Activate AppCat Object Storage On APPUiO Zone

This page describes how AppCat Object Storage service can be enabled on a APPUiO Zone.

  1. Check that the there is support for the used cloud provider. See github.com/vshn/component-appcat/tree/master/packages.

  2. Set variables

    export CLUSTER_ID = <cluster>
export TENANT_ID = <tenant>

  3. Login to Vault.

    export VAULT_ADDR=https://vault-prod.syn.vshn.net
vault login -method=oidc

  4. Setup API keys for cloud providers

    Cloudscale

    1. Login to control.cloudscale.ch.

    2. Create a project using the naming scheme VSHN AppCat objects-${CLUSTER_ID}, for example VSHN AppCat objects-lpg-2.

    3. Create an API token in the new project with a name like appcat-objects-lpg-2 with write access.

    4. Store token in Vault

      parent="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/appcat/objectstorage/provider-cloudscale"
vault kv put "${parent}" token=<the-cloudscale-token>
    Exoscale

    1. Login to portal.exoscale.com

    2. Create a new organization using the naming scheme VSHN AppCat ${CLUSTER_ID}, for example VSHN AppCat ch-gva-2-0.

    3. Create an Exoscale support ticket to link the organization to the root organization.

    4. Once they’re linked, in the new organization, create a restricted IAM API key using a name like appcat-objects-cloudscale-ch-gva-2-0. The key should have following service permissions: SOS - unrestricted, all buckets, IAM - unrestricted.

      In case other AppCat services are already enabled on the APPUiO Zone such as ObjectStorage then the IAM Key should be recreated with appropriate permissions in the existing Exoscale organization.

    5. Store token in Vault

      parent="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/appcat/provider-exoscale"
vault kv put "${parent}" access-key=<the-exoscale-access-key> secret-key=<the-exoscale-secret-key>

  5. Configure cluster catalog

    classes:
  - global.apps.appcat.objectstorage

    This will deploy Crossplane and the Crossplane provider specific for the cloud provider. It also deploys the Crossplane XRDs and compositions along with RBAC.

    If there’s a need to deploy Crossplane providers for other cloud providers, include extra classes. For example, for cloudscale add

    classes:
  - appcat.composition.objectstorage.exoscale
  - appcat.provider.exoscale

  6. Compile and push cluster catalog.