Chapter 10. Multicloud Object Gateway

Procedure

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. Click the Backing Store tab.
3. Click Create Backing Store.

4. On the Create New Backing Store page, perform the following:

   1. Enter a Backing Store Name.
   2. Select a Provider.
   3. Select a Region.
   4. Enter an Endpoint. This is optional.

   5. Select a Secret from the drop-down list, or create your own secret. Optionally, you can Switch to Credentials view which lets you fill in the required secrets.

      For more information on creating an OCP secret, see the section link: Creating the secret in the Openshift Container Platform documentation.

      Each backingstore requires a different secret. For more information on creating the secret for a particular backingstore, see the Section 10.3.2, “Adding storage resources for hybrid or Multicloud using the MCG command line interface” and follow the procedure for the addition of storage resources using a YAML.

      Note

      This menu is relevant for all providers except Google Cloud and local PVC.

   6. Enter the Target bucket. The target bucket is a container storage that is hosted on the remote cloud service. It allows you to create a connection that tells the MCG that it can use this bucket for the system.
5. Click Create Backing Store.

Verification steps

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. Click the Backing Store tab to view all the backing stores.

Procedure

1. From the MCG command-line interface, run the following command:

   Note

   This command must be run from within the openshift-storage namespace.

   noobaa backingstore create s3-compatible rgw-resource --access-key=<RGW ACCESS KEY> --secret-key=<RGW SECRET KEY> --target-bucket=<bucket-name> --endpoint=<RGW endpoint> -n openshift-storage

   1. To get the <RGW ACCESS KEY> and <RGW SECRET KEY>, run the following command using your RGW user secret name:

      oc get secret <RGW USER SECRET NAME> -o yaml -n openshift-storage

   2. Decode the access key ID and the access key from Base64 and keep them.
   3. Replace <RGW USER ACCESS KEY> and <RGW USER SECRET ACCESS KEY> with the appropriate, decoded data from the previous step.
   4. Replace <bucket-name> with an existing RGW bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

   5. To get the <RGW endpoint>, see Accessing the RADOS Object Gateway S3 endpoint.

      The output will be similar to the following:

      INFO[0001] ✅ Exists: NooBaa "noobaa"
      INFO[0002] ✅ Created: BackingStore "rgw-resource"
      INFO[0002] ✅ Created: Secret "backing-store-secret-rgw-resource"

1. Create a CephObjectStore user. This also creates a secret containing the RGW credentials:

   apiVersion: ceph.rook.io/v1
   kind: CephObjectStoreUser
   metadata:
     name: <RGW-Username>
     namespace: openshift-storage
   spec:
     store: ocs-storagecluster-cephobjectstore
     displayName: "<Display-name>"

   1. Replace <RGW-Username> and <Display-name> with a unique username and display name.

2. Apply the following YAML for an S3-Compatible backing store:

   apiVersion: noobaa.io/v1alpha1
   kind: BackingStore
   metadata:
     finalizers:
     - noobaa.io/finalizer
     labels:
       app: noobaa
     name: <backingstore-name>
     namespace: openshift-storage
   spec:
     s3Compatible:
       endpoint: <RGW endpoint>
       secret:
         name: <backingstore-secret-name>
         namespace: openshift-storage
       signatureVersion: v4
       targetBucket: <RGW-bucket-name>
     type: s3-compatible

   1. Replace <backingstore-secret-name> with the name of the secret that was created with CephObjectStore in the previous step.
   2. Replace <bucket-name> with an existing RGW bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.
   3. To get the <RGW endpoint>, see Accessing the RADOS Object Gateway S3 endpoint.

Procedure

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. In the Storage Systems tab, select the storage system and then click Overview → Object tab.
3. Select the Multicloud Object Gateway link.

1. Select the Resources tab in the left, highlighted below. From the list that populates, select Add Cloud Resource.

   

2. Select Add new connection.

   

3. Select the relevant native cloud provider or S3 compatible option and fill in the details.

   

4. Select the newly created connection and map it to the existing bucket.

   
5. Repeat these steps to create as many backing stores as needed.

Procedure

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. Click the Bucket Class tab.
3. Click Create Bucket Class.

4. On the Create new Bucket Class page, perform the following:

   1. Select the bucket class type and enter a bucket class name.

      1. Select the BucketClass type. Choose one of the following options:

         • Standard: data will be consumed by a Multicloud Object Gateway (MCG), deduped, compressed and encrypted.

         • Namespace: data is stored on the NamespaceStores without performing de-duplication, compression or encryption.

           By default, Standard is selected.

      2. Enter a Bucket Class Name.
      3. Click Next.

   2. In Placement Policy, select Tier 1 - Policy Type and click Next. You can choose either one of the options as per your requirements.

      • Spread allows spreading of the data across the chosen resources.
      • Mirror allows full duplication of the data across the chosen resources.
      • Click Add Tier to add another policy tier.

   3. Select at least one Backing Store resource from the available list if you have selected Tier 1 - Policy Type as Spread and click Next. Alternatively, you can also create a new backing store.

      Note

      You need to select at least 2 backing stores when you select Policy Type as Mirror in previous step.

   4. Review and confirm Bucket Class settings.
   5. Click Create Bucket Class.

Verification steps

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. Click the Bucket Class tab and search the new Bucket Class.

Procedure

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. Click the Bucket Class tab.
3. Click the Action Menu (⋮) next to the Bucket class you want to edit.
4. Click Edit Bucket Class.
5. You are redirected to the YAML file, make the required changes in this file and click Save.

Procedure

1. In the OpenShift Web Console, click Storage → Data Foundation.
2. Click the Bucket Class tab.

3. Click the Action Menu (⋮) next to the Bucket class you want to edit.

   
4. Click Edit Bucket Class Resources.

5. On the Edit Bucket Class Resources page, edit the bucket class resources either by adding a backing store to the bucket class or by removing a backing store from the bucket class. You can also edit bucket class resources created with one or two tiers and different placement policies.

   • To add a backing store to the bucket class, select the name of the backing store.

   • To remove a backing store from the bucket class, clear the name of the backing store.

     
6. Click Save.

Procedure

1. Log into the OpenShift Web Console.
2. Click Storage → Data Foundation.

3. Click the Namespace Store tab to create a namespacestore resources to be used in the namespace bucket.

   1. Click Create namespace store.
   2. Enter a namespacestore name.
   3. Choose a provider.
   4. Choose a region.
   5. Either select an existing secret, or click Switch to credentials to create a secret by entering a secret key and secret access key.
   6. Choose a target bucket.
   7. Click Create.
   8. Verify that the namespacestore is in the Ready state.
   9. Repeat these steps until you have the desired amount of resources.

4. Click the Bucket Class tab → Create a new Bucket Class.

   1. Select the Namespace radio button.
   2. Enter a Bucket Class name.
   3. (Optional) Add description.
   4. Click Next.
5. Choose a namespace policy type for your namespace bucket, and then click Next.

6. Select the target resources.

   • If your namespace policy type is Single, you need to choose a read resource.
   • If your namespace policy type is Multi, you need to choose read resources and a write resource.
   • If your namespace policy type is Cache, you need to choose a Hub namespace store that defines the read and write target of the namespace bucket.
7. Click Next.
8. Review your new bucket class, and then click Create Bucketclass.
9. On the BucketClass page, verify that your newly created resource is in the Created phase.
10. In the OpenShift Web Console, click Storage → Data Foundation.
11. In the Status card, click Storage System and click the storage system link from the pop up that appears.
12. In the Object tab, click Multicloud Object Gateway → Buckets → Namespace Buckets tab .

13. Click Create Namespace Bucket.

    1. On the Choose Name tab, specify a name for the namespace bucket and click Next.

    2. On the Set Placement tab:

       1. Under Read Policy, select the checkbox for each namespace resource created in the earlier step that the namespace bucket should read data from.
       2. If the namespace policy type you are using is Multi, then Under Write Policy, specify which namespace resource the namespace bucket should write data to.
       3. Click Next.
    3. Click Create.

Procedure

1. From the Multicloud Object Gateway (MCG) command-line interface, run the following command to create a bucket class with a mirroring policy:

   $ noobaa bucketclass create placement-bucketclass mirror-to-aws --backingstores=azure-resource,aws-resource --placement Mirror

2. Set the newly created bucket class to a new bucket claim to generate a new bucket that will be mirrored between two locations:

   $ noobaa obc create  mirrored-bucket --bucketclass=mirror-to-aws

1. Apply the following YAML. This YAML is a hybrid example that mirrors data between local Ceph storage and AWS:

   apiVersion: noobaa.io/v1alpha1
   kind: BucketClass
   metadata:
     labels:
       app: noobaa
     name: <bucket-class-name>
     namespace: openshift-storage
   spec:
     placementPolicy:
       tiers:
       - backingStores:
         - <backing-store-1>
         - <backing-store-2>
         placement: Mirror

2. Add the following lines to your standard Object Bucket Claim (OBC):

   additionalConfig:
     bucketclass: mirror-to-aws

   For more information about OBCs, see Section 10.7, “Object Bucket Claim”.

1. Create the bucket policy in JSON format.

   For example:

   {
       "Version": "NewVersion",
       "Statement": [
           {
               "Sid": "Example",
               "Effect": "Allow",
               "Principal": [
                       "john.doe@example.com"
               ],
               "Action": [
                   "s3:GetObject"
               ],
               "Resource": [
                   "arn:aws:s3:::john_bucket"
               ]
           }
       ]
   }

2. Using AWS S3 client, use the put-bucket-policy command to apply the bucket policy to your S3 bucket:

   # aws --endpoint ENDPOINT --no-verify-ssl s3api put-bucket-policy --bucket MyBucket --policy BucketPolicy

   1. Replace ENDPOINT with the S3 endpoint.
   2. Replace MyBucket with the bucket to set the policy on.
   3. Replace BucketPolicy with the bucket policy JSON file.

   4. Add --no-verify-ssl if you are using the default self signed certificates.

      For example:

      # aws --endpoint https://s3-openshift-storage.apps.gogo44.noobaa.org --no-verify-ssl s3api put-bucket-policy -bucket MyBucket --policy file://BucketPolicy

      For more information on the put-bucket-policy command, see the AWS CLI Command Reference for put-bucket-policy.

      Note

      The principal element specifies the user that is allowed or denied access to a resource, such as a bucket. Currently, Only NooBaa accounts can be used as principals. In the case of object bucket claims, NooBaa automatically create an account obc-account.<generated bucket name>@noobaa.io.

      Note

      Bucket policy conditions are not supported.

Procedure

1. Add the following lines to your application YAML:

   apiVersion: objectbucket.io/v1alpha1
   kind: ObjectBucketClaim
   metadata:
     name: <obc-name>
   spec:
     generateBucketName: <obc-bucket-name>
     storageClassName: openshift-storage.noobaa.io

   These lines are the OBC itself.

   1. Replace <obc-name> with the a unique OBC name.
   2. Replace <obc-bucket-name> with a unique bucket name for your OBC.

2. To automate the use of the OBC add more lines to the YAML file.

   For example:

   apiVersion: batch/v1
   kind: Job
   metadata:
     name: testjob
   spec:
     template:
       spec:
         restartPolicy: OnFailure
         containers:
           - image: <your application image>
             name: test
             env:
               - name: BUCKET_NAME
                 valueFrom:
                   configMapKeyRef:
                     name: <obc-name>
                     key: BUCKET_NAME
               - name: BUCKET_HOST
                 valueFrom:
                   configMapKeyRef:
                     name: <obc-name>
                     key: BUCKET_HOST
               - name: BUCKET_PORT
                 valueFrom:
                   configMapKeyRef:
                     name: <obc-name>
                     key: BUCKET_PORT
               - name: AWS_ACCESS_KEY_ID
                 valueFrom:
                   secretKeyRef:
                     name: <obc-name>
                     key: AWS_ACCESS_KEY_ID
               - name: AWS_SECRET_ACCESS_KEY
                 valueFrom:
                   secretKeyRef:
                     name: <obc-name>
                     key: AWS_SECRET_ACCESS_KEY

   The example is the mapping between the bucket claim result, which is a configuration map with data and a secret with the credentials. This specific job claims the Object Bucket from NooBaa, which creates a bucket and an account.

   1. Replace all instances of <obc-name> with your OBC name.
   2. Replace <your application image> with your application image.

3. Apply the updated YAML file:

   # oc apply -f <yaml.file>

   Replace <yaml.file> with the name of your YAML file.

4. To view the new configuration map, run the following:

   # oc get cm <obc-name> -o yaml

   Replace obc-name with the name of your OBC.

   You can expect the following environment variables in the output:

   • BUCKET_HOST - Endpoint to use in the application.

   • BUCKET_PORT - The port available for the application.

     • The port is related to the BUCKET_HOST. For example, if the BUCKET_HOST is https://my.example.com, and the BUCKET_PORT is 443, the endpoint for the object service would be https://my.example.com:443.
   • BUCKET_NAME - Requested or generated bucket name.
   • AWS_ACCESS_KEY_ID - Access key that is part of the credentials.
   • AWS_SECRET_ACCESS_KEY - Secret access key that is part of the credentials.

Procedure

1. Use the command-line interface to generate the details of a new bucket and credentials.

   Run the following command:

   # noobaa obc create <obc-name> -n openshift-storage

   Replace <obc-name> with a unique OBC name, for example, myappobc.

   Additionally, you can use the --app-namespace option to specify the namespace where the OBC configuration map and secret will be created, for example, myapp-namespace.

   For example:

   INFO[0001] ✅ Created: ObjectBucketClaim "test21obc"

   The MCG command-line-interface has created the necessary configuration and has informed OpenShift about the new OBC.

2. Run the following command to view the OBC:

   # oc get obc -n openshift-storage

   For example:

   NAME        STORAGE-CLASS                 PHASE   AGE
   test21obc   openshift-storage.noobaa.io   Bound   38s

3. Run the following command to view the YAML file for the new OBC:

   # oc get obc test21obc -o yaml -n openshift-storage

   For example:

   apiVersion: objectbucket.io/v1alpha1
   kind: ObjectBucketClaim
   metadata:
     creationTimestamp: "2019-10-24T13:30:07Z"
     finalizers:
     - objectbucket.io/finalizer
     generation: 2
     labels:
       app: noobaa
       bucket-provisioner: openshift-storage.noobaa.io-obc
       noobaa-domain: openshift-storage.noobaa.io
     name: test21obc
     namespace: openshift-storage
     resourceVersion: "40756"
     selfLink: /apis/objectbucket.io/v1alpha1/namespaces/openshift-storage/objectbucketclaims/test21obc
     uid: 64f04cba-f662-11e9-bc3c-0295250841af
   spec:
     ObjectBucketName: obc-openshift-storage-test21obc
     bucketName: test21obc-933348a6-e267-4f82-82f1-e59bf4fe3bb4
     generateBucketName: test21obc
     storageClassName: openshift-storage.noobaa.io
   status:
     phase: Bound

4. Inside of your openshift-storage namespace, you can find the configuration map and the secret to use this OBC. The CM and the secret have the same name as the OBC.

   Run the following command to view the secret:

   # oc get -n openshift-storage secret test21obc -o yaml

   For example:

   apiVersion: v1
   data:
     AWS_ACCESS_KEY_ID: c0M0R2xVanF3ODR3bHBkVW94cmY=
     AWS_SECRET_ACCESS_KEY: Wi9kcFluSWxHRzlWaFlzNk1hc0xma2JXcjM1MVhqa051SlBleXpmOQ==
   kind: Secret
   metadata:
     creationTimestamp: "2019-10-24T13:30:07Z"
     finalizers:
     - objectbucket.io/finalizer
     labels:
       app: noobaa
       bucket-provisioner: openshift-storage.noobaa.io-obc
       noobaa-domain: openshift-storage.noobaa.io
     name: test21obc
     namespace: openshift-storage
     ownerReferences:
     - apiVersion: objectbucket.io/v1alpha1
       blockOwnerDeletion: true
       controller: true
       kind: ObjectBucketClaim
       name: test21obc
       uid: 64f04cba-f662-11e9-bc3c-0295250841af
     resourceVersion: "40751"
     selfLink: /api/v1/namespaces/openshift-storage/secrets/test21obc
     uid: 65117c1c-f662-11e9-9094-0a5305de57bb
   type: Opaque

   The secret gives you the S3 access credentials.

5. Run the following command to view the configuration map:

   # oc get -n openshift-storage cm test21obc -o yaml

   For example:

   apiVersion: v1
   data:
     BUCKET_HOST: 10.0.171.35
     BUCKET_NAME: test21obc-933348a6-e267-4f82-82f1-e59bf4fe3bb4
     BUCKET_PORT: "31242"
     BUCKET_REGION: ""
     BUCKET_SUBREGION: ""
   kind: ConfigMap
   metadata:
     creationTimestamp: "2019-10-24T13:30:07Z"
     finalizers:
     - objectbucket.io/finalizer
     labels:
       app: noobaa
       bucket-provisioner: openshift-storage.noobaa.io-obc
       noobaa-domain: openshift-storage.noobaa.io
     name: test21obc
     namespace: openshift-storage
     ownerReferences:
     - apiVersion: objectbucket.io/v1alpha1
       blockOwnerDeletion: true
       controller: true
       kind: ObjectBucketClaim
       name: test21obc
       uid: 64f04cba-f662-11e9-bc3c-0295250841af
     resourceVersion: "40752"
     selfLink: /api/v1/namespaces/openshift-storage/configmaps/test21obc
     uid: 651c6501-f662-11e9-9094-0a5305de57bb

   The configuration map contains the S3 endpoint information for your application.

Procedure

1. Log into the OpenShift Web Console.

2. On the left navigation bar, click Storage → Object Bucket Claims → Create Object Bucket Claim.

   1. Enter a name for your object bucket claim and select the appropriate storage class based on your deployment, internal or external, from the dropdown menu:

      Internal mode

      The following storage classes, which were created after deployment, are available for use:

      • ocs-storagecluster-ceph-rgw uses the Ceph Object Gateway (RGW)
      • openshift-storage.noobaa.io uses the Multicloud Object Gateway (MCG)

      External mode

      The following storage classes, which were created after deployment, are available for use:

      • ocs-external-storagecluster-ceph-rgw uses the RGW

      • openshift-storage.noobaa.io uses the MCG

        Note

        The RGW OBC storage class is only available with fresh installations of OpenShift Data Foundation version 4.5. It does not apply to clusters upgraded from previous OpenShift Data Foundation releases.

   2. Click Create.

      Once you create the OBC, you are redirected to its detail page.

Procedure

1. On the left navigation bar, click Storage → Object Bucket Claims.

2. Click the Action menu (⋮) next to the OBC you created.

   1. From the drop-down menu, select Attach to Deployment.
   2. Select the desired deployment from the Deployment Name list, then click Attach.

Procedure

1. Log into the OpenShift Web Console.

2. On the left navigation bar, click Storage → Object Buckets.

   Optonal: You can also navigate to the details page of a specific OBC, and click the Resource link to view the object buckets for that OBC.

3. Select the object bucket of which you want to see the details. Once selected you are navigated to the Object Bucket Details page.

Procedure

1. On the left navigation bar, click Storage → Object Bucket Claims.

2. Click the Action menu (⋮) next to the Object Bucket Claim (OBC) you want to delete.

   1. Select Delete Object Bucket Claim.
   2. Click Delete.

Procedure

1. Create a NamespaceStore resource. A NamespaceStore represents an underlying storage to be used as a read or write target for the data in the MCG namespace buckets. From the MCG command-line interface, run the following command:

   noobaa namespacestore create aws-s3 <namespacestore> --access-key <AWS ACCESS KEY> --secret-key <AWS SECRET ACCESS KEY> --target-bucket <bucket-name>

   1. Replace <namespacestore> with the name of the namespacestore.
   2. Replace <AWS ACCESS KEY> and <AWS SECRET ACCESS KEY> with an AWS access key ID and secret access key you created for this purpose.

   3. Replace <bucket-name> with an existing AWS bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

      You can also add storage resources by applying a YAML. First create a secret with credentials:

      apiVersion: v1
      kind: Secret
      metadata:
        name: <namespacestore-secret-name>
      type: Opaque
      data:
        AWS_ACCESS_KEY_ID: <AWS ACCESS KEY ID ENCODED IN BASE64>
        AWS_SECRET_ACCESS_KEY: <AWS SECRET ACCESS KEY ENCODED IN BASE64>

      You must supply and encode your own AWS access key ID and secret access key using Base64, and use the results in place of <AWS ACCESS KEY ID ENCODED IN BASE64> and <AWS SECRET ACCESS KEY ENCODED IN BASE64>.

      Replace <namespacestore-secret-name> with a unique name.

      Then apply the following YAML:

      apiVersion: noobaa.io/v1alpha1
      kind: NamespaceStore
      metadata:
        finalizers:
        - noobaa.io/finalizer
        labels:
          app: noobaa
        name: <namespacestore>
        namespace: openshift-storage
      spec:
        awsS3:
          secret:
            name: <namespacestore-secret-name>
            namespace: <namespace-secret>
          targetBucket: <target-bucket>
        type: aws-s3

   4. Replace <namespacestore> with a unique name.
   5. Replace <namespacestore-secret-name> with the secret created in the previous step.
   6. Replace <namespace-secret> with the namespace used to create the secret in the previous step.
   7. Replace <target-bucket> with the AWS S3 bucket you created for the namespacestore.

2. Run the following command to create a bucket class:

   noobaa bucketclass create namespace-bucketclass cache <my-cache-bucket-class> --backingstores <backing-store> --hub-resource <namespacestore>

   1. Replace <my-cache-bucket-class> with a unique bucket class name.
   2. Replace <backing-store> with the relevant backing store. You can list one or more backingstores separated by commas in this field.
   3. Replace <namespacestore> with the namespacestore created in the previous step.

3. Run the following command to create a bucket using an Object Bucket Claim (OBC) resource that uses the bucket class defined in step 2.

   noobaa obc create <my-bucket-claim> my-app --bucketclass <custom-bucket-class>

   1. Replace <my-bucket-claim> with a unique name.
   2. Replace <custom-bucket-class> with the name of the bucket class created in step 2.

Procedure

1. Create a NamespaceStore resource. A NamespaceStore represents an underlying storage to be used as a read or write target for the data in the MCG namespace buckets. From the MCG command-line interface, run the following command:

   noobaa namespacestore create ibm-cos <namespacestore> --endpoint <IBM COS ENDPOINT> --access-key <IBM ACCESS KEY> --secret-key <IBM SECRET ACCESS KEY> --target-bucket <bucket-name>

   1. Replace <namespacestore> with the name of the NamespaceStore.
   2. Replace <IBM ACCESS KEY>, <IBM SECRET ACCESS KEY>, <IBM COS ENDPOINT> with an IBM access key ID, secret access key and the appropriate regional endpoint that corresponds to the location of the existing IBM bucket.

   3. Replace <bucket-name> with an existing IBM bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

      You can also add storage resources by applying a YAML. First, Create a secret with the credentials:

      apiVersion: v1
      kind: Secret
      metadata:
        name: <namespacestore-secret-name>
      type: Opaque
      data:
        IBM_COS_ACCESS_KEY_ID: <IBM COS ACCESS KEY ID ENCODED IN BASE64>
        IBM_COS_SECRET_ACCESS_KEY: <IBM COS SECRET ACCESS KEY ENCODED IN BASE64>

      You must supply and encode your own IBM COS access key ID and secret access key using Base64, and use the results in place of <IBM COS ACCESS KEY ID ENCODED IN BASE64> and <IBM COS SECRET ACCESS KEY ENCODED IN BASE64>.

      Replace <namespacestore-secret-name> with a unique name.

      Then apply the following YAML:

      apiVersion: noobaa.io/v1alpha1
      kind: NamespaceStore
      metadata:
        finalizers:
        - noobaa.io/finalizer
        labels:
          app: noobaa
        name: <namespacestore>
        namespace: openshift-storage
      spec:
        s3Compatible:
          endpoint: <IBM COS ENDPOINT>
          secret:
            name: <backingstore-secret-name>
            namespace: <namespace-secret>
          signatureVersion: v2
          targetBucket: <target-bucket>
        type: ibm-cos

   4. Replace <namespacestore> with a unique name.
   5. Replace <IBM COS ENDPOINT> with the appropriate IBM COS endpoint.
   6. Replace <backingstore-secret-name> with the secret created in the previous step.
   7. Replace <namespace-secret> with the namespace used to create the secret in the previous step.
   8. Replace <target-bucket> with the AWS S3 bucket you created for the namespacestore.

2. Run the following command to create a bucket class:

   noobaa bucketclass create namespace-bucketclass cache <my-bucket-class> --backingstores <backing-store> --hubResource <namespacestore>

   1. Replace <my-bucket-class> with a unique bucket class name.
   2. Replace <backing-store> with the relevant backing store. You can list one or more backingstores separated by commas in this field.
   3. Replace <namespacestore> with the namespacestore created in the previous step.

3. Run the following command to create a bucket using an Object Bucket Claim resource that uses the bucket class defined in step 2.

   noobaa obc create <my-bucket-claim> my-app --bucketclass <custom-bucket-class>

   1. Replace <my-bucket-claim> with a unique name.
   2. Replace <custom-bucket-class> with the name of the bucket class created in step 2.

Procedure

1. Log in to OpenShift Web Console.
2. From the MCG user interface, click Overview → Add Storage Resources.
3. In the window, click Deploy Kubernetes Pool.
4. In the Create Pool step create the target pool for the future installed nodes.
5. In the Configure step, configure the number of requested pods and the size of each PV. For each new pod, one PV is to be created.
6. In the Review step, you can find the details of the new pool and select the deployment method you wish to use: local or external deployment. If local deployment is selected, the Kubernetes nodes will deploy within the cluster. If external deployment is selected, you will be provided with a YAML file to run externally.
7. All nodes will be assigned to the pool you chose in the first step, and can be found under Resources → Storage resources → Resource name.