refactor: Move charts to charts dir

charts/molgenis-vault/templates/NOTES.txt

@@ -0,0 +1,13 @@
+Vault operator created
+
+Next steps:
+
+* Manually create a vault using resources/vault.yaml
+* Manually restore a backup using resources/backup.yaml
+* Unseal the vault pods
+
+{{ if .Values.backupJob.enable }}
+!! Make sure to check if the backups succeed !!
+{{ else }}
+!!!!!! NO BACKUPS CONFIGURED !!!!!!
+{{ end }}

charts/molgenis-vault/templates/_helpers.tpl

@@ -0,0 +1,54 @@
+{{/*
+Define vault ui fullname
+*/}}
+{{- define "vault.ui.fullname" -}}
+{{- printf "%s-ui" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Define vault service url for the ui
+*/}}
+{{- define "vault.service.url" -}}
+{{- printf "https://%s:8200" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* See https://github.com/helm/helm/issues/4535 */}}
+{{- define "call-nested" }}
+{{- $dot := index . 0 }}
+{{- $subchart := index . 1 }}
+{{- $template := index . 2 }}
+{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
+{{- end }}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "molgenis-vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "molgenis-vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "molgenis-vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/molgenis-vault/templates/abs-secret.yaml

@@ -0,0 +1,10 @@
+# Secret to access microsoft azure blob store
+apiVersion: v1
+kind: Secret
+metadata:
+  name: abs
+type: Opaque
+stringData:
+  storage-account: {{ .Values.abs.account }}
+  storage-key: {{ .Values.abs.accessKey }}
+  cloud: {{ .Values.abs.cloud }}

charts/molgenis-vault/templates/backup-configmap.yaml

@@ -0,0 +1,18 @@
+# configmap to use as a template by the backup cronjob to create etcdbackup instances
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backup-config
+data:
+  backup_cr.yaml: |
+    apiVersion: "etcd.database.coreos.com/v1beta2"
+    kind: "EtcdBackup"
+    metadata:
+      generateName: vault-backup-
+    spec:
+      etcdEndpoints: ["https://vault-etcd-client:2379"]
+      storageType: ABS
+      clientTLSSecret: vault-etcd-client-tls
+      abs:
+        path: vault/backup.<NOW>
+        absSecret: abs

charts/molgenis-vault/templates/backup-cronjob.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.backupJob.enable }}
+# cronjob that creates etcdbackups using the etcd backup serviceaccount
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: etcd-backup
+spec:
+  schedule: {{ .Values.backupJob.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: {{ include "call-nested" (list . "etcd-operator" "etcd-operator.serviceAccountName") }}
+          containers:
+          - name: etcd-backup
+            image: lachlanevenson/k8s-kubectl
+            command:
+            - /bin/sh
+            - "-ec"
+            - |
+              sed -e "s|<NOW>|$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
+            volumeMounts:
+            - name: backup-config
+              mountPath: /var/etcd_backup
+          restartPolicy: OnFailure
+          volumes:
+          - name: backup-config
+            configMap:
+              name: backup-config
+{{- end }}

charts/molgenis-vault/templates/ui-ingress.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.ui.ingress.enabled -}}
+{{- $serviceName := include "vault.ui.fullname" . -}}
+{{- $servicePort := .Values.ui.service.externalPort -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ template "vault.ui.fullname" . }}
+  labels:
+    app: {{ template "molgenis-vault.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    {{- range $key, $value := .Values.ui.ingress.annotations }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+    - host: {{ .Values.ui.ingress.host }}
+      http:
+        paths:
+          - path:
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+  {{- if .Values.ui.ingress.tls }}
+  tls:
+{{ toYaml .Values.ui.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end -}}

charts/molgenis-vault/templates/ui-service.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.ui.fullname" . }}
+  labels:
+    app: {{ template "vault-operator.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.ui.service.type }}
+  ports:
+    - port: {{ .Values.ui.service.externalPort }}
+      targetPort: {{ .Values.ui.service.internalPort }}
+      protocol: TCP
+      name: {{ .Values.ui.service.name }}
+    {{- if .Values.ui.service.nodePort }}
+      nodePort: {{ .Values.ui.service.nodePort }}
+    {{- end }}
+  selector:
+    app: {{ template "vault-operator.name" . }}
+    release: {{ .Release.Name }}
+    component: {{ .Values.ui.name }}

charts/molgenis-vault/templates/vault-ui-deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "vault.ui.fullname" . }}
+  labels:
+    app: {{ template "vault-operator.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    component: {{ .Values.ui.name }}
+spec:
+  replicas: {{ .Values.ui.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "vault-operator.name" . }}
+        release: {{ .Release.Name }}
+        component: {{ .Values.ui.name }}
+    spec:
+      containers:
+        - name: {{ .Values.ui.name }}
+          image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          env:
+          - name: VAULT_URL_DEFAULT
+          {{- if .Values.ui.vault.url }}
+            value: {{ .Values.ui.vault.url }}
+          {{ else }}
+            value: {{ template "vault.service.url" . }}
+          {{- end }}
+          - name: VAULT_AUTH_DEFAULT
+            value: {{ .Values.ui.vault.auth }}
+          - name: NODE_TLS_REJECT_UNAUTHORIZED
+            value: '0'
+          ports:
+            - containerPort: {{ .Values.ui.service.internalPort }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.ui.service.internalPort }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.ui.service.internalPort }}
+          resources:
+{{ toYaml .Values.ui.resources | indent 12 }}
+    {{- if .Values.ui.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.ui.nodeSelector | indent 8 }}
+    {{- end }}