Rook · Schema
Rook CephObjectStore
Schema for the Rook CephObjectStore and CephObjectStoreUser Custom Resource Definitions, which provision Ceph RADOS Gateway (RGW) object storage endpoints on Kubernetes. CephObjectStore defines S3-compatible and Swift-compatible gateway configuration, pool settings, and zone membership. CephObjectStoreUser defines user credentials and capabilities for accessing the object store.
Block StorageCNCFCephCloud NativeFile StorageGraduatedKubernetesObject StorageOrchestrationStorage
Properties
| Name | Type | Description |
|---|---|---|
| apiVersion | string | Kubernetes API version for the CephObjectStore resource |
| kind | string | Kubernetes resource kind, either CephObjectStore or CephObjectStoreUser |
| metadata | object | |
| spec | object | |
| status | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://rook.io/schemas/rook/ceph-object-store.json",
"title": "Rook CephObjectStore",
"description": "Schema for the Rook CephObjectStore and CephObjectStoreUser Custom Resource Definitions, which provision Ceph RADOS Gateway (RGW) object storage endpoints on Kubernetes. CephObjectStore defines S3-compatible and Swift-compatible gateway configuration, pool settings, and zone membership. CephObjectStoreUser defines user credentials and capabilities for accessing the object store.",
"type": "object",
"required": ["apiVersion", "kind", "metadata", "spec"],
"properties": {
"apiVersion": {
"type": "string",
"description": "Kubernetes API version for the CephObjectStore resource",
"const": "ceph.rook.io/v1"
},
"kind": {
"type": "string",
"description": "Kubernetes resource kind, either CephObjectStore or CephObjectStoreUser",
"enum": ["CephObjectStore", "CephObjectStoreUser"]
},
"metadata": {
"$ref": "#/$defs/ObjectMeta"
},
"spec": {
"oneOf": [
{ "$ref": "#/$defs/CephObjectStoreSpec" },
{ "$ref": "#/$defs/CephObjectStoreUserSpec" }
]
},
"status": {
"$ref": "#/$defs/CephObjectStoreStatus"
}
},
"$defs": {
"ObjectMeta": {
"type": "object",
"description": "Kubernetes object metadata",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"description": "Name of the CephObjectStore or CephObjectStoreUser resource",
"minLength": 1,
"maxLength": 253
},
"namespace": {
"type": "string",
"description": "Kubernetes namespace where the resource is deployed",
"minLength": 1,
"maxLength": 63
},
"labels": {
"type": "object",
"description": "Key-value labels for Kubernetes resource organization",
"additionalProperties": {
"type": "string"
}
},
"annotations": {
"type": "object",
"description": "Key-value annotations for storing non-identifying metadata",
"additionalProperties": {
"type": "string"
}
}
}
},
"CephObjectStoreSpec": {
"type": "object",
"description": "Specification for a CephObjectStore defining RGW gateway, metadata pool, data pool, and zone settings",
"properties": {
"metadataPool": {
"$ref": "#/$defs/PoolSpec",
"description": "Configuration for the Ceph pool storing object metadata, bucket listings, and user data"
},
"dataPool": {
"$ref": "#/$defs/PoolSpec",
"description": "Configuration for the Ceph pool storing actual object data"
},
"gateway": {
"$ref": "#/$defs/GatewaySpec",
"description": "Configuration for the Ceph RADOS Gateway (RGW) daemon providing the S3/Swift API"
},
"zone": {
"type": "object",
"description": "Ceph multi-site zone configuration for replication across geographic regions",
"properties": {
"name": {
"type": "string",
"description": "Name of the CephObjectZone CRD resource this store belongs to"
}
}
},
"preservePoolsOnDelete": {
"type": "boolean",
"description": "If true, Ceph pools are preserved when the CephObjectStore CRD is deleted. If false, pools and all data are deleted.",
"default": false
},
"healthCheck": {
"type": "object",
"description": "Configuration for the periodic health check of the object store gateway",
"properties": {
"bucket": {
"type": "object",
"description": "Health check settings using a dedicated bucket probe",
"properties": {
"disabled": {
"type": "boolean",
"description": "Whether the bucket health check is disabled"
},
"interval": {
"type": "string",
"description": "Interval for health check requests (e.g. 60s)"
}
}
}
}
},
"security": {
"type": "object",
"description": "KMS and SSE configuration for server-side encryption of stored objects",
"properties": {
"kms": {
"type": "object",
"description": "Key Management Service configuration for server-side encryption",
"properties": {
"connectionDetails": {
"type": "object",
"description": "KMS backend connection parameters",
"additionalProperties": {
"type": "string"
}
},
"tokenSecretName": {
"type": "string",
"description": "Name of the Kubernetes Secret containing the KMS authentication token"
}
}
},
"s3": {
"type": "object",
"description": "S3-style SSE configuration",
"properties": {
"connectionDetails": {
"type": "object",
"description": "S3 SSE connection parameters",
"additionalProperties": {
"type": "string"
}
},
"tokenSecretName": {
"type": "string",
"description": "Kubernetes Secret name for S3 SSE credentials"
}
}
}
}
}
}
},
"GatewaySpec": {
"type": "object",
"description": "Configuration for the Ceph RADOS Gateway (RGW) daemon providing S3 and Swift object storage endpoints",
"properties": {
"type": {
"type": "string",
"description": "Gateway type, currently only s3 is supported",
"enum": ["s3"]
},
"sslCertificateRef": {
"type": "string",
"description": "Name of a Kubernetes Secret containing the TLS certificate and key for HTTPS access to the gateway"
},
"caBundleRef": {
"type": "string",
"description": "Name of a Kubernetes ConfigMap containing a CA bundle for validating client certificates"
},
"port": {
"type": "integer",
"description": "HTTP port for the RGW service",
"minimum": 1,
"maximum": 65535,
"default": 80
},
"securePort": {
"type": "integer",
"description": "HTTPS port for the RGW service when TLS is configured",
"minimum": 1,
"maximum": 65535
},
"instances": {
"type": "integer",
"description": "Number of RGW daemon instances to run. More instances provide higher throughput and availability.",
"minimum": 1,
"default": 1
},
"annotations": {
"type": "object",
"description": "Kubernetes annotations to apply to the RGW pod and service",
"additionalProperties": {
"type": "string"
}
},
"labels": {
"type": "object",
"description": "Kubernetes labels to apply to the RGW pods",
"additionalProperties": {
"type": "string"
}
},
"resources": {
"type": "object",
"description": "CPU and memory resource requests and limits for RGW daemon pods",
"properties": {
"requests": {
"type": "object",
"properties": {
"cpu": { "type": "string", "description": "CPU request" },
"memory": { "type": "string", "description": "Memory request" }
}
},
"limits": {
"type": "object",
"properties": {
"cpu": { "type": "string", "description": "CPU limit" },
"memory": { "type": "string", "description": "Memory limit" }
}
}
}
},
"priorityClassName": {
"type": "string",
"description": "Priority class for RGW daemon pods"
},
"placement": {
"type": "object",
"description": "Kubernetes pod placement settings for RGW daemons"
},
"externalRgwEndpoints": {
"type": "array",
"description": "Endpoints of external RGW daemons when using an external Ceph cluster",
"items": {
"type": "object",
"properties": {
"ip": {
"type": "string",
"description": "IP address of the external RGW endpoint",
"format": "ipv4"
}
}
}
}
}
},
"PoolSpec": {
"type": "object",
"description": "Configuration for a Ceph pool used by the object store",
"properties": {
"failureDomain": {
"type": "string",
"description": "Failure domain for pool data placement",
"enum": ["osd", "host", "chassis", "rack", "row", "pdu", "pod", "room", "datacenter", "zone", "region", "root"]
},
"deviceClass": {
"type": "string",
"description": "OSD device class for pool placement",
"enum": ["hdd", "ssd", "nvme"]
},
"replicated": {
"type": "object",
"description": "Replicated pool configuration",
"required": ["size"],
"properties": {
"size": {
"type": "integer",
"description": "Number of data replicas",
"minimum": 1,
"maximum": 10
},
"requireSafeReplicaSize": {
"type": "boolean",
"description": "Enforce minimum safe replica count"
}
}
},
"erasureCoded": {
"type": "object",
"description": "Erasure coded pool configuration",
"required": ["dataChunks", "codingChunks"],
"properties": {
"dataChunks": {
"type": "integer",
"description": "Number of data chunks per stripe",
"minimum": 2
},
"codingChunks": {
"type": "integer",
"description": "Number of parity chunks per stripe",
"minimum": 1
}
}
},
"parameters": {
"type": "object",
"description": "Additional Ceph pool parameters",
"additionalProperties": {
"type": "string"
}
}
}
},
"CephObjectStoreUserSpec": {
"type": "object",
"description": "Specification for a CephObjectStoreUser defining access credentials and capabilities for the object store",
"required": ["store", "displayName"],
"properties": {
"store": {
"type": "string",
"description": "Name of the CephObjectStore resource this user belongs to"
},
"displayName": {
"type": "string",
"description": "Human-readable display name for the object store user"
},
"capabilities": {
"$ref": "#/$defs/ObjectUserCapabilities",
"description": "S3/Swift capability grants controlling what operations the user can perform"
},
"quotas": {
"$ref": "#/$defs/ObjectUserQuota",
"description": "Storage quota limits for this user"
},
"clusterNamespace": {
"type": "string",
"description": "Namespace of the Ceph cluster if different from the user resource namespace"
}
}
},
"ObjectUserCapabilities": {
"type": "object",
"description": "Ceph RGW user capability grants for S3 and admin API access control",
"properties": {
"user": {
"type": "string",
"description": "Permission level for user management operations",
"enum": ["*", "read", "write", "read,write"]
},
"users": {
"type": "string",
"description": "Permission level for users listing operations",
"enum": ["*", "read", "write", "read,write"]
},
"buckets": {
"type": "string",
"description": "Permission level for bucket administration operations",
"enum": ["*", "read", "write", "read,write"]
},
"metadata": {
"type": "string",
"description": "Permission level for object metadata operations",
"enum": ["*", "read", "write", "read,write"]
},
"usage": {
"type": "string",
"description": "Permission level for usage statistics operations",
"enum": ["*", "read", "write", "read,write"]
},
"zone": {
"type": "string",
"description": "Permission level for zone configuration operations",
"enum": ["*", "read", "write", "read,write"]
}
}
},
"ObjectUserQuota": {
"type": "object",
"description": "Storage quota limits for a CephObjectStoreUser",
"properties": {
"maxBuckets": {
"type": "integer",
"description": "Maximum number of buckets this user can create. Set to -1 for unlimited.",
"minimum": -1
},
"maxSize": {
"type": "string",
"description": "Maximum total storage size for this user (e.g. 10Gi, 1Ti)",
"pattern": "^[0-9]+(\\.[0-9]+)?(Ki|Mi|Gi|Ti|Pi|Ei|K|M|G|T|P|E)?$"
},
"maxSizeBytes": {
"type": "integer",
"description": "Maximum storage size in bytes. Set to -1 for unlimited.",
"minimum": -1
},
"maxObjects": {
"type": "integer",
"description": "Maximum number of objects this user can store. Set to -1 for unlimited.",
"minimum": -1
}
}
},
"CephObjectStoreStatus": {
"type": "object",
"description": "Observed state of the CephObjectStore as reported by the Rook operator",
"properties": {
"phase": {
"type": "string",
"description": "Current lifecycle phase of the object store",
"enum": ["Creating", "Ready", "Deleting", "Error", "Progressing"]
},
"conditions": {
"type": "array",
"description": "Status conditions for the object store",
"items": {
"$ref": "#/$defs/Condition"
}
},
"info": {
"type": "object",
"description": "Additional status information including endpoint URLs",
"properties": {
"endpoint": {
"type": "string",
"description": "HTTP endpoint URL for the RGW service"
},
"secureEndpoint": {
"type": "string",
"description": "HTTPS endpoint URL for the RGW service when TLS is configured"
}
}
}
}
},
"Condition": {
"type": "object",
"description": "A Kubernetes-style condition for the object store resource",
"required": ["type", "status"],
"properties": {
"type": {
"type": "string",
"description": "Type of condition"
},
"status": {
"type": "string",
"description": "Status of the condition",
"enum": ["True", "False", "Unknown"]
},
"reason": {
"type": "string",
"description": "Machine-readable reason for the condition status"
},
"message": {
"type": "string",
"description": "Human-readable description of why the condition is in this state"
},
"lastTransitionTime": {
"type": "string",
"format": "date-time",
"description": "Time when this condition last transitioned"
}
}
}
}
}