Dynamic Object Bucket Claim

Similar to Persistent Volumes, you can add the details of the Object Bucket claim (OBC) to your application’s YAML, and get the object service endpoint, access key, and secret access key available in a configuration map and secret. It is easy to read this information dynamically into environment variables of your application. Use this information to add the details of the Object Bucket claim (OBC) to your application’s YAML.

About this task

Note: The Multicloud Object Gateway endpoints uses self-signed certificates only if OpenShift uses self-signed certificates. Using signed certificates in OpenShift automatically replaces the Multicloud Object Gateway endpoints certificates with signed certificates. Get the certificate currently used by Multicloud Object Gateway by accessing the endpoint via the browser. For more information, see Accessing the Multicloud Object Gateway with your applications.

Procedure

  1. Add the following line to your application YAML:
    These lines are the OBC itself.
    apiVersion: objectbucket.io/v1alpha1
    kind: ObjectBucketClaim
    metadata:
      name: <obc-name>
    spec:
      generateBucketName: <obc-bucket-name>
      storageClassName: openshift-storage.noobaa.io
    <obc-name>
    Use a unique OBC name.
    <obc-bucket-name>
    Use a unique bucket name for your OBC.
  2. To automate the use of OBC, add more lines to the YAML file.
    For example:
    apiVersion: batch/v1
    kind: Job
    metadata:
      name: testjob
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - image: <your application image>
              name: test
              env:
                - name: BUCKET_NAME
                  valueFrom:
                    configMapKeyRef:
                      name: <obc-name>
                      key: BUCKET_NAME
                - name: BUCKET_HOST
                  valueFrom:
                    configMapKeyRef:
                      name: <obc-name>
                      key: BUCKET_HOST
                - name: BUCKET_PORT
                  valueFrom:
                    configMapKeyRef:
                      name: <obc-name>
                      key: BUCKET_PORT
                - name: AWS_ACCESS_KEY_ID
                  valueFrom:
                    secretKeyRef:
                      name: <obc-name>
                      key: AWS_ACCESS_KEY_ID
                - name: AWS_SECRET_ACCESS_KEY
                  valueFrom:
                    secretKeyRef:
                      name: <obc-name>
                      key: AWS_SECRET_ACCESS_KEY
    The example is the mapping between the bucket claim result, which is a configuration map with data and a secret with the credentials. This specific job claims the Object Bucket from NooBaa, which creates a bucket and an account.
    <obc-name>
    Use your OBC name.
    <your application image>
    Use your application image.
  3. Apply the updated YAML file, where <yaml.file> is the name of your YAML file.
    oc apply -f <yaml.file>
  4. To view the new configuration map, run the following command, where <obc-name> is the name of your OBC.
    oc get cm <obc-name> -o yaml
    Expect the following environment variables in the output:
    BUCKET_HOST
    Endpoint to use in the application.
    BUCKET_HOST
    The port is related to the BUCKET_HOST. For example, if the BUCKET_HOST is https://my.example.com, and the BUCKET_PORT is 443, the endpoint for the object service would be https://my.exaple.com:443.
    BUCKET_NAME
    Requested or generated bucket name.
    AWS_ACCESS_KEY_ID
    Access key that is part of the credentials.
    AWS_SECRET_ACCESS_KEY
    Secret access key that is part of the credentials.
    Important: Retrieve the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. The names are used so that it is compatible with the AWS S3 API. You need to specify the keys while performing S3 operations, especially when you read, write or list from the Multicloud Object Gateway (MCG) bucket. The keys are encoded in Base64.
    Decode the keys before using them, using the following command, where <obc_name> specifies the name of the object bucket claim:
    oc get secret <obc_name> -o yaml