English

Create ceph object store user

We allows creation and customization of object store users through the custom resource definitions (CRDs).

Prerequisites

The object storage pool has been created

Procedure

Create User

Execute commands on the control node of the cluster.

cat << EOF | kubectl apply -f -
apiVersion: ceph.rook.io/v1
kind: CephObjectStoreUser
metadata:
  name: <name>
  namespace: <namespace>
spec:
  store: <ObjectStore>
  displayName: <displayName>
  clusterNamespace: <clusterNamespace>
  quotas:
    maxBuckets: -1
    maxSize: -1
    maxObjects: -1
  capabilities:
    user: "*"
    bucket: "*"
EOF

Parameters

Parameters	Description
name	The name of the object store user to create.
namespace	The namespace of the object store user is created.
displayName	The display name.
clusterNamespace	The namespace where the parent `CephCluster` and `CephObjectStore` are found. If not specified, the user must be in the same namespace as the cluster and object store. To enable this feature, the CephObjectStore `allowUsersInNamespaces` must include the namespace of this user.
ObjectStore	The object store in which the user will be created. This matches the name of the object storage pool.
quotas	optional This represents quota limitation can be set on the user. maxBuckets: The maximum bucket limit for the user. Set to `-1` indicates no restriction. maxSize: Maximum size limit of all objects across all the user's buckets. Set to `-1` indicates no restriction. maxObjects: Maximum number of objects across all the user's buckets. Set to `-1` indicates no restriction.
capabilities	optional Ceph allows users to be given additional permissions. This setting can currently only be used during the creation of the object store user. If a user's capabilities need modified, the user must be deleted and re-created. See the Ceph docs for more info. We supports adding `read`, `write`, `read,write`, or `*` permissions for the following resources: user buckets usage metadata zone roles info amz-cache bilog mdlog datalog user-policy odic-provider ratelimit

Allow create user in other namespaces

If a CephObjectStoreUser is created in a namespace other than the Rook cluster namespace, the namespace must be added to this list of allowed namespaces, or specify "*" to allow all namespaces. This is useful for applications that need object store credentials to be created in their own namespace.

Execute commands on the control node of the cluster.

kubectl -n rook-ceph patch cephobjectstore <ObjectStore> --type merge -p '{"spec":{"allowUsersInNamespaces":["*"]}}'

Get user information

Execute commands on the control node of the cluster.

user_secret=$(kubectl -n <namespace> get cephobjectstoreuser <user-name> -o jsonpath='{.status.info.secretName}')

# ACCESS_KEY
kubectl -n <namespace> get secret $user_secret -o jsonpath='{.data.AccessKey}' | base64 --decode

# SECRET_KEY
kubectl -n <namespace> get secret $user_secret -o jsonpath='{.data.SecretKey}' | base64 --decode

View full docs as PDF

How to

Backup Management

Recovery Management

Architecture

Concepts

Guides

How To

ALB

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

How To

Compliance

HowTo

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Namespaces

Creating Applications

Operation and Maintaining Applications

Application Rollout

KEDA(Kubernetes Event-driven Autoscaling)

How To

Workloads

Configurations

Application Observability

How To

How To

Install

How To

Overview

Install

Upgrade

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application

GitOps Observability

Architecture

Guides

How To