Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set will cover all product layers, including MOSK management (formerly MCC). This means everything you need will be in one place. The separate MCC documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Manage Ceph Object Storage users¶

Available since 2.23.1 (Cluster release 12.7.0)

The KaaSCephCluster resource allows managing custom Ceph Object Storage users. This section describes how to create, access, and remove Ceph Object Storage users.

For all supported parameters of Ceph Object Storage users, refer to RADOS Gateway parameters.

Create a Ceph Object Storage user¶

Edit the KaaSCephCluster resource by adding a new Ceph Object Storage user to the spec section:

kubectl -n <managedClusterProject> edit kaascephcluster

Substitute <managedClusterProject> with the corresponding Container Cloud project where the managed cluster was created.

Example of adding the Ceph Object Storage user user-a:

Caution

For user name, apply the UUID format with no capital letters.

spec:
  cephClusterSpec:
    objectStorage:
      rgw:
        objectUsers:
        - capabilities:
            bucket: '*'
            metadata: read
            user: read
          displayName: user-a
          name: userA
          quotas:
            maxBuckets: 10
            maxSize: 10G

Wait for the created user to become ready in the KaaSCephCluster status:

kubectl -n <managedClusterProject> get kaascephcluster -o yaml

Example output:

status:
  fullClusterInfo:
    objectStorageStatus:
      objectStoreUsers:
        user-a:
          present: true
          phase: Ready

Access data using a Ceph Object Storage user¶

Using the KaaSCephCluster status, obtain secretInfo with the Ceph user credentials :

kubectl -n <managedClusterProject> get kaascephcluster -o yaml

Example output:

status:
  miraCephSecretsInfo:
    secretInfo:
      rgwUserSecrets:
      - name: user-a
        secretName: rook-ceph-object-user-<objstoreName>-<username>
        secretNamespace: rook-ceph

Substitute <objstoreName> with a Ceph Object Storage name and <username> with a Ceph Object Storage user name.

Use secretName and secretNamespace to access the Ceph Object Storage user credentials from a managed cluster. The secret contains Amazon S3 access and secret keys.
- To obtain the user S3 access key:
```
kubectl --kubeconfig <managedClusterKubeconfig> -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.AccessKey}' | base64 -d; echo
```
  Substitute the following parameters in the commands above and below:
  - <managedClusterKubeconfig> with a managed cluster kubeconfig
  - <secretNamespace> with secretNamespace from the previous step
  - <secretName> with secretName from the previous step
  Example output:
```
D49G060HQ86U5COBTJ13
```
- To obtain the user S3 secret key:
```
kubectl --kubeconfig <managedClusterKubeconfig> -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.SecretKey}' | base64 -d; echo
```
  Example output:
```
bpuYqIieKvzxl6nzN0sd7L06H40kZGXNStD4UNda
```
Configure the S3 client with the access and secret keys of the created user. You can access the S3 client using various tools such as s3cmd or awscli.

Remove a Ceph Object Storage user¶

Edit the KaaSCephCluster resource by removing the required Ceph Object Storage user from spec.cephClusterSpec.objectStorage.rgw.objectUsers:
```
kubectl -n <managedClusterProject> edit kaascephcluster
```
Wait for the removed user to be removed from the KaaSCephCluster status in status.fullClusterInfo.objectStorageStatus.objectStoreUsers:
```
kubectl -n <managedClusterProject> get kaascephcluster -o yaml
```