Mount drives and cloud storage

Table of Contents

Instabase supports integration with a variety of file systems and databases. Mounting drives and cloud storage within a subspace lets you access existing, external data for use in Instabase apps and projects. By default, the drive Instabase Drive is mounted in every subspace, but you can mount additional drives to access other file systems.

The following storage systems and providers are supported:

Amazon S3
Azure Blob Storage
Google Cloud Storage
Local file storage (including Network File System (NFS))

Note

SaaS deployments do not support mounting NFS file storage or local file storage.

Mount a new drive

To mount a new drive

Open the Explorer app (All apps > Explorer).
In Explorer, select the subspace where you want to mount the drive.
Click + New Drive.
Click Select service and select a file storage provider.
Enter the required information and credentials. Refer to the following sections for setting descriptions.
Click Mount.

Amazon S3

When configuring Amazon S3 for file storage (select Amazon S3 as the Service type), the following settings are available:

Setting	Required	Value
Mount Name	Required	A name for the mount.
S3 Server URL	Required	The URL of your Amazon S3 instance. The URL must follow this format: `https://s3.[your region code].amazonaws.com`. Do not include the bucket name in the URL. Examples of valid URLs include `https://s3.us-west-2.amazonaws.com` and `https://s3.us-east-1.amazonaws.com`. See the AWS Virtual hosting of buckets documentation for more information.
S3 Server Port	Suggested to accept default.	The port for registration and authentication using HTTPS.
S3 Server Is Secure	Suggested to accept default.	Defines whether to use HTTP or HTTPS to communicate with S3 resources. Setting to `True` enables using HTTPS. We recommend always having S3 Server Is Secure set to `True`. This setting must be disabled only for testing or non-production environments.
S3 Server Validate Certificate	Suggested to accept default.	Defines whether the S3 certificate must be validated on every request. Defaults to `True`, but can be set to `False` for troubleshooting, testing, or if there is no valid certificate file.
Use AWS Access Credentials	Optional	This setting is optional and can’t be used if you set up an IAM role to access the S3 bucket in your Kubernetes deployment.
Access Key ID	Required if Use AWS Access Credentials is enabled.	Your AWS Identity and Access Management (IAM) key.
Secret Access Key	Required if Use AWS Access Credentials is enabled.	Your AWS IAM secret key.
Bucket Name	Required	The name of the S3 bucket to use for file storage.
AWS Region	Required	The region code for your AWS account. For example, `us-east-2`. To see a full list of region codes, see the AWS Regions and zones documentation. Default value is `us-east-1`.
Path to Mount	Optional	A prefix to mount all files in the S3 bucket. Leave empty to accept default (mounting to root).
Encryption Type	Required	Select the client-side encryption type. (See the encryption documentation for details on Instabase client-side encryption.) - None: No additional client-side encryption. - KMS Encryption: The master key is used to encrypt a symmetric data key, which is used to encrypt document contents on writes. Warning Enabling encryption (selecting an option other than None) encrypts all files written to the drive.
Server-side Encryption Type	Required	Select the server-side encryption type. - None: No server-side encryption. - SE SSA (AES256): Use Amazon-managed server-side encryption of files. - S3 KMS: Use Amazon KMS for server-side encryption of files.
Server Side Encryption KMS Key ID	Visible and required when Server-side Encryption Type is set to S3 KMS.	The Amazon resource name (ARN) for the KMS key. Note See the AWS Finding the key ID and key ARN documentation for more information.
Use Hitachi Content Platform S3 Storage	Optional	Select to mount a Hitachi Content Platform (Hitachi Vantara) S3 drive.

Azure Blob Storage

When configuring Azure Blob Storage for file storage (select Azure Blob Storage as the Service type), the following settings are available:

Setting	Required	Value
Mount Name	Required	A name for the mount.
Container Name	Required	The name of your Azure Blob Storage container.
Auth method	Required	The authentication method to use when connecting to your storage. Available options are connection string and service principal.
Connection string	Visible and required if Auth method is set to Connection string.	The connection string for your Azure storage account.
Service URL	Visible and required if Auth method is set to Service principal.	The endpoint for the Blob Service registered to the container’s storage account, such as https://.blob.core.windows.net/
Tenant ID	Visible and required if Auth method is set to Service principal.	The tenant ID for the service principal.
Client ID	Visible and required if Auth method is set to Service principal.	The client ID for the service principal.
Client secret	Visible and required if Auth method is set to Service principal.	The client secret for the service principal.

Google Cloud Storage

Note

Support for Google Cloud Storage is generally available as of release 23.04.

When configuring Google Cloud Storage for file storage (select Google Cloud Storage as the Service type), the following settings are available:

Setting	Required	Value
Mount Name	Required	A name for the mount.
Bucket Name	Required	The name of your Google Cloud Storage bucket.
Path to Mount	Optional	A prefix to mount all files in the Google Cloud Storage bucket. Leave empty to accept default (mounting to root).
Upload the private key file for your Google Cloud Storage service account	Required	The credentials for your Google Cloud Storage service account. Upload the credentials as a `.json` file. See the instructions below for additional support.
Server-side Encryption Type	Required	Select the server-side encryption type. - GCS AES-256: Uses Google-managed server-side encryption of files. - GCS KMS: Uses Google Cloud KMS for server-side encryption of files. If this option is chosen, a valid Server Side Encryption KMS Key ID is required.
Server Side Encryption KMS Key ID	Required when Server-side Encryption Type is set to GCS KMS, otherwise optional.	Displays when Server-side Encryption Type is set to GCS KMS. The Cloud KMS Resource ID. Info See the Google Cloud Getting a Cloud KMS Resource ID documentation for additional information.

To configure a Google Cloud Storage service account:

From the Google Cloud console, create a Google Cloud Storage bucket with uniform access control. For improved security, create it as a private bucket.
Create a service account in Google Cloud’s Identity and Access Management (IAM) system.
In the Google Cloud console, create a key pair for the service account, selecting JSON as the key type.
Download the JSON credentials file for the service account.
Assign the service account the Storage Admin and Storage Object Admin roles for bucket access.

Info

More detailed instructions can be found in the Google IAM permission documentation.
Find the Client ID for the service account (available on the Service accounts page).
Using a Google Workplace administrator account, search for the service account’s client ID, and grant the service account access to the Google Cloud Platform OAuth scope www.googleapis.com/auth/cloud-platform.

Info

More detailed instructions can be found in the Google service account documentation.

You can now complete the Mount a new drive steps, selecting Google Cloud Storage as the Service type, and uploading your JSON credentials file to the Upload the private key file for your Google Cloud Storage service account field.

Local file storage

When configuring local file storage (select Local file storage as the Service type), the following settings are available:

Setting	Required	Value
Mount Name	Required	A name for the mount.
Path to Mount	Optional	Define the local file path to mount, referencing the file path for the computer hosting the Instabase instance.
Encryption Type	Required	Select the client-side encryption type. (See the encryption documentation for details on Instabase client-side encryption.) - None: No client-side encryption. - KMS Encryption: The master key is used to encrypt a symmetric data key, which is used to encrypt document contents on writes. Warning Enabling encryption (selecting an option other than None) encrypts all files written to the drive.

NFS file storage

NFS file storage is mounted the same way as local file storage (select Local file storage as the Service type), with some notes:

For security reasons, NFS storage systems are mountable only after they are first mounted as a Kubernetes Persistent Volume Claim (PVC).
In addition to specifying the mount path in the Path to Mount field, the path must also be specified via the environment variable REPO_LOCAL_MOUNT_DIR in core-platform-service.
The Encryption Type setting must match the NFS drive configuration.

To enable mounting an NFS drive as local file storage:

In your Kubernetes account, create a Kubernetes PVC for the NFS drive at some path, such as /data/drive1.
In the deployment-core-platform-service service, set the REPO_LOCAL_MOUNT_DIR value to the NFS drive’s mount path; in this example /data/ or /data/drive1.

Note

For deployments using Deployment Manager, refer to the configuration management documentation for instructions on using a patch to update a service’s configuration.
Complete the mount a new drive steps, selecting Local file storage as the Service type, and defining the Path to Mount as the NFS drive’s mount path.

Rename a mounted drive

To rename an existing drive:

Open the Explorer app (All apps > Explorer).
Hover over the drive to rename, and click the Settings (gear) icon that displays.
Click to expand the Rename section.
Enter a new name, and click Rename.

Remove a mounted drive

To remove a drive:

Open the Explorer app (All apps > Explorer).
Hover over the drive to remove, and click the Settings (gear) icon that displays.
Click to expand the Unmount section.
Click Unmount.