orchesto-csi in kubernetes - preview


⚠️ orchesto-csi is currently in preview and not meant for production use

This guide contains instructions on how to deploy orchesto-csi to your kubernetes cluster.

When you are done you will have a pod running in your cluster using Orchesto as csi backend.

Deployment files written for kubernetes 17.2.


Clone our orchesto-csi repo orchesto-csi

Update the configmap containing license.json in orchesto/orchesto.yaml with your license key.

Create a new namespace in your kubernetes cluster

kubectl create ns orchesto


Deploy Postgres

kubectl apply -f orchesto/postgres.yaml


Run deployment

kubectl apply -f orchesto/orchesto.yaml

Configure port-forwarding

$ kubectl -n orchesto port-forward deployments/orchesto-gateway 9090:9090
Forwarding from -> 9090
Forwarding from [::1]:9090 -> 9090

Visit your orchesto gateway through the browser. Rember to store your Access Key and Secret Access Key. Click continue without Vault.

Configure Orchesto through the ui

  1. Add backend

If you forgot to store your access key and secret key you can retrieve them like so:

$ kubectl -n orchesto logs deployment/orchesto-gateway|grep 'Username:' -A 2
  Username:            admin
  Access Key:          AIKAVL8J0KTHK95ASIUN
  Secret Key/Password: EQF8fUOO3jaZMnk5vxxotVIrMt5XHibaCk50OHX5

CSI driver

Go ahead and deploy our csi-driver to your cluster


kubectl apply -f csi/provisioner.yaml


kubectl apply -f csi/attacher.yaml

Make sure the attacher and provisioner is up and ready before continuing

deploy csi-s3

kubectl apply -f csi/csi-s3.yaml

and a storage class

kubectl apply -f csi/storageclass.yaml

Persistent Volume Claim

Creating a pvc requires some editing of pvc/pvc.yaml. Edit the fields accessKeyID, secretAccessKey and region with the correct values. The region value must match the region of your backend that was configured in the step Orchesto, above. The region must match the region of your backend that was configured in Orchesto.

You can find the region in the dashboard

When the pvc.yaml file is updated go ahead and apply it.

kubectl apply -f pvc/pvc.yaml


Launch a pod

kubectl apply -f pod/pod.yaml


Create a secret file

$ kubectl exec -n orchesto -it orchesto-pod -- bash
root@orchesto-pod:/# echo "My very secret secret stored in the cloud" > /var/lib/www/html/secret.txt
  1. Visit your backend CSP ☁️ and look at the files in the bucket you created.
  2. Visit your orchesto gateway bucket and download your file and open it