Ceph

Rook Ceph v1.9
Rook Ceph v1.9 Rook Ceph v1.8 Rook Ceph v1.7 Rook Ceph v1.6 Rook Ceph v1.5 Rook Ceph v1.4 Rook Ceph v1.3 Rook Ceph v1.2 Rook Ceph v1.1 Rook Ceph v1.0 Rook Ceph v0.9 Rook Ceph v0.8 Rook Ceph v0.7 Rook Ceph v0.6 Rook Ceph v0.5 Rook Ceph latest
    Edit on GitHub

    Authenticated docker registries

    If you want to use an image from authenticated docker registry (e.g. for image cache/mirror), you’ll need to add an imagePullSecret to all relevant service accounts. This way all pods created by the operator (for service account: rook-ceph-system) or all new pods in the namespace (for service account: default) will have the imagePullSecret added to their spec.

    The whole process is described in the official kubernetes documentation.

    Example setup for a ceph cluster

    To get you started, here’s a quick rundown for the ceph example from the quickstart guide.

    First, we’ll create the secret for our registry as described here:

    # for namespace rook-ceph
$ kubectl -n rook-ceph create secret docker-registry my-registry-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

# and for namespace rook-ceph (cluster)
$ kubectl -n rook-ceph create secret docker-registry my-registry-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

    Next we’ll add the following snippet to all relevant service accounts as described here:

    imagePullSecrets:
- name: my-registry-secret

    The service accounts are:

    • rook-ceph-system (namespace: rook-ceph): Will affect all pods created by the rook operator in the rook-ceph namespace.
    • default (namespace: rook-ceph): Will affect most pods in the rook-ceph namespace.
    • rook-ceph-mgr (namespace: rook-ceph): Will affect the MGR pods in the rook-ceph namespace.
    • rook-ceph-osd (namespace: rook-ceph): Will affect the OSD pods in the rook-ceph namespace.
    • rook-ceph-rgw (namespace: rook-ceph): Will affect the RGW pods in the rook-ceph namespace.

    You can do it either via e.g. kubectl -n <namespace> edit serviceaccount default or by modifying the operator.yaml and cluster.yaml before deploying them.

    Since it’s the same procedure for all service accounts, here is just one example:

    kubectl -n rook-ceph edit serviceaccount default

    apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: rook-ceph
secrets:
- name: default-token-12345
imagePullSecrets:                # here are the new
- name: my-registry-secret       # parts

    After doing this for all service accounts all pods should be able to pull the image from your registry.