The Ceph COSI driver provisions buckets for object storage. This document instructs on enabling the driver and consuming a bucket from a sample application.
Note
The Ceph COSI driver is currently in experimental mode.
The BucketClass and BucketAccessClass are CRDs defined by COSI. The BucketClass defines the storage class for the bucket. The BucketAccessClass defines the access class for the bucket. The BucketClass and BucketAccessClass are defined as below:
kind:BucketClaimapiVersion:objectstorage.k8s.io/v1alpha1metadata:name:sample-bcnamespace:default# any namespace can be usedspec:bucketClassName:sample-bccprotocols:-s3
kind:BucketAccessapiVersion:objectstorage.k8s.io/v1alpha1metadata:name:sample-accessnamespace:default# any namespace can be usedspec:bucketAccessClassName:sample-bacbucketClaimName:sample-bcprotocol:s3# Change to the name of the secret where access details are storedcredentialsSecretName:sample-secret-name
volumes:-name:cosi-secretssecret:# Set the name of the secret from the BucketAccesssecretName:sample-secret-namespec:containers:-name:sample-appvolumeMounts:-name:cosi-secretsmountPath:/data/cosi
The Secret will be mounted in the pod in the path: /data/cosi/BucketInfo. The app must parse the JSON object to load the bucket connection details.
Another approach is the json data can be parsed by the application to access the bucket via init container. Following is a sample init container which parses the json data and creates a file with the access details:
set-e
jsonfile=%s
if[-d"$jsonfile"];thenexportENDPOINT=$(jq-r'.spec.secretS3.endpoint'$jsonfile)exportBUCKET=$(jq-r'.spec.bucketName'$jsonfile)exportAWS_ACCESS_KEY_ID=$(jq-r'.spec.secretS3.accessKeyID'$jsonfile)exportAWS_SECRET_ACCESS_KEY=$(jq-r'.spec.secretS3.accessSecretKey'$jsonfile)fielseecho"Error: $jsonfile does not exist"exit1fi
apiVersion:v1kind:Podmetadata:name:sample-appnamespace:rook-cephspec:containers:-name:sample-appimage:busyboxcommand:["/bin/sh","-c","sleep3600"]volumeMounts:-name:cosi-secretsmountPath:/data/cosiinitContainers:-name:init-cosiimage:busyboxcommand:["/bin/sh","-c","setup-aws-credentials/data/cosi/BucketInfo/credentials"]volumeMounts:-name:cosi-secretsmountPath:/data/cosivolumes:-name:cosi-secretssecret:# Set the name of the secret from the BucketAccesssecretName:sample-secret-name