Back

Getting started

Remote Block Storage (RBS) is an external block-level storage volumes that can be mounted to Dedicated Servers or Kubernetes nodes.

This section outlines how to create and initialize a new RBS volume.

To create a new RBS volume:

  1. Log in to the customer portal and navigate to Remote Block Storage
  2. Click Order
  3. Select the storage location
  4. Choose a type of flavor
  5. Specify the desired volume size in gigabytes (minimum: 10 GB)

IOPS (Input/Output Operations Per Second) and bandwidth will be calculated automatically based on the selected size

  1. Enter a name for the volume
  2. Click Order to complete the request

The system will begin provisioning the volume. Once completed, the volume will be available for use.

RBS connection configuration

Linux

To connect a volume to a Linux dedicated server, follow the steps below. All the commands should be run under the root user.

Step 1: install the Internet Small Computer System Interface (iSCSI) package (if not done already)

  • Debian-based OS (Ubuntu, Debian) 
    apt install open-iscsi
    The target configuration path is: /etc/iscsi/nodes
  • RedHat-based OS (Rocky Linux, Alma Linux, CentOS) 
    yum install iscsi-initiator-utils
    The target configuration path is: /var/lib/iscsi/nodes

The target configuration path stores connection details for each discovered iSCSI target and supports automatic reconnection after reboot. If issues occur during login or reconfiguration, you can manually inspect or remove entries in this directory.

Step 2: discover the target volume

Run the discovery command:

iscsiadm -m discovery -t st -p <Volume IP>

<Volume IP> is an iSCSI Volume IP address.

You can find it in the customer portal under Remote Block Storage → Your volume → IP address.

The output will include the iSCSI target name, which looks like:

X.X.X.X:3260,1 iqn.1234-56.com.servers:12a34bcd-5678-9e12-3456-ex4mp1e

Where:

  • X.X.X.X - IP address of the iSCSI target (the server hosting the volume)
  • 3260 - default TCP port for iSCSI connections
  • 1 - target portal port index (1 - default value)
  • iqn.1234-56.com.servers:12a34bcd-5678-9e12-3456-ex4mp1e - IQN (iSCSI Qualified Name), which uniquely identifies the iSCSI target name

Step 3: configure authentication

Configure CHAP authentication parameters, by setting up a username and password:

iscsiadm -m node --targetname <Target name> -p <Volume IP>:3260 -o update -n node.session.auth.username -v <User>
iscsiadm -m node --targetname <Target name> -p <Volume IP>:3260 -o update -n node.session.auth.password -v <Password>

Replace <User> and <Password> parameters with credentials from Remote Block Storage → Your volume → Credentials → Click the Show button.

Enable auto-start for this connection (optional):

iscsiadm -m node --targetname <Target name> -p <Volume IP>:3260 -o update -n node.startup -v automatic

Step 4: log in to the target volume

Log in to the target volume:

iscsiadm -m node --targetname <Target name> -p <Volume IP>:3260 --login

After completing the login, a new block storage device will appear in the /dev directory, typically named in the sdX format (e.g., sdc). To identify device name, use the lsblk command.

Step 5: prepare the storage device

Format the new block storage device, create a file system (ext4 in our example) and mount it to a local directory such as /mnt/iscsi:

mkfs.ext4 -E lazy_itable_init=1 -E lazy_journal_init=1 /dev/<Device name>
mkdir /mnt/iscsi
mount /dev/<Device name> /mnt/iscsi

Replace <Device> with the actual device name from the previous step.

Step 6: set up auto-mounting after reboot (optional)

  • Get the UUID of the file system: 
    lsblk -f
  • Set up automatic mounting: 
    echo "UUID=<UUID value> /mnt ext4 _netdev 0 0" | tee --append /etc/fstab
    <UUID value> is the UUID of a file system from the previous request

Remote Block Storage has been set up.

Verify your storage

  1. Create a directory 
    sudo mkdir -p /mnt/iscsi
  2. Mount the device 
    sudo mount /dev/<Device name> /mnt/iscsi
  3. Navigate to the mount point: 
    cd /mnt/iscsi
  4. Create a test file: 
    nano /mnt/iscsi/test.txt
    To save and close:
    • Press Ctrl + O → then Enter (to save)
    • Press Ctrl + X (to exit Nano)
  5. Verify created file and its content 
    cat /mnt/iscsi/test.txt

Disconnecting remote block storage

To safely disconnect and avoid data loss:

  1. Identify mountpoints: 
    lsblk
    Example output: 
    NAME                     MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sdc                        8:32   0    10G  0 disk  /mnt/iscsi
                                                    /mnth
  2. Unmount all mountpoints: 
    sudo umount /mnt/iscsi
sudo umount /mnth
    If the device is busy, check which processes are using it: 
    lsof /mnt/iscsi
    End those processes or wait for any write operations to complete, then try unmounting again.
  3. Disconnect from the iSCSI target:
    • Check the current iSCSI session: 
      iscsiadm -m session
    • Log out from the target: 
      iscsiadm -m node --targetname <Target name> -p <Volume IP>:3260 --logout
    • Remove the target record (optional): 
      iscsiadm -m node --targetname <Target name> -p <Volume IP>:3260 -o delete
  4. Run lsblk again to ensure the block storage device is no longer listed

Windows

To connect a volume to a Windows Dedicated Server, follow the steps below.

Step 1: ensure Windows Firewall allows ports 860 and 3260

Using PowerShell
  1. Open PowerShell and run the following command: 
    Get-NetFirewallRule | Where-Object { $_.Direction -eq "Inbound" -and $_.Enabled -eq "True" } | Get-NetFirewallPortFilter | Where-Object { $_.Protocol -eq "TCP" -and ($_.LocalPort -eq 860 -or $_.LocalPort -eq 3260) }
  2. Add inbound rules for ports 860 and 3260: 
    New-NetFirewallRule -DisplayName "Allow iSCSI TCP 860" -Direction Inbound -Protocol TCP -LocalPort 3260 -Action Allow
New-NetFirewallRule -DisplayName "Allow iSCSI TCP 3260" -Direction Inbound -Protocol TCP -Lo
    To add outbound rules, repeat the same command with Outbound instead of Inbound.
Using the Windows interface
  1. Navigate to Control PanelSystem and SecurityWindows Defender Firewall
  2. Click Advanced Settings on the left
  3. Under Inbound Rules click New Rule
  4. Choose PortTCP, then enter 860, 3260
  5. Choose Allow the connection
  6. Name the rule (e.g., Allow iSCSI)
  7. Repeat the process under Outbound Rules

Step 2: configure the iSCSI service

  1. Before starting the iSCSI service, ensure it's set to run automatically:
    • Open the Microsoft Management Console (services.msc) by typing Services in the search bar
    • Locate Microsoft iSCSI Initiator Service, right-click → Properties
    • Set Startup type to Automatic, or use the following command: 
      Set-Service -Name MSiSCSI -StartupType Automatic
  2. Open the iSCSI Initiator by using the Control Panel or run iscsicpl.exe from PowerShell
  3. In the iSCSI Initiator properties window, navigate to the Discovery tab and click the Discovery Portal button
    Set the following:
    • IP address: <Volume IP>
    • Port: 3260 (default port)
      <Volume IP> is an iSCSI volume IP address
      You can find it on the volume details page: customer portalRemote Block Storage → Your volume → IP address
  4. Click Advanced button in the same window and set the following parameters:
    • Local Adapter: Microsoft iSCSI Initiator
    • Initiator IP: <GPN interface IP>
      <GPN interface IP> is a Global Private Network IP address assigned on an interface of your server
      Find <GPN interface IP> on your server's detail page Dedicated ServersManage → Your server → Private IP
  5. Click OK to apply the settings

      In the Targets tab, the new target volume will appear with Inactive status.

      Step 3: configure authorization

      1. Select the target volume from the previous step and click Connect
      2. Click Advanced and set the following parameters:
        • Local Adapter: Microsoft iSCSI Initiator
        • Initiator IP: <GPN interface IP>
        • Target Portal IP: <Volume IP>
        • Tick the Enable CHAP log on checkbox
        • Name: <User>
        • Target Secret: <Password>
          You can find <User> and <Password> on the volume details page: Remote Block Storage → Your volume → CredentialsShow
      3. Click OK to close and save changes

      Step 4: initialize the disk

      1. Right-click Start → select Disk Management
      2. Locate your iSCSI disk in the list
        If the disk is marked Offline, that means Windows detects it but does not activate new external disks by default (this is a data protection feature)
      3. Set the disk to online and initialize it:
        1. In Disk Management, locate the correct disk (e.g., Disk 2)
        2. Right-click on the left pane (not the "unallocated" area)
        3. In the context menu, select Online, then Initialize Disk

      You can now create partitions, assign a label or drive letter, and format to NTFS.

      To perform a quick initialization and format via PowerShell, use the following command:

      Get-Disk |Where-Object PartitionStyle -eq 'RAW' |Initialize-Disk -PartitionStyle MBR -PassThru |New-Partition -AssignDriveLetter -UseMaximumSize |Format-Volume -FileSystem NTFS -Confirm:$false

      Disconnecting remote block storage (iSCSI volume)

      To safely disconnect an iSCSI volume and prevent data loss, follow these steps:

      Step 1: take the volume offline via Disk Management

      1. Open Disk Management (search for diskmgmt.msc in the Start menu)
      2. Locate the disk associated with the iSCSI volume
      3. Right-click on the volume or partition → select Change Drive Letter and Paths...
      4. If a drive letter is assigned, remove it
      5. In the left-hand panel (e.g., Disk 2), right-click the disk → choose Offline

      Step 2: disconnect from the iSCSI target via iSCSI Initiator

      1. Open iSCSI Initiator (search for iscsicpl in the Start menu)
      2. In the Targets tab, locate the target with Status: Connected
      3. Select it and click Disconnect
      4. Confirm the action when prompted

      Step 3: remove the target from configuration (optional)

      1. Navigate to the Favorite Targets tab in iSCSI Initiator
      2. Select the disconnected target and click Remove

      This prevent Windows from automatically reconnecting to the target on startup.

      Kubernetes

      To connect a remote block storage (RBS) volume to a Kubernetes pod, follow the steps below.

      Step 1: create a CHAP secret

      1. Create a YAML file (e.g., chap-secret.yaml): 
        nano chap-secret.yaml
      2. Insert the following structure and adjust it to your environment: 
        apiVersion: v1
kind: Secret
metadata:
  name: <CHAP secret name>
type: "kubernetes.io/iscsi-chap"
data:
  node.session.auth.username: <base64-username>
  node.session.auth.password: <base64-password>
      3. Encode credentials in base64 before pasting them into the file: 
        echo -n '<Username>' | base64
echo -n '<Password>' | base64
        Replace:
        • <Username> and <Password> with the encoded values from the customer portalRemote Block Storage → Your volume → CredentialsShow
        • <CHAP secret name> with a name for the secret (e.g., chap-secret), which will be used later in the pod manifest
      4. Apply the secret to the cluster 
        kubectl apply -f chap-secret.yaml
        If successful, you will see: 
        secret/chap-secret created

      The CHAP secret is now ready to be referenced in your pod manifest.

      Step 2: define a pod that mounts the block storage

      1. Create a pod manifest file (e.g., pod-manifest.yaml): 
        nano pod-manifest.yaml
      2. Use the following configuration as a base (adjusted as needed): 
        apiVersion: v1
kind: Pod
metadata:
  name: <Pod name>
spec:
  containers:
  - name: <Container name>
    image: <Image name>
    imagePullPolicy: IfNotPresent
    command: ["sleep", "3600"]
    volumeMounts:
    - mountPath: "/mnt/<Folder>"
      name: <Volume name>
  volumes:
  - name: <Volume name>
    iscsi:
      targetPortal: <Volume IP>
      iqn: <Target name>
      lun: 0
      fsType: <File system>
      readOnly: false
      chapAuthDiscovery: false
      chapAuthSession: true
      secretRef:
        name: <CHAP secret name>
        Replace placeholders with actual values:

        Placeholder

        Description

        <Pod name>

        Name of the pod (e.g., iscsi-demo-pod)

        <Container name>

        Name of the container inside the pod

        <Image name>

        Container image name (e.g., nginx)

        <Folder>

        Mount path inside the container (e.g., /mnt/storage)

        <Volume name>

        Volume name inside the pod

        <Volume IP>

        IP address of the iSCSI target

        <Target name>

        IQN of the target (e.g., iqn.2024-10.com.servers:abc123)

        <File system>

        Filesystem type (typically ext4)

        <CHAP secret name>

        Name of the CHAP secret object from the previous step
        You can find <Volume IP> and <Target name> in the customer portal on the block storage details page
      3. Apply the configuration: 
        kubectl apply -f pod-manifest.yaml
      4. If successful, you will see: 
        pod/iscsi-demo-pod created

      Step 3: verify your storage

      1. Confirm the pod is running: 
        kubectl get pods
      2. Check container status: 
        kubectl get pod iscsi-demo-pod -o wide
        Statuses:
        • Running - container is successfully launched and the volume is mounted
        • ContainerCreating - the pod is still initializing
        • CrashLoopBackOff - check the container's command, logs, or volume errors. You can get more details using the kubectl describe pod <Pod name> command
      3. Exec into the pod and check the mount: 
        kubectl exec -it iscsi-demo-pod -- sh
      4. Once inside the pod: 
        ls /mnt/storage

      If everything was set up correctly, you should see the contents of the mounted iSCSI volume.

      Disconnecting remote block storage (iSCSI volume)

      Step 1: identify the node where the volume is mounted

      Before deleting the pod, determine the node it runs on:

      kubectl get pod <Pod name> -o wide

      This will show something like:

      NAME             READY   STATUS    RESTARTS   AGE   IP           NODE
iscsi-demo-pod   1/1     Running   0          1h    172.31.x.x   10.20.30.40

      Step 2: log in to the worker node that mounted the volume via SSH

      ssh <user>@<node IP>

      Step 3: Log out from the iSCSI target

      1. After connecting to the node, list active sessions: 
        sudo iscsiadm -m session
      2. Disconnect the storage: 
        sudo iscsiadm -m node -T <Target IQN> -p <Volume IP> --logout
        Replace <Target IQN> and <Volume IP> with actual values from the list of active sessions
      3. Run the session list command again to make sure the storage was successfully disconnected

      Step 4: delete the pod

      This command must be executed from your workstation or any machine with kubectl access, not on the Kubernetes node.

      Once logout is complete:

      kubectl delete pod iscsi-demo-pod

      Step 5: remove the CHAP secret (optional)

      kubectl delete secret chap-secret

      Suggested Articles