Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly MCC). This means everything you need is in one place. The separate MCC documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Manage Ceph Object Storage users

Warning

This procedure is valid for MOSK clusters that use the MiraCeph custom resource (CR), which is available since MOSK 25.2 to replace the deprecated KaaSCephCluster. For the equivalent procedure with the KaaSCephCluster CR, refer to the following section:

Manage Ceph Object Storage users

The MiraCeph resource allows managing custom Ceph Object Storage users. This section describes how to create, access, and remove Ceph Object Storage users.

For all supported parameters of Ceph Object Storage users, refer to RADOS Gateway parameters.

Create a Ceph Object Storage user

1. Edit the MiraCeph resource by adding a new Ceph Object Storage user to the spec section:

   kubectl -n ceph-lcm-mirantis edit miraceph
   

   Example of adding the Ceph Object Storage user user-a:

   Caution

   For user name, apply the UUID format with no capital letters.

   spec:
     objectStorage:
       rgw:
         objectUsers:
         - capabilities:
             bucket: '*'
             metadata: read
             user: read
           displayName: user-a
           name: userA
           quotas:
             maxBuckets: 10
             maxSize: 10G
   

2. Wait for the created user to become ready in the MiraCephHealth status:

   kubectl -n ceph-lcm-mirantis get miracephhealth -o yaml
   

   Example output:

   status:
     fullClusterInfo:
       objectStorageStatus:
         objectStoreUsers:
           user-a:
             present: true
             phase: Ready
   

Access data using a Ceph Object Storage user

1. Using the MiraCephSecret status, obtain secretInfo with the Ceph user credentials :

   kubectl -n ceph-lcm-mirantis get mcsecret -o yaml
   

   Example output:

   status:
     secretInfo:
       rgwUserSecrets:
       - name: user-a
         secretName: rook-ceph-object-user-<objstoreName>-<username>
         secretNamespace: rook-ceph
   

   Substitute <objstoreName> with a Ceph Object Storage name and <username> with a Ceph Object Storage user name.

2. Use secretName and secretNamespace to access the Ceph Object Storage user credentials. The secret contains Amazon S3 access and secret keys.

   • To obtain the user S3 access key:

     kubectl -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.AccessKey}' | base64 -d; echo
     

     Substitute the following parameters in the commands above and below:

     • <secretNamespace> with secretNamespace from the previous step

     • <secretName> with secretName from the previous step

     Example output:

     D49G060HQ86U5COBTJ13
     

   • To obtain the user S3 secret key:

     kubectl -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.SecretKey}' | base64 -d; echo
     

     Example output:

     bpuYqIieKvzxl6nzN0sd7L06H40kZGXNStD4UNda
     

3. Configure the S3 client with the access and secret keys of the created user. You can access the S3 client using various tools such as s3cmd or awscli.

Remove a Ceph Object Storage user

1. Edit the MiraCeph resource by removing the required Ceph Object Storage user from spec.objectStorage.rgw.objectUsers:

   kubectl -n ceph-lcm-mirantis edit miraceph
   

2. Wait for the removed user to be removed from the MiraCephHealth status in status.fullClusterInfo.objectStorageStatus.objectStoreUsers:

   kubectl -n ceph-lcm-mirantis get mchealth -o yaml