S3-compatible Storage

The rclone sidecar pattern runs crd-schema-publisher in extract-only mode and syncs the active generated site to S3-compatible object storage every 60 seconds. It does not require Cloudflare credentials.

See the complete rclone S3 values file.

When to Use This

Use this when an object storage bucket should be the static hosting source or when another CDN fronts the bucket.

No persistence is needed for this example. The publisher re-extracts on startup, and the sidecar re-syncs the full generated site from the default emptyDir.

Install

helm install crd-schema-publisher oci://ghcr.io/sholdee/charts/crd-schema-publisher \
  --namespace crd-schema-publisher --create-namespace \
  -f examples/rclone-s3/values.yaml

Providers

Set RCLONE_CONFIG_S3_PROVIDER and RCLONE_CONFIG_S3_ENDPOINT for your backend:

Set RCLONE_S3_BUCKET to the bucket name. It can include an optional path prefix.

Sync Semantics

The sidecar waits for /data/current/index.html before syncing. If that path never appears, it stays fail-closed and does not delete remote content. Adjust the sleep 60 interval in the sidecar command if you need a different sync cadence.

The example runs:

rclone sync /data/current s3:${RCLONE_S3_BUCKET} --exclude "/_meta/**" --checksum --verbose --transfers 4

Warning: rclone sync is one-way and deletes destination files that no longer exist locally. If you want additive-only behavior and never want remote files deleted, replace rclone sync with rclone copy in the sidecar command.

Credentials

The example creates an inline Kubernetes Secret with access-key-id, secret-access-key, and bucket-name placeholder values. Replace those values, use your preferred secret manager, or point the secretKeyRef entries at a pre-created Secret.

All rclone configuration is provided through RCLONE_CONFIG_* environment variables, and RCLONE_CONFIG is set to an empty string to suppress default config file lookup.