P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

feat (molgenis-vault): Add backup cronjob

Browse Source 
Needs to run under service account created by the etcd-operator subchart so there's some template magic needed to figure out what it's called.
This commit is contained in:
Fleur Kelpin 2018-09-07 16:09:15 +02:00
parent 7df68882b6
commit ca939363f8
8 changed files with 75 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
molgenis-vault/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0" appVersion: "1.0"
description: MOLGENIS vault description: MOLGENIS vault
name: molgenis-vault name: molgenis-vault
version: 0.1.0 version: 0.1.1

10
molgenis-vault/README.md
View File

@ -22,4 +22,12 @@ See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/m
| --------------- | ----------------------------- | ------------------ | | --------------- | ----------------------------- | ------------------ |
| `abs.account` | name of storage account | `fdlkops` | | `abs.account` | name of storage account | `fdlkops` |
| `abs.accessKey` | access key of storage account | `xxxx` | | `abs.accessKey` | access key of storage account | `xxxx` |
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` | | `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
### Backup job
Define the schedule of the backup job
| Parameter | Description | Default |
| -------------------- | ---------------------------- | ------------------ |
| `backupJob.enable` | Enable backup cronjob | `true` |
| `backupJob.schedule` | cron schedule for the backup | `0 0 0 ? * MON *` |

12
molgenis-vault/resources/backup.yaml
View File

@ -1,12 +0,0 @@
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: backup
namespace: "vault-operator"
spec:
etcdEndpoints: ["https://vault-etcd-client:2379"]
storageType: ABS
clientTLSSecret: vault-etcd-client-tls
abs:
path: vault/backup
absSecret: abs

3
molgenis-vault/resources/restore.yaml
View File

@ -1,3 +1,4 @@
# Use kubectl create -f restore.yaml to manually execute a restore of the vault
apiVersion: "etcd.database.coreos.com/v1beta2" apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore" kind: "EtcdRestore"
metadata: metadata:
@ -10,5 +11,5 @@ spec:
name: vault-etcd name: vault-etcd
backupStorageType: ABS backupStorageType: ABS
abs: abs:
path: vault/backup path: vault/backup-<specify the backup name>
absSecret: abs absSecret: abs

8
molgenis-vault/templates/_helpers.tpl
View File

@ -1,3 +1,11 @@
{{/* See https://github.com/helm/helm/issues/4535 */}}
{{- define "call-nested" }}
{{- $dot := index . 0 }}
{{- $subchart := index . 1 }}
{{- $template := index . 2 }}
{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
{{- end }}
{{/* vim: set filetype=mustache: */}} {{/* vim: set filetype=mustache: */}}
{{/* {{/*
Expand the name of the chart. Expand the name of the chart.

17
molgenis-vault/templates/backup-configmap.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
data:
backup_cr.yaml: |
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
generateName: vault-backup-
spec:
etcdEndpoints: ["https://vault-etcd-client:2379"]
storageType: ABS
clientTLSSecret: vault-etcd-client-tls
abs:
path: vault/backup.<NOW>
absSecret: abs

30
molgenis-vault/templates/backup-cronjob.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- if .Values.backupJob.enable }}
# cronjob that creates etcdbackups using the etcd backup serviceaccount
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: etcd-backup
spec:
schedule: {{ .Values.backupJob.schedule | quote }}
jobTemplate:
spec:
template:
spec:
serviceAccountName: {{ include "call-nested" (list . "etcd-operator" "etcd-operator.serviceAccountName") }}
containers:
- name: etcd-backup
image: lachlanevenson/k8s-kubectl
command:
- /bin/sh
- "-ec"
- |
sed -e "s|<NOW>|$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
volumeMounts:
- name: backup-config
mountPath: /var/etcd_backup
restartPolicy: OnFailure
volumes:
- name: backup-config
configMap:
name: backup-config
{{- end }}

9
molgenis-vault/values.yaml
View File

@ -2,7 +2,7 @@
# This is a YAML-formatted file. # This is a YAML-formatted file.
# Declare variables to be passed into your templates. # Declare variables to be passed into your templates.
#abs details of the credentials to reach the azure backup storage # abs gives details of the credentials to reach the azure backup storage
abs: abs:
# account is the name of the Storage account # account is the name of the Storage account
account: fdlkops account: fdlkops
@ -11,6 +11,13 @@ abs:
# default cloud # default cloud
cloud: AzurePublicCloud cloud: AzurePublicCloud
# backupjob describes the backup cronjob
backupJob:
# enable enables the backup job
enable: true
# schedule gives the cron schedule for the backup job
schedule: "0 0 0 ? * MON *"
### ###
# All of the config variables related to setting up the etcd-operator # All of the config variables related to setting up the etcd-operator
# If you want more information about the variables exposed, please visit: # If you want more information about the variables exposed, please visit: