Similar to Persistent Volumes, you can add the details of the Object Bucket claim (OBC)
to your application’s YAML, and get the object service endpoint, access key, and secret access key
available in a configuration map and secret. It is easy to read this information dynamically into
environment variables of your application. Use this information to add the details of the Object
Bucket claim (OBC) to your application’s YAML.
About this task
Note: The Multicloud Object Gateway endpoints uses self-signed certificates only if OpenShift uses
self-signed certificates. Using signed certificates in OpenShift automatically replaces the
Multicloud Object Gateway endpoints certificates with signed certificates. Get the certificate
currently used by Multicloud Object Gateway by accessing the endpoint via the browser. For more
information, see
Accessing the Multicloud Object Gateway with your applications.
Procedure
-
Add the following line to your application YAML:
These lines are the OBC itself.
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: <obc-name>
spec:
generateBucketName: <obc-bucket-name>
storageClassName: openshift-storage.noobaa.io
- <obc-name>
- Use a unique OBC name.
- <obc-bucket-name>
- Use a unique bucket name for your OBC.
- To automate the use of OBC, add more lines to the YAML file.
For example:
apiVersion: batch/v1
kind: Job
metadata:
name: testjob
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- image: <your application image>
name: test
env:
- name: BUCKET_NAME
valueFrom:
configMapKeyRef:
name: <obc-name>
key: BUCKET_NAME
- name: BUCKET_HOST
valueFrom:
configMapKeyRef:
name: <obc-name>
key: BUCKET_HOST
- name: BUCKET_PORT
valueFrom:
configMapKeyRef:
name: <obc-name>
key: BUCKET_PORT
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: <obc-name>
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: <obc-name>
key: AWS_SECRET_ACCESS_KEY
The example is the mapping between the bucket claim result, which is a configuration map with
data and a secret with the credentials. This specific job claims the Object Bucket from NooBaa,
which creates a bucket and an account.
- <obc-name>
- Use your OBC name.
- <your application image>
- Use your application image.
- Apply the updated YAML file, where <yaml.file> is the name of your
YAML file.
- To view the new configuration map, run the following command, where
<obc-name> is the name of your OBC.
oc get cm <obc-name> -o yaml
Expect the following environment variables in the output:
- BUCKET_HOST
- Endpoint to use in the application.
- BUCKET_HOST
- The port is related to the BUCKET_HOST. For example, if the
BUCKET_HOST
is https://my.example.com
, and the
BUCKET_PORT
is 443, the endpoint for the object service would be
https://my.exaple.com:443
.
- BUCKET_NAME
- Requested or generated bucket name.
- AWS_ACCESS_KEY_ID
- Access key that is part of the credentials.
- AWS_SECRET_ACCESS_KEY
- Secret access key that is part of the credentials.
Important: Retrieve the
AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY. The names are used so that it is compatible with the AWS
S3 API. You need to specify the keys while performing S3 operations, especially when you read, write
or list from the Multicloud Object Gateway (MCG) bucket. The keys are encoded in Base64.
Decode
the keys before using them, using the following command, where
<obc_name>
specifies the name of the object bucket
claim:
oc get secret <obc_name> -o yaml