Skip to content

Commit

Permalink
object: provisoner prefix support
Browse files Browse the repository at this point in the history
add an option to set prefix for the name of obc provisioner instead of
ceph cluster namespace.

Signed-off-by: Jiffin Tony Thottan <[email protected]>
  • Loading branch information
thotz committed Mar 11, 2024
1 parent 571f47f commit e0768f5
Show file tree
Hide file tree
Showing 10 changed files with 62 additions and 8 deletions.
1 change: 1 addition & 0 deletions Documentation/Helm-Charts/operator-chart.md
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ The following table lists the configurable parameters of the rook-operator chart
| `logLevel` | Global log level for the operator. Options: `ERROR`, `WARNING`, `INFO`, `DEBUG` | `"INFO"` |
| `monitoring.enabled` | Enable monitoring. Requires Prometheus to be pre-installed. Enabling will also create RBAC rules to allow Operator to create ServiceMonitors | `false` |
| `nodeSelector` | Kubernetes [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) to add to the Deployment. | `{}` |
| `obcProvisionerNamePrefix` | Specify the prefix for the OBC provisioner in place of the cluster namespace | `ceph cluster namespace` |
| `priorityClassName` | Set the priority class for the rook operator deployment if desired | `nil` |
| `pspEnable` | If true, create & use PSP resources | `false` |
| `rbacAggregate.enableOBCs` | If true, create a ClusterRole aggregated to [user facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) for objectbucketclaims | `false` |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ Rook supports the creation of new buckets and access to existing buckets via two
An OBC references a storage class which is created by an administrator. The storage class defines whether the bucket requested is a new bucket or an existing bucket. It also defines the bucket retention policy.
Users request a new or existing bucket by creating an OBC which is shown below. The ceph provisioner detects the OBC and creates a new bucket or grants access to an existing bucket, depending the storage class referenced in the OBC. It also generates a Secret which provides credentials to access the bucket, and a ConfigMap which contains the bucket's endpoint. Application pods consume the information in the Secret and ConfigMap to access the bucket. Please note that to make provisioner watch the cluster namespace only you need to set `ROOK_OBC_WATCH_OPERATOR_NAMESPACE` to `true` in the operator manifest, otherwise it watches all namespaces.

The OBC provisioner name found in the storage class by default includes the operator namespace as a prefix. A custom prefix can be applied by the operator setting in the `rook-ceph-operator-config` configmap: `ROOK_OBC_PROVISIONER_NAME_PREFIX`.

!!! Note
Changing the prefix is not supported on existing clusters. This may impact the function of existing OBCs.

## Example

### OBC Custom Resource
Expand Down
1 change: 1 addition & 0 deletions PendingReleaseNotes.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ read affinity setting in cephCluster CR (CSIDriverOptions section) in [PR](https
- Ceph daemon pods using the `default` service account now use a new `rook-ceph-default` service account.
- The feature support for VolumeSnapshotGroup has been added to the RBD and CephFS CSI driver.
- Support for virtual style hosting for s3 buckets in the CephObjectStore.
- Add option to specify prefix for the OBC provisioner.
3 changes: 3 additions & 0 deletions deploy/charts/rook-ceph/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ data:
ROOK_LOG_LEVEL: {{ .Values.logLevel | quote }}
ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: {{ .Values.cephCommandsTimeoutSeconds | quote }}
ROOK_OBC_WATCH_OPERATOR_NAMESPACE: {{ .Values.enableOBCWatchOperatorNamespace | quote }}
{{- if .Values.obcProvisionerNamePrefix }}
ROOK_OBC_PROVISIONER_NAME_PREFIX: {{ .Values.obcProvisionerNamePrefix | quote }}
{{- end }}
ROOK_CEPH_ALLOW_LOOP_DEVICES: {{ .Values.allowLoopDevices | quote }}
ROOK_ENABLE_DISCOVERY_DAEMON: {{ .Values.enableDiscoveryDaemon | quote }}
{{- if .Values.discoverDaemonUdev }}
Expand Down
4 changes: 4 additions & 0 deletions deploy/charts/rook-ceph/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,10 @@ imagePullSecrets:
# -- Whether the OBC provisioner should watch on the operator namespace or not, if not the namespace of the cluster will be used
enableOBCWatchOperatorNamespace: true

# -- Specify the prefix for the OBC provisioner in place of the cluster namespace
# @default -- `ceph cluster namespace`
obcProvisionerNamePrefix:

monitoring:
# -- Enable monitoring. Requires Prometheus to be pre-installed.
# Enabling will also create RBAC rules to allow Operator to create ServiceMonitors
Expand Down
3 changes: 3 additions & 0 deletions deploy/examples/operator-openshift.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,9 @@ data:
# Whether the OBC provisioner should watch on the operator namespace or not, if not the namespace of the cluster will be used
ROOK_OBC_WATCH_OPERATOR_NAMESPACE: "true"

# Custom prefix value for the OBC provisioner instead of ceph cluster namespace, do not set on existing cluster
# ROOK_OBC_PROVISIONER_NAME_PREFIX: "custom-prefix"

# Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster.
# This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs.
ROOK_ENABLE_DISCOVERY_DAEMON: "false"
Expand Down
5 changes: 4 additions & 1 deletion deploy/examples/operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -481,9 +481,12 @@ data:
# (Optional) Retry Period in seconds the LeaderElector clients should wait between tries of actions. Defaults to 26 seconds.
# CSI_LEADER_ELECTION_RETRY_PERIOD: "26s"

# Whether the OBC provisioner should watch on the operator namespace or not, if not the namespace of the cluster will be used
# Whether the OBC provisioner should watch on the ceph cluster namespace or not, if not default provisioner value is set
ROOK_OBC_WATCH_OPERATOR_NAMESPACE: "true"

# Custom prefix value for the OBC provisioner instead of ceph cluster namespace, do not set on existing cluster
# ROOK_OBC_PROVISIONER_NAME_PREFIX: "custom-prefix"

# Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster.
# This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs.
ROOK_ENABLE_DISCOVERY_DAEMON: "false"
Expand Down
5 changes: 4 additions & 1 deletion pkg/operator/ceph/object/bucket/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,10 @@ const (

func NewBucketController(cfg *rest.Config, p *Provisioner, data map[string]string) (*provisioner.Provisioner, error) {
const allNamespaces = ""
provName := cephObject.GetObjectBucketProvisioner(data, p.clusterInfo.Namespace)
provName, err := cephObject.GetObjectBucketProvisioner(data, p.clusterInfo.Namespace)
if err != nil {
return nil, errors.Wrap(err, "failed to get provisioner name")
}

logger.Infof("ceph bucket provisioner launched watching for provisioner %q", provName)
return provisioner.NewProvisioner(cfg, provName, p, allNamespaces)
Expand Down
14 changes: 11 additions & 3 deletions pkg/operator/ceph/object/objectstore.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets"
validation "k8s.io/apimachinery/pkg/util/validation"
)

const (
Expand Down Expand Up @@ -845,13 +846,20 @@ func poolName(poolPrefix, poolName string) string {
}

// GetObjectBucketProvisioner returns the bucket provisioner name appended with operator namespace if OBC is watching on it
func GetObjectBucketProvisioner(data map[string]string, namespace string) string {
func GetObjectBucketProvisioner(data map[string]string, namespace string) (string, error) {
provName := bucketProvisionerName
obcWatchOnNamespace := k8sutil.GetValue(data, "ROOK_OBC_WATCH_OPERATOR_NAMESPACE", "false")
if strings.EqualFold(obcWatchOnNamespace, "true") {
obcProvisionerNamePrefix := k8sutil.GetValue(data, "ROOK_OBC_PROVISIONER_NAME_PREFIX", "")
if obcProvisionerNamePrefix != "" {
errList := validation.IsDNS1123Label(obcProvisionerNamePrefix)
if len(errList) > 0 {
return "", errors.Errorf("invalid OBC provisioner name prefix %q. %v", obcProvisionerNamePrefix, errList)
}
provName = fmt.Sprintf("%s.%s", obcProvisionerNamePrefix, bucketProvisionerName)
} else if obcWatchOnNamespace == "true" {
provName = fmt.Sprintf("%s.%s", namespace, bucketProvisionerName)
}
return provName
return provName, nil
}

// CheckDashboardUser returns true if the dashboard user exists and has the same credentials as the given user, else return false
Expand Down
29 changes: 26 additions & 3 deletions pkg/operator/ceph/object/objectstore_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,17 +227,40 @@ func TestGetObjectBucketProvisioner(t *testing.T) {
testNamespace := "test-namespace"
t.Setenv(k8sutil.PodNamespaceEnvVar, testNamespace)

t.Run("watch single namespace", func(t *testing.T) {
t.Run("watch ceph cluster namespace", func(t *testing.T) {
data := map[string]string{"ROOK_OBC_WATCH_OPERATOR_NAMESPACE": "true"}
bktprovisioner := GetObjectBucketProvisioner(data, testNamespace)
bktprovisioner, err := GetObjectBucketProvisioner(data, testNamespace)
assert.Equal(t, fmt.Sprintf("%s.%s", testNamespace, bucketProvisionerName), bktprovisioner)
assert.NoError(t, err)
})

t.Run("watch all namespaces", func(t *testing.T) {
data := map[string]string{"ROOK_OBC_WATCH_OPERATOR_NAMESPACE": "false"}
bktprovisioner := GetObjectBucketProvisioner(data, testNamespace)
bktprovisioner, err := GetObjectBucketProvisioner(data, testNamespace)
assert.Equal(t, bucketProvisionerName, bktprovisioner)
assert.NoError(t, err)
})

t.Run("prefix object provisioner", func(t *testing.T) {
data := map[string]string{"ROOK_OBC_PROVISIONER_NAME_PREFIX": "my-prefix"}
bktprovisioner, err := GetObjectBucketProvisioner(data, testNamespace)
assert.Equal(t, "my-prefix."+bucketProvisionerName, bktprovisioner)
assert.NoError(t, err)
})

t.Run("watch ceph cluster namespace and prefix object provisioner", func(t *testing.T) {
data := map[string]string{"ROOK_OBC_WATCH_OPERATOR_NAMESPACE": "true", "ROOK_OBC_PROVISIONER_NAME_PREFIX": "my-prefix"}
bktprovisioner, err := GetObjectBucketProvisioner(data, testNamespace)
assert.Equal(t, "my-prefix."+bucketProvisionerName, bktprovisioner)
assert.NoError(t, err)
})

t.Run("invalid prefix value for object provisioner", func(t *testing.T) {
data := map[string]string{"ROOK_OBC_PROVISIONER_NAME_PREFIX": "my-prefix."}
_, err := GetObjectBucketProvisioner(data, testNamespace)
assert.Error(t, err)
})

}

func TestRGWPGNumVersion(t *testing.T) {
Expand Down

0 comments on commit e0768f5

Please sign in to comment.