Skip to content

Commit

Permalink
Merge pull request #529 from red-hat-storage/sync_ds--master
Browse files Browse the repository at this point in the history
Syncing latest changes from master for rook
  • Loading branch information
travisn authored Oct 13, 2023
2 parents 8a6cd19 + f3c484c commit 11f7a30
Show file tree
Hide file tree
Showing 7 changed files with 86 additions and 1,497 deletions.
52 changes: 2 additions & 50 deletions Documentation/Storage-Configuration/Object-Storage-RGW/cosi.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ The driver is created in the same namespace as Rook operator.

### Create a BucketClass and BucketAccessClass

The BucketClass and BucketAccessClass are CRDs defined by COSI. The BucketClass defines the storage class for the bucket. The BucketAccessClass defines the access class for the bucket. Rook will automatically create a secret named with `rook-ceph-object-user-<store-name>-cosi` which contains credentials used by the COSI driver. This secret is referred by the BucketClass and BucketAccessClass as defined below:
The BucketClass and BucketAccessClass are CRDs defined by COSI. The BucketClass defines the bucket class for the bucket. The BucketAccessClass defines the access class for the bucket. Rook will automatically create a secret named with `rook-ceph-object-user-<store-name>-cosi` which contains credentials used by the COSI driver. This secret is referred by the BucketClass and BucketAccessClass as defined below:

```yaml
kind: BucketClass
Expand Down Expand Up @@ -120,7 +120,7 @@ kubectl create -f bucketaccess.yaml
The secret will be created which contains the access details for the bucket in JSON format in the namespace of BucketAccess:

``` console
kubectl get secret sample-secret-name -o yaml
kubectl get secret sample-secret-name -o jsonpath='{.data.BucketInfo}' | base64 -d
```

```json
Expand Down Expand Up @@ -165,51 +165,3 @@ To access the bucket from an application pod, mount the secret for accessing the
```
The Secret will be mounted in the pod in the path: `/data/cosi/BucketInfo`. The app must parse the JSON object to load the bucket connection details.

Another approach is the json data can be parsed by the application to access the bucket via init container. Following is a sample init container which parses the json data and creates a file with the access details:

``` bash
set -e
jsonfile=%s
if [ -d "$jsonfile" ]; then
export ENDPOINT=$(jq -r '.spec.secretS3.endpoint' $jsonfile)
export BUCKET=$(jq -r '.spec.bucketName' $jsonfile)
export AWS_ACCESS_KEY_ID=$(jq -r '.spec.secretS3.accessKeyID' $jsonfile)
export AWS_SECRET_ACCESS_KEY=$(jq -r '.spec.secretS3.accessSecretKey' $jsonfile)
fi
else
echo "Error: $jsonfile does not exist"
exit 1
fi
```

```yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-app
namespace: rook-ceph
spec:
containers:
- name: sample-app
image: busybox
command: ["/bin/sh", "-c", "sleep 3600"]
volumeMounts:
- name: cosi-secrets
mountPath: /data/cosi
initContainers:
- name: init-cosi
image: busybox
command: ["/bin/sh", "-c", "setup-aws-credentials /data/cosi/BucketInfo/credentials"]
volumeMounts:
- name: cosi-secrets
mountPath: /data/cosi
volumes:
- name: cosi-secrets
secret:
# Set the name of the secret from the BucketAccess
secretName: sample-secret-name
```
27 changes: 8 additions & 19 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ require (
github.com/jetstack/cert-manager v1.7.3
github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0
github.com/kube-object-storage/lib-bucket-provisioner v0.0.0-20221122204822-d1a8c34382f1
github.com/libopenstorage/secrets v0.0.0-20230417161723-1022cc4d5aeb
github.com/libopenstorage/secrets v0.0.0-20231011182615-5f4b25ceede1
github.com/openshift/api v0.0.0-20230816181854-a7ca92db022a
github.com/pkg/errors v0.9.1
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.68.0
Expand All @@ -43,12 +43,9 @@ require (
)

require (
cloud.google.com/go/kms v1.10.1 // indirect
cloud.google.com/go/monitoring v1.13.0 // indirect
emperror.dev/errors v0.8.1 // indirect
github.com/ansel1/merry v1.7.0 // indirect
github.com/ansel1/merry/v2 v2.1.1 // indirect
github.com/armon/go-metrics v0.4.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
Expand All @@ -59,7 +56,6 @@ require (
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fatih/color v1.15.0 // indirect
github.com/frankban/quicktest v1.14.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/gemalto/flume v0.13.1 // indirect
github.com/go-errors/errors v1.4.2 // indirect
Expand All @@ -69,31 +65,27 @@ require (
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/googleapis/gax-go/v2 v2.11.0 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/hashicorp/vault v1.13.7 // indirect
github.com/hashicorp/vault/api/auth/approle v0.4.1 // indirect
github.com/hashicorp/vault/sdk v0.9.2 // indirect
github.com/hashicorp/vault/api/auth/approle v0.5.0 // indirect
github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
Expand All @@ -113,7 +105,6 @@ require (
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_golang v1.16.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
Expand All @@ -125,18 +116,16 @@ require (
github.com/xlab/treeprint v1.2.0 // indirect
go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.13.0 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect
golang.org/x/net v0.15.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/sys v0.12.0 // indirect
golang.org/x/term v0.12.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/api v0.126.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
Expand Down
Loading

0 comments on commit 11f7a30

Please sign in to comment.