storage class-specific session options:

    • Global session options are specified in the beginning of the configuration file. They apply to all storage classes:

      • secretName: "<secret>": Specify the Kubernetes secret to be used by VAST CSI Driver. For more information, see Create a Kubernetes Secret for VAST CSI Driver.

        The secretName global session option is required unless the secret name is provided, together with secretNamespace, under StorageClassDefaults or under a specific storage class. If you supply the secret name under a specific storage class, you must specify the endpoint within the secret.

      • endpoint: "<endpoint>" (required): Enter the VAST Cluster management hostname.

      • verifySsl: true|false (optional): Specify true to enable SSL encryption for the connection to the VAST cluster. If set to false or not specified, SSL encryption is disabled.

        Tip

        When enabling SSL encryption, either upload a CA-signed SSL certificate to the VAST cluster, or supply a self-signed SSL certificate to the driver. The latter can be done either via the sslCertsSecretName option, or using --set-file sslCert  on the Helm chart installation command.

      • sslCertsSecretName: "<SSL secret>" (optional): Specify the Kubernetes secret that contains the self-signed SSL certificate to be used to secure communications between VAST CSI Driver and the VAST cluster. For more information, see Configuring SSL Encryption for VAST CSI Driver.

    • Storage class-specific session options are specified under a certain storage class (in step 3). They apply to that particular storage class only, taking precedence over global session options.

  2. If you are going to use a VAST cluster that has its Trash Folder Access feature disabled or not used, set options to handle deletions. When running against a VAST Cluster version prior to 4.7.0-SP6, these options are required.

    • deletionVipPool: "<deletion virtual IP pool>": Specify the name of the VAST Cluster's virtual IP pool to be used when deleting volumes. It can match a virtual IP pool specified in the vipPool property of a storage class, or you can specify a different virtual IP pool. For more guidance, see Extra Configuration Steps for Legacy CSI Local-Mount Deletions.

    • deletionViewPolicy: "<deletion virtual IP pool>": Specify the name of the VAST Cluster view policy to be used when deleting volumes. It can match a view policy specified in the viewPolicy property of a storage class, or you can specify a different view policy. For more guidance, see Extra Configuration Steps for Legacy CSI Local-Mount Deletions.

  3. Set storage class options:

    • <storage class name> (required): Provide a name to identify the storage class. For more information about Kubernetes storage classes, see Using Storage Classes.

      Note

      Define at least one storage class.

    • <option 1>...<option n>: Specify parameters to be used when provisioning storage for PVCs with this storage class. For information on each option, see  Storage Class Option Reference.

      The required options are as follows:

      storageClasses:
  <storage class name>:
    vipPoolFQDN: "<pool FQDN>" | vipPool: "<pool name>"
    storagePath: "<path>"
    viewPolicy: "<policy name>"

      If you want to configure storage class-specific session options, add the following parameters:

      • secretName (required if no global session options are set): The name of the Kubernetes secret that contains information about the VAST cluster on which to provision volumes for this particular storage class, the corresponding VMS user credentials or authentication token and, optionally, the SSL certificate. For more information, see Provisioning Volumes on Multiple VAST Clusters.

      • secretNamespace (optional): If the storage class Kubernetes secret (specified on secretName) was created in a namespace that is different from that used to install the VAST CSI Driver's Helm chart, add this parameter to specify the namespace of the Kubernetes secret.

  4. (Optional) Configure registration of VAST CSI Driver with kubelet:

    • kubeletPath: "<your kubelet root directory>" (optional): Add  this option if you are going to run VAST CSI Driver on a Kubernetes cluster where the kubelet root directory is not /var/lib/kubelet.

The following snippet shows a sample configuration file for VAST CSI Driver:

secretName: "vast-mgmt"
endpoint: "vms.example.com"
deletionVipPool: "vippool-1"
deletionViewPolicy: "default"
verifySsl: true

StorageClassDefaults:
  volumeNameFormat: "csi:{namespace}:{name}:{id}"
  ephemeralVolumeNameFormat: "eph:{namespace}:{name}:{id}"
  vipPool: "main"

storageClasses:
  vastdata-filesystem:
    vipPool: "vippool-1"
    storagePath: "/k8s"
    viewPolicy: "default"
    mountOptions:
      - proto=tcp
      - port=2049
      - vers=3
  vastdata-filesystem2:
    secretName: "session-options-for-fs2"
    secretNamespace: "nm"
    vipPool: "vippool-2"
    storagePath: "/fs2/path"
    viewPolicy: "policy-for-fs2"
      mountOptions:
        - proto=rdma
        - port=20049
  my-custom-storage-class:
    secretName: "custom-tenant"
    secretNamespace: "tenant2"
    storagePath: "/data" 
    vipPool: "vip-tenant2"

Verify the Configuration File

Verify the newly created chart configuration file:

helm template <release name> <repo>/<chart> -f <filename>.yaml -n <namespace>

Where:

  • <release name> identifies the release being deployed.

  • <repo> is the name of the VAST CSI Driver Helm repository.

  • <chart> is the name of the VAST CSI Driver Helm chart (vastcsi).

  • <filename>.yaml is the VAST driver chart configuration file.

  • <namespace> determines the Kubernetes namespace to which the release is deployed. If this parameter is not specified, the default namespace is used. Otherwise, create a custom namespace prior to installing the VAST driver chart.

For example:

helm template csi-driver vastcsi/vastcsi -f values.yaml

The output is similar to the following:

---
# Source: vastcsi/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-vast-controller-sa
  namespace: "default"
  labels:
    helm.sh/chart: vastcsi-0.1.0
    app.kubernetes.io/name: vastcsi
    app.kubernetes.io/instance: csi-driver
    app.kubernetes.io/version: "2.6.2"
    app.kubernetes.io/managed-by: Helm
---
# Source: vastcsi/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
<...>

Related articles