Merge pull request #936 from lsst-it/IT-6193/konkong-obc

(konkong) manage all existing s3 buckets with obc

Author: jhoblitt

fleet/lib/rook-ceph-conf/charts/elqui/templates/obc-rubinobs-raw-comcam.yaml

@@ -62,7 +62,7 @@ spec:
             }
           },
           {
-            "ID": "ExpireAfter30Days",
+            "ID": "ExpireAfter90Days",
             "Status": "Enabled",
             "Prefix": "",
             "Expiration": {

fleet/lib/rook-ceph-conf/charts/elqui/templates/obc-rubinobs-raw-latiss.yaml

@@ -62,7 +62,7 @@ spec:
             }
           },
           {
-            "ID": "ExpireAfter30Days",
+            "ID": "ExpireAfter90Days",
             "Status": "Enabled",
             "Prefix": "",
             "Expiration": {

fleet/lib/rook-ceph-conf/charts/elqui/templates/obc-rubinobs-raw-lsstcam.yaml

@@ -62,7 +62,7 @@ spec:
             }
           },
           {
-            "ID": "ExpireAfter30Days",
+            "ID": "ExpireAfter90Days",
             "Status": "Enabled",
             "Prefix": "",
             "Expiration": {

fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstore-lfa.yaml

@@ -268,3 +268,13 @@ spec:
     pg_num: "256"
   replicated:
     size: 3
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: lfa
+provisioner: rook-ceph.ceph.rook.io/bucket
+parameters:
+  objectStoreName: lfa
+  objectStoreNamespace: rook-ceph
+reclaimPolicy: Retain

fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-butler-latiss.yaml

@@ -0,0 +1,65 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: &name rubinobs-butler-latiss
+  namespace: rook-ceph
+spec:
+  bucketName: *name
+  storageClassName: lfa
+  additionalConfig:
+    bucketOwner: latiss
+    bucketMaxSize: 1Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/butler"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:PutObject",
+                      "s3:DeleteObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-butler-latiss",
+                      "arn:aws:s3:::rubinobs-butler-latiss/*"
+                  ]
+              },
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/oods-latiss"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:PutObject",
+                      "s3:DeleteObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-butler-latiss",
+                      "arn:aws:s3:::rubinobs-butler-latiss/*"
+                  ]
+              }
+          ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }

fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-butler-lsstcam.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: &name rubinobs-butler-lsstcam
+  namespace: rook-ceph
+spec:
+  bucketName: *name
+  storageClassName: lfa
+  additionalConfig:
+    bucketOwner: lsstcam
+    bucketMaxSize: 34Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/butler"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:PutObject",
+                      "s3:DeleteObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-butler-lsstcam",
+                      "arn:aws:s3:::rubinobs-butler-lsstcam/*"
+                  ]
+              },
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/oods-lsstcam"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:PutObject",
+                      "s3:DeleteObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-butler-lsstcam",
+                      "arn:aws:s3:::rubinobs-butler-lsstcam/*"
+                  ]
+              }
+          ]
+      }
+
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }

fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-calibrations.yaml

@@ -0,0 +1,61 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: &name rubinobs-calibrations
+  namespace: rook-ceph
+spec:
+  bucketName: *name
+  storageClassName: lfa
+  additionalConfig:
+    bucketOwner: calib
+    bucketMaxSize: 4Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/butler"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-calibrations",
+                      "arn:aws:s3:::rubinobs-calibrations/*"
+                  ]
+              },
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/oods-latiss"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-calibrations",
+                      "arn:aws:s3:::rubinobs-calibrations/*"
+                  ]
+              }
+          ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }

fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-lfa-ls.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: &name rubinobs-lfa-ls
+  namespace: rook-ceph
+spec:
+  bucketName: *name
+  storageClassName: lfa
+  additionalConfig:
+    bucketOwner: saluser
+    bucketMaxSize: 1Ti
+    bucketPolicy: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Sid": "PublicRead",
+                  "Effect": "Allow",
+                  "Principal": "*",
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:GetObjectVersion"
+                  ],
+                  "Resource": ["arn:aws:s3:::*"]
+              }
+          ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          },
+          {
+            "ID": "ExpireAfter30Days",
+            "Status": "Enabled",
+            "Prefix": "",
+            "Expiration": {
+              "Days": 30
+            }
+          }
+        ]
+      }

fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-raw-latiss.yaml

@@ -0,0 +1,83 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: &name rubinobs-raw-latiss
+  namespace: rook-ceph
+  labels:
+    bucket-notification-lsst.s3.raw.latiss: lsst.s3.raw.latiss
+spec:
+  bucketName: *name
+  storageClassName: lfa
+  additionalConfig:
+    bucketOwner: latiss
+    bucketMaxSize: 1Ti
+    bucketPolicy: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Principal": {
+              "AWS": "arn:aws:iam:::user/butler"
+            },
+            "Action": [
+              "s3:GetObject",
+              "s3:ListBucket",
+              "s3:GetBucketLocation"
+            ],
+            "Resource": [
+              "arn:aws:s3:::rubinobs-raw-latiss",
+              "arn:aws:s3:::rubinobs-raw-latiss/*"
+            ]
+          },
+          {
+            "Effect": "Allow",
+            "Principal": {
+              "AWS": "arn:aws:iam:::user/oods-latiss"
+            },
+            "Action": [
+              "s3:GetObject",
+              "s3:ListBucket",
+              "s3:DeleteObject",
+              "s3:GetBucketLocation",
+              "s3:PutObject"
+            ],
+            "Resource": [
+              "arn:aws:s3:::rubinobs-raw-latiss",
+              "arn:aws:s3:::rubinobs-raw-latiss/*"
+            ]
+          }
+        ]
+      }
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          },
+          {
+            "ID": "ExpireAfter90Days",
+            "Status": "Enabled",
+            "Prefix": "",
+            "Expiration": {
+              "Days": 90
+            }
+          }
+        ]
+      }
+---
+apiVersion: ceph.rook.io/v1
+kind: CephBucketNotification
+metadata:
+  name: lsst.s3.raw.latiss
+  namespace: rook-ceph
+spec:
+  topic: lsst.s3.raw.latiss
+  events:
+    - s3:ObjectCreated:*