commit 114edc239892716a5465f6d02c440adf7c1e53ea
author Sergiusz Bazanski <q3k@hackerspace.pl> Tue Feb 18 22:54:18 2020 +0100
committer Sergiusz Bazanski <q3k@hackerspace.pl> Tue Feb 18 22:55:13 2020 +0100
tree 18b4fcfbb9c08ddc3901369f8c79734e39e6d3cc
parent c5a77b8f81e38210f39799435622944108bdc7e4

kube/mirko: add kube.CephObjectStoreUser

Change-Id: I2a67076eeaf41ada41f5ae3ee588025e4c16b9e1

cluster/kube/cluster.jsonnet

diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index c07e5b9..3952f66 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -475,18 +475,7 @@
         },
 
         # Used for owncloud.hackerspace.pl, which for now lices on boston-packets.hackerspace.pl.
-        nextcloudWaw2: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "nextcloud") {
-            metadata+: {
-                namespace: "ceph-waw2",
-            },
-            spec: {
-                store: "waw-hdd-redundant-2-object",
-                displayName: "nextcloud",
-            },
-        },
-
-        # Used for owncloud.hackerspace.pl, which for now lices on boston-packets.hackerspace.pl.
-        nextcloudWaw3: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "nextcloud") {
+        nextcloudWaw3: kube.CephObjectStoreUser("nextcloud") {
             metadata+: {
                 namespace: "ceph-waw3",
             },

cluster/kube/lib/registry.libsonnet

diff --git a/cluster/kube/lib/registry.libsonnet b/cluster/kube/lib/registry.libsonnet
index d457830..e65f569 100644
--- a/cluster/kube/lib/registry.libsonnet
+++ b/cluster/kube/lib/registry.libsonnet
@@ -312,7 +312,7 @@
             },
         },
 
-        registryStorageUser: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "registry") {
+        registryStorageUser: kue.CephObjectStoreUser("registry") {
             metadata+: {
                 namespace: "ceph-waw2",
             },

kube/kube.libsonnet

diff --git a/kube/kube.libsonnet b/kube/kube.libsonnet
index c12e3db..202b41b 100644
--- a/kube/kube.libsonnet
+++ b/kube/kube.libsonnet
@@ -12,4 +12,16 @@
     Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
         spec: error "spec must be defined",
     },
+
+    CephObjectStoreUser(name): kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", name) {
+        local user = self,
+        spec: error "spec must be defined",
+
+        // Name of the secret that contains the login data for this user.
+        // This secret is created in the same namespace as the ceph cluster, so
+        // unfortunately you can't really refer to it directly.
+        // We should write some automation to copy these secrets over in a
+        // secure way.
+        secret_name:: "rook-ceph-object-user-%s-%s" % [user.spec.store, user.spec.displayName],
+    },
 }