Skip to content

fix(controller): index shared tenant references#189

Merged
GatewayJ merged 5 commits into
rustfs:mainfrom
GatewayJ:fix/controller-reference-index
Jul 19, 2026
Merged

fix(controller): index shared tenant references#189
GatewayJ merged 5 commits into
rustfs:mainfrom
GatewayJ:fix/controller-reference-index

Conversation

@GatewayJ

@GatewayJ GatewayJ commented Jul 18, 2026

Copy link
Copy Markdown
Member

Type of Change

  • New Feature
  • Bug Fix
  • Documentation
  • Performance Improvement
  • Test/CI
  • Refactor
  • Other:

Related Issues

N/A

Summary of Changes

  • replace per-event Tenant scans and user-owned resource label mutation with a namespace-aware reverse reference index for Secret and ConfigMap references, including environment configMapKeyRef entries
  • drive the Tenant store, index, and Controller trigger from one ordered watch stream, publishing relists only after InitDone
  • replay deleted resources and previous owner-reference routes after watch relists so both old and new Tenant mappings reconcile
  • ignore legacy rustfs.tenant labels on user-owned Secrets and ConfigMaps; routing now comes from Tenant spec references or Tenant owner references
  • retain compact resource identity and route snapshots instead of full Kubernetes metadata during relist recovery
  • reduce cluster-wide Secret and ConfigMap RBAC to get, list, and watch, with a namespaced Role for STS auto TLS Secret creation and fixed-name update
  • reject all chart-managed environment overrides, verify STS RBAC gates and custom ServiceAccounts, and install a pinned Helm 3 release in CI for real render coverage

Checklist

  • I have read and followed the CONTRIBUTING.md guidelines
  • Passed make pre-commit (fmt-check + clippy + test + console-lint + console-fmt-check)
  • Added/updated necessary tests
  • Documentation updated (if needed)
  • CHANGELOG.md updated under [Unreleased] (if user-visible change)
  • CI/CD passed (if applicable)

Impact

  • Breaking change (CRD/API compatibility)
  • Requires doc/config/deployment update
  • Other impact: The Operator no longer adds, removes, or trusts routing labels on user-owned referenced resources. Custom RBAC installations must grant the namespaced STS TLS permissions when auto TLS is enabled.

Verification

make pre-commit
cargo test tenant_reference_index --lib
cargo test controller_watch_tests --lib
cargo test --manifest-path e2e/Cargo.toml --test sts_manifest

Additional Notes

  • Rebased onto main after fix(controller): route shared Secret events to all Tenants #188. This preserves shared Secret event behavior while replacing its per-event Tenant scan and startup Secret label cleanup with the event-driven reverse index.
  • Existing legacy labels may remain on resources, but they are inert; the Operator does not require cluster-wide Secret or ConfigMap write access to remove them.
  • The relist cache stores only resource identity and Tenant owner routes. A 10,000-resource regression verifies that large annotations and managed metadata are discarded and that the snapshot remains smaller than full ObjectMeta.
  • Kubernetes RBAC cannot constrain create by resourceNames. The STS Role therefore permits Secret creation only in the Operator namespace, while get/update is limited to sts-tls; it grants no patch or delete.
  • Deployments using rbac.create=false must provide equivalent namespaced permissions when sts.enabled=true, sts.tls.enabled=true, and sts.tls.auto=true.
  • CI installs Helm 3.21.3 explicitly; missing Helm is a CI failure rather than a silent render-test skip.
  • Live Kubernetes Secret-rotation tests remain opt-in through make e2e-live-run; all non-live checks pass.
  • This PR remains independent of the Restricted Pod Security work in fix(operator): support restricted pod security #186 and does not include Console API contract changes.
  • The repository does not currently contain a CHANGELOG.md.

Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.

@GatewayJ
GatewayJ marked this pull request as ready for review July 19, 2026 04:50
@GatewayJ

Copy link
Copy Markdown
Member Author

@codex

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

Reviewed commit: 3e578af540

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@GatewayJ
GatewayJ force-pushed the fix/controller-reference-index branch from 3e578af to 590c550 Compare July 19, 2026 05:53
@GatewayJ
GatewayJ added this pull request to the merge queue Jul 19, 2026
Merged via the queue into rustfs:main with commit 66db4ec Jul 19, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant