Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!
Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.
Manage Ceph Object Storage users¶
Available since 2.23.1 (Cluster release 12.7.0)
Warning
This procedure is valid for MOSK clusters that use the deprecated
KaaSCephCluster custom resource (CR) instead of the MiraCeph CR that is
available since MOSK 25.2 as a new Ceph configuration entrypoint. For the
equivalent procedure with the MiraCeph CR, refer to the following section:
The KaaSCephCluster resource allows managing custom Ceph Object Storage
users. This section describes how to create, access, and remove Ceph Object
Storage users.
For all supported parameters of Ceph Object Storage users, refer to RADOS Gateway parameters.
Create a Ceph Object Storage user¶
Edit the
KaaSCephClusterresource by adding a new Ceph Object Storage user to thespecsection:kubectl -n <MOSKClusterProject> edit kaascephcluster
Substitute
<MOSKClusterProject>with the corresponding MOSK project where the MOSK cluster was created.Example of adding the Ceph Object Storage user
user-a:Caution
For user
name, apply the UUID format with no capital letters.spec: cephClusterSpec: objectStorage: rgw: objectUsers: - capabilities: bucket: '*' metadata: read user: read displayName: user-a name: userA quotas: maxBuckets: 10 maxSize: 10G
Wait for the created user to become ready in the
KaaSCephClusterstatus:kubectl -n <moskClusterProject> get kaascephcluster -o yaml
Example output:
status: fullClusterInfo: objectStorageStatus: objectStoreUsers: user-a: present: true phase: Ready
Access data using a Ceph Object Storage user¶
Using the
KaaSCephClusterstatus, obtainsecretInfowith the Ceph user credentials :kubectl -n <moskClusterProject> get kaascephcluster -o yaml
Example output:
status: miraCephSecretsInfo: secretInfo: rgwUserSecrets: - name: user-a secretName: rook-ceph-object-user-<objstoreName>-<username> secretNamespace: rook-ceph
Substitute
<objstoreName>with a Ceph Object Storage name and<username>with a Ceph Object Storage user name.Use
secretNameandsecretNamespaceto access the Ceph Object Storage user credentials from a MOSK cluster. The secret contains Amazon S3 access and secret keys.To obtain the user S3 access key:
kubectl --kubeconfig <moskClusterKubeconfig> -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.AccessKey}' | base64 -d; echo
Substitute the following parameters in the commands above and below:
<moskClusterKubeconfig>with a MOSK clusterkubeconfig<secretNamespace>withsecretNamespacefrom the previous step<secretName>withsecretNamefrom the previous step
Example output:
D49G060HQ86U5COBTJ13To obtain the user S3 secret key:
kubectl --kubeconfig <moskClusterKubeconfig> -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.SecretKey}' | base64 -d; echo
Example output:
bpuYqIieKvzxl6nzN0sd7L06H40kZGXNStD4UNda
Configure the S3 client with the access and secret keys of the created user. You can access the S3 client using various tools such as s3cmd or awscli.
Remove a Ceph Object Storage user¶
Edit the
KaaSCephClusterresource by removing the required Ceph Object Storage user fromspec.cephClusterSpec.objectStorage.rgw.objectUsers:kubectl -n <moskClusterProject> edit kaascephcluster
Wait for the removed user to be removed from the
KaaSCephClusterstatus instatus.fullClusterInfo.objectStorageStatus.objectStoreUsers:kubectl -n <moskClusterProject> get kaascephcluster -o yaml