-
Notifications
You must be signed in to change notification settings - Fork 1
Managing Buckets
Creating, modifying, and deleting the buckets are all done using the S3Bucket resource.
After the successful creation of the s3UserClaim, you can create new buckets in the same namespace by applying a manifest like the below customization:
apiVersion: s3.snappcloud.io/v1alpha1
kind: S3Bucket
metadata:
name: s3bucket-sample
namespace: s3-oprator-test
spec:
s3UserRef: s3userclaim-sample
s3DeletionPolicy: delete
s3SubuserBinding:
- name: subuser1
access: write
- name: subuser2
access: readThere are two fields that you have to consider while defining the bucket CRD:
-
s3UserRef: Equal to thes3UserClaimname defined in the previous step. This field is immutable; i.e., you cannot change it after the bucket creation. -
s3DeletionPolicy: Usedeleteif you want your buckets removed after deleting thes3Bucketobject, and useretainif you want to keep it on the S3 cluster after deleting the object. (default:delete)
By default, subusers are limited to listing the created buckets and do not have the capability to put, get, or remove any objects from them unless you grant them additional access. To grant this additional access, you need to define the access levels for each subuser within the subusersBinding section.
The table below provides a breakdown of the available access levels:
| Access Level | Permitted Actions |
|---|---|
| read | s3:GetObject |
| write |
s3:GetObjects3:DeleteObjects3:PutObject
|
To remove a bucket, delete the s3Bucket object via the oc delete command like:
oc delete s3bucket s3bucket-sampleAs mentioned earlier, it will be deleted on the S3 Object Storage if s3DeletionPolicy is set to delete and kept there if it is set to retain.
Caution: A bucket cannot be deleted unless it is empty. If you attempt to delete a non-empty S3 bucket instance with the
s3DeletionPolicyset todelete, the deletion operation will fail, and an error will be recorded in the reason section of the instance's status.