Started work on odf obc quota talk.

2025-09-01 14:33:47 +12:00
parent 1155c5cc78
commit c551fdfdad
1 changed files with 112 additions and 0 deletions
--- a/2025-08-21-odf-s3-quotas/README.org
+++ b/2025-08-21-odf-s3-quotas/README.org
@ -0,0 +1,112 @@
+#+TITLE: Object Storage Quotas
+#+DATE: <2025-08-21 Thu>
+#+AUTHOR: James Blair
+
+
+So you've got OpenShift Data Foundations installed in your OpenShift cluster and now you've got tenants of your clusters clamouring to consume object storage.
+
+This short write-up will explain how to give each tenant a safe quota of storage they can consume.
+
+
+* Pre-requisites
+
+Before we begin, let's ensure we are logged into our cluster in the terminal and the cluster meets our version requirements.
+
+** Verify cluster auth status
+
+#+NAME: Verify cluster login status
+#+begin_src bash
+oc version && oc whoami
+#+end_src
+
+#+RESULTS: Verify cluster login status
+#+begin_example
+Client Version: 4.19.7
+Kustomize Version: v5.5.0
+Server Version: 4.19.9
+Kubernetes Version: v1.32.7
+admin
+#+end_example
+
+
+** Verify odf storage installed
+
+#+NAME: Verify storage system state
+#+begin_src bash
+oc get crd | grep noobaa
+#+end_src
+
+#+RESULTS: Verify storage system state
+#+begin_example
+backingstores.noobaa.io                                           2025-08-20T22:36:51Z
+bucketclasses.noobaa.io                                           2025-08-20T22:36:50Z
+namespacestores.noobaa.io                                         2025-08-20T22:36:51Z
+noobaaaccounts.noobaa.io                                          2025-08-20T22:36:51Z
+noobaas.noobaa.io                                                 2025-08-20T22:36:51Z
+#+end_example
+
+
+* Create a sample tenant
+
+Let's create an example tenant project called ~storage-tenant~ that a separate user on our cluster called ~user1~ will own.
+
+#+NAME: Create tenant namespace
+#+begin_src bash
+cat << EOF | oc apply --user admin --filename -
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  annotations:
+    openshift.io/requester: user1
+  name: storage-tenant
+
+EOF
+#+end_src
+
+#+RESULTS: Create tenant namespace
+#+begin_example
+project.project.openshift.io/storage-tenant created
+#+end_example
+
+
+Once the project is created we'll run a quick ~oc adm~ command to ensure ~user1~ has full privileges within the project.
+
+#+NAME: Assign project permissions
+#+begin_src bash
+oc --user admin adm policy add-role-to-user admin user1 --namespace storage-tenant
+#+end_src
+
+#+RESULTS: Assign project permissions
+#+begin_example
+clusterrole.rbac.authorization.k8s.io/admin added: "user1"
+#+end_example
+
+
+* Create a custom bucket class
+
+#+NAME: Create custom bucket class
+#+begin_src bash
+cat << EOF | oc --user admin apply --filename -
+apiVersion: noobaa.io/v1alpha1
+kind: BucketClass
+metadata:
+  finalizers:
+  - noobaa.io/finalizer
+  labels:
+    app: noobaa
+  name: custom-tenant-bucket-class
+  namespace: openshift-storage
+spec:
+  placementPolicy:
+    tiers:
+    - backingStores:
+      - noobaa-default-backing-store
+  quota:
+    maxSize: 1Gi
+EOF
+#+end_src
+
+#+RESULTS: Create custom bucket class
+#+begin_example
+bucketclass.noobaa.io/custom-tenant-bucket-class created
+#+end_example