Hi,
I have deployed rustfs-operator 0.1.0 in a 1.36.2 cluster.
I have the following tenant and secret:
apiVersion: rustfs.com/v1alpha1
kind: Tenant
metadata:
name: test
namespace: rustfs
spec:
buckets:
- name: shared-files
credsSecret:
name: rustfs
env:
- name: RUSTFS_IDENTITY_OPENID_ENABLE
value: "true"
- name: RUSTFS_IDENTITY_OPENID_CONFIG_URL
value: https://keycloak.example.com/realms/example/.well-known/openid-configuration
- name: RUSTFS_IDENTITY_OPENID_SCOPES
value: openid,profile,email,groups
- name: RUSTFS_IDENTITY_OPENID_GROUPS_CLAIM
value: groups
- name: RUSTFS_IDENTITY_OPENID_USERNAME_CLAIM
value: preferred_username
- name: RUSTFS_IDENTITY_OPENID_ROLE_POLICY
value: consoleAdmin
- name: RUSTFS_IDENTITY_OPENID_DISPLAY_NAME
value: Keycloak
- name: RUSTFS_IDENTITY_OPENID_REDIRECT_URI
value: https://rustfs.example.com/rustfs/admin/v3/oidc/callback/keycloak
- name: RUSTFS_IDENTITY_OPENID_CLIENT_ID
valueFrom:
secretKeyRef:
key: client-id
name: rustfs-oidc
- name: RUSTFS_IDENTITY_OPENID_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client-secret
name: rustfs-oidc
image: REDACTED.dkr.ecr.eu-west-1.amazonaws.com/docker.io/rustfs/rustfs
imagePullSecret:
name: aws-ecr-pull-secrets
mountPath: /data
policies:
- document:
configMapKeyRef:
key: policy-shared-readwrite.json
name: rustfs-policies
name: shared-readwrite
pools:
- name: primary
persistence:
volumeClaimTemplate:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
storageClassName: nfs-client
volumesPerServer: 1
servers: 1
users:
- name: shared
policies:
- shared-readwrite
status:
provisioning:
users:
- lastTransitionTime: "2026-07-10T18:22:39Z"
message: user Secret 'shared' was not found
name: shared
policies:
- shared-readwrite
reason: UserSecretInvalid
state: Failed
---
apiVersion: v1
data:
accesskey: REDACTED
secretkey: REDACTED
kind: Secret
metadata:
name: rustfs
namespace: rustfs
type: Opaque
---
apiVersion: v1
data:
accesskey: REDACTED
secretkey: REDACTED
kind: Secret
metadata:
labels:
rustfs.tenant: test
name: rustfs-user-shared
namespace: rustfs
type: Opaque
The error is clear. It seems that the secret name must be equal to the username. This can have downside, I would like to maintain my secret name format (i.e. rustfs-user-USERNAME). I think a spec.users[0].credsSecret.name would be nice and useful.
Thanks!
Hi,
I have deployed rustfs-operator 0.1.0 in a 1.36.2 cluster.
I have the following tenant and secret:
The error is clear. It seems that the secret name must be equal to the username. This can have downside, I would like to maintain my secret name format (i.e. rustfs-user-USERNAME). I think a
spec.users[0].credsSecret.namewould be nice and useful.Thanks!