Installing in GKE Cluster

If you are installing Stash on a GKE cluster, you will need cluster admin permissions to install Stash operator. Run the following command to grant admin permision to the cluster.

$ kubectl create clusterrolebinding "cluster-admin-$(whoami)" \
  --clusterrole=cluster-admin                                 \
  --user="$(gcloud config get-value core/account)"

In addition, if your GKE cluster is a private cluster, you will need to either add an additional firewall rule that allows master nodes access port 8443/tcp on worker nodes, or change the existing rule that allows access to ports 443/tcp and 10250/tcp to also allow access to port 8443/tcp. The procedure to add or modify firewall rules is described in the official GKE documentation for private clusters mentioned before.

Configuring Network Volume Accessor

For network volume such as NFS, Stash needs to deploy a helper deployment in the same namespace as the Repository that uses the NFS as backend to provide Snapshot listing facility. We call this helper deployment network volume accessor. You can configure its resources, user id, privileged permission etc. Run the following command to enable network volume accessor,

New Installation

If you haven’t installed Stash yet, run the following command to configure the network volume accessor during installation

$ helm upgrade -i stash oci://ghcr.io/appscode-charts/stash \
  --version v2024.9.30 \
  --namespace stash --create-namespace \
  --set features.enterprise=true \
  --set stash-enterprise.netVolAccessor.cpu=200m \
  --set stash-enterprise.netVolAccessor.memory=128Mi \
  --set stash-enterprise.netVolAccessor.runAsUser=0 \
  --set stash-enterprise.netVolAccessor.privileged=true \
  --set-file global.license=/path/to/license-file.txt \
  --wait --burst-limit=10000 --debug

Existing Installation

If you have installed Stash already in your cluster but didn’t configure the network volume accessor, you can use helm upgrade command to configure it in the existing installation.

$ helm upgrade -i stash oci://ghcr.io/appscode-charts/stash \
  --version v2024.9.30 \
  --namespace stash --create-namespace \
  --reuse-values \
  --set features.enterprise=true \
  --set stash-enterprise.netVolAccessor.cpu=200m \
  --set stash-enterprise.netVolAccessor.memory=128Mi \
  --set stash-enterprise.netVolAccessor.runAsUser=0 \
  --set stash-enterprise.netVolAccessor.privileged=true \
  --set-file global.license=/path/to/license-file.txt \
  --wait --burst-limit=10000 --debug

Detect Stash version

To detect Stash version, exec into the operator pod and run stash version command.

$ POD_NAMESPACE=kube-system
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=stash-community -o jsonpath={.items[0].metadata.name})
$ kubectl exec $POD_NAME -c operator -n $POD_NAMESPACE -- /stash version

Version = v2024.9.30
VersionStrategy = tag
Os = alpine
Arch = amd64
CommitHash = 85b0f16ab1b915633e968aac0ee23f877808ef49
GitBranch = release-0.5
GitTag = v2024.9.30
CommitTimestamp = 2020-08-10T05:24:23

$ kubectl exec -it $POD_NAME -c operator -n $POD_NAMESPACE restic version
restic 0.9.6
compiled with go1.9 on linux/amd64