Hi!
On
http://docs.ceph.com/docs/master/rados/operations/user-management/#namespace
I read about auth namespaces. According to the most recent
documentation it is still not supported by any of the client libraries,
especially rbd.
I have a client asking to get access to rbd volumes for Kubernetes
(http://kubernetes.io/v1.1/docs/user-guide/volumes.html#rbd). Due to
the dynamic nature of the environment, I would like to grant them
access to a dedicated pool where they could create volumes on their
own. Different ceph secrets should be used for different volumes, so
that they can hand out different secrets to different tenants in their
environment to only give them access to their respective volumes.
Is there any way to do that yet? Are there plans on extending the
namespace support beyond the current state?
Of course, I would be open to suggestions on how to do it differently,
too, in case I am overlooking something obvious.
Main requirements are
a) client admin can create new rbd volumes in a dedicated pool,
b) client admin can limit access to a volume to a specific user/secret.
Thanks!
Daniel
--
Daniel Schneller
Principal Cloud Engineer
CenterDevice GmbH
https://www.centerdevice.de_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
