Using an AppCat Object Bucket

Usage Example within an APPUiO Cloud Zone

Object Buckets are Amazon S3 compatible, and they have a wide range of applications. In the example below we use it as a storage container for backups triggered using K8up, the Open Source Kubernetes backup operator.

The YAML code below creates two objects: an ObjectBucket and a K8up Backup, the latter referencing the objectbucket-creds secret that will contain the access keys required to write to the bucket.

kind: ObjectBucket
  name: my-bucket
    bucketName: k8up-backup-sample-name
    region: rma
    name: objectbucket-creds
kind: Backup
  name: backup-test
  failedJobsHistoryLimit: 2
  successfulJobsHistoryLimit: 2
      name: backup-repo
      key: password
      endpoint: (1)
      bucket: k8up-backup-sample-name (1)
        name: objectbucket-creds
        key: AWS_ACCESS_KEY_ID (2)
        name: objectbucket-creds
        key: AWS_SECRET_ACCESS_KEY (2)
1 Values copied from the secret’s ENDPOINT and BUCKET fields.
2 Directly referencing the fields in the generated secret objectbucket-creds.

Clients and Libraries

If you want to inspect the object buckets or access it outside of APPUiO you can use one of these client tools:

The following client libraries are a suggestion:

Environment Variables

You’ll need:

  • jq

  • kubectl or oc and a connection to your cluster.

Many libraries and tools use some well-known environment variables to configure the connection:

  1. Set the environment variables from the generated secret.

    export AWS_ACCESS_KEY_ID=$(kubectl get secrets objectbucket-creds -ojson | jq -r '.data.AWS_ACCESS_KEY_ID' | base64 -d)
    export AWS_REGION=$(kubectl get secrets objectbucket-creds -ojson | jq -r '.data.AWS_REGION' | base64 -d)
    export AWS_SECRET_ACCESS_KEY=$(kubectl get secrets objectbucket-creds -ojson | jq -r '.data.AWS_SECRET_ACCESS_KEY' | base64 -d)
    # Get the bucket name. Will need other means to pass to the client, as there's no well-known environment variable for it.
    kubectl get secrets objectbucket-creds -ojson | jq -r '.data.BUCKET_NAME' | base64 -d