CephObjectStore v1 — ceph.rook.io

auth object

The authentication configuration

keystone object

The spec for Keystone

acceptedRoles []string required

The roles requires to serve requests.

implicitTenants string

Create new users in their own tenants of the same name. Possible values are true, false, swift and s3. The latter have the effect of splitting the identity space such that only the indicated protocol will use implicit tenants.

revocationInterval integer

The number of seconds between token revocation checks.

serviceUserSecretName string required

The name of the secret containing the credentials for the service user account used by RGW. It has to be in the same namespace as the object store resource.

tokenCacheSize integer

The maximum number of entries in each Keystone token cache.

url string required

The URL for the Keystone server.

dataPool object

The data pool settings

application string

The application name to set on the pool. Only expected to be set for rgw pools.

compressionMode string

DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters

enum: none, passive, aggressive, force,

crushRoot string

The root of the crush hierarchy utilized by the pool

deviceClass string

The device class the OSD should set to for use in the pool

enableCrushUpdates boolean

Allow rook operator to change the pool CRUSH tunables once the pool is created

enableRBDStats boolean

EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool

erasureCoded object

The erasure code settings

algorithm string

The algorithm for erasure coding. If absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.

enum: isa, jerasure

codingChunks integer required

Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered.

minimum: 0

dataChunks integer required

Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.

minimum: 0

failureDomain string

The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map

mirroring object

The mirroring settings

enabled boolean

Enabled whether this pool is mirrored or not

mode string

Mode is the mirroring mode: pool, image or init-only.

enum: pool, image, init-only

peers object

Peers represents the peers spec

secretNames []string

SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers

snapshotSchedules []object

SnapshotSchedules is the scheduling of snapshot for mirrored images/pools

interval string

Interval represent the periodicity of the snapshot.

path string

Path is the path to snapshot, only valid for CephFS

startTime string

StartTime indicates when to start the snapshot

parameters object

Parameters is a list of properties to enable on a given pool

quotas object

The quota settings

maxBytes integer

MaxBytes represents the quota in bytes Deprecated in favor of MaxSize

format: int64

maxObjects integer

MaxObjects represents the quota in objects

format: int64

maxSize string

MaxSize represents the quota in bytes as a string

pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$

replicated object

The replication settings

hybridStorage object

HybridStorage represents hybrid storage tier settings

primaryDeviceClass string required

PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD

minLength: 1

secondaryDeviceClass string required

SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs

minLength: 1

replicasPerFailureDomain integer

ReplicasPerFailureDomain the number of replica in the specified failure domain

minimum: 1

requireSafeReplicaSize boolean

RequireSafeReplicaSize if false allows you to set replica 1

size integer required

Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)

minimum: 0

subFailureDomain string

SubFailureDomain the name of the sub-failure domain

targetSizeRatio number

TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity

minimum: 0

statusCheck object

The mirroring statusCheck

mirror object

HealthCheckSpec represents the health check of an object store bucket

disabled boolean

interval string

Interval is the internal in second or minute for the health check to run like 60s for 60 seconds

timeout string

gateway object

The rgw pod info

additionalVolumeMounts []object

AdditionalVolumeMounts allows additional volumes to be mounted to the RGW pod. The root directory for each additional volume mount is `/var/rgw`. Example: for an additional mount at subPath `ldap`, mounted from a secret that has key `bindpass.secret`, the file would reside at `/var/rgw/ldap/bindpass.secret`.

subPath string required

SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will be mounted. All files/keys in the volume source's volume will be mounted to the subdirectory. This is not the same as the Kubernetes `subPath` volume mount option. Each subPath definition must be unique and must not contain ':'.

pattern: ^[^:]+$

minLength: 1

volumeSource object required

configMap object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

emptyDir object

medium string

sizeLimit string | integer

string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

hostPath object

path string required

type string

persistentVolumeClaim object

claimName string required

readOnly boolean

projected object

defaultMode integer

format: int32

sources []object

clusterTrustBundle object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

name string

optional boolean

path string required

signerName string

configMap object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

downwardAPI object

items []object

fieldRef object

apiVersion string

fieldPath string required

mode integer

format: int32

path string required

resourceFieldRef object

containerName string

divisor string | integer

string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

resource string required

podCertificate object

certificateChainPath string

credentialBundlePath string

keyPath string

keyType string required

maxExpirationSeconds integer

format: int32

signerName string required

userAnnotations object

secret object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

serviceAccountToken object

audience string

expirationSeconds integer

format: int64

path string required

secret object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

optional boolean

secretName string

annotations object

The annotations-related configuration to add/set on each Pod related object.

caBundleRef string

The name of the secret that stores custom ca-bundle with root and intermediate certificates.

dashboardEnabled boolean

Whether rgw dashboard is enabled for the rgw daemon. If not set, the rgw dashboard will be enabled.

disableMultisiteSyncTraffic boolean

DisableMultisiteSyncTraffic, when true, prevents this object store's gateways from transmitting multisite replication data. Note that this value does not affect whether gateways receive multisite replication traffic: see ObjectZone.spec.customEndpoints for that. If false or unset, this object store's gateways will be able to transmit multisite replication data.

externalRgwEndpoints []object

ExternalRgwEndpoints points to external RGW endpoint(s). Multiple endpoints can be given, but for stability of ObjectBucketClaims, we highly recommend that users give only a single external RGW endpoint that is a load balancer that sends requests to the multiple RGWs.

hostname string

The DNS-addressable Hostname of this endpoint. This field will be preferred over IP if both are given.

ip string

The IP of this endpoint. As a legacy behavior, this supports being given a DNS-addressable hostname as well.

hostNetwork boolean

Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.

instances integer

The number of pods in the rgw replicaset.

format: int32

labels object

The labels-related configuration to add/set on each Pod related object.

opsLogSidecar object

Enable enhanced operation Logs for S3 in a sidecar named ops-log

resources object

Resources represents the way to specify resource requirements for the ops-log sidecar

claims []object

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

name string required

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

limits object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

placement object

nodeAffinity object

preferredDuringSchedulingIgnoredDuringExecution []object

preference object required

matchExpressions []object

key string required

operator string required

values []string

matchFields []object

key string required

operator string required

values []string

weight integer required

format: int32

requiredDuringSchedulingIgnoredDuringExecution object

nodeSelectorTerms []object required

matchExpressions []object

key string required

operator string required

values []string

matchFields []object

key string required

operator string required

values []string

podAffinity object

preferredDuringSchedulingIgnoredDuringExecution []object

podAffinityTerm object required

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

weight integer required

format: int32

requiredDuringSchedulingIgnoredDuringExecution []object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

podAntiAffinity object

preferredDuringSchedulingIgnoredDuringExecution []object

podAffinityTerm object required

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

weight integer required

format: int32

requiredDuringSchedulingIgnoredDuringExecution []object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

tolerations []object

effect string

key string

operator string

tolerationSeconds integer

format: int64

value string

topologySpreadConstraints []object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

maxSkew integer required

format: int32

minDomains integer

format: int32

nodeAffinityPolicy string

nodeTaintsPolicy string

topologyKey string required

whenUnsatisfiable string required

port integer

The port the rgw service will be listening on (http)

format: int32

priorityClassName string

PriorityClassName sets priority classes on the rgw pods

readAffinity object

ReadAffinity defines the RGW read affinity policy to optimize the read requests for the RGW clients Note: Only supported from Ceph Tentacle (v20)

type string required

Type defines the RGW ReadAffinity type localize: read from the nearest OSD based on crush location of the RGW client balance: picks a random OSD from the PG's active set default: read from the primary OSD

enum: localize, balance, default

resources object

The resource requirements for the rgw pods

claims []object

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

name string required

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

limits object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

rgwCommandFlags object

RgwCommandFlags sets Ceph RGW config values for the gateway clients that serve this object store. Values are modified at RGW startup, resulting in RGW pod restarts. This feature is intended for advanced users. It allows breaking configurations to be easily applied. Use with caution.

rgwConfig object

RgwConfig sets Ceph RGW config values for the gateway clients that serve this object store. Values are modified at runtime without RGW restart. This feature is intended for advanced users. It allows breaking configurations to be easily applied. Use with caution.

rgwConfigFromSecret object

RgwConfigFromSecret works exactly like RgwConfig but takes config value from Secret Key reference. Values are modified at runtime without RGW restart. This feature is intended for advanced users. It allows breaking configurations to be easily applied. Use with caution.

securePort integer

The port the rgw service will be listening on (https)

format: int32

minimum: 0

maximum: 65535

service object

The configuration related to add/set on each rgw service.

annotations object

The annotations-related configuration to add/set on each rgw service. nullable optional

labels object

The labels-related configuration to add/set on each rgw service.

sslCertificateRef string

The name of the secret that stores the ssl certificate for secure rgw connections

healthCheck object

The RGW health probes

readinessProbe object

ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon

disabled boolean

Disabled determines whether probe is disable or not

probe object

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

exec object

Exec specifies a command to execute in the container.

command []string

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

failureThreshold integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

format: int32

grpc object

GRPC specifies a GRPC HealthCheckRequest.

port integer required

Port number of the gRPC service. Number must be in the range 1 to 65535.

format: int32

service string

Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.

httpGet object

HTTPGet specifies an HTTP GET request to perform.

host string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders []object

Custom headers to set in the request. HTTP allows repeated headers.

name string required

The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.

value string required

The header field value

path string

Path to access on the HTTP server.

port string | integer required

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme string

Scheme to use for connecting to the host. Defaults to HTTP.

initialDelaySeconds integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

format: int32

periodSeconds integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

format: int32

successThreshold integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

format: int32

tcpSocket object

TCPSocket specifies a connection to a TCP port.

host string

Optional: Host name to connect to, defaults to the pod IP.

port string | integer required

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

terminationGracePeriodSeconds integer

format: int64

timeoutSeconds integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

format: int32

startupProbe object

ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon

disabled boolean

Disabled determines whether probe is disable or not

probe object

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

exec object

Exec specifies a command to execute in the container.

command []string

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

failureThreshold integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

format: int32

grpc object

GRPC specifies a GRPC HealthCheckRequest.

port integer required

Port number of the gRPC service. Number must be in the range 1 to 65535.

format: int32

service string

Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.

httpGet object

HTTPGet specifies an HTTP GET request to perform.

host string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders []object

Custom headers to set in the request. HTTP allows repeated headers.

name string required

The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.

value string required

The header field value

path string

Path to access on the HTTP server.

port string | integer required

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme string

Scheme to use for connecting to the host. Defaults to HTTP.

initialDelaySeconds integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

format: int32

periodSeconds integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

format: int32

successThreshold integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

format: int32

tcpSocket object

TCPSocket specifies a connection to a TCP port.

host string

Optional: Host name to connect to, defaults to the pod IP.

port string | integer required

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

terminationGracePeriodSeconds integer

format: int64

timeoutSeconds integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

format: int32

hosting object

Hosting settings for the object store. A common use case for hosting configuration is to inform Rook of endpoints that support DNS wildcards, which in turn allows virtual host-style bucket addressing.

advertiseEndpoint object

AdvertiseEndpoint is the default endpoint Rook will return for resources dependent on this object store. This endpoint will be returned to CephObjectStoreUsers, Object Bucket Claims, and COSI Buckets/Accesses. By default, Rook returns the endpoint for the object store's Kubernetes service using HTTPS with `gateway.securePort` if it is defined (otherwise, HTTP with `gateway.port`).

dnsName string required

DnsName is the DNS name (in RFC-1123 format) of the endpoint. If the DNS name corresponds to an endpoint with DNS wildcard support, do not include the wildcard itself in the list of hostnames. E.g., use "mystore.example.com" instead of "*.mystore.example.com".

minLength: 1

port integer required

Port is the port on which S3 connections can be made for this endpoint.

format: int32

minimum: 1

maximum: 65535

useTls boolean required

UseTls defines whether the endpoint uses TLS (HTTPS) or not (HTTP).

dnsNames []string

A list of DNS host names on which object store gateways will accept client S3 connections. When specified, object store gateways will reject client S3 connections to hostnames that are not present in this list, so include all endpoints. The object store's advertiseEndpoint and Kubernetes service endpoint, plus CephObjectZone `customEndpoints` are automatically added to the list but may be set here again if desired. Each DNS name must be valid according RFC-1123. If the DNS name corresponds to an endpoint with DNS wildcard support, do not include the wildcard itself in the list of hostnames. E.g., use "mystore.example.com" instead of "*.mystore.example.com".

metadataPool object

The metadata pool settings

application string

The application name to set on the pool. Only expected to be set for rgw pools.

compressionMode string

DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force" The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force) Do NOT set a default value for kubebuilder as this will override the Parameters

enum: none, passive, aggressive, force,

crushRoot string

The root of the crush hierarchy utilized by the pool

deviceClass string

The device class the OSD should set to for use in the pool

enableCrushUpdates boolean

Allow rook operator to change the pool CRUSH tunables once the pool is created

enableRBDStats boolean

EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool

erasureCoded object

The erasure code settings

algorithm string

The algorithm for erasure coding. If absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.

enum: isa, jerasure

codingChunks integer required

Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type). This is the number of OSDs that can be lost simultaneously before data cannot be recovered.

minimum: 0

dataChunks integer required

Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type). The number of chunks required to recover an object when any single OSD is lost is the same as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.

minimum: 0

failureDomain string

The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map

mirroring object

The mirroring settings

enabled boolean

Enabled whether this pool is mirrored or not

mode string

Mode is the mirroring mode: pool, image or init-only.

enum: pool, image, init-only

peers object

Peers represents the peers spec

secretNames []string

SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers

snapshotSchedules []object

SnapshotSchedules is the scheduling of snapshot for mirrored images/pools

interval string

Interval represent the periodicity of the snapshot.

path string

Path is the path to snapshot, only valid for CephFS

startTime string

StartTime indicates when to start the snapshot

parameters object

Parameters is a list of properties to enable on a given pool

quotas object

The quota settings

maxBytes integer

MaxBytes represents the quota in bytes Deprecated in favor of MaxSize

format: int64

maxObjects integer

MaxObjects represents the quota in objects

format: int64

maxSize string

MaxSize represents the quota in bytes as a string

pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$

replicated object

The replication settings

hybridStorage object

HybridStorage represents hybrid storage tier settings

primaryDeviceClass string required

PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD

minLength: 1

secondaryDeviceClass string required

SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs

minLength: 1

replicasPerFailureDomain integer

ReplicasPerFailureDomain the number of replica in the specified failure domain

minimum: 1

requireSafeReplicaSize boolean

RequireSafeReplicaSize if false allows you to set replica 1

size integer required

Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)

minimum: 0

subFailureDomain string

SubFailureDomain the name of the sub-failure domain

targetSizeRatio number

TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity

minimum: 0

statusCheck object

The mirroring statusCheck

mirror object

HealthCheckSpec represents the health check of an object store bucket

disabled boolean

interval string

Interval is the internal in second or minute for the health check to run like 60s for 60 seconds

timeout string

protocols object

The protocol specification

enableAPIs []string

Represents RGW 'rgw_enable_apis' config option. See: https://docs.ceph.com/en/reef/radosgw/config-ref/#confval-rgw_enable_apis If no value provided then all APIs will be enabled: s3, s3website, swift, swift_auth, admin, sts, iam, notifications If enabled APIs are set, all remaining APIs will be disabled. This option overrides S3.Enabled value.

s3 object

The spec for S3

authUseKeystone boolean

Whether to use Keystone for authentication. This option maps directly to the rgw_s3_auth_use_keystone option. Enabling it allows generating S3 credentials via an OpenStack API call, see the docs. If not given, the defaults of the corresponding RGW option apply.

enabled boolean

Deprecated: use protocol.enableAPIs instead. Whether to enable S3. This defaults to true (even if protocols.s3 is not present in the CRD). This maintains backwards compatibility – by default S3 is enabled.

swift object

The spec for Swift

accountInUrl boolean

Whether or not the Swift account name should be included in the Swift API URL. If set to false (the default), then the Swift API will listen on a URL formed like http://host:port/<rgw_swift_url_prefix>/v1. If set to true, the Swift API URL will be http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>. You must set this option to true (and update the Keystone service catalog) if you want radosgw to support publicly-readable containers and temporary URLs.

urlPrefix string

The URL prefix for the Swift API, to distinguish it from the S3 API endpoint. The default is swift, which makes the Swift API available at the URL http://host:port/swift/v1 (or http://host:port/swift/v1/AUTH_%(tenant_id)s if rgw swift account in url is enabled).

versioningEnabled boolean

Enables the Object Versioning of OpenStack Object Storage API. This allows clients to put the X-Versions-Location attribute on containers that should be versioned.

security object

Security represents security settings

keyRotation object

KeyRotation defines options for Key Rotation.

enabled boolean

Enabled represents whether the key rotation is enabled.

schedule string

Schedule represents the cron schedule for key rotation.

kms object

KeyManagementService is the main Key Management option

connectionDetails object

ConnectionDetails contains the KMS connection details (address, port etc)

tokenSecretName string

TokenSecretName is the kubernetes secret containing the KMS token

s3 object

The settings for supporting AWS-SSE:S3 with RGW

connectionDetails object

ConnectionDetails contains the KMS connection details (address, port etc)

tokenSecretName string

TokenSecretName is the kubernetes secret containing the KMS token

sharedPools object

The pool information when configuring RADOS namespaces in existing pools.

dataPoolName string

The data pool used for creating RADOS namespaces in the object store

metadataPoolName string

The metadata pool used for creating RADOS namespaces in the object store

poolPlacements []object

PoolPlacements control which Pools are associated with a particular RGW bucket. Once PoolPlacements are defined, RGW client will be able to associate pool with ObjectStore bucket by providing "<LocationConstraint>" during s3 bucket creation or "X-Storage-Policy" header during swift container creation. See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targets PoolPlacement with name: "default" will be used as a default pool if no option is provided during bucket creation. If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools. If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults.

dataNonECPoolName string

The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads). If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName. WARNING: Do not change this field after creation. Pool names are used in RADOS namespaces and renaming leads to data loss.

dataPoolName string required

The data pool used to store ObjectStore objects data. WARNING: Do not change this field after creation. Pool names are used in RADOS namespaces and renaming leads to data loss.

minLength: 1

default boolean

Sets given placement as default. Only one placement in the list can be marked as default. Default is false.

metadataPoolName string required

The metadata pool used to store ObjectStore bucket index. WARNING: Do not change this field after creation. Pool names are used in RADOS namespaces and renaming leads to data loss.

minLength: 1

name string required

Pool placement name. Name can be arbitrary. Placement with name "default" will be used as default.

pattern: ^[a-zA-Z0-9._/-]+$

minLength: 1

storageClasses []object

StorageClasses can be selected by user to override dataPoolName during object creation. Each placement has default STANDARD StorageClass pointing to dataPoolName. This list allows defining additional StorageClasses on top of default STANDARD storage class.

maxItems: 10

dataPoolName string required

DataPoolName is the data pool used to store ObjectStore objects data. WARNING: Do not change this field after creation. Pool names are used in RADOS namespaces and renaming leads to data loss.

minLength: 1

name string required

pattern: ^[a-zA-Z0-9._/-]+$

minLength: 1

preserveRadosNamespaceDataOnDelete boolean

Whether the RADOS namespaces should be preserved on deletion of the object store

zone object

The multisite info

name string required

CephObjectStoreZone name this CephObjectStore is part of