fix: persist local kms keys and fence pod deletes#172
Conversation
e50fc57 to
de9af2f
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: de9af2f925
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let replicasets_api: kube::Api<appsv1::ReplicaSet> = | ||
| kube::Api::namespaced(ctx.client.clone(), namespace); | ||
| let deployments_api: kube::Api<appsv1::Deployment> = | ||
| kube::Api::namespaced(ctx.client.clone(), namespace); |
There was a problem hiding this comment.
Grant RBAC for Deployment owner lookups
When the cleanup path sees a ReplicaSet-owned pod (for DeleteDeploymentPod/DeleteBothStatefulSetAndDeploymentPod, or legacy delete policies on a labeled Deployment pod), these new replicasets_api/deployments_api lookups require apps/replicasets and apps/deployments get permission. I checked deploy/rustfs-operator/templates/clusterrole.yaml and deploy/k8s-dev/operator-rbac.yaml; both still grant only apps/statefulsets, so installed operators will get a 403 here and abort reconciliation before deleting the stuck pod. Add the matching RBAC resources alongside the new lookups.
Useful? React with 👍 / 👎.
Type of Change
Related Issues
Summary of Changes
/data/rustfs0/.kms-keys) and block unsafe legacy/data/kms-keysmigration until key files and.master-key.saltare copied.spec.encryption.local.masterKeySecretRef, plus explicit development-onlyallowInsecureDevDefaults, matching the RustFS serverRUSTFS_KMS_*startup contract.RUSTFS_KMS_*tenant env overrides so KMS is validated and rendered by the operator.Checklist
make pre-commit(fmt-check + clippy + test + console-lint + console-fmt-check)[Unreleased](if user-visible change)Impact
Local KMS users must configure
spec.encryption.local.masterKeySecretRefunless they explicitly opt into development-only insecure defaults. Existing tenants using the legacy implicit/data/kms-keyspath must copy key files and.master-key.saltto the PVC-backed key directory and keep the same local master key before rollout.Verification
Additional Notes
rustfs/backlog#1075 is currently tracked as Medium severity. This PR treats Ready=Unknown as down but unfenced. Force deletion only proceeds after node deletion or an effective out-of-service taint that the target Pod does not tolerate, and only for Pods with a verified Tenant owner chain.