From fd022d4bc84326c3ba91230e29ef08e0c4306d65 Mon Sep 17 00:00:00 2001 From: Fred Boniface Date: Fri, 12 Dec 2025 13:57:05 +0000 Subject: [PATCH] Re-organize --- docs/Admin/Virtualisation/rados-gw-in-k8s.md | 58 ++++++++------------ docs/Admin/index.md | 31 +++++++++++ docs/User/index.md | 3 + docs/index.md | 32 ++--------- mkdocs.yaml | 6 +- requirements.txt | 3 +- 6 files changed, 67 insertions(+), 66 deletions(-) create mode 100644 docs/Admin/index.md create mode 100644 docs/User/index.md diff --git a/docs/Admin/Virtualisation/rados-gw-in-k8s.md b/docs/Admin/Virtualisation/rados-gw-in-k8s.md index c463787..3d7a237 100644 --- a/docs/Admin/Virtualisation/rados-gw-in-k8s.md +++ b/docs/Admin/Virtualisation/rados-gw-in-k8s.md @@ -17,6 +17,7 @@ These steps ensure that a Ceph Pool is created with appropriate Replication. * Create Realm: `radosgw-admin realm create --rgw-realm=default --default` * Create Zonegroup: `radosgw-admin zonegroup create --rgw-zonegroup=default --master --default --endpoints=http://ceph-rgw.object-store.svc.cluster.local:8080` * Create Zone: `radosgw-admin zone create --rgw-zone=default --master --default` + * Set Zone endpoint: `radosgw-admin zone modify --rgw-zone=default --endpoints=http://ceph-rgw.object-store.svc.cluster.local:8080` * Ensure Zone is included in Zonegroup: `radosgw-admin zonegroup add --rgw-zonegroup=default --rgw-zone=default` * Update & Commit Period: `radosgw-admin period update --commit` * Set the default realm: `radosgw-admin realm default --rgw-realm=default` @@ -66,6 +67,9 @@ These steps ensure that a Ceph Pool is created with appropriate Replication. |ceph.conf|/etc/ceph/ceph.conf|Location of Ceph Monitors| |Keyring | /etc/ceph/ceph.client.rgw.k8s.svc.keyring | Auth token | +* **CRITICAL:** A newline must be present at the end of each file. +* **CRITICAL:** Remove whitespace from the keyring file, except newlines. + * Create Secret manifests for deployment to K8s: ``` @@ -179,24 +183,18 @@ spec: runAsGroup: 167 allowPrivilegeEscalation: false volumeMounts: + # Mount the ceph.conf file directly - name: ceph-config-vol - mountPath: /etc/ceph/ceph.conf - subPath: ceph.conf - - name: ceph-keyring-vol - mountPath: /etc/ceph/ceph.client.rgw.k8s.svc.keyring - subPath: keyring + mountPath: /etc/ceph/ volumes: - name: ceph-config-vol secret: secretName: ceph-config + defaultMode: 0444 # Global read for user 167 items: - key: ceph.conf path: ceph.conf - - name: ceph-keyring-vol - secret: - secretName: ceph-keyring - items: - - key: keyring + - key: ceph.client.rgw.k8s.svc.keyring path: ceph.client.rgw.k8s.svc.keyring ``` @@ -207,7 +205,7 @@ spec: **Do not commit this to Flux, run as and when required to manage RGW users and buckets** #### Pod Manifest -``` +```yaml apiVersion: v1 kind: Pod metadata: @@ -225,30 +223,20 @@ spec: env: - name: CEPH_ARGS value: "--name client.rgw.k8s.svc --keyring /etc/ceph/ceph.client.rgw.k8s.svc.keyring" - - volumeMounts: - # Mount the ceph.conf Secret + volumeMounts: + # Mount the ceph.conf file directly + - name: ceph-config-vol + mountPath: /etc/ceph/ + volumes: - name: ceph-config-vol - mountPath: /etc/ceph/ceph.conf - subPath: ceph.conf - # Mount the keyring Secret to the file name radosgw-admin expects - - name: ceph-keyring-vol - mountPath: /etc/ceph/ceph.client.rgw.k8s.svc.keyring - subPath: keyring - - volumes: - - name: ceph-config-vol - secret: - secretName: ceph-config - items: - - key: ceph.conf - path: ceph.conf - - name: ceph-keyring-vol - secret: - secretName: ceph-keyring - items: - - key: keyring - path: ceph.client.rgw.k8s.svc.keyring # Use the explicit filename + secret: + secretName: ceph-config + defaultMode: 0444 # Global read for user 167 + items: + - key: ceph.conf + path: ceph.conf + - key: ceph.client.rgw.k8s.svc.keyring + path: ceph.client.rgw.k8s.svc.keyring ``` #### Managing RGW @@ -275,7 +263,7 @@ spec: Deploy this in the namespace of the appliation requiring the S3 API Access -``` +```sh kubectl create secret generic s3-credentials \ --namespace={application-namespace} \ --from-literal=S3_ACCESS_KEY={access-key-from-user-creation} \ diff --git a/docs/Admin/index.md b/docs/Admin/index.md new file mode 100644 index 0000000..eb6bc0f --- /dev/null +++ b/docs/Admin/index.md @@ -0,0 +1,31 @@ +## 🌐 Welcome to the Infrastructure Documentation Repository + +This site provides technical documentation, configuration standards, and operational guides for our core infrastructure services and deployment environments. +--- +## 🛑 Disclaimer + +This documentation site is provided **"as is"** for informational and educational purposes only. Please read this disclaimer carefully before relying on any information contained within. + +--- + +### 1. Accuracy and Currency + +While we strive to ensure the information contained herein is accurate and current, we **make no warranties, express or implied,** about the completeness, reliability, suitability, or availability of the content. Infrastructure environments are constantly changing, and configurations may become outdated or specific to our unique setup. AI is used to produce documentation from the steps taken to deploy the solution into a live environment. + +### 2. Security and Sensitive Information + +This public documentation **intentionally omits** all sensitive, proprietary, and infrastructure-specific details, including: + +* Actual **IP addresses, subnets, and hostnames**. +* All **authentication keys, tokens, and secrets**. +* Internal **network IDs or firewall rules** that could expose our systems. + +Any examples provided (e.g., code snippets, network diagrams) use **placeholder values** and **generic identifiers**. Do **not** use any of the example values in a production environment. + +### 3. Limitation of Liability + +The authors and maintainers of this documentation will **not be held liable** for any direct, indirect, incidental, consequential, or punitive damages arising from the use of, or reliance on, any information presented here. + +### 4. Use at Your Own Risk + +Any action you take upon the information on this documentation site is strictly **at your own risk**. We strongly advise that you test all configurations and principles documented here in a non-production, segregated environment before applying them to any live infrastructure. diff --git a/docs/User/index.md b/docs/User/index.md new file mode 100644 index 0000000..1f8cebc --- /dev/null +++ b/docs/User/index.md @@ -0,0 +1,3 @@ +# User + +This group contains documentation aimed at end-users. \ No newline at end of file diff --git a/docs/index.md b/docs/index.md index eb6bc0f..08ce6a1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,31 +1,7 @@ -## 🌐 Welcome to the Infrastructure Documentation Repository +## 🌐 Welcome to the FJLA Documentation -This site provides technical documentation, configuration standards, and operational guides for our core infrastructure services and deployment environments. ---- -## 🛑 Disclaimer +This site provides user documentation, technical documentation, configuration standards, and operational guides for our core infrastructure services and deployment environments. -This documentation site is provided **"as is"** for informational and educational purposes only. Please read this disclaimer carefully before relying on any information contained within. +If you are a user seeking help [click here](User/index.md). ---- - -### 1. Accuracy and Currency - -While we strive to ensure the information contained herein is accurate and current, we **make no warranties, express or implied,** about the completeness, reliability, suitability, or availability of the content. Infrastructure environments are constantly changing, and configurations may become outdated or specific to our unique setup. AI is used to produce documentation from the steps taken to deploy the solution into a live environment. - -### 2. Security and Sensitive Information - -This public documentation **intentionally omits** all sensitive, proprietary, and infrastructure-specific details, including: - -* Actual **IP addresses, subnets, and hostnames**. -* All **authentication keys, tokens, and secrets**. -* Internal **network IDs or firewall rules** that could expose our systems. - -Any examples provided (e.g., code snippets, network diagrams) use **placeholder values** and **generic identifiers**. Do **not** use any of the example values in a production environment. - -### 3. Limitation of Liability - -The authors and maintainers of this documentation will **not be held liable** for any direct, indirect, incidental, consequential, or punitive damages arising from the use of, or reliance on, any information presented here. - -### 4. Use at Your Own Risk - -Any action you take upon the information on this documentation site is strictly **at your own risk**. We strongly advise that you test all configurations and principles documented here in a non-production, segregated environment before applying them to any live infrastructure. +If you are an administrator seeking configuration reference [click here](Admin/index.md). \ No newline at end of file diff --git a/mkdocs.yaml b/mkdocs.yaml index 16526d0..8abdeb3 100644 --- a/mkdocs.yaml +++ b/mkdocs.yaml @@ -1,10 +1,14 @@ site_name: FJLA Documentation nav: - Home: index.md +- User: - Admin: - Virtualisation & Orchestration: - Combining K8s, PVE & Ceph: Admin/Virtualisation/pve-k8s-ceph-config.md - Deploy RADOS Gateway in K8s: Admin/Virtualisation/rados-gw-in-k8s.md theme: - name: material \ No newline at end of file + name: mkdocs + color_mode: auto + user_color_mode_toggle: true + navigation_depth: 2 diff --git a/requirements.txt b/requirements.txt index 21f876b..b854bca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1 @@ -mkdocs -mkdocs-material \ No newline at end of file +mkdocs \ No newline at end of file