From ef82f48166bc503a8d97a2765433c818dfd52883 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 7 Oct 2024 09:46:23 -0700 Subject: [PATCH 1/6] (fleet/external-secret-conf) add onepassword-oods ClusterSecretStore To these clusters: - chonchon - elqui - konkong - pillan - ruka --- fleet/lib/external-secrets-conf/fleet.yaml | 35 ++++++++++++++++--- .../clustersecretstore-onepassword.yaml | 9 ++--- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/fleet/lib/external-secrets-conf/fleet.yaml b/fleet/lib/external-secrets-conf/fleet.yaml index f6a6545b1..30b463a78 100644 --- a/fleet/lib/external-secrets-conf/fleet.yaml +++ b/fleet/lib/external-secrets-conf/fleet.yaml @@ -10,10 +10,12 @@ helm: waitForJobs: true values: site: ${ .ClusterLabels.site } - vaults: - ${ .ClusterName }.${ .ClusterLabels.site }: 1 - k8s-${ .ClusterLabels.site }: 2 - k8s-common: 3 + clusterSecretStores: + onepassword: + vaults: + ${ .ClusterName }.${ .ClusterLabels.site }: 1 + k8s-${ .ClusterLabels.site }: 2 + k8s-common: 3 dependsOn: - selector: matchLabels: @@ -34,3 +36,28 @@ targetCustomizations: ${ .ClusterName }.${ .ClusterLabels.site }: ~ # it probaly would have been easier to name the vaults local.... rancher.${ .ClusterLabels.site }: 1 + - name: oods-cluster + clusterSelector: + matchExpressions: + - key: management.cattle.io/cluster-display-name + operator: In + values: + - chonchon + - elqui + - konkong + - pillan + - ruka + helm: + values: + clusterSecretStores: + onepassword-oods: + vaults: + oods.${ .ClusterLabels.site }: 1 + - name: elqui # will replace chonchon + clusterName: elqui + helm: + values: + clusterSecretStores: + onepassword-oods: + vaults: + oods.elqui: 1 diff --git a/fleet/lib/external-secrets-conf/templates/clustersecretstore-onepassword.yaml b/fleet/lib/external-secrets-conf/templates/clustersecretstore-onepassword.yaml index 7dcca9b83..25a33d7f5 100644 --- a/fleet/lib/external-secrets-conf/templates/clustersecretstore-onepassword.yaml +++ b/fleet/lib/external-secrets-conf/templates/clustersecretstore-onepassword.yaml @@ -1,19 +1,20 @@ # yamllint disable-file +{{- range $name, $v := .Values.clusterSecretStores }} --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: - name: onepassword - namespace: external-secrets + name: {{ $name }} spec: provider: onepassword: - connectHost: https://connect.{{ .Values.site }}.lsst.org + connectHost: https://connect.{{ $.Values.site }}.lsst.org vaults: -{{ toYaml .Values.vaults | indent 8 }} +{{ toYaml $v.vaults | indent 8 }} auth: secretRef: connectTokenSecretRef: name: onepassword-connect-token key: token namespace: external-secrets +{{- end }} From 9dc172ba84998d0d57e226c65295f6ebf604d08a Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Wed, 2 Oct 2024 15:28:03 -0700 Subject: [PATCH 2/6] (elqui) add lfa users for oods --- .../templates/cephobjectstoreuser-butler.yaml | 36 +++++++++++++++++++ .../templates/cephobjectstoreuser-latiss.yaml | 36 +++++++++++++++++++ .../cephobjectstoreuser-lsstcam.yaml | 36 +++++++++++++++++++ .../cephobjectstoreuser-oods-latiss.yaml | 33 +++++++++++++++++ .../cephobjectstoreuser-oods-lsstcam.yaml | 33 +++++++++++++++++ 5 files changed, 174 insertions(+) create mode 100644 fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-butler.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-lsstcam.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-lsstcam.yaml diff --git a/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-butler.yaml b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-butler.yaml new file mode 100644 index 000000000..7a3c8df52 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-butler.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: butler + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 2 + maxSize: 2Pi +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-butler + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-butler + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: butler + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: butler + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-latiss.yaml new file mode 100644 index 000000000..244932fce --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-latiss.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 + maxSize: 100Ti +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-lsstcam.yaml new file mode 100644 index 000000000..f60d3050b --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-lsstcam.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 + maxSize: 1Pi +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: lsstcam + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-latiss.yaml new file mode 100644 index 000000000..83c06ace2 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-latiss.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-lsstcam.yaml new file mode 100644 index 000000000..63d1fd309 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreuser-oods-lsstcam.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_SECRET_ACCESS_KEY From 00ac401b11b25f19b0390e43d4fe8b09e3061438 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 7 Oct 2024 11:12:00 -0700 Subject: [PATCH 3/6] (ruka) add lfa users for oods --- .../templates/cephobjectstoreuser-butler.yaml | 35 +++++++++++++++++++ .../templates/cephobjectstoreuser-latiss.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-lsstcam.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-oods-latiss.yaml | 33 +++++++++++++++++ .../cephobjectstoreuser-oods-lsstcam.yaml | 33 +++++++++++++++++ 5 files changed, 171 insertions(+) create mode 100644 fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-butler.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-lsstcam.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-lsstcam.yaml diff --git a/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-butler.yaml b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-butler.yaml new file mode 100644 index 000000000..b7b635f4f --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-butler.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: butler + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 2 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-butler + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-butler + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: butler + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: butler + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-latiss.yaml new file mode 100644 index 000000000..126e4e9ec --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-latiss.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-lsstcam.yaml new file mode 100644 index 000000000..a09e0ec6a --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-lsstcam.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: lsstcam + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-latiss.yaml new file mode 100644 index 000000000..83c06ace2 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-latiss.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-lsstcam.yaml new file mode 100644 index 000000000..63d1fd309 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/ruka/templates/cephobjectstoreuser-oods-lsstcam.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_SECRET_ACCESS_KEY From ca6e2d65b62bc56019e4e1b2d28ae9ff4c313286 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 7 Oct 2024 11:21:41 -0700 Subject: [PATCH 4/6] (pillan) add lfa users for oods --- .../templates/cephobjectstoreuser-butler.yaml | 35 +++++++++++++++++++ .../templates/cephobjectstoreuser-comcam.yaml | 35 +++++++++++++++++++ .../templates/cephobjectstoreuser-latiss.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-oods-comcam.yaml | 33 +++++++++++++++++ .../cephobjectstoreuser-oods-latiss.yaml | 33 +++++++++++++++++ 5 files changed, 171 insertions(+) create mode 100644 fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-butler.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-comcam.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-comcam.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-latiss.yaml diff --git a/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-butler.yaml b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-butler.yaml new file mode 100644 index 000000000..b7b635f4f --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-butler.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: butler + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 2 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-butler + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-butler + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: butler + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: butler + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-comcam.yaml b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-comcam.yaml new file mode 100644 index 000000000..a0bb01cb3 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-comcam.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: comcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-comcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-comcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: comcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: comcam + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-latiss.yaml new file mode 100644 index 000000000..126e4e9ec --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-latiss.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-comcam.yaml b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-comcam.yaml new file mode 100644 index 000000000..01a4394be --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-comcam.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-comcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-comcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-comcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-comcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-comcam + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-latiss.yaml new file mode 100644 index 000000000..83c06ace2 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/pillan/templates/cephobjectstoreuser-oods-latiss.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-latiss + property: AWS_SECRET_ACCESS_KEY From 3b7d0c847df15ba5db94f8e6ac1bb75a3735867d Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 7 Oct 2024 11:24:08 -0700 Subject: [PATCH 5/6] (konkong) add lfa users for oods --- .../templates/cephobjectstoreuser-butler.yaml | 35 +++++++++++++++++++ .../templates/cephobjectstoreuser-latiss.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-lsstcam.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-oods-latiss.yaml | 33 +++++++++++++++++ .../cephobjectstoreuser-oods-lsstcam.yaml | 33 +++++++++++++++++ 5 files changed, 171 insertions(+) create mode 100644 fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-butler.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-lsstcam.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-lsstcam.yaml diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-butler.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-butler.yaml new file mode 100644 index 000000000..b7b635f4f --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-butler.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: butler + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 2 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-butler + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-butler + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: butler + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: butler + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-latiss.yaml new file mode 100644 index 000000000..126e4e9ec --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-latiss.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-lsstcam.yaml new file mode 100644 index 000000000..a09e0ec6a --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-lsstcam.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: lsstcam + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-latiss.yaml new file mode 100644 index 000000000..83c06ace2 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-latiss.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-lsstcam.yaml new file mode 100644 index 000000000..63d1fd309 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-oods-lsstcam.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_SECRET_ACCESS_KEY From ab29dc425a9786a9be64e8cd476369e4c37389ca Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 7 Oct 2024 11:47:51 -0700 Subject: [PATCH 6/6] (chonchon) add lfa users for oods --- .../templates/cephobjectstoreuser-butler.yaml | 35 +++++++++++++++++++ .../templates/cephobjectstoreuser-latiss.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-lsstcam.yaml | 35 +++++++++++++++++++ .../cephobjectstoreuser-oods-latiss.yaml | 33 +++++++++++++++++ .../cephobjectstoreuser-oods-lsstcam.yaml | 33 +++++++++++++++++ 5 files changed, 171 insertions(+) create mode 100644 fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-butler.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-lsstcam.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-latiss.yaml create mode 100644 fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-lsstcam.yaml diff --git a/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-butler.yaml b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-butler.yaml new file mode 100644 index 000000000..b7b635f4f --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-butler.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: butler + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 2 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-butler + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-butler + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: butler + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: butler + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-latiss.yaml new file mode 100644 index 000000000..126e4e9ec --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-latiss.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-lsstcam.yaml new file mode 100644 index 000000000..a09e0ec6a --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-lsstcam.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph + quotas: + maxBuckets: 1 +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-lfa-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-lfa-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: lsstcam + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-latiss.yaml new file mode 100644 index 000000000..83c06ace2 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-latiss.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-latiss + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-latiss + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-latiss + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-latiss + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-latiss + property: AWS_SECRET_ACCESS_KEY diff --git a/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-lsstcam.yaml new file mode 100644 index 000000000..63d1fd309 --- /dev/null +++ b/fleet/lib/rook-ceph-conf/charts/chonchon/templates/cephobjectstoreuser-oods-lsstcam.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: oods-lsstcam + namespace: rook-ceph +spec: + store: lfa + clusterNamespace: rook-ceph +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: rook-ceph-object-user-oods-lsstcam + namespace: rook-ceph +spec: + secretStoreRefs: + - kind: ClusterSecretStore + name: onepassword-oods + selector: + secret: + name: rook-ceph-object-user-oods-lsstcam + data: + - match: + secretKey: AccessKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_ACCESS_KEY_ID + - match: + secretKey: SecretKey + remoteRef: + remoteKey: oods-lsstcam + property: AWS_SECRET_ACCESS_KEY