Merge pull request #962 from lsst-it/IT-6059_osuser_osclaim_loki_kueyen

gseriche · web-flow · commit 2296eeb88cef · 2025-07-01T12:48:56.000-04:00
(kueyen) normalize objectstoreuser, objectstoreclaim for loki
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/cephobjectstore-o11y.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/cephobjectstore-o11y.yaml
@@ -57,3 +57,13 @@ spec:
             name: rook-ceph-rgw-o11y
             port:
               number: 80
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: o11y
+provisioner: rook-ceph.ceph.rook.io/bucket
+parameters:
+  objectStoreName: o11y
+  objectStoreNamespace: rook-ceph
+reclaimPolicy: Retain
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/cephobjectstoreuser-s3-loki.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/cephobjectstoreuser-s3-loki.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStoreUser
+metadata:
+  name: s3-loki
+  namespace: rook-ceph
+spec:
+  store: o11y
+  clusterNamespace: rook-ceph
+  quotas:
+    maxBuckets: 3
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-logs-admin.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-logs-admin.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: logs-admin
+  namespace: rook-ceph
+spec:
+  bucketName: logs-admin
+  storageClassName: o11y
+  additionalConfig:
+    bucketOwner: s3-loki
+    bucketMaxSize: 5Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Sid": "AllowReadAccess",
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/s3-loki"
+                  },
+                  "Action": [
+                      "s3:ListBucket",
+                      "s3:GetObject",
+                      "s3:GetObjectVersion"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::logs-admin",
+                      "arn:aws:s3:::logs-admin/*"
+                  ]
+              }
+          ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-logs-chunks.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-logs-chunks.yaml
@@ -0,0 +1,46 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: logs-chunks
+  namespace: rook-ceph
+spec:
+  bucketName: logs-chunks
+  storageClassName: o11y
+  additionalConfig:
+    bucketOwner: s3-loki
+    bucketMaxSize: 5Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Sid": "AllowReadAccess",
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/s3-loki"
+                  },
+                  "Action": [
+                      "s3:ListBucket",
+                      "s3:GetObject",
+                      "s3:GetObjectVersion"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::logs-chunks",
+                      "arn:aws:s3:::logs-chunks/*"
+                  ]
+              }
+          ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-logs-ruler.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-logs-ruler.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: logs-ruler
+  namespace: rook-ceph
+spec:
+  bucketName: logs-ruler
+  storageClassName: o11y
+  additionalConfig:
+    bucketOwner: s3-loki
+    bucketMaxSize: 5Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Sid": "AllowReadAccess",
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/s3-loki"
+                  },
+                  "Action": [
+                      "s3:ListBucket",
+                      "s3:GetObject",
+                      "s3:GetObjectVersion"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::logs-ruler",
+                      "arn:aws:s3:::logs-ruler/*"
+                  ]
+              }
+          ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-loki.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/obc-loki.yaml
diff --git a/fleet/lib/rook-ceph-conf/charts/kueyen/templates/objectstoreuser-loki.yaml b/fleet/lib/rook-ceph-conf/charts/kueyen/templates/objectstoreuser-loki.yaml
