Skip to content

[feature request] tenant user property to override secret name #174

Description

@davgia

Hi,

I have deployed rustfs-operator 0.1.0 in a 1.36.2 cluster.
I have the following tenant and secret:

apiVersion: rustfs.com/v1alpha1
kind: Tenant
metadata:
  name: test
  namespace: rustfs
spec:
  buckets:
  - name: shared-files
  credsSecret:
    name: rustfs
  env:
  - name: RUSTFS_IDENTITY_OPENID_ENABLE
    value: "true"
  - name: RUSTFS_IDENTITY_OPENID_CONFIG_URL
    value: https://keycloak.example.com/realms/example/.well-known/openid-configuration
  - name: RUSTFS_IDENTITY_OPENID_SCOPES
    value: openid,profile,email,groups
  - name: RUSTFS_IDENTITY_OPENID_GROUPS_CLAIM
    value: groups
  - name: RUSTFS_IDENTITY_OPENID_USERNAME_CLAIM
    value: preferred_username
  - name: RUSTFS_IDENTITY_OPENID_ROLE_POLICY
    value: consoleAdmin
  - name: RUSTFS_IDENTITY_OPENID_DISPLAY_NAME
    value: Keycloak
  - name: RUSTFS_IDENTITY_OPENID_REDIRECT_URI
    value: https://rustfs.example.com/rustfs/admin/v3/oidc/callback/keycloak
  - name: RUSTFS_IDENTITY_OPENID_CLIENT_ID
    valueFrom:
      secretKeyRef:
        key: client-id
        name: rustfs-oidc
  - name: RUSTFS_IDENTITY_OPENID_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        key: client-secret
        name: rustfs-oidc
  image: REDACTED.dkr.ecr.eu-west-1.amazonaws.com/docker.io/rustfs/rustfs
  imagePullSecret:
    name: aws-ecr-pull-secrets
  mountPath: /data
  policies:
  - document:
      configMapKeyRef:
        key: policy-shared-readwrite.json
        name: rustfs-policies
    name: shared-readwrite
  pools:
  - name: primary
    persistence:
      volumeClaimTemplate:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 64Gi
        storageClassName: nfs-client
      volumesPerServer: 1
    servers: 1
  users:
  - name: shared
    policies:
    - shared-readwrite
status:
  provisioning:
    users:
    - lastTransitionTime: "2026-07-10T18:22:39Z"
      message: user Secret 'shared' was not found
      name: shared
      policies:
      - shared-readwrite
      reason: UserSecretInvalid
      state: Failed
---
apiVersion: v1
data:
  accesskey: REDACTED
  secretkey: REDACTED
kind: Secret
metadata:
  name: rustfs
  namespace: rustfs
type: Opaque
---
apiVersion: v1
data:
  accesskey: REDACTED
  secretkey: REDACTED
kind: Secret
metadata:
  labels:
    rustfs.tenant: test
  name: rustfs-user-shared
  namespace: rustfs
type: Opaque

The error is clear. It seems that the secret name must be equal to the username. This can have downside, I would like to maintain my secret name format (i.e. rustfs-user-USERNAME). I think a spec.users[0].credsSecret.name would be nice and useful.

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions