Merge pull request openstack-k8s-operators#651 from fmount/s3

Add s3 backend samples and documentation

config/samples/backends/README.md

@@ -23,6 +23,7 @@ Currently available samples are:
 - CEPH + Sparse Image Upload
 - Cinder backends
 - Swift
+- s3
 
 The following Cinder backend examples are available:
 
@@ -329,6 +330,131 @@ $ ls /var/nfs/
 634482ca-4002-4a6d-b1d5-64502ad02630
 ```
 
+## S3
+
+For S3 configuration, Glance requires the following information:
+
+* S3 Access Key
+* S3 Secret Key
+* S3 Endpoint
+
+To ensure secure handling of sensitive data, this information is stored in a
+Kubernetes secret.
+
+1. Create `s3glance.conf` with the following content:
+
+```
+[default_backend]
+s3_store_host = _s3_endpoint_
+s3_store_access_key = _s3_access_key_
+s3_store_secret_key = _s3_secret_key_
+s3_store_bucket = _s3_bucket_
+```
+
+- Replace `_s3_endpoint_` with the host where the S3 server is listening. This
+  option can contain a DNS name (e.g. s3.amazonaws.com, my-object-storage.com)
+  or an IP address.
+- Replace `_s3_access_key_` and `_s3_secret_key_` with the data generated by
+  the entity that exposes s3
+- Replace `_s3_bucket_` with the bucket name where the glance images will be
+  stored in the S3. If `s3_store_create_bucket_on_put` is set to `true`, it
+  will be created automatically even if the bucket does not exist.
+
+
+2. Generate a secret:
+
+```
+$ oc create secret generic glances3  --from-file s3glance.conf
+```
+
+**Note**:
+If s3 is provided by `Ceph` through `RGW`, secret and access keys
+can be generated with the following command:
+
+  ```
+  $ radosgw-admin user create --uid="testuser" --display-name="Jane Doe"
+  ```
+  ```
+  {
+    "user_id": "testuser",
+    "display_name": "Jane Doe",
+    "email": "",
+    "suspended": 0,
+    "max_buckets": 1000,
+    "auid": 0,
+    "subusers": [],
+    "keys": [
+        {
+            "user": "testuser",
+            "access_key": <redacted>,
+            "secret_key": <redacted>,
+        }
+    ],
+    "swift_keys": [],
+    "caps": [],
+    "op_mask": "read, write, delete",
+    "default_placement": "",
+    "placement_tags": [],
+    "bucket_quota": {
+        "enabled": false,
+        "check_on_raw": false,
+        "max_size": -1,
+        "max_size_kb": 0,
+        "max_objects": -1
+    },
+    "user_quota": {
+        "enabled": false,
+        "check_on_raw": false,
+        "max_size": -1,
+        "max_size_kb": 0,
+        "max_objects": -1
+    },
+    "temp_url_keys": [],
+    "type": "rgw"
+  }
+  ```
+
+3. Edit the `OpenStackControlPlane` and add the s3 snippet in the `Glance` config
+   section:
+
+```
+spec:
+  glance:
+    template:
+      customServiceConfig: |
+        [DEFAULT]
+        debug=true
+        enabled_backends = default_backend:s3
+        [glance_store]
+        default_backend = default_backend
+        [default_backend]
+        s3_store_create_bucket_on_put = True
+        s3_store_bucket_url_format = "path"
+      glanceAPIs:
+        default:
+          customServiceConfigSecrets:
+          - glances3
+  ...
+  ...
+```
+
+If you are using `install_yamls` and you already have `crc` running you
+can use the "s3" example and apply it to the control plane with the following
+commands:
+
+```
+$ cd install_yamls
+$ make crc_storage openstack
+$ oc kustomize ../glance-operator/config/samples/backends/s3 > ~/openstack-deployment.yaml
+$ export OPENSTACK_CR=`realpath ~/openstack-deployment.yaml`
+$ make openstack_deploy
+```
+
+If you have an working deployment you can use `oc kustomize s3 | oc
+apply -f -`. from the current directory to apply the s3 backend.
+
+More information around s3 configuration can be found in the [upstream](https://docs.openstack.org/glance/latest/configuration/configuring.html#configuring-the-s3-storage-backend)
+documentation.
 
 ## Multistore
 

config/samples/backends/s3/kustomization.yaml

@@ -0,0 +1,7 @@
+resources:
+- ../base/openstack
+- s3-secret.yaml
+patches:
+- path: s3.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization

config/samples/backends/s3/s3-secret.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3glance
+stringData:
+  s3secret.conf : |
+    [default_backend]
+    s3_store_host = _s3_endpoint_
+    s3_store_access_key = _s3_access_key
+    s3_store_secret_key = _s3_secret_key
+    s3_store_bucket = _s3_bucket

config/samples/backends/s3/s3.yaml

@@ -0,0 +1,23 @@
+# Sample using s3 as a glance backend
+apiVersion: core.openstack.org/v1beta1
+kind: OpenStackControlPlane
+metadata:
+  name: openstack
+spec:
+  glance:
+    template:
+      customServiceConfig: |
+        [DEFAULT]
+        debug=true
+        enabled_backends = default_backend:s3
+        [glance_store]
+        default_backend = default_backend
+        [default_backend]
+        s3_store_create_bucket_on_put = True
+        s3_store_bucket_url_format = "path"
+      databaseInstance: openstack
+      glanceAPIs:
+        default:
+          customServiceConfigSecrets:
+            - s3glance
+          replicas: 1