Skip to content

CephObjectStoreUser CRD

Rook allows creation and customization of object store users through the custom resource definitions (CRDs). The following settings are available for Ceph object store users.


kind: CephObjectStoreUser
  name: my-user
  namespace: rook-ceph
  store: my-store
  displayName: my-display-name
    maxBuckets: 100
    maxSize: 10G
    maxObjects: 10000
    user: "*"
    bucket: "*"

Object Store User Settings


  • name: The name of the object store user to create, which will be reflected in the secret and other resource names.
  • namespace: The namespace of the Rook cluster where the object store user is created.


  • store: The object store in which the user will be created. This matches the name of the objectstore CRD.
  • displayName: The display name which will be passed to the radosgw-admin user create command.
  • clusterNamespace: The namespace where the parent CephCluster and CephObjectStore are found. If not specified, the user must be in the same namespace as the cluster and object store. To enable this feature, the CephObjectStore allowUsersInNamespaces must include the namespace of this user.
  • quotas: This represents quota limitation can be set on the user. Please refer here for details.
    • maxBuckets: The maximum bucket limit for the user.
    • maxSize: Maximum size limit of all objects across all the user's buckets.
    • maxObjects: Maximum number of objects across all the user's buckets.
  • capabilities: Ceph allows users to be given additional permissions. Due to missing APIs in go-ceph for updating the user capabilities, this setting can currently only be used during the creation of the object store user. If a user's capabilities need modified, the user must be deleted and re-created. See the Ceph docs for more info. Rook supports adding read, write, read, write, or * permissions for the following resources:
    • user
    • buckets
    • usage
    • metadata
    • zone
    • roles
    • info
    • amz-cache
    • bilog
    • mdlog
    • datalog
    • user-policy
    • odic-provider
    • ratelimit