Activate AppCat Object Storage On APPUiO Zone

This page describes how AppCat Object Storage service can be enabled on a APPUiO Zone.

  1. Check that the there is support for the used cloud provider. See

  2. Set variables

    export CLUSTER_ID = <cluster>
    export TENANT_ID = <tenant>
  3. Login to Vault.

    export VAULT_ADDR=
    vault login -method=oidc
  4. Setup API keys for cloud providers

    1. Login to

    2. Create a project using the naming scheme VSHN AppCat objects-${CLUSTER_ID}, for example VSHN AppCat objects-lpg-2.

    3. Create an API token in the new project with a name like appcat-objects-lpg-2 with write access.

    4. Store token in Vault

      vault kv put "${parent}" token=<the-cloudscale-token>
    1. Login to

    2. Create a new organization using the naming scheme VSHN AppCat ${CLUSTER_ID}, for example VSHN AppCat ch-gva-2-0.

    3. Create an Exoscale support ticket to link the organization to the root organization.

    4. Once they’re linked, in the new organization, create a restricted IAM API key using a name like appcat-objects-cloudscale-ch-gva-2-0. The key should have following service permissions: SOS - unrestricted, all buckets, IAM - unrestricted.

      In case other AppCat services are already enabled on the APPUiO Zone such as ObjectStorage then the IAM Key should be recreated with appropriate permissions in the existing Exoscale organization.
    5. Store token in Vault

      vault kv put "${parent}" access-key=<the-exoscale-access-key> secret-key=<the-exoscale-secret-key>
  5. Configure cluster catalog

      - global.apps.appcat.objectstorage

    This will deploy Crossplane and the Crossplane provider specific for the cloud provider. It also deploys the Crossplane XRDs and compositions along with RBAC.

    If there’s a need to deploy Crossplane providers for other cloud providers, include extra classes. For example, for cloudscale add

      - appcat.composition.objectstorage.exoscale
      - appcat.provider.exoscale
  6. Compile and push cluster catalog.