Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Manage Ceph Object Storage users

Warning

This procedure is valid for MOSK clusters that use the MiraCeph custom resource (CR), which is available since MOSK 25.2 to replace the deprecated KaaSCephCluster. For the equivalent procedure with the KaaSCephCluster CR, refer to the following section:

Manage Ceph Object Storage users

The MiraCeph resource allows managing custom Ceph Object Storage users. This section describes how to create, access, and remove Ceph Object Storage users.

For all supported parameters of Ceph Object Storage users, refer to RADOS Gateway parameters.

Create a Ceph Object Storage user

  1. Edit the MiraCeph resource by adding a new Ceph Object Storage user to the spec section:

    kubectl -n ceph-lcm-mirantis edit miraceph

    Example of adding the Ceph Object Storage user user-a:

    Caution

    For user name, apply the UUID format with no capital letters.

    spec:
  objectStorage:
    rgw:
      objectUsers:
      - capabilities:
          bucket: '*'
          metadata: read
          user: read
        displayName: user-a
        name: userA
        quotas:
          maxBuckets: 10
          maxSize: 10G

  2. Wait for the created user to become ready in the MiraCephHealth status:

    kubectl -n ceph-lcm-mirantis get miracephhealth -o yaml

    Example output:

    status:
  fullClusterInfo:
    objectStorageStatus:
      objectStoreUsers:
        user-a:
          present: true
          phase: Ready

Access data using a Ceph Object Storage user

  1. Using the MiraCephSecret status, obtain secretInfo with the Ceph user credentials :

    kubectl -n ceph-lcm-mirantis get mcsecret -o yaml

    Example output:

    status:
  secretInfo:
    rgwUserSecrets:
    - name: user-a
      secretName: rook-ceph-object-user-<objstoreName>-<username>
      secretNamespace: rook-ceph

    Substitute <objstoreName> with a Ceph Object Storage name and <username> with a Ceph Object Storage user name.

  2. Use secretName and secretNamespace to access the Ceph Object Storage user credentials. The secret contains Amazon S3 access and secret keys.

    • To obtain the user S3 access key:

      kubectl -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.AccessKey}' | base64 -d; echo

      Substitute the following parameters in the commands above and below:

      • <secretNamespace> with secretNamespace from the previous step

      • <secretName> with secretName from the previous step

      Example output:

      D49G060HQ86U5COBTJ13

    • To obtain the user S3 secret key:

      kubectl -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.SecretKey}' | base64 -d; echo

      Example output:

      bpuYqIieKvzxl6nzN0sd7L06H40kZGXNStD4UNda

  3. Configure the S3 client with the access and secret keys of the created user. You can access the S3 client using various tools such as s3cmd or awscli.

Remove a Ceph Object Storage user

  1. Edit the MiraCeph resource by removing the required Ceph Object Storage user from spec.objectStorage.rgw.objectUsers:

    kubectl -n ceph-lcm-mirantis edit miraceph

  2. Wait for the removed user to be removed from the MiraCephHealth status in status.fullClusterInfo.objectStorageStatus.objectStoreUsers:

    kubectl -n ceph-lcm-mirantis get mchealth -o yaml