Replies: 2 comments 2 replies
-
|
@khrpcek you will create the secrets(that contains the cephx user and the key) and specify the secrets in the storageclass. csi driver will read it from the storageclass when creating the pvc or mounting the PVC to app pod. ceph-csi-operator doesnt deal with secrets or the storageclass thats why you dont see any document for the same. |
Beta Was this translation helpful? Give feedback.
-
|
Hey! @khrpcek The ceph-csi-operator handles the CephX credentials a bit differently compared to the older standalone ceph-csi-rbd/cephfs deployments. The keyring itself is usually not embedded directly in the Typically the flow is:
The operator then mounts/injects those secrets into the generated CSI provisioner/nodeplugin deployments automatically. If you look in the examples, the missing piece is often that the secret needs to exist beforehand with something like: apiVersion: v1
kind: Secret
metadata:
name: ceph-client-secret
type: Opaque
stringData:
userID: csi-rbd-provisioner
userKey: <cephx-secret>Then the The docs are still a bit sparse around this because the operator abstracts a lot of the old Helm values/config away. Looking at the controller code under the reconciler logic is usually clearer than the CRD docs right now. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey, i'm trying to replace my ceph-csi-rbd/cephfs deployments with the newer ceph-csi-operator. I've been going through the docs and source but I don't see how the cephx keyring is supplied for a CephConnection, Driver, or ClientProfle object. Does anyone know what I'm missing here?
Beta Was this translation helpful? Give feedback.
All reactions