333 lines
16 KiB
YAML
333 lines
16 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.19.0
|
|
helm.sh/resource-policy: keep
|
|
name: cephobjectstoreusers.ceph.rook.io
|
|
spec:
|
|
group: ceph.rook.io
|
|
names:
|
|
kind: CephObjectStoreUser
|
|
listKind: CephObjectStoreUserList
|
|
plural: cephobjectstoreusers
|
|
shortNames:
|
|
- rcou
|
|
- objectuser
|
|
- cephosu
|
|
singular: cephobjectstoreuser
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .status.phase
|
|
name: Phase
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: CephObjectStoreUser represents a Ceph Object Store Gateway User
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ObjectStoreUserSpec represent the spec of an Objectstoreuser
|
|
properties:
|
|
capabilities:
|
|
description: Additional admin-level capabilities for the Ceph object store user
|
|
nullable: true
|
|
properties:
|
|
amz-cache:
|
|
description: Add capabilities for user to send request to RGW Cache API header. Documented in https://docs.ceph.com/en/latest/radosgw/rgw-cache/#cache-api
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
bilog:
|
|
description: Add capabilities for user to change bucket index logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
bucket:
|
|
description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
buckets:
|
|
description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
datalog:
|
|
description: Add capabilities for user to change data logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
info:
|
|
description: Admin capabilities to read/write information about the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
mdlog:
|
|
description: Add capabilities for user to change metadata logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
metadata:
|
|
description: Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
oidc-provider:
|
|
description: Add capabilities for user to change oidc provider. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
ratelimit:
|
|
description: Add capabilities for user to set rate limiter for user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
roles:
|
|
description: Admin capabilities to read/write roles for user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
usage:
|
|
description: Admin capabilities to read/write Ceph object store usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
user:
|
|
description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
user-policy:
|
|
description: Add capabilities for user to change user policies. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
users:
|
|
description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
zone:
|
|
description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
|
|
enum:
|
|
- '*'
|
|
- read
|
|
- write
|
|
- read, write
|
|
type: string
|
|
type: object
|
|
clusterNamespace:
|
|
description: The namespace where the parent CephCluster and CephObjectStore are found
|
|
type: string
|
|
displayName:
|
|
description: The display name for the ceph user.
|
|
type: string
|
|
keys:
|
|
description: |-
|
|
Allows specifying credentials for the user. If not provided, the operator
|
|
will generate them.
|
|
items:
|
|
description: |-
|
|
ObjectUserKey defines a set of rgw user access credentials to be retrieved
|
|
from secret resources.
|
|
properties:
|
|
accessKeyRef:
|
|
description: Secret key selector for the access_key (commonly referred to as AWS_ACCESS_KEY_ID).
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must be a valid secret key.
|
|
type: string
|
|
name:
|
|
default: ""
|
|
description: |-
|
|
Name of the referent.
|
|
This field is effectively required, but due to backwards compatibility is
|
|
allowed to be empty. Instances of this type with an empty value here are
|
|
almost certainly wrong.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
optional:
|
|
description: Specify whether the Secret or its key must be defined
|
|
type: boolean
|
|
required:
|
|
- key
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
secretKeyRef:
|
|
description: Secret key selector for the secret_key (commonly referred to as AWS_SECRET_ACCESS_KEY).
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must be a valid secret key.
|
|
type: string
|
|
name:
|
|
default: ""
|
|
description: |-
|
|
Name of the referent.
|
|
This field is effectively required, but due to backwards compatibility is
|
|
allowed to be empty. Instances of this type with an empty value here are
|
|
almost certainly wrong.
|
|
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
type: string
|
|
optional:
|
|
description: Specify whether the Secret or its key must be defined
|
|
type: boolean
|
|
required:
|
|
- key
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
type: array
|
|
opMask:
|
|
description: The op-mask of the user.
|
|
items:
|
|
description: 'Internally, RGW labels "operations" on persistent state as `RGW_OP_TYPE_READ` (`read`), `RGW_OP_TYPE_WRITE` (`write`), or `RGW_OP_TYPE_DELETE` (`delete`). All RGW users have an "operation mask", which does not function as mask or filter as is typically implied by the word "mask", but as a set of allowed or permissible "operation" types the user is able to perform. The "operation mask" is applied regardless of the bucket or IAM policy. For example, in order for an RGW user to be able to read an object from a bucket, that user must have **both** the `read` "op mask" bit and an IAM/bucket policy that allows `s3:GetObject`. The default operations allowed are `read`, `write`, and `delete`. Setting the value to `[]` (an empty YAML sequence) causes all "operations" in the mask to be removed, meaning that the user will not be able to perform any operations. These operation masks are supported: `read`, `write`, `delete`'
|
|
enum:
|
|
- read
|
|
- write
|
|
- delete
|
|
type: string
|
|
maxItems: 3
|
|
minItems: 0
|
|
type: array
|
|
x-kubernetes-list-type: set
|
|
quotas:
|
|
description: ObjectUserQuotaSpec can be used to set quotas for the object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) for more
|
|
nullable: true
|
|
properties:
|
|
maxBuckets:
|
|
description: Maximum bucket limit for the ceph user
|
|
nullable: true
|
|
type: integer
|
|
maxObjects:
|
|
description: Maximum number of objects across all the user's buckets
|
|
format: int64
|
|
nullable: true
|
|
type: integer
|
|
maxSize:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: |-
|
|
Maximum size limit of all objects across all the user's buckets
|
|
See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info.
|
|
nullable: true
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
store:
|
|
description: The store the user will be created in
|
|
type: string
|
|
type: object
|
|
status:
|
|
description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User
|
|
properties:
|
|
info:
|
|
additionalProperties:
|
|
type: string
|
|
nullable: true
|
|
type: object
|
|
keys:
|
|
items:
|
|
properties:
|
|
name:
|
|
description: name is unique within a namespace to reference a secret resource.
|
|
type: string
|
|
namespace:
|
|
description: namespace defines the space within which the secret name must be unique.
|
|
type: string
|
|
resourceVersion:
|
|
type: string
|
|
uid:
|
|
description: |-
|
|
UID is a type that holds unique ID values, including UUIDs. Because we
|
|
don't ONLY use UUIDs, this is an alias to string. Being a type captures
|
|
intent and helps make sure that UIDs and names do not get conflated.
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
nullable: true
|
|
type: array
|
|
observedGeneration:
|
|
description: ObservedGeneration is the latest generation observed by the controller.
|
|
format: int64
|
|
type: integer
|
|
phase:
|
|
type: string
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
required:
|
|
- metadata
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|