Adding an IBM COS namespace bucket using YAML

Add an IBM COS namespace bucket using a YAML file.

Before you begin

Procedure

  1. Create a secret with the credentials:
    apiVersion: v1
    kind: Secret
    metadata:
      name: <namespacestore-secret-name>
      type: Opaque
    data:
      IBM_COS_ACCESS_KEY_ID: <IBM COS ACCESS KEY ID ENCODED IN BASE64>
      IBM_COS_SECRET_ACCESS_KEY: <IBM COS SECRET ACCESS KEY ENCODED IN BASE64>
    namespacestore-secret-name

    A unique NamespaceStore name.

    IBM COS ACCESS KEY ID ENCODED IN BASE64
    IBM COS SECRET ACCESS KEY ENCODED IN BASE64
    You must provide and encode your own IBM COS access key ID and secret access key using Base64, and use the results in place of IBM COS ACCESS KEY ID ENCODED IN BASE64 and IBM COS SECRET ACCESS KEY ENCODED IN BASE64
  2. Create a NamespaceStore resource using OpenShift custom resource definitions (CRDs).
    A NamespaceStore represents underlying storage to be used as a read or write target for the data in the MCG namespace buckets.
    To create a NamespaceStore resource, apply the following YAML:
    apiVersion: noobaa.io/v1alpha1
    kind: NamespaceStore
    metadata:
      finalizers:
      - noobaa.io/finalizer
      labels:
        app: noobaa
      name: bs
      namespace: openshift-storage
    spec:
      s3Compatible:
        endpoint: <IBM COS ENDPOINT>
        secret:
          name: <namespacestore-secret-name>
          namespace: <namespace-secret>
        signatureVersion: v2
        targetBucket: <target-bucket>
      type: ibm-cos
    IBM COS ENDPOINT

    The appropriate IBM COS endpoint.

    namespacestore-secret-name

    The secret created in step 1.

    namespace-secret

    The namespace where the secret can be found.

    target-bucket

    The target bucket you created for the NamespaceStore.

  3. Create a namespace bucket class that defines a namespace policy for the namespace buckets.
    The namespace policy requires a type of either single or multi.
    • A namespace policy of type single requires the following configuration:

      apiVersion: noobaa.io/v1alpha1
      kind: BucketClass
      metadata:
        labels:
          app: noobaa
        name: <my-bucket-class>
        namespace: openshift-storage
      spec:
        namespacePolicy:
          type:
          single:
            resource: <resource>
      my-bucket-class

      The unique namespace bucket class name.

      resource

      The name of a single NamespaceStore that defines the read and write target of the namespace bucket.

    • A namespace policy of type multi requires the following configuration:
      apiVersion: noobaa.io/v1alpha1
      
      kind: BucketClass
      metadata:
        labels:
          app: noobaa
        name: my-bucket-class
        namespace: openshift-storage
      spec:
        namespacePolicy:
          type: Multi
          multi:
            writeResource: <write-resource>
            readResources:
            - <read-resources>
            - <read-resources>
      my-bucket-class

      A unique bucket class name.

      write-resource

      The name of a single NamespaceStore that defines the write target of the namespace bucket.

      read-resources

      A list of the names of the NamespaceStores that defines the read targets of the namespace bucket.

  4. Create a bucket using an Object Bucket Class (OBC) resource.
    Use the bucket class defined in the earlier step using the following YAML:
    apiVersion: objectbucket.io/v1alpha1
    kind: ObjectBucketClaim
    metadata:
      name: <resource-name>
      namespace: openshift-storage
    spec:
      generateBucketName: <my-bucket>
      storageClassName: openshift-storage.noobaa.io
      additionalConfig:
        bucketclass: <my-bucket-class>
    resource-name

    The name you want to give to the resource.

    my-bucket

    The name you want to give to the bucket.

    my-bucket-class

    The bucket class created in the previous step.

    After the OBC is provisioned by the operator, a bucket is created in the MCG, and the operator creates a Secret and ConfigMap with the same name and in the same namespace as that of the OBC.