[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ceph-users
Subject:    [ceph-users] Namespaces and authentication
From:       daniel.schneller () centerdevice ! com (Daniel Schneller)
Date:       2015-11-30 19:56:27
Message-ID: n3i9la$r3m$1 () ger ! gmane ! org
[Download RAW message or body]

Hi!

On 
http://docs.ceph.com/docs/master/rados/operations/user-management/#namespace
I read about auth namespaces. According to the most recent 
documentation it is still not supported by any of the client libraries, 
especially rbd.

I have a client asking to get access to rbd volumes for Kubernetes 
(http://kubernetes.io/v1.1/docs/user-guide/volumes.html#rbd). Due to 
the dynamic nature of the environment, I would like to grant them 
access to a dedicated pool where they could create volumes on their 
own. Different ceph secrets should be used for different volumes, so 
that they can hand out different secrets to different tenants in their 
environment to only give them access to their respective volumes.

Is there any way to do that yet? Are there plans on extending the 
namespace support beyond the current state?

Of course, I would be open to suggestions on how to do it differently, 
too, in case I am overlooking something obvious.

Main requirements are
 a) client admin can create new rbd volumes in a dedicated pool, 
 b) client admin can limit access to a volume to a specific user/secret.

Thanks!
Daniel
	

-- 
Daniel Schneller
Principal Cloud Engineer
 
CenterDevice GmbH
https://www.centerdevice.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20151130/58c8ff78/attachment.htm>

[prev in list] [next in list] [prev in thread] [next in thread]