Custom Storage Provider Setup

Custom storage providers give administrators the ability to create free-form configurations that create docker volumes and then map them into containers.

Configuration is largely instrumented through the Volume Config and Mount Config options in accordance with any desired docker volume plugin and driver options.

Unlike the other providers, Storage Mappings for Custom Storage Providers may only be configured by administrators. No settings are exposed on the Storage Mappings for Custom Storage Providers, so they only service as an association by the admin to a Workspace, Group, or User.

S3 Example

In this example, we take advantage of the Variable Substitution in order for each user to get their own storage location.

Name	`Custom Provider`
Storage Provider Type	`Custom`
Enabled	`checked`
Default Target	`/custom-{username}`
Volume Config (S3 Example)	{ "driver" : "rclone", "driver_opts" : { "type" : "s3", "path" : "bucket-name/folder/{user_id}", "vfs-cache-mode": "off", "dir-cache-time": "10s", "s3-provider" : "AWS", "s3-env-auth" : "false", "s3-access-key-id": "--redacted--", "s3-secret-access-key": "--redacted--", "s3-region" : "us-east-1", "uid" : "1000", "gid" : "1000", "allow_other" : "true" } }
Mount Config	`{}`

S3 + File Based Encryption Example

In this example, we leverage the rclone storage driver’s ability to utilize Crypt Remote as a wrapper around the S3 example from above. This builds on the previous example by implementing file based encryption on each user’s files. Files are transparently encrypted/decrypted when utilized in the Kasm session. Files are obfuscated and encrypted when viewed from the S3 console.

../../_images/encrypted_file.png — **Encrypted File**

../../_images/obfuscated_filename.png — **Obfuscated Filename of Encrypted File**

Name	`Custom Provider`
Storage Provider Type	`Custom`
Enabled	`checked`
Default Target	`/custom-{username}`
Volume Config (S3 Example)	{ "driver" : "rclone", "driver_opts" : { "type" : "crypt", "vfs-cache-mode": "off", "dir-cache-time": "10s", "crypt-filename-encryption": "standard", "crypt-password": "{user_crypt_password}", "crypt-password2": "{user_crypt_salt}", "crypt-remote": ":s3,provider=AWS,env_auth=false,access_key_id=--redacted--,secret_access_key=--redacted--,region=us-east-1:bucket-name/folder/{user_id}" "uid" : "1000", "gid" : "1000", "allow_other" : "true" } }
Mount Config	`{}`

Azure Blob Example

The Azure Blob Storage Account Name and Key can be found in the Security + networking -> Access keys section. More info on the Azure Blob paremeters can be found in the Rclone Azure blob documentation

Name	`Custom Provider`
Storage Provider Type	`Custom`
Enabled	`checked`
Default Target	`/custom`
Volume Config (Azure Blob Example)	{ "driver" : "rclone", "driver_opts" : { "type" : "azureblob", "path" : "container-name", "azureblob-account" : "storage-account-name", "azureblob-key" : "storage-key", "uid" : "1000", "gid" : "1000", "allow_other" : "true" } }
Mount Config	`{}`

../../_images/azure_blob.png — **Add Storage Mapping**

SMB/CIFS Example

More info on the SMB parameters can be found in the Rclone SMB documentation
The smb-pass option needs to be obscured value produced via the Rclone Obscure utility. Install the latest version of rclone on a separate system and utilize the rlone obscure utility to generate the obscured password to use in the configuration.

Name	`Custom Provider`
Storage Provider Type	`Custom`
Enabled	`checked`
Default Target	`/custom`
Volume Config (SMB Example)	{ "driver" : "rclone", "driver_opts" : { "type" : "smb", "path" : "optional/share/path", "smb-host" : "192.168.1.2", "smb-user" : "username", "smb-pass" : "--obscured-pass-with-rclone-obscure--", "smb-domain" : "WORKGROUP", "uid" : "1000", "gid" : "1000", "allow_other" : "true" } }
Mount Config	`{}`

Note

Many of the storage provider examples include default storage driver options used by rclone. These have been observed to work well with Kasm in its default configuration, but may be adjusted by adminstrators as needed. Please note, the available options often vary based on provider plugin (e.g Gdrive vs OneDrive)

The Rclone Docker Plugin is installed by default as part the standard Workspace install.

More information about rclone driver options may be found at https://rclone.org/docker/

Digital Ocean Spaces Example

Name	`Custom Provider`
Storage Provider Type	`Custom`
Enabled	`checked`
Default Target	`/custom`
Volume Config (S3 Example)	{ "driver" : "rclone", "driver_opts" : { "type" : "s3", "path" : "bucket-name/folder/", "vfs-cache-mode": "off", "dir-cache-time": "10s", "s3-provider" : "DigitalOcean", "s3-env-auth" : "false", "s3-access-key-id": "--redacted--", "s3-secret-access-key": "--redacted--", "s3-endpoint": "fra1.digitaloceanspaces.com", "uid" : "1000", "gid" : "1000", "allow_other" : "true" } }
Mount Config	`{}`

Google Cloud Storage Example

Name	`Custom Provider`
Storage Provider Type	`Custom`
Enabled	`checked`
Default Target	`/custom`
Volume Config (S3 Example)	{ "driver" : "rclone", "driver_opts" : { "type" : "s3", "path" : "bucket-name/folder/", "vfs-cache-mode": "off", "dir-cache-time": "10s", "s3-provider" : "GCS", "s3-env-auth" : "false", "s3-access-key-id": "--redacted--", "s3-secret-access-key": "--redacted--", "s3-endpoint": "https://storage.googleapis.com", "uid" : "1000", "gid" : "1000", "allow_other" : "true" } }
Mount Config	`{}`

Create Storage Mapping

Storage Mappings for Custom Storage Providers can only be configured by Administrators.

From the Workspaces app , select the desired Workspace, User or Group to associate with the Storage Mapping.
Select Storage Mapping tab and select Add Storage Mapping.

../../_images/add_storage_mapping.png — **Add Storage Mapping**

Select the Custom Storage Provider from the Type dropdown and select Next

../../_images/custom_storage_mapping.png — **Configure Storage**

Launch a new container-based session. Verify the Custom storage is mapped inside the session at the /custom location.

../../_images/files.png — **Custom Mount**