Hi,
On 1/20/22 9:26 AM, Michal Strnad wrote:
Hi,
We are using CephFS in our Kubernetes clusters and now we are trying
to optimize permissions/caps in keyrings. Every guide which we found
contains something like - Create the file system by specifying the
desired settings for the metadata pool, data pool and admin keyring
with access to the entire file system ... Is there better way where we
don't need admin key, but restricted key only? What are you using in
your environments?
The 'ceph fs authorize' cli function can generate keys suitable for your
use case. You can restrict the access scope to sub directories etc.
See https://docs.ceph.com/en/pacific/cephfs/client-auth/ ; (or the pages
for your current release).
We use the CSI cephfs plugin in our main k8s cluster, and it is working
fine with those keys.
Regards,
Burkhard Linke
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
