kube/mirko: add kube.CephObjectStoreUser

Change-Id: I2a67076eeaf41ada41f5ae3ee588025e4c16b9e1
2020-02-18 22:54:18 +01:00 · 2020-02-18 22:54:18 +01:00 · 114edc2398
parent c5a77b8f81
commit 114edc2398
3 changed files with 14 additions and 13 deletions
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@ -475,18 +475,7 @@ local Cluster(short, realm) = {
        },

        # Used for owncloud.hackerspace.pl, which for now lices on boston-packets.hackerspace.pl.
-        nextcloudWaw2: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "nextcloud") {
-            metadata+: {
-                namespace: "ceph-waw2",
-            },
-            spec: {
-                store: "waw-hdd-redundant-2-object",
-                displayName: "nextcloud",
-            },
-        },
-
-        # Used for owncloud.hackerspace.pl, which for now lices on boston-packets.hackerspace.pl.
-        nextcloudWaw3: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "nextcloud") {
+        nextcloudWaw3: kube.CephObjectStoreUser("nextcloud") {
            metadata+: {
                namespace: "ceph-waw3",
            },
--- a/cluster/kube/lib/registry.libsonnet
+++ b/cluster/kube/lib/registry.libsonnet
@ -312,7 +312,7 @@ local kube = import "../../../kube/kube.libsonnet";
            },
        },

-        registryStorageUser: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "registry") {
+        registryStorageUser: kue.CephObjectStoreUser("registry") {
            metadata+: {
                namespace: "ceph-waw2",
            },
--- a/kube/kube.libsonnet
+++ b/kube/kube.libsonnet
@ -12,4 +12,16 @@ kube {
    Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
        spec: error "spec must be defined",
    },
+
+    CephObjectStoreUser(name): kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", name) {
+        local user = self,
+        spec: error "spec must be defined",
+
+        // Name of the secret that contains the login data for this user.
+        // This secret is created in the same namespace as the ceph cluster, so
+        // unfortunately you can't really refer to it directly.
+        // We should write some automation to copy these secrets over in a
+        // secure way.
+        secret_name:: "rook-ceph-object-user-%s-%s" % [user.spec.store, user.spec.displayName],
+    },
 }