Using an AppCat Object Bucket

Usage Example within an APPUiO Cloud Zone

Object Buckets are Amazon S3 compatible, and they have a wide range of applications. In the example below we use it as a storage container for backups triggered using K8up, the Open Source Kubernetes backup operator.

The YAML code below creates two objects: an ObjectBucket and a K8up Backup, the latter referencing the objectbucket-creds secret that will contain the access keys required to write to the bucket.

apiVersion: exoscale.appcat.vshn.io/v1
kind: ObjectBucket
metadata:
  name: my-bucket
spec:
  parameters:
    bucketName: k8up-backup-sample-name
    region: rma
  writeConnectionSecretToRef:
    name: objectbucket-creds
---
apiVersion: k8up.io/v1
kind: Backup
metadata:
  name: backup-test
spec:
  failedJobsHistoryLimit: 2
  successfulJobsHistoryLimit: 2
  backend:
    repoPasswordSecretRef:
      name: backup-repo
      key: password
    s3:
      endpoint: https://objects.rma.cloudscale.ch (1)
      bucket: k8up-backup-sample-name (1)
      accessKeyIDSecretRef:
        name: objectbucket-creds
        key: AWS_ACCESS_KEY_ID (2)
      secretAccessKeySecretRef:
        name: objectbucket-creds
        key: AWS_SECRET_ACCESS_KEY (2)
1 Values copied from the secret’s ENDPOINT and BUCKET fields.
2 Directly referencing the fields in the generated secret objectbucket-creds.

Clients and Libraries

If you want to inspect the object buckets or access it outside of APPUiO you can use one of these client tools:

The following client libraries are a suggestion:

Environment Variables

You’ll need:

  • jq

  • kubectl or oc and a connection to your cluster.

Many libraries and tools use some well-known environment variables to configure the connection:

  1. Set the environment variables from the generated secret.

    export AWS_ACCESS_KEY_ID=$(kubectl get secrets objectbucket-creds -ojson | jq -r '.data.AWS_ACCESS_KEY_ID' | base64 -d)
export AWS_REGION=$(kubectl get secrets objectbucket-creds -ojson | jq -r '.data.AWS_REGION' | base64 -d)
export AWS_SECRET_ACCESS_KEY=$(kubectl get secrets objectbucket-creds -ojson | jq -r '.data.AWS_SECRET_ACCESS_KEY' | base64 -d)

# Get the bucket name. Will need other means to pass to the client, as there's no well-known environment variable for it.
kubectl get secrets objectbucket-creds -ojson | jq -r '.data.BUCKET_NAME' | base64 -d