Need clarity on user and admin secrets created or needed

[blsaws]

in sds/ceph-docker/examples/helm/README.md "Namespace Activation", it is unclear by the statement "To use Ceph Volumes in a namespace a secret containing the Client Key needs to be present." whether the secret should be created (by the user of this guide) before the following command "./activate-namespace.sh default" or is created by it. In the log I see that a secrete "pvc-ceph-client-key" is created in that step but it's unclear whether this is the client secret intended to be used by clients (if so, clarify that in the readme).

Also it is unclear whether there is a ceph admin secret created as part of this process or whether the user needs to create it, and at what point. The ceph admin secret also needs to be referenced by the user in any storageClass creation actions, so it needs to be clear if/when this is created or whether the user needs to do this as well.

[knowpd]

It is assumed that the user of this guide is ceph admin. When you want to attach to a pod a volume by the PVC with Dynamic Provisioning approach, you use PVC, which creates an RBD image at the Ceph cluster. It means that PVC should be capable of creating images in the pool via StorageClass.

The secret of pvc-ceph-client-key contains ceph's admin key, which is encoded.

For details, refer to https://github.com/att/netarbiter/blob/master/sds/ceph-docker/examples/helm/PERSISTENTVOLUME.md .

Hee Won [email protected]