Re-organize

docs/Admin/Virtualisation/rados-gw-in-k8s.md

@@ -17,6 +17,7 @@ These steps ensure that a Ceph Pool is created with appropriate Replication.
     * Create Realm: `radosgw-admin realm create --rgw-realm=default --default`
     * Create Zonegroup: `radosgw-admin zonegroup create --rgw-zonegroup=default --master --default --endpoints=http://ceph-rgw.object-store.svc.cluster.local:8080`
     * Create Zone: `radosgw-admin zone create --rgw-zone=default --master --default`
+    * Set Zone endpoint: `radosgw-admin zone modify --rgw-zone=default --endpoints=http://ceph-rgw.object-store.svc.cluster.local:8080`
     * Ensure Zone is included in Zonegroup: `radosgw-admin zonegroup add --rgw-zonegroup=default --rgw-zone=default`
     * Update & Commit Period: `radosgw-admin period update --commit`
     * Set the default realm: `radosgw-admin realm default --rgw-realm=default`
@@ -66,6 +67,9 @@ These steps ensure that a Ceph Pool is created with appropriate Replication.
     |ceph.conf|/etc/ceph/ceph.conf|Location of Ceph Monitors|
     |Keyring | /etc/ceph/ceph.client.rgw.k8s.svc.keyring | Auth token |
 
+* **CRITICAL:** A newline must be present at the end of each file.
+* **CRITICAL:** Remove whitespace from the keyring file, except newlines.
+
 * Create Secret manifests for deployment to K8s:
 
   ```
@@ -179,24 +183,18 @@ spec:
           runAsGroup: 167
           allowPrivilegeEscalation: false
         volumeMounts:
+        # Mount the ceph.conf file directly
         - name: ceph-config-vol
-          mountPath: /etc/ceph/ceph.conf
-          subPath: ceph.conf
-        - name: ceph-keyring-vol
-          mountPath: /etc/ceph/ceph.client.rgw.k8s.svc.keyring
-          subPath: keyring
+          mountPath: /etc/ceph/
       volumes:
       - name: ceph-config-vol
         secret:
           secretName: ceph-config
+          defaultMode: 0444 # Global read for user 167
           items:
           - key: ceph.conf
             path: ceph.conf
-      - name: ceph-keyring-vol
-        secret:
-          secretName: ceph-keyring
-          items:
-          - key: keyring
+          - key: ceph.client.rgw.k8s.svc.keyring
             path: ceph.client.rgw.k8s.svc.keyring
 ```
 
@@ -207,7 +205,7 @@ spec:
 **Do not commit this to Flux, run as and when required to manage RGW users and buckets**
 
 #### Pod Manifest
-```
+```yaml
 apiVersion: v1
 kind: Pod
 metadata:
@@ -225,30 +223,20 @@ spec:
     env:
     - name: CEPH_ARGS
       value: "--name client.rgw.k8s.svc --keyring /etc/ceph/ceph.client.rgw.k8s.svc.keyring"
-      
-    volumeMounts:
-    # Mount the ceph.conf Secret
+      volumeMounts:
+      # Mount the ceph.conf file directly
+      - name: ceph-config-vol
+        mountPath: /etc/ceph/
+    volumes:
     - name: ceph-config-vol
-      mountPath: /etc/ceph/ceph.conf
-      subPath: ceph.conf
-    # Mount the keyring Secret to the file name radosgw-admin expects
-    - name: ceph-keyring-vol
-      mountPath: /etc/ceph/ceph.client.rgw.k8s.svc.keyring
-      subPath: keyring
-      
-  volumes:
-  - name: ceph-config-vol
-    secret:
-      secretName: ceph-config 
-      items:
-      - key: ceph.conf
-        path: ceph.conf
-  - name: ceph-keyring-vol
-    secret:
-      secretName: ceph-keyring
-      items:
-      - key: keyring
-        path: ceph.client.rgw.k8s.svc.keyring # Use the explicit filename
+      secret:
+        secretName: ceph-config
+        defaultMode: 0444 # Global read for user 167
+        items:
+        - key: ceph.conf
+          path: ceph.conf
+        - key: ceph.client.rgw.k8s.svc.keyring
+          path: ceph.client.rgw.k8s.svc.keyring
 ```
 
 #### Managing RGW
@@ -275,7 +263,7 @@ spec:
 
 Deploy this in the namespace of the appliation requiring the S3 API Access
 
-```
+```sh
 kubectl create secret generic s3-credentials \
   --namespace={application-namespace} \
   --from-literal=S3_ACCESS_KEY={access-key-from-user-creation} \