feat (molgenis-vault): Switch backup storage to s3.

We can host s3 compatible storage locally by deploying the stable/minio chart.
Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3.

molgenis-vault/README.md

@@ -16,11 +16,12 @@ See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
 Define credentials for backup to the Azure Blob Store.
 See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
 
-| Parameter       | Description                   | Default            |
-| --------------- | ----------------------------- | ------------------ |
-| `abs.account`   | name of storage account       | `fdlkops`          |
-| `abs.accessKey` | access key of storage account | `xxxx`             |
-| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
+| Parameter            | Description                          | Default                                    |
+| -------------------- | ------------------------------------ | ------------------------------------------ |
+| `s3.accessKeyId`     | key id storage account               | `AKIAIOSFODNN7EXAMPLE`                     |
+| `s3.secretAccessKey` | secret access key of storage account | `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY` |
+| `s3.region`          | region of the storage server         | `us-east-1`                                |
+| `s3.endpoint`        | endpoint for the storage server      | `http://minio.minio.svc:9000`              |
 
 ### Backup job
 Define the schedule of the backup job

molgenis-vault/resources/backup.yaml

@@ -0,0 +1,13 @@
+apiVersion: "etcd.database.coreos.com/v1beta2"
+kind: "EtcdBackup"
+metadata:
+  name: vault-backup
+  namespace: "vault-operator"
+spec:
+  etcdEndpoints: ["https://vault-etcd-client:2379"]
+  storageType: S3
+  clientTLSSecret: vault-etcd-client-tls
+  s3:
+    path: vault/backup-manual
+    awsSecret: aws
+    endpoint: http://minio.minio.svc:9000

molgenis-vault/resources/restore.yaml

@@ -9,7 +9,8 @@ spec:
   etcdCluster:
     # The namespace is the same as this EtcdRestore CR
     name: vault-etcd
-  backupStorageType: ABS
-  abs:
-    path: vault/backup-<specify the backup name>
-    absSecret: abs
+  backupStorageType: S3
+  s3:
+    path: vault/backup-<name>
+    awsSecret: aws
+    endpoint: http://minio.minio.svc:9000

molgenis-vault/templates/abs-secret.yaml

@@ -1,10 +0,0 @@
-# Secret to access microsoft azure blob store
-apiVersion: v1
-kind: Secret
-metadata:
-  name: abs
-type: Opaque
-stringData:
-  storage-account: {{ .Values.abs.account }}
-  storage-key: {{ .Values.abs.accessKey }}
-  cloud: {{ .Values.abs.cloud }}

molgenis-vault/templates/aws-secret.yaml

@@ -0,0 +1,10 @@
+# Secret to access s3 compatible store
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws
+type: Opaque
+data:
+  config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }}
+  credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }}
+

molgenis-vault/templates/backup-configmap.yaml

@@ -11,8 +11,9 @@ data:
       generateName: vault-backup-
     spec:
       etcdEndpoints: ["https://vault-etcd-client:2379"]
-      storageType: ABS
+      storageType: S3
       clientTLSSecret: vault-etcd-client-tls
-      abs:
+      s3:
         path: vault/backup.<NOW>
-        absSecret: abs
+        awsSecret: aws
+        endpoint: {{ .Values.s3.endpoint }}

molgenis-vault/values.yaml

@@ -2,14 +2,16 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-# abs gives details of the credentials to reach the azure backup storage
-abs:
-  # account is the name of the Storage account
-  account: fdlkops
-  # access key for the Storage account
-  accessKey: xxxx
-  # default cloud
-  cloud: AzurePublicCloud
+# s3 configures s3 backup storage
+s3:
+  # accessKey for the s3 storage account
+  accessKeyId: AKIAIOSFODNN7EXAMPLE
+  # secretAccessKey for the s3 storage account
+  secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+  # region
+  region: us-east-1
+  # endpoint for the s3 storage
+  endpoint: http://minio.minio.svc:9000
 
 # backupjob describes the backup cronjob
 backupJob:
@@ -40,10 +42,10 @@ etcd-operator:
       tag: v0.9.2
   backupOperator:
     image:
-      tag: v0.9.2
+      tag: v0.8.3
   restoreOperator:
     image:
-      tag: v0.9.2
+      tag: v0.8.3
 
 ui:
   name: "vault-ui"