Object Storage service¶
RADOS Gateway (RGW) provides Object Storage (Swift) API for end users in
MOSK deployments. For the API compatibility, refer to
Ceph Documentation: Ceph Object Gateway Swift API.
You can manually enable the service in the OpenStackDeployment
CR as
described in Deploy an OpenStack cluster.
Object storage server-side encryption¶
Available since MOSK 22.1 TechPreview
RADOS Gateway also provides Amazon S3 compatible API. For details, see Ceph Documentation: Ceph Object Gateway S3 API. Using integration with the OpenStack Key Manager service (Barbican), the objects uploaded through S3 API can be encrypted by RGW according to the AWS Documentation: Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) specification.
Instead of Swift, such configuration uses an S3 client to upload server-side encrypted objects. Using server-side encryption, the data is sent over a secure HTTPS connection in an unencrypted form and the Ceph Object Gateway stores that data in the Ceph cluster in an encrypted form.