Skip to content

feat(operator): support dedicated RPC secrets#184

Merged
GatewayJ merged 3 commits into
rustfs:mainfrom
GatewayJ:fix/rpc-secret-configuration
Jul 16, 2026
Merged

feat(operator): support dedicated RPC secrets#184
GatewayJ merged 3 commits into
rustfs:mainfrom
GatewayJ:fix/rpc-secret-configuration

Conversation

@GatewayJ

@GatewayJ GatewayJ commented Jul 13, 2026

Copy link
Copy Markdown
Member

Type of Change

  • New Feature
  • Bug Fix
  • Documentation
  • Performance Improvement
  • Test/CI
  • Refactor
  • Other: N/A

Related Issues

Refs #153

Summary of Changes

Add an optional spec.rpcSecret Secret key reference for RustFS internode RPC authentication. When configured, the operator injects the selected key as RUSTFS_RPC_SECRET and prevents the generic environment list from overriding that operator-managed value. When omitted, the operator does not inject the variable, so RustFS retains its existing credential-derived fallback behavior.

Validate the dedicated RPC Secret before applying workloads. The operator now rejects blank references, missing Secrets or keys, non-UTF-8 data, blank values, embedded NUL bytes, and the public RustFS default credential value. Invalid configuration blocks reconciliation before a StatefulSet rollout starts and is reported through RpcAuthReady with an actionable reason.

This separates internode RPC authentication from administrator credentials for tenants that opt in, allowing spec.credsSecret rotation without changing the shared RPC identity. Existing tenants that set RUSTFS_RPC_SECRET directly through spec.env remain compatible when spec.rpcSecret is absent.

Only a configured and validated spec.rpcSecret reports RpcAuthReady=True; legacy raw environment values are not reported as operator-validated. Externally managed RPC Secrets can use the existing rustfs.tenant=<tenant-name> label so Secret updates promptly enqueue the Tenant for revalidation.

The generated Tenant CRDs, schema coverage, workload rendering tests, rollout detection tests, validation tests, status reporting, Helm documentation, English and Chinese user guides, and the existing four-node live smoke fixture are updated with the new configuration.

Checklist

  • I have read and followed the CONTRIBUTING.md guidelines
  • Passed make pre-commit (fmt-check + clippy + test + console-lint + console-fmt-check)
  • Added/updated necessary tests
  • Documentation updated (if needed)
  • CHANGELOG.md updated under [Unreleased] (N/A: this repository does not contain CHANGELOG.md)
  • CI/CD passed

Impact

  • Breaking change (CRD/API compatibility)
  • Requires doc/config/deployment update
  • Other impact: Existing behavior is unchanged unless spec.rpcSecret is configured.

Verification

make pre-commit

Additional Notes

The RPC Secret should remain stable during administrator credential rotation. Adding or changing it on an existing tenant is an RPC credential transition and requires coordinated pod restart planning.

This PR does not implement the existing-tenant credential rotation requested by #153, so it intentionally references rather than closes that issue. Secret content updates trigger revalidation only; coordinated restart and credential hot reload are not part of this PR.


Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.

@GatewayJ
GatewayJ force-pushed the fix/rpc-secret-configuration branch from 0cf9e70 to af6653b Compare July 16, 2026 08:39
@GatewayJ
GatewayJ marked this pull request as ready for review July 16, 2026 15:11
@GatewayJ
GatewayJ added this pull request to the merge queue Jul 16, 2026
Merged via the queue into rustfs:main with commit 579312f Jul 16, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant