S3 Backup for API Connect with Noobaa Storage Class from ODF

Zhimin Wen
5 min readOct 13, 2023
Image by Teodor Buhl from Pixabay

Let’s explore the S3 Backup for API Connect.

The testing environment is on OpenShift with ODF installed.

Create Bucket with Noobaa

Create our backup bucket with ODF Noobaa Storage Class

apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: backup-bucket-claim
namespace: apic
spec:
bucketName: backup-bucket #exact name
storageClassName: openshift-storage.noobaa.io

Check the Object Bucket (ob) is available,

$ oc get ob
NAME STORAGE-CLASS CLAIM-NAMESPACE CLAIM-NAME RECLAIM-POLICY PHASE AGE
obc-apic-backup-bucket-claim openshift-storage.noobaa.io Delete Bound 12m

Notice the Object Bucket is not namespace scoped, same as the Persistent Volume (pv).

The detail of the access to the bucket is defined in ConfigMap and Secret with the same name of the Object Bucket Claim (obc).

$ oc get cm backup-bucket-claim -o yaml

apiVersion: v1
data:
BUCKET_HOST: s3.openshift-storage.svc
BUCKET_NAME: backup-bucket
BUCKET_PORT: "443"
BUCKET_REGION: ""
BUCKET_SUBREGION: ""
kind: ConfigMap
...

The access key and secret is defined in the secret,

$ oc get secret backup-bucket-claim -o yaml

apiVersion: v1
data:
AWS_ACCESS_KEY_ID: VTdFa1k2bWdIaGt0VmdvUnl2MnA=
AWS_SECRET_ACCESS_KEY: cWVIMVlnYlBneFkvOHVSNGh4NndkeEVVOFB4RitQQ29sRVVkUXpReA==
kind: Secret
...

Access the Bucket with AWS Cli

Install the aws cli,

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Setup the environment variables,

export AWS_ENDPOINT_URL=https://$(oc -n openshift-storage get route s3 -o jsonpath='{.spec.host}')
export AWS_ACCESS_KEY_ID=$(oc get secret {{ .obcName }} -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)
export AWS_SECRET_ACCESS_KEY=$(oc get secret {{ .obcName }} -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)

--

--