From 19d50dab1dba94b2b85e471b348ca73c32082198 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sun, 10 Nov 2024 20:34:47 +0100 Subject: [PATCH 1/6] allow getting secret data from existing Kubernetes secrets --- charts/libretranslate/Chart.yaml | 2 +- charts/libretranslate/templates/configmap.yaml | 4 ++++ charts/libretranslate/templates/secret.yaml | 2 ++ .../libretranslate/templates/statefulset.yaml | 18 +++++++++++++++--- charts/libretranslate/values.yaml | 12 ++++++++++++ 5 files changed, 34 insertions(+), 4 deletions(-) diff --git a/charts/libretranslate/Chart.yaml b/charts/libretranslate/Chart.yaml index a57092c..4574976 100644 --- a/charts/libretranslate/Chart.yaml +++ b/charts/libretranslate/Chart.yaml @@ -6,4 +6,4 @@ sources: - https://github.com/LibreTranslate/LibreTranslate/ - https://github.com/LibreTranslate/helm-chart/ icon: https://libretranslate.com/static/favicon.ico -version: 0.1.2 +version: 0.2.0 diff --git a/charts/libretranslate/templates/configmap.yaml b/charts/libretranslate/templates/configmap.yaml index 16c1311..4d67fb1 100644 --- a/charts/libretranslate/templates/configmap.yaml +++ b/charts/libretranslate/templates/configmap.yaml @@ -30,8 +30,12 @@ data: debug: {{ .Values.appSettings.debug | squote }} ssl: {{ .Values.appSettings.ssl | squote }} apiKeys: {{ .Values.appSettings.apiKeys | squote }} + {{- if and (not .Values.appSettings.existingSecret) (not .Values.appSettings.secretKeys.origin) }} requireApiKeyOrigin: {{ .Values.appSettings.requireApiKeyOrigin | squote }} + {{- end }} + {{- if and (not .Values.appSettings.existingSecret) (not .Values.appSettings.secretKeys.secret) }} requireApiKeySecret: {{ .Values.appSettings.requireApiKeySecret | squote }} + {{- end }} suggestions: {{ .Values.appSettings.suggestions | squote }} disableFilesTranslation: {{ .Values.appSettings.disableFilesTranslation | squote }} disableWebUi: {{ .Values.appSettings.disableWebUi | squote }} diff --git a/charts/libretranslate/templates/secret.yaml b/charts/libretranslate/templates/secret.yaml index 4d50c12..0e7964e 100644 --- a/charts/libretranslate/templates/secret.yaml +++ b/charts/libretranslate/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.adminUser.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -7,3 +8,4 @@ data: auth: {{ .Values.adminUser.auth | quote }} username: {{ .Values.adminUser.name | quote }} password: {{ .Values.adminUser.password | quote }} +{{- end }} diff --git a/charts/libretranslate/templates/statefulset.yaml b/charts/libretranslate/templates/statefulset.yaml index 82536e8..268a902 100644 --- a/charts/libretranslate/templates/statefulset.yaml +++ b/charts/libretranslate/templates/statefulset.yaml @@ -106,19 +106,31 @@ spec: name: libretranslate-appsettings key: apiKeys {{- end }} - {{- if and (.Values.appSettings.requireApiKeyOrigin) (ne .Values.appSettings.requireApiKeyOrigin "") }} + {{- if or .Values.appSettings.requireApiKeyOrigin .Values.appSettings.existingSecret }} - name: LT_REQUIRE_API_KEY_ORIGIN valueFrom: + {{- if not .Values.appSettings.existingSecret }} configMapKeyRef: name: libretranslate-appsettings key: requireApiKeyOrigin + {{- else }} + secretKeyRef: + name: {{ .Values.appSettings.existingSecret }} + key: {{ .Values.appSettings.secretKeys.origin }} + {{- end }} {{- end }} - {{- if and (.Values.appSettings.requireApiKeySecret) (ne .Values.appSettings.requireApiKeySecret "") }} + {{- if and .Values.appSettings.requireApiKeySecret .Values.appSettings.existingSecret }} - name: LT_REQUIRE_API_KEY_SECRET valueFrom: + {{- if not .Values.appSettings.existingSecret }} configMapKeyRef: name: libretranslate-appsettings key: requireApiKeySecret + {{- else }} + secretKeyRef: + name: {{ .Values.appSettings.existingSecret }} + key: {{ .Values.appSettings.secretKeys.secret }} + {{- end }} {{- end }} {{- if and (.Values.appSettings.suggestions) (ne .Values.appSettings.suggestions "") }} - name: LT_SUGGESTIONS @@ -341,4 +353,4 @@ spec: storageClassName: {{ .Values.persistence.db.storageClass | quote }} {{- end }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/libretranslate/values.yaml b/charts/libretranslate/values.yaml index 2cf6b1e..f797a47 100644 --- a/charts/libretranslate/values.yaml +++ b/charts/libretranslate/values.yaml @@ -127,6 +127,12 @@ adminUser: name: "YWRtaW4K" # copy the username in base64 as a reference auth: "YWRtaW46JGFwcjEkYlpydmYvUFYkSHBHSlhqZU1EN0ZON2kyYndsMVRNMQoK" # copy the output from the htpasswd command here as a reference password: "bXlTZWNyZXRQYXNzd29yZAo=" # copy the password as base64 for the admin user here as a reference + existingSecret: "" # use an existing secret for admin user + # key in existing secret + secretKeys: + name: "name" + auth: "auth" + password: "password" # Settings / Flags appSettings: @@ -140,6 +146,12 @@ appSettings: disableWebUi: "false" # Disable web ui (Default: Web Ui enabled) updateModels: "false" # Update language models at startup (Default: Only on if no models found) metrics: "false" # Enable the /metrics endpoint for exporting Prometheus usage metrics (Default: Disabled) + existingSecret: "" # use an existing secret for api key origin and secret + # keys in existing secret + secretKeys: + apiKeyorigin: "origin" + apiKeysecret: "secret" + # Configuration Parameters appConfig: From afb70023da124e086c7a25d0a59a135c3f24a131 Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Sun, 10 Nov 2024 20:59:35 +0100 Subject: [PATCH 2/6] Update README.md - update helm repo for this fork --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 596d94e..6bc13e5 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This Helm chart deploys a LibreTranslate instance on a Kubernetes cluster using ## Setup helm chart repository ```bash -helm repo add libretranslate https://libretranslate.github.io/helm-chart/ +helm repo add libretranslate https://small-hack.github.io/libretranslate-elm-chart/ helm repo update helm search repo libretranslate ``` From f1b7800ef2e59f71cccb7240e8b62b9d890b1e7d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 10 Nov 2024 19:59:59 +0000 Subject: [PATCH 3/6] Bump chart version --- charts/libretranslate/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/libretranslate/Chart.yaml b/charts/libretranslate/Chart.yaml index a57092c..9188a76 100644 --- a/charts/libretranslate/Chart.yaml +++ b/charts/libretranslate/Chart.yaml @@ -6,4 +6,4 @@ sources: - https://github.com/LibreTranslate/LibreTranslate/ - https://github.com/LibreTranslate/helm-chart/ icon: https://libretranslate.com/static/favicon.ico -version: 0.1.2 +version: 0.1.3 From 142e6c893e46ff3b4d425fa910cce0c378577111 Mon Sep 17 00:00:00 2001 From: jessebot Date: Mon, 11 Nov 2024 02:34:18 +0100 Subject: [PATCH 4/6] fix secret key refs for api stuff --- charts/libretranslate/templates/statefulset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/libretranslate/templates/statefulset.yaml b/charts/libretranslate/templates/statefulset.yaml index 268a902..b044f9d 100644 --- a/charts/libretranslate/templates/statefulset.yaml +++ b/charts/libretranslate/templates/statefulset.yaml @@ -116,7 +116,7 @@ spec: {{- else }} secretKeyRef: name: {{ .Values.appSettings.existingSecret }} - key: {{ .Values.appSettings.secretKeys.origin }} + key: {{ .Values.appSettings.secretKeys.apiKeyorigin }} {{- end }} {{- end }} {{- if and .Values.appSettings.requireApiKeySecret .Values.appSettings.existingSecret }} @@ -129,7 +129,7 @@ spec: {{- else }} secretKeyRef: name: {{ .Values.appSettings.existingSecret }} - key: {{ .Values.appSettings.secretKeys.secret }} + key: {{ .Values.appSettings.secretKeys.apiKeysecret }} {{- end }} {{- end }} {{- if and (.Values.appSettings.suggestions) (ne .Values.appSettings.suggestions "") }} From 09655eec21d378e3d622ac0daba664f07dffa40c Mon Sep 17 00:00:00 2001 From: jessebot Date: Mon, 11 Nov 2024 08:45:38 +0100 Subject: [PATCH 5/6] always get apikey from secret; make origin optional --- charts/libretranslate/templates/secret-apikey.yaml | 9 +++++++++ .../templates/{secret.yaml => secret-auth.yaml} | 0 charts/libretranslate/templates/statefulset.yaml | 7 +++---- charts/libretranslate/values.yaml | 2 +- 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 charts/libretranslate/templates/secret-apikey.yaml rename charts/libretranslate/templates/{secret.yaml => secret-auth.yaml} (100%) diff --git a/charts/libretranslate/templates/secret-apikey.yaml b/charts/libretranslate/templates/secret-apikey.yaml new file mode 100644 index 0000000..1a0a92d --- /dev/null +++ b/charts/libretranslate/templates/secret-apikey.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.appSettings.requireApiKeySecret (not .Values.appSettings.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "libretranslate.fullname" . }}-api-key +type: Opaque +data: + requireApiKeySecret: {{ .Values.appSettings.requireApiKeySecret | quote }} +{{- end }} diff --git a/charts/libretranslate/templates/secret.yaml b/charts/libretranslate/templates/secret-auth.yaml similarity index 100% rename from charts/libretranslate/templates/secret.yaml rename to charts/libretranslate/templates/secret-auth.yaml diff --git a/charts/libretranslate/templates/statefulset.yaml b/charts/libretranslate/templates/statefulset.yaml index b044f9d..ef4c7b8 100644 --- a/charts/libretranslate/templates/statefulset.yaml +++ b/charts/libretranslate/templates/statefulset.yaml @@ -106,7 +106,7 @@ spec: name: libretranslate-appsettings key: apiKeys {{- end }} - {{- if or .Values.appSettings.requireApiKeyOrigin .Values.appSettings.existingSecret }} + {{- if or .Values.appSettings.requireApiKeyOrigin (and .Values.appSettings.existingSecret .Values.appSettings.secretKeys.apiKeyorigin) }} - name: LT_REQUIRE_API_KEY_ORIGIN valueFrom: {{- if not .Values.appSettings.existingSecret }} @@ -122,12 +122,11 @@ spec: {{- if and .Values.appSettings.requireApiKeySecret .Values.appSettings.existingSecret }} - name: LT_REQUIRE_API_KEY_SECRET valueFrom: + secretKeyRef: {{- if not .Values.appSettings.existingSecret }} - configMapKeyRef: - name: libretranslate-appsettings + name: {{ include "libretranslate.fullname" . }}-api-key key: requireApiKeySecret {{- else }} - secretKeyRef: name: {{ .Values.appSettings.existingSecret }} key: {{ .Values.appSettings.secretKeys.apiKeysecret }} {{- end }} diff --git a/charts/libretranslate/values.yaml b/charts/libretranslate/values.yaml index f797a47..fd691cb 100644 --- a/charts/libretranslate/values.yaml +++ b/charts/libretranslate/values.yaml @@ -149,7 +149,7 @@ appSettings: existingSecret: "" # use an existing secret for api key origin and secret # keys in existing secret secretKeys: - apiKeyorigin: "origin" + apiKeyorigin: "" apiKeysecret: "secret" From 06571c00b25e9280c8811ca73806247b1c862154 Mon Sep 17 00:00:00 2001 From: jessebot Date: Mon, 11 Nov 2024 08:57:21 +0100 Subject: [PATCH 6/6] clean up checksums and conditionals for api key secret --- .../{secret-apikey.yaml => secret-api-key.yaml} | 0 charts/libretranslate/templates/statefulset.yaml | 9 +++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) rename charts/libretranslate/templates/{secret-apikey.yaml => secret-api-key.yaml} (100%) diff --git a/charts/libretranslate/templates/secret-apikey.yaml b/charts/libretranslate/templates/secret-api-key.yaml similarity index 100% rename from charts/libretranslate/templates/secret-apikey.yaml rename to charts/libretranslate/templates/secret-api-key.yaml diff --git a/charts/libretranslate/templates/statefulset.yaml b/charts/libretranslate/templates/statefulset.yaml index ef4c7b8..86b8189 100644 --- a/charts/libretranslate/templates/statefulset.yaml +++ b/charts/libretranslate/templates/statefulset.yaml @@ -20,7 +20,12 @@ spec: {{- toYaml .Values.podAnnotations | nindent 8 }} {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if and .Values.appSettings.requireApiKeySecret (not .Values.appSettings.existingSecret) }} + checksum/secret-api-key: {{ include (print $.Template.BasePath "/secret-api-key.yaml") . | sha256sum }} + {{- end }} + {{- if and .Values.adminUser.auth (not .Values.adminUser.existingSecret) }} + checksum/secret-auth: {{ include (print $.Template.BasePath "/secret-auth.yaml") . | sha256sum }} + {{- end }} labels: {{- include "libretranslate.selectorLabels" . | nindent 8 }} spec: @@ -119,7 +124,7 @@ spec: key: {{ .Values.appSettings.secretKeys.apiKeyorigin }} {{- end }} {{- end }} - {{- if and .Values.appSettings.requireApiKeySecret .Values.appSettings.existingSecret }} + {{- if or .Values.appSettings.requireApiKeySecret (and .Values.appSettings.existingSecret .Values.appSettings.secretKeys.apiKeysecret) }} - name: LT_REQUIRE_API_KEY_SECRET valueFrom: secretKeyRef: