feat(operator): support dedicated RPC secrets#184
Merged
Conversation
GatewayJ
force-pushed
the
fix/rpc-secret-configuration
branch
from
July 16, 2026 08:39
0cf9e70 to
af6653b
Compare
GatewayJ
marked this pull request as ready for review
July 16, 2026 15:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of Change
Related Issues
Refs #153
Summary of Changes
Add an optional
spec.rpcSecretSecret key reference for RustFS internode RPC authentication. When configured, the operator injects the selected key asRUSTFS_RPC_SECRETand prevents the generic environment list from overriding that operator-managed value. When omitted, the operator does not inject the variable, so RustFS retains its existing credential-derived fallback behavior.Validate the dedicated RPC Secret before applying workloads. The operator now rejects blank references, missing Secrets or keys, non-UTF-8 data, blank values, embedded NUL bytes, and the public RustFS default credential value. Invalid configuration blocks reconciliation before a StatefulSet rollout starts and is reported through
RpcAuthReadywith an actionable reason.This separates internode RPC authentication from administrator credentials for tenants that opt in, allowing
spec.credsSecretrotation without changing the shared RPC identity. Existing tenants that setRUSTFS_RPC_SECRETdirectly throughspec.envremain compatible whenspec.rpcSecretis absent.Only a configured and validated
spec.rpcSecretreportsRpcAuthReady=True; legacy raw environment values are not reported as operator-validated. Externally managed RPC Secrets can use the existingrustfs.tenant=<tenant-name>label so Secret updates promptly enqueue the Tenant for revalidation.The generated Tenant CRDs, schema coverage, workload rendering tests, rollout detection tests, validation tests, status reporting, Helm documentation, English and Chinese user guides, and the existing four-node live smoke fixture are updated with the new configuration.
Checklist
make pre-commit(fmt-check + clippy + test + console-lint + console-fmt-check)[Unreleased](N/A: this repository does not containCHANGELOG.md)Impact
spec.rpcSecretis configured.Verification
Additional Notes
The RPC Secret should remain stable during administrator credential rotation. Adding or changing it on an existing tenant is an RPC credential transition and requires coordinated pod restart planning.
This PR does not implement the existing-tenant credential rotation requested by #153, so it intentionally references rather than closes that issue. Secret content updates trigger revalidation only; coordinated restart and credential hot reload are not part of this PR.
Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.