Re-organize
This commit is contained in:
@@ -17,6 +17,7 @@ These steps ensure that a Ceph Pool is created with appropriate Replication.
|
||||
* Create Realm: `radosgw-admin realm create --rgw-realm=default --default`
|
||||
* Create Zonegroup: `radosgw-admin zonegroup create --rgw-zonegroup=default --master --default --endpoints=http://ceph-rgw.object-store.svc.cluster.local:8080`
|
||||
* Create Zone: `radosgw-admin zone create --rgw-zone=default --master --default`
|
||||
* Set Zone endpoint: `radosgw-admin zone modify --rgw-zone=default --endpoints=http://ceph-rgw.object-store.svc.cluster.local:8080`
|
||||
* Ensure Zone is included in Zonegroup: `radosgw-admin zonegroup add --rgw-zonegroup=default --rgw-zone=default`
|
||||
* Update & Commit Period: `radosgw-admin period update --commit`
|
||||
* Set the default realm: `radosgw-admin realm default --rgw-realm=default`
|
||||
@@ -66,6 +67,9 @@ These steps ensure that a Ceph Pool is created with appropriate Replication.
|
||||
|ceph.conf|/etc/ceph/ceph.conf|Location of Ceph Monitors|
|
||||
|Keyring | /etc/ceph/ceph.client.rgw.k8s.svc.keyring | Auth token |
|
||||
|
||||
* **CRITICAL:** A newline must be present at the end of each file.
|
||||
* **CRITICAL:** Remove whitespace from the keyring file, except newlines.
|
||||
|
||||
* Create Secret manifests for deployment to K8s:
|
||||
|
||||
```
|
||||
@@ -179,24 +183,18 @@ spec:
|
||||
runAsGroup: 167
|
||||
allowPrivilegeEscalation: false
|
||||
volumeMounts:
|
||||
# Mount the ceph.conf file directly
|
||||
- name: ceph-config-vol
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
- name: ceph-keyring-vol
|
||||
mountPath: /etc/ceph/ceph.client.rgw.k8s.svc.keyring
|
||||
subPath: keyring
|
||||
mountPath: /etc/ceph/
|
||||
volumes:
|
||||
- name: ceph-config-vol
|
||||
secret:
|
||||
secretName: ceph-config
|
||||
defaultMode: 0444 # Global read for user 167
|
||||
items:
|
||||
- key: ceph.conf
|
||||
path: ceph.conf
|
||||
- name: ceph-keyring-vol
|
||||
secret:
|
||||
secretName: ceph-keyring
|
||||
items:
|
||||
- key: keyring
|
||||
- key: ceph.client.rgw.k8s.svc.keyring
|
||||
path: ceph.client.rgw.k8s.svc.keyring
|
||||
```
|
||||
|
||||
@@ -207,7 +205,7 @@ spec:
|
||||
**Do not commit this to Flux, run as and when required to manage RGW users and buckets**
|
||||
|
||||
#### Pod Manifest
|
||||
```
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
@@ -225,30 +223,20 @@ spec:
|
||||
env:
|
||||
- name: CEPH_ARGS
|
||||
value: "--name client.rgw.k8s.svc --keyring /etc/ceph/ceph.client.rgw.k8s.svc.keyring"
|
||||
|
||||
volumeMounts:
|
||||
# Mount the ceph.conf Secret
|
||||
volumeMounts:
|
||||
# Mount the ceph.conf file directly
|
||||
- name: ceph-config-vol
|
||||
mountPath: /etc/ceph/
|
||||
volumes:
|
||||
- name: ceph-config-vol
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
# Mount the keyring Secret to the file name radosgw-admin expects
|
||||
- name: ceph-keyring-vol
|
||||
mountPath: /etc/ceph/ceph.client.rgw.k8s.svc.keyring
|
||||
subPath: keyring
|
||||
|
||||
volumes:
|
||||
- name: ceph-config-vol
|
||||
secret:
|
||||
secretName: ceph-config
|
||||
items:
|
||||
- key: ceph.conf
|
||||
path: ceph.conf
|
||||
- name: ceph-keyring-vol
|
||||
secret:
|
||||
secretName: ceph-keyring
|
||||
items:
|
||||
- key: keyring
|
||||
path: ceph.client.rgw.k8s.svc.keyring # Use the explicit filename
|
||||
secret:
|
||||
secretName: ceph-config
|
||||
defaultMode: 0444 # Global read for user 167
|
||||
items:
|
||||
- key: ceph.conf
|
||||
path: ceph.conf
|
||||
- key: ceph.client.rgw.k8s.svc.keyring
|
||||
path: ceph.client.rgw.k8s.svc.keyring
|
||||
```
|
||||
|
||||
#### Managing RGW
|
||||
@@ -275,7 +263,7 @@ spec:
|
||||
|
||||
Deploy this in the namespace of the appliation requiring the S3 API Access
|
||||
|
||||
```
|
||||
```sh
|
||||
kubectl create secret generic s3-credentials \
|
||||
--namespace={application-namespace} \
|
||||
--from-literal=S3_ACCESS_KEY={access-key-from-user-creation} \
|
||||
|
||||
31
docs/Admin/index.md
Normal file
31
docs/Admin/index.md
Normal file
@@ -0,0 +1,31 @@
|
||||
## 🌐 Welcome to the Infrastructure Documentation Repository
|
||||
|
||||
This site provides technical documentation, configuration standards, and operational guides for our core infrastructure services and deployment environments.
|
||||
---
|
||||
## 🛑 Disclaimer
|
||||
|
||||
This documentation site is provided **"as is"** for informational and educational purposes only. Please read this disclaimer carefully before relying on any information contained within.
|
||||
|
||||
---
|
||||
|
||||
### 1. Accuracy and Currency
|
||||
|
||||
While we strive to ensure the information contained herein is accurate and current, we **make no warranties, express or implied,** about the completeness, reliability, suitability, or availability of the content. Infrastructure environments are constantly changing, and configurations may become outdated or specific to our unique setup. AI is used to produce documentation from the steps taken to deploy the solution into a live environment.
|
||||
|
||||
### 2. Security and Sensitive Information
|
||||
|
||||
This public documentation **intentionally omits** all sensitive, proprietary, and infrastructure-specific details, including:
|
||||
|
||||
* Actual **IP addresses, subnets, and hostnames**.
|
||||
* All **authentication keys, tokens, and secrets**.
|
||||
* Internal **network IDs or firewall rules** that could expose our systems.
|
||||
|
||||
Any examples provided (e.g., code snippets, network diagrams) use **placeholder values** and **generic identifiers**. Do **not** use any of the example values in a production environment.
|
||||
|
||||
### 3. Limitation of Liability
|
||||
|
||||
The authors and maintainers of this documentation will **not be held liable** for any direct, indirect, incidental, consequential, or punitive damages arising from the use of, or reliance on, any information presented here.
|
||||
|
||||
### 4. Use at Your Own Risk
|
||||
|
||||
Any action you take upon the information on this documentation site is strictly **at your own risk**. We strongly advise that you test all configurations and principles documented here in a non-production, segregated environment before applying them to any live infrastructure.
|
||||
3
docs/User/index.md
Normal file
3
docs/User/index.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# User
|
||||
|
||||
This group contains documentation aimed at end-users.
|
||||
@@ -1,31 +1,7 @@
|
||||
## 🌐 Welcome to the Infrastructure Documentation Repository
|
||||
## 🌐 Welcome to the FJLA Documentation
|
||||
|
||||
This site provides technical documentation, configuration standards, and operational guides for our core infrastructure services and deployment environments.
|
||||
---
|
||||
## 🛑 Disclaimer
|
||||
This site provides user documentation, technical documentation, configuration standards, and operational guides for our core infrastructure services and deployment environments.
|
||||
|
||||
This documentation site is provided **"as is"** for informational and educational purposes only. Please read this disclaimer carefully before relying on any information contained within.
|
||||
If you are a user seeking help [click here](User/index.md).
|
||||
|
||||
---
|
||||
|
||||
### 1. Accuracy and Currency
|
||||
|
||||
While we strive to ensure the information contained herein is accurate and current, we **make no warranties, express or implied,** about the completeness, reliability, suitability, or availability of the content. Infrastructure environments are constantly changing, and configurations may become outdated or specific to our unique setup. AI is used to produce documentation from the steps taken to deploy the solution into a live environment.
|
||||
|
||||
### 2. Security and Sensitive Information
|
||||
|
||||
This public documentation **intentionally omits** all sensitive, proprietary, and infrastructure-specific details, including:
|
||||
|
||||
* Actual **IP addresses, subnets, and hostnames**.
|
||||
* All **authentication keys, tokens, and secrets**.
|
||||
* Internal **network IDs or firewall rules** that could expose our systems.
|
||||
|
||||
Any examples provided (e.g., code snippets, network diagrams) use **placeholder values** and **generic identifiers**. Do **not** use any of the example values in a production environment.
|
||||
|
||||
### 3. Limitation of Liability
|
||||
|
||||
The authors and maintainers of this documentation will **not be held liable** for any direct, indirect, incidental, consequential, or punitive damages arising from the use of, or reliance on, any information presented here.
|
||||
|
||||
### 4. Use at Your Own Risk
|
||||
|
||||
Any action you take upon the information on this documentation site is strictly **at your own risk**. We strongly advise that you test all configurations and principles documented here in a non-production, segregated environment before applying them to any live infrastructure.
|
||||
If you are an administrator seeking configuration reference [click here](Admin/index.md).
|
||||
@@ -1,10 +1,14 @@
|
||||
site_name: FJLA Documentation
|
||||
nav:
|
||||
- Home: index.md
|
||||
- User:
|
||||
- Admin:
|
||||
- Virtualisation & Orchestration:
|
||||
- Combining K8s, PVE & Ceph: Admin/Virtualisation/pve-k8s-ceph-config.md
|
||||
- Deploy RADOS Gateway in K8s: Admin/Virtualisation/rados-gw-in-k8s.md
|
||||
|
||||
theme:
|
||||
name: material
|
||||
name: mkdocs
|
||||
color_mode: auto
|
||||
user_color_mode_toggle: true
|
||||
navigation_depth: 2
|
||||
|
||||
@@ -1,2 +1 @@
|
||||
mkdocs
|
||||
mkdocs-material
|
||||
mkdocs
|
||||
Reference in New Issue
Block a user