From 3e5c8f513382d12a895822171113021a988b5c44 Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:17:10 +0100 Subject: [PATCH 01/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/configmap.yaml | 4 ++++ charts/rclone-copy/templates/rclone-cron.yaml | 12 +++++++++--- charts/rclone-copy/templates/secret.yaml | 4 ++++ charts/rclone-copy/values.yaml | 2 ++ 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/charts/rclone-copy/templates/configmap.yaml b/charts/rclone-copy/templates/configmap.yaml index d516b7a..e857abe 100644 --- a/charts/rclone-copy/templates/configmap.yaml +++ b/charts/rclone-copy/templates/configmap.yaml @@ -3,5 +3,9 @@ kind: ConfigMap metadata: name: rclone-config-{{ .Release.Name }} data: + {{- if not .Values.secretConfig }} + rclone.conf: | +{{ .Values.rcloneConf | indent 4 }} + {{- end }} include-pattern.conf: | {{ .Values.includePattern | indent 4 }} diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index f546594..6977fcb 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -69,11 +69,15 @@ spec: rclone {{ .Values.command }} -v {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" volumeMounts: + {{- if .Values.secretConfig }} + - name: secret-config + {{- else }} - name: config + {{- end }} # This is the default path where the rclone implementation assumes the config is located mountPath: "/root/.config/rclone/rclone_ro.conf" subPath: "rclone.conf" - - name: include-config + - name: config mountPath: "/root/include-pattern.conf" subPath: "include-pattern.conf" @@ -100,10 +104,12 @@ spec: restartPolicy: {{ .Values.restartPolicy }} volumes: - - name: config + {{- if .Values.secretConfig }} + - name: secret-config secret: secretName: rclone-config-{{ .Release.Name }} - - name: include-config + {{- end }} + - name: config configMap: name: rclone-config-{{ .Release.Name }} backoffLimit: {{ .Values.backoffLimit }} diff --git a/charts/rclone-copy/templates/secret.yaml b/charts/rclone-copy/templates/secret.yaml index 1bc7839..ded72c1 100644 --- a/charts/rclone-copy/templates/secret.yaml +++ b/charts/rclone-copy/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if or .Values.configPassword .Values.secretConfig }} apiVersion: v1 kind: Secret metadata: @@ -7,4 +8,7 @@ data: {{- if .Values.configPassword }} password: {{ .Values.configPassword | b64enc }} {{- end }} + {{- if .Values.secretConfig }} rclone.conf: {{ .Values.rcloneConf | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index aeb4ff3..4a86128 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -90,3 +90,5 @@ secretRefs: {} # RCLONE_CONFIG_PASS: # name: secretName # key: secretKey + +secretConfig: false From e3ffa3250b29d2e93cdd02b74499e7d172af180e Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:21:44 +0100 Subject: [PATCH 02/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/rclone-cron.yaml | 6 +++++- charts/rclone-copy/values.yaml | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index 6977fcb..f512712 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -84,7 +84,7 @@ spec: resources: {{ toYaml .Values.resources | indent 14 }} - {{- if or .Values.configPassword .Values.secretRefs }} + {{- if or .Values.configPassword .Values.secretRefs .Values.passwordVariable }} env: {{- if .Values.configPassword }} - name: RCLONE_CONFIG_PASS @@ -100,6 +100,10 @@ spec: name: {{ $value.name }} key: "{{ $value.key }}" {{- end }} + {{- if .Values.passwordVariable }} + - name: RCLONE_PASSWORD_COMMAND + value: {{ printf "echo $%s" .Values.passwordVariable | quote }} + {{- end }} {{- end }} restartPolicy: {{ .Values.restartPolicy }} diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 4a86128..4b1a30e 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -92,3 +92,5 @@ secretRefs: {} # key: secretKey secretConfig: false + +# passwordVariable: MY_SECRET From fc3b1fa8b98a33a88b2bf3126c0051d3b155be71 Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:28:47 +0100 Subject: [PATCH 03/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/rclone-cron.yaml | 7 ++++++- charts/rclone-copy/values.yaml | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index f512712..91be847 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -102,7 +102,12 @@ spec: {{- end }} {{- if .Values.passwordVariable }} - name: RCLONE_PASSWORD_COMMAND - value: {{ printf "echo $%s" .Values.passwordVariable | quote }} + value: "echo $PASSWORD" + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.passwordVariable.name }} + key: "{{ .Values.passwordVariable.key }}" {{- end }} {{- end }} diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 4b1a30e..5412403 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -93,4 +93,6 @@ secretRefs: {} secretConfig: false -# passwordVariable: MY_SECRET +passwordVariable: {} +# name: secretName +# key: secretKey From 5cf7b815f3d3a80263856a3990e3b7817203e9c7 Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:43:22 +0100 Subject: [PATCH 04/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/rclone-cron.yaml | 18 ++++++------------ charts/rclone-copy/values.yaml | 2 +- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index 91be847..28ca76f 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -66,14 +66,10 @@ spec: # copy as workaround for rclone.conf read only (see https://github.com/rclone/rclone/issues/3655) - >- cp /root/.config/rclone/rclone_ro.conf /root/.config/rclone/rclone.conf && - rclone {{ .Values.command }} -v {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" + rclone {{ .Values.command }} -v {{ if .Values.passwordSecret }}--password-command="echo $PASSWORD"{{ end }} {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" volumeMounts: - {{- if .Values.secretConfig }} - - name: secret-config - {{- else }} - - name: config - {{- end }} + - name: {{ .Values.secretConfig | ternary "secret-config" "config" | quote }} # This is the default path where the rclone implementation assumes the config is located mountPath: "/root/.config/rclone/rclone_ro.conf" subPath: "rclone.conf" @@ -84,7 +80,7 @@ spec: resources: {{ toYaml .Values.resources | indent 14 }} - {{- if or .Values.configPassword .Values.secretRefs .Values.passwordVariable }} + {{- if or .Values.configPassword .Values.secretRefs .Values.passwordSecret }} env: {{- if .Values.configPassword }} - name: RCLONE_CONFIG_PASS @@ -100,14 +96,12 @@ spec: name: {{ $value.name }} key: "{{ $value.key }}" {{- end }} - {{- if .Values.passwordVariable }} - - name: RCLONE_PASSWORD_COMMAND - value: "echo $PASSWORD" + {{- if .Values.passwordSecret }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.passwordVariable.name }} - key: "{{ .Values.passwordVariable.key }}" + name: {{ .Values.passwordSecret.name }} + key: "{{ .Values.passwordSecret.key }}" {{- end }} {{- end }} diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 5412403..393d6ad 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -93,6 +93,6 @@ secretRefs: {} secretConfig: false -passwordVariable: {} +passwordSecret: {} # name: secretName # key: secretKey From ce0e39b09df4f5766223cbbd6514d20285c42bee Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:47:53 +0100 Subject: [PATCH 05/10] Add flag to control config storage as secret --- charts/rclone-copy/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 393d6ad..69f6491 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -93,6 +93,6 @@ secretRefs: {} secretConfig: false -passwordSecret: {} -# name: secretName -# key: secretKey +passwordSecret: + name: secretName + key: secretKey From 03e318b333a74db8da17cfd15a1d96381ea6ef80 Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:48:02 +0100 Subject: [PATCH 06/10] Add flag to control config storage as secret --- charts/rclone-copy/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 69f6491..393d6ad 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -93,6 +93,6 @@ secretRefs: {} secretConfig: false -passwordSecret: - name: secretName - key: secretKey +passwordSecret: {} +# name: secretName +# key: secretKey From 7f157a38bbe8a3a2b405a36f8f5b4d30e84a71c3 Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 19:49:00 +0100 Subject: [PATCH 07/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/rclone-cron.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index 28ca76f..2c356b6 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -69,7 +69,7 @@ spec: rclone {{ .Values.command }} -v {{ if .Values.passwordSecret }}--password-command="echo $PASSWORD"{{ end }} {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" volumeMounts: - - name: {{ .Values.secretConfig | ternary "secret-config" "config" | quote }} + - name: {{ .Values.secretConfig | ternary "secret-config" "config" }} # This is the default path where the rclone implementation assumes the config is located mountPath: "/root/.config/rclone/rclone_ro.conf" subPath: "rclone.conf" From 8024f6c02dad8a4a57b4c265dcd720ff5940291d Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Wed, 18 Dec 2024 20:01:13 +0100 Subject: [PATCH 08/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/rclone-cron.yaml | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index 2c356b6..f3048f3 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -66,7 +66,7 @@ spec: # copy as workaround for rclone.conf read only (see https://github.com/rclone/rclone/issues/3655) - >- cp /root/.config/rclone/rclone_ro.conf /root/.config/rclone/rclone.conf && - rclone {{ .Values.command }} -v {{ if .Values.passwordSecret }}--password-command="echo $PASSWORD"{{ end }} {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" + rclone {{ .Values.command }} -v {{ if .Values.passwordSecret }}--password-command="cat /root/password"{{ end }} {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" volumeMounts: - name: {{ .Values.secretConfig | ternary "secret-config" "config" }} @@ -76,11 +76,16 @@ spec: - name: config mountPath: "/root/include-pattern.conf" subPath: "include-pattern.conf" + {{- if .Values.passwordSecret }} + - name: password + mountPath: "/root/password" + subPath: {{ .Values.passwordSecret.key | quote }} + {{- end }} resources: {{ toYaml .Values.resources | indent 14 }} - {{- if or .Values.configPassword .Values.secretRefs .Values.passwordSecret }} + {{- if or .Values.configPassword .Values.secretRefs }} env: {{- if .Values.configPassword }} - name: RCLONE_CONFIG_PASS @@ -96,13 +101,6 @@ spec: name: {{ $value.name }} key: "{{ $value.key }}" {{- end }} - {{- if .Values.passwordSecret }} - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.passwordSecret.name }} - key: "{{ .Values.passwordSecret.key }}" - {{- end }} {{- end }} restartPolicy: {{ .Values.restartPolicy }} @@ -115,4 +113,9 @@ spec: - name: config configMap: name: rclone-config-{{ .Release.Name }} + {{- if .Values.passwordSecret }} + - name: password + secret: + secretName: {{ .Values.passwordSecret.name }} + {{- end }} backoffLimit: {{ .Values.backoffLimit }} From c478681cd3ba9f596fdf9562a8df1767213865eb Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Thu, 19 Dec 2024 08:14:41 +0100 Subject: [PATCH 09/10] Add flag to control config storage as secret --- charts/rclone-copy/templates/rclone-cron.yaml | 12 +----------- charts/rclone-copy/values.yaml | 4 ---- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml index f3048f3..b2ebe7d 100644 --- a/charts/rclone-copy/templates/rclone-cron.yaml +++ b/charts/rclone-copy/templates/rclone-cron.yaml @@ -66,7 +66,7 @@ spec: # copy as workaround for rclone.conf read only (see https://github.com/rclone/rclone/issues/3655) - >- cp /root/.config/rclone/rclone_ro.conf /root/.config/rclone/rclone.conf && - rclone {{ .Values.command }} -v {{ if .Values.passwordSecret }}--password-command="cat /root/password"{{ end }} {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" + rclone {{ .Values.command }} -v {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}" volumeMounts: - name: {{ .Values.secretConfig | ternary "secret-config" "config" }} @@ -76,11 +76,6 @@ spec: - name: config mountPath: "/root/include-pattern.conf" subPath: "include-pattern.conf" - {{- if .Values.passwordSecret }} - - name: password - mountPath: "/root/password" - subPath: {{ .Values.passwordSecret.key | quote }} - {{- end }} resources: {{ toYaml .Values.resources | indent 14 }} @@ -113,9 +108,4 @@ spec: - name: config configMap: name: rclone-config-{{ .Release.Name }} - {{- if .Values.passwordSecret }} - - name: password - secret: - secretName: {{ .Values.passwordSecret.name }} - {{- end }} backoffLimit: {{ .Values.backoffLimit }} diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 393d6ad..4a86128 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -92,7 +92,3 @@ secretRefs: {} # key: secretKey secretConfig: false - -passwordSecret: {} -# name: secretName -# key: secretKey From 9b105bd8748df2ddebb8e764dc608672dc49eb1d Mon Sep 17 00:00:00 2001 From: Philipp Schirmer Date: Thu, 19 Dec 2024 08:18:07 +0100 Subject: [PATCH 10/10] Add flag to control config storage as secret --- charts/rclone-copy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml index 4a86128..1251608 100644 --- a/charts/rclone-copy/values.yaml +++ b/charts/rclone-copy/values.yaml @@ -91,4 +91,4 @@ secretRefs: {} # name: secretName # key: secretKey -secretConfig: false +secretConfig: true