Ceph integration with OpenStack¶
The integration between Ceph and OpenStack (Rockoon) Controllers is implemented
through the shared Kubernetes openstack-ceph-shared
namespace. Both
controllers have access to this namespace to read and write the Kubernetes
kind: Secret
objects.

As Ceph is required and only supported backend for several OpenStack
services, all necessary Ceph pools must be specified in the configuration
of the kind: MiraCeph
custom resource as part of the deployment.
Once the Ceph cluster is deployed, the Ceph Controller posts the
information required by the OpenStack services to be properly configured
as a kind: Secret
object into the openstack-ceph-shared
namespace.
The OpenStack Controller watches this namespace. Once the corresponding
secret is created, the OpenStack Controller transforms this secret to the
data structures expected by the OpenStack-Helm charts. Even if an OpenStack
installation is triggered at the same time as a Ceph cluster deployment, the
OpenStack Controller halts the deployment of the OpenStack services that
depend on Ceph availability until the secret in the shared namespace is
created by the Ceph Controller.
For the configuration of Ceph Object Gateway as an OpenStack Object
Storage, the reverse process takes place. The OpenStack Controller waits
for the OpenStack-Helm to create a secret with OpenStack Identity
(Keystone) credentials that Ceph Object Gateway must use to validate the
OpenStack Identity tokens, and posts it back to the same
openstack-ceph-shared
namespace in the format suitable for
consumption by the Ceph Controller. The Ceph Controller then reads this
secret and reconfigures Ceph Object Gateway accordingly.