Skip to main content
Version: 3.2

Install Portworx Object service for OpenShift with FlashArray

This page describes how to install Portworx Object Service.

Prerequisites

To install Portworx Object Service, you must meet the following prerequisites:

  • Provide access to an AWS S3 secret access key ID and secret access key

Installation

Portworx Object Service objects are managed by Stork, and they interact with a target Portworx Enterprise instance. The Portworx Object Service SDK is located in the target Portworx Enterprise instance. This allows you to create buckets, delete buckets, and provide or revoke access to buckets.

Additionally, you must provide access to the backend bucket service through environment variables. Because Portworx Object Service is in early access, extra steps are required to enable and set up the Portworx Object Service controller. The following steps allow Portworx Enterprise to create and provide access to buckets on behalf of the credentials provided:

  1. Enable the Portworx Object Service controller flag in Stork by adding the following args to your StorageCluster spec:

    spec:
    ...
    stork:
    enabled: true
    args:
    px-object-controller: "true"

  1. Create a new Kubernetes secret with your AWS S3 access key ID and secret access key:

    oc create secret generic px-object-s3-admin-credentials \ 
    --from-literal=access-key-id=ACCESS_KEY \
    --from-literal=secret-access-key=SECRET_ACCESS_KEY

  1. Add environment variables for bucket credentials to your StorageCluster spec.

  • For AWS S3, add the following:

    spec:
    env:
    - name: OBJECT_SERVICE_S3_ACCESS_KEY_ID
    valueFrom:
    secretKeyRef:
    name: px-object-s3-admin-credentials
    key: access-key-id
    - name: OBJECT_SERVICE_S3_SECRET_ACCESS_KEY
    valueFrom:
    secretKeyRef:
    name: px-object-s3-admin-credentials
    key: secret-access-key
    • OBJECT_SERVICE_S3_ACCESS_KEY_ID: An AWS S3 Access Key ID credential generated in the AWS Portal.
    • OBJECT_SERVICE_S3_SECRET_ACCESS_KEY: An AWS S3 Secret Access Key credential generated in the AWS Portal.