feat (molgenis-vault): Switch backup storage to s3.

We can host s3 compatible storage locally by deploying the stable/minio chart.
Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3.

molgenis-vault/templates/NOTES.txt

@@ -3,11 +3,15 @@ Vault operator created
 Next steps:
 
 * Manually create a vault using resources/vault.yaml
-* Manually restore a backup using resources/backup.yaml
+* Manually restore a backup using resources/restore.yaml
 * Unseal the vault pods
 
-{{ if .Values.backupJob.enable }}
-!! Make sure to check if the backups succeed !!
+{{ if .Values.backupJob.suspend }}
+!!!!!! BACKUP JOB SUSPENDED !!!!!!
 {{ else }}
-!!!!!! NO BACKUPS CONFIGURED !!!!!!
+{{- if .Values.s3.endpoint -}}
+Backing up to non-standard s3 endpoint {{ .Values.s3.endpoint }} {{ else -}}
+Backing up to S3 on aws {{ end -}}
+in bucket {{ .Values.s3.bucket }}.
+!! Make sure to check if the backups succeed !!
 {{ end }}

molgenis-vault/templates/abs-secret.yaml

@@ -1,10 +0,0 @@
-# Secret to access microsoft azure blob store
-apiVersion: v1
-kind: Secret
-metadata:
-  name: abs
-type: Opaque
-stringData:
-  storage-account: {{ .Values.abs.account }}
-  storage-key: {{ .Values.abs.accessKey }}
-  cloud: {{ .Values.abs.cloud }}

molgenis-vault/templates/aws-secret.yaml

@@ -0,0 +1,10 @@
+# Secret to access s3 compatible store
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws
+type: Opaque
+data:
+  config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }}
+  credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }}
+

molgenis-vault/templates/backup-configmap.yaml

@@ -11,8 +11,11 @@ data:
       generateName: vault-backup-
     spec:
       etcdEndpoints: ["https://vault-etcd-client:2379"]
-      storageType: ABS
+      storageType: S3
       clientTLSSecret: vault-etcd-client-tls
-      abs:
-        path: vault/backup.<NOW>
-        absSecret: abs
+      s3:
+        path: {{ .Values.s3.bucket }}/backup.<NOW>
+        awsSecret: aws
+{{- if .Values.s3.endpoint }}
+        endpoint: {{ .Values.s3.endpoint }}
+{{- end }}

molgenis-vault/templates/backup-cronjob.yaml

@@ -1,10 +1,10 @@
-{{- if .Values.backupJob.enable }}
 # cronjob that creates etcdbackups using the etcd backup serviceaccount
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
   name: etcd-backup
 spec:
+  suspend: {{ .Values.backupJob.suspend }}
   schedule: {{ .Values.backupJob.schedule | quote }}
   jobTemplate:
     spec:
@@ -26,5 +26,4 @@ spec:
           volumes:
           - name: backup-config
             configMap:
-              name: backup-config
-{{- end }}
+              name: backup-config