Installing in GKE Cluster
If you are installing Stash on a GKE cluster, you will need cluster admin permissions to install Stash operator. Run the following command to grant admin permision to the cluster.
$ kubectl create clusterrolebinding "cluster-admin-$(whoami)" \
--clusterrole=cluster-admin \
--user="$(gcloud config get-value core/account)"
In addition, if your GKE cluster is a private cluster, you will need to either add an additional firewall rule that allows master nodes access port 8443/tcp
on worker nodes, or change the existing rule that allows access to ports 443/tcp
and 10250/tcp
to also allow access to port 8443/tcp
. The procedure to add or modify firewall rules is described in the official GKE documentation for private clusters mentioned before.
Configuring Network Volume Accessor
For network volume such as NFS, Stash needs to deploy a helper deployment in the same namespace as the Repository that uses the NFS as backend to provide Snapshot listing facility. We call this helper deployment network volume accessor. You can configure its resources, user id, privileged permission etc. Run the following command to enable network volume accessor,
New Installation
If you haven’t installed Stash yet, run the following command to configure the network volume accessor during installation
$ helm upgrade -i stash oci://ghcr.io/appscode-charts/stash \
--version v2025.1.9 \
--namespace stash --create-namespace \
--set features.enterprise=true \
--set stash-enterprise.netVolAccessor.cpu=200m \
--set stash-enterprise.netVolAccessor.memory=128Mi \
--set stash-enterprise.netVolAccessor.runAsUser=0 \
--set stash-enterprise.netVolAccessor.privileged=true \
--set-file global.license=/path/to/license-file.txt \
--wait --burst-limit=10000 --debug
Existing Installation
If you have installed Stash already in your cluster but didn’t configure the network volume accessor, you can use helm upgrade
command to configure it in the existing installation.
$ helm upgrade -i stash oci://ghcr.io/appscode-charts/stash \
--version v2025.1.9 \
--namespace stash --create-namespace \
--reuse-values \
--set features.enterprise=true \
--set stash-enterprise.netVolAccessor.cpu=200m \
--set stash-enterprise.netVolAccessor.memory=128Mi \
--set stash-enterprise.netVolAccessor.runAsUser=0 \
--set stash-enterprise.netVolAccessor.privileged=true \
--set-file global.license=/path/to/license-file.txt \
--wait --burst-limit=10000 --debug
Detect Stash version
To detect Stash version, exec into the operator pod and run stash version
command.
$ POD_NAMESPACE=kube-system
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=stash-community -o jsonpath={.items[0].metadata.name})
$ kubectl exec $POD_NAME -c operator -n $POD_NAMESPACE -- /stash version
Version = v2025.1.9
VersionStrategy = tag
Os = alpine
Arch = amd64
CommitHash = 85b0f16ab1b915633e968aac0ee23f877808ef49
GitBranch = release-0.5
GitTag = v2025.1.9
CommitTimestamp = 2020-08-10T05:24:23
$ kubectl exec -it $POD_NAME -c operator -n $POD_NAMESPACE restic version
restic 0.9.6
compiled with go1.9 on linux/amd64