From 118acde09d7e4af1c9ebb397a5adb32bc4108078 Mon Sep 17 00:00:00 2001 From: Fleur Kelpin Date: Mon, 17 Sep 2018 00:27:50 +0200 Subject: [PATCH] feat (molgenis-vault): Switch backup storage to s3. We can host s3 compatible storage locally by deploying the stable/minio chart. Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3. --- molgenis-vault/resources/backup.yaml | 13 +++++++++++ molgenis-vault/resources/restore.yaml | 9 ++++---- molgenis-vault/templates/abs-secret.yaml | 10 --------- molgenis-vault/templates/aws-secret.yaml | 10 +++++++++ .../templates/backup-configmap.yaml | 7 +++--- molgenis-vault/values.yaml | 22 ++++++++++--------- 6 files changed, 44 insertions(+), 27 deletions(-) create mode 100644 molgenis-vault/resources/backup.yaml delete mode 100644 molgenis-vault/templates/abs-secret.yaml create mode 100644 molgenis-vault/templates/aws-secret.yaml diff --git a/molgenis-vault/resources/backup.yaml b/molgenis-vault/resources/backup.yaml new file mode 100644 index 0000000..e770ba2 --- /dev/null +++ b/molgenis-vault/resources/backup.yaml @@ -0,0 +1,13 @@ +apiVersion: "etcd.database.coreos.com/v1beta2" +kind: "EtcdBackup" +metadata: + name: vault-backup + namespace: "vault-operator" +spec: + etcdEndpoints: ["https://vault-etcd-client:2379"] + storageType: S3 + clientTLSSecret: vault-etcd-client-tls + s3: + path: vault/backup-manual + awsSecret: aws + endpoint: http://minio.minio.svc:9000 \ No newline at end of file diff --git a/molgenis-vault/resources/restore.yaml b/molgenis-vault/resources/restore.yaml index c7db422..aee2ce5 100644 --- a/molgenis-vault/resources/restore.yaml +++ b/molgenis-vault/resources/restore.yaml @@ -9,7 +9,8 @@ spec: etcdCluster: # The namespace is the same as this EtcdRestore CR name: vault-etcd - backupStorageType: ABS - abs: - path: vault/backup- - absSecret: abs \ No newline at end of file + backupStorageType: S3 + s3: + path: vault/backup- + awsSecret: aws + endpoint: http://minio.minio.svc:9000 \ No newline at end of file diff --git a/molgenis-vault/templates/abs-secret.yaml b/molgenis-vault/templates/abs-secret.yaml deleted file mode 100644 index 5f31f41..0000000 --- a/molgenis-vault/templates/abs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Secret to access microsoft azure blob store -apiVersion: v1 -kind: Secret -metadata: - name: abs -type: Opaque -stringData: - storage-account: {{ .Values.abs.account }} - storage-key: {{ .Values.abs.accessKey }} - cloud: {{ .Values.abs.cloud }} \ No newline at end of file diff --git a/molgenis-vault/templates/aws-secret.yaml b/molgenis-vault/templates/aws-secret.yaml new file mode 100644 index 0000000..f70e395 --- /dev/null +++ b/molgenis-vault/templates/aws-secret.yaml @@ -0,0 +1,10 @@ +# Secret to access s3 compatible store +apiVersion: v1 +kind: Secret +metadata: + name: aws +type: Opaque +data: + config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }} + credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }} + diff --git a/molgenis-vault/templates/backup-configmap.yaml b/molgenis-vault/templates/backup-configmap.yaml index 8eb22d4..a1a07c8 100644 --- a/molgenis-vault/templates/backup-configmap.yaml +++ b/molgenis-vault/templates/backup-configmap.yaml @@ -11,8 +11,9 @@ data: generateName: vault-backup- spec: etcdEndpoints: ["https://vault-etcd-client:2379"] - storageType: ABS + storageType: S3 clientTLSSecret: vault-etcd-client-tls - abs: + s3: path: vault/backup. - absSecret: abs \ No newline at end of file + awsSecret: aws + endpoint: {{ .Values.s3.endpoint }} \ No newline at end of file diff --git a/molgenis-vault/values.yaml b/molgenis-vault/values.yaml index aaca8f3..5d69fdb 100644 --- a/molgenis-vault/values.yaml +++ b/molgenis-vault/values.yaml @@ -2,14 +2,16 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# abs gives details of the credentials to reach the azure backup storage -abs: - # account is the name of the Storage account - account: fdlkops - # access key for the Storage account - accessKey: xxxx - # default cloud - cloud: AzurePublicCloud +# s3 configures s3 backup storage +s3: + # accessKey for the s3 storage account + accessKeyId: AKIAIOSFODNN7EXAMPLE + # secretAccessKey for the s3 storage account + secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # region + region: us-east-1 + # endpoint for the s3 storage + endpoint: http://minio.minio.svc:9000 # backupjob describes the backup cronjob backupJob: @@ -40,10 +42,10 @@ etcd-operator: tag: v0.9.2 backupOperator: image: - tag: v0.9.2 + tag: v0.8.3 restoreOperator: image: - tag: v0.9.2 + tag: v0.8.3 ui: name: "vault-ui"