Manage Ceph Object Storage users¶
Available since 2.23.1 (Cluster release 12.7.0)
The KaaSCephCluster
resource allows managing custom Ceph Object Storage
users. This section describes how to create, access, and remove Ceph Object
Storage users.
For all supported parameters of Ceph Object Storage users, refer to RADOS Gateway parameters.
Create a Ceph Object Storage user¶
Edit the
KaaSCephCluster
resource by adding a new Ceph Object Storage user to thespec
section:kubectl -n <managedClusterProject> edit kaascephcluster
Substitute
<managedClusterProject>
with the corresponding Container Cloud project where the managed cluster was created.Example of adding the Ceph Object Storage user
user-a
:Caution
For user
name
, apply the UUID format with no capital letters.spec: cephClusterSpec: objectStorage: rgw: objectUsers: - capabilities: bucket: '*' metadata: read user: read displayName: user-a name: userA quotas: maxBuckets: 10 maxSize: 10G
Wait for the created user to become ready in the
KaaSCephCluster
status:kubectl -n <managedClusterProject> get kaascephcluster -o yaml
Example output:
status: fullClusterInfo: objectStorageStatus: objectStoreUsers: user-a: present: true phase: Ready
Access data using a Ceph Object Storage user¶
Using the
KaaSCephCluster
status, obtainsecretInfo
with the Ceph user credentials :kubectl -n <managedClusterProject> get kaascephcluster -o yaml
Example output:
status: miraCephSecretsInfo: secretInfo: rgwUserSecrets: - name: user-a secretName: rook-ceph-object-user-<objstoreName>-<username> secretNamespace: rook-ceph
Substitute
<objstoreName>
with a Ceph Object Storage name and<username>
with a Ceph Object Storage user name.Use
secretName
andsecretNamespace
to access the Ceph Object Storage user credentials from a managed cluster. The secret contains Amazon S3 access and secret keys.To obtain the user S3 access key:
kubectl --kubeconfig <managedClusterKubeconfig> -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.AccessKey}' | base64 -d; echo
Substitute the following parameters in the commands above and below:
<managedClusterKubeconfig>
with a managed clusterkubeconfig
<secretNamespace>
withsecretNamespace
from the previous step<secretName>
withsecretName
from the previous step
Example output:
D49G060HQ86U5COBTJ13
To obtain the user S3 secret key:
kubectl --kubeconfig <managedClusterKubeconfig> -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.SecretKey}' | base64 -d; echo
Example output:
bpuYqIieKvzxl6nzN0sd7L06H40kZGXNStD4UNda
Configure the S3 client with the access and secret keys of the created user. You can access the S3 client using various tools such as s3cmd or awscli.
Remove a Ceph Object Storage user¶
Edit the
KaaSCephCluster
resource by removing the required Ceph Object Storage user fromspec.cephClusterSpec.objectStorage.rgw.objectUsers
:kubectl -n <managedClusterProject> edit kaascephcluster
Wait for the removed user to be removed from the
KaaSCephCluster
status instatus.fullClusterInfo.objectStorageStatus.objectStoreUsers
:kubectl -n <managedClusterProject> get kaascephcluster -o yaml