Hello.
You can use pv without worrying about secrets if you create a keyring file
on each node at /etc/ceph/ceph.client.openshift.keyring and point the pv
object to it:
apiVersion: v1
kind: PersistentVolume
metadata:
name: mypv
labels:
size: 1024
spec:
capacity:
storage: 1024
accessModes:
- "ReadWriteOnce"
rbd:
monitors:
- "osm-0:6789"
- "osm-1:6789"
- "osm-2:6789"
pool: rbd
image: mypv
user: openshift
keyring: /etc/ceph/ceph.client.openshift.keyring
fsType: ext4
readOnly: false
persistentVolumeReclaimPolicy: "Retain"
For more information to create a ceph user:
http://docs.ceph.com/docs/giant/rados/operations/user-management/#managing-users
---
Diego Castro / The CloudFather
GetupCloud.com - Eliminamos a Gravidade
2017-01-09 17:42 GMT-03:00 Philippe Lafoucrière <
[email protected]>:
>
> On Mon, Jan 9, 2017 at 3:42 AM, James Eckersall <[email protected]>
> wrote:
>
>> Our use case would be utilisation of openshift clusters with untrusted
>> clients in distinct projects, so we’re trying to ensure they can’t access
>> each/others storage.
>
>
> We are in the same situation, and we generally let our clients access
> their projects without permissions for secrets :)
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
