Help Center/ Cloud Container Instance (CCI)/ User Guide/ Using CCI Through the Console/ Storage Management/ OBS Parallel File System Volumes/ Setting Access Keys (AK/SK) for Mounting a Parallel File System Volume
Updated on 2025-08-12 GMT+08:00
View PDF
Share

Setting Access Keys (AK/SK) for Mounting a Parallel File System Volume

Scenario

Before mounting a parallel file system volume to a pod, you need to set access keys (AK/SK). IAM users can use their own access keys to mount parallel file system volumes and control access to OBS. For details, see Differences Between OBS Permissions Control Methods.

Prerequisites

If you need to create access keys by running commands, you need to use ccictl to connect to CCI 2.0. For details, see ccictl Configuration Guide.

Constraints

When the access keys (AK/SK) are used by a parallel file system volume, the AK/SK cannot be deleted or disabled. Otherwise, the service containers cannot access the mounted parallel file system.

Obtaining Access Keys

  1. Log in to the management console.
  2. Hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
  3. In the navigation pane, choose Access Keys.
  4. Click Create Access Key. The Create Access Key dialog box is displayed.
  5. Click OK to download access keys.

Creating a Secret Using Access Keys

  1. Obtain access keys.
  2. Encode the access keys using Base64. (Assume that the AK is xxx and SK is yyy.) Run the following commands on Linux: 

    echo -n xxx|base64
echo -n yyy|base64

    Record the encoded AK and SK.

  3. Create a YAML file for the secret, for example, secret-obs.yaml. 

    apiVersion: cci/v2
data:
  access.key: WE5WWVhVNU*****
  secret.key: Nnk4emJyZ0*****
kind: Secret
metadata:
  name: secret-obs
  namespace: test-obs-v1
  labels:
    secret.kubernetes.io/used-by: csi
type: cci/secure-opaque

    The parameters are described as follows:

    Parameter

    Mandatory

    Type

    Description

    access.key

    Yes

    String

    Description: AK after Base64 encoding.

    secret.key

    Yes

    String

    Description: SK after Base64 encoding.

    name

    Yes

    String

    Description: Secret name.

    namespace

    Yes

    String

    Description: Namespace of the secret.

    secret.kubernetes.io/used-by

    Yes

    String

    Description: Secret label used by CSI storage.

    Constraint: The value must be csi.

    type

    Yes

    String

    Description: Key type.

    Constraint: The value must be cci/secure-opaque. If this value is used, the data you enter will be automatically encrypted.

  4. Create a secret. 

    ccictl create -f secret-obs.yaml

Follow-up Operations

After setting the access keys (AK/SK), you can use an existing parallel file system to create a storage volume.