P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Compare commits

base: P129679:1b84f5ab6fdf40ca7fb5a7c2992b5d07ca7070bd
Branches Tags
P129679:master P129679:fix/links P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test
..
compare: P129679:feature/s3
Branches Tags
P129679:fix/links P129679:master P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test

2 Commits
1b84f5ab6f ... feature/s3

Author SHA1 Message Date
Fleur Kelpin
bf0e3e82a3 chore: add forcePathStyle s3 property 2018-09-21 13:49:57 +02:00
Fleur Kelpin
5f542e7632 feat (molgenis-vault): Switch backup storage to s3. 
We can host s3 compatible storage locally by deploying the stable/minio chart.
Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3.
 2018-09-17 08:49:46 +02:00
24 changed files with 82 additions and 478 deletions
Expand all files Collapse all files

6
molgenis-jenkins/resources/README.md
View File

@ -1,6 +0,0 @@
To be able to run helm inside a jenkins pod, you'll need to
* create a role in the namespace where tiller is installed
* bind that role to the user that jenkins pods run as
This directory contains yaml for these resources.
See also https://github.com/helm/helm/blob/master/docs/rbac.md

13
molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
View File

@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: tiller-jenkins-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tiller-user
subjects:
- kind: ServiceAccount
name: default
namespace: molgenis-jenkins

18
molgenis-jenkins/resources/tiller-user-role.yaml
View File

@ -1,18 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: tiller-user
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list

135
molgenis-jenkins/values.yaml
View File

@ -82,17 +82,6 @@ jenkins:
<strategyId>1</strategyId>
<trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
</org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
</navigators>
@ -142,17 +131,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -206,17 +184,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -270,17 +237,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -334,17 +290,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -398,17 +343,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -482,12 +416,6 @@ jenkins:
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
helm:
Image: "lachlanevenson/k8s-helm"
ImageTag: "v2.10.0"
Command: cat
WorkingDir: /home/jenkins
TTY: true
NodeSelector: {}
node:
Label: node-carbon
@ -519,69 +447,6 @@ jenkins:
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {}
molgenis-it:
InheritFrom: molgenis
Label: molgenis-it
NodeUsageMode: EXCLUSIVE
Containers:
elasticsearch:
Image: docker.elastic.co/elasticsearch/elasticsearch
ImageTag: 5.5.3
resources:
requests:
cpu: "100m"
memory: "1Gi"
limits:
cpu: "1"
memory: "1500Mi"
EnvVars:
- type: KeyValue
key: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
- type: KeyValue
key: cluster.name
value: molgenis
- type: KeyValue
key: bootstrap.memory_lock
value: "true"
- type: KeyValue
key: xpack.security.enabled
value: "false"
- type: KeyValue
key: discovery.type
value: single-node
postgres:
Image: postgres
ImageTag: 9.6-alpine
resources:
requests:
cpu: "100m"
memory: "250Mi"
limits:
cpu: "1"
memory: "250Mi"
EnvVars:
- type: KeyValue
key: POSTGRES_USER
value: molgenis
- type: KeyValue
key: POSTGRES_PASSWORD
value: molgenis
- type: KeyValue
key: POSTGRES_DB
value: molgenis
opencpu:
Image: molgenis/opencpu
AlwaysPullImage: true
resources:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
NodeSelector: {}
#secret contains configuration for the kubernetes secrets that jenkins can access
secret:
# vault configures the vault secret

21
molgenis-opencpu/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

8
molgenis-opencpu/Chart.yaml
View File

@ -1,8 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: Opencpu stack for MOLGENIS
name: molgenis-opencpu
version: 0.1.1
sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-opencpu/catalogIcon-molgenis-opencpu.svg

38
molgenis-opencpu/README.md
View File

@ -1,38 +0,0 @@
# MOLGENIS - OpenCPU Helm Chart
NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
## Containers
This chart will deploy the following containers:
- OpenCPU
- MOLGENIS-httpd (to proxy the registry and docker to one domain)
## Provisioning
You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com.
You need to fill out 2 properties to determine which repository you are going to use.
- ```opencpu.image.repository```
- ```opencpu.image.tag```
You can do this in the questions in Rancher or in the ```values.yaml```.
## Development
You can test in install the chart by executing:
```helm lint .```
To test if your helm chart-syntax is right and:
```helm install . --dry-run --debug```
To test if your hem chart works and:
```helm install .```
To deploy it on the cluster.

1
molgenis-opencpu/catalog-molgenis-opencpu.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 245 KiB

28
molgenis-opencpu/questions.yml
View File

@ -1,28 +0,0 @@
categories:
- MOLGENIS
questions:
- variable: ingress.enabled
label: Enable ingress
default: false
description: "Enable ingress"
type: boolean
required: true
group: "Loadbalancing"
- variable: opencpu.image.repository
label: Registry
default: "registry.hub.docker.com"
description: "Select a registry to pull from"
type: enum
options:
- "registry.hub.docker.com"
- "registry.molgenis.org"
required: true
group: "Provisioning"
- variable: opencpu.image.tag
label: Version
default: ""
description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
type: string
required: true
group: "Provisioning"

32
molgenis-opencpu/templates/_helpers.tpl
View File

@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "opencpu.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "opencpu.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "opencpu.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

35
molgenis-opencpu/templates/deployment.yaml
View File

@ -1,35 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "opencpu.fullname" . }}
labels:
app: {{ template "opencpu.name" . }}
chart: {{ template "opencpu.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
spec:
containers:
{{- with .Values.opencpu }}
- name: {{ .name }}
image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
imagePullPolicy: {{ .image.pullPolicy }}
ports:
- containerPort: {{ .service.port }}
{{- end }}

36
molgenis-opencpu/templates/ingress.yaml
View File

@ -1,36 +0,0 @@
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ $.Release.Name }}-ingress"
labels:
app: {{ $.Values.opencpu.name }}
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
release: "{{ $.Release.Name }}"
heritage: "{{ $.Release.Service }}"
annotations:
{{- if .tls }}
ingress.kubernetes.io/secure-backends: "true"
{{- end }}
{{- range $key, $value := .annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: {{ $.Values.opencpu.service.name }}
servicePort: {{ $.Values.opencpu.service.port }}
{{- if .tls }}
tls:
- hosts:
- {{ .name }}
secretName: {{ .tlsSecret }}
{{- end }}
---
{{- end }}
{{- end }}

20
molgenis-opencpu/templates/service.yaml
View File

@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.opencpu.service.name }}
labels:
app: {{ .Values.opencpu.service.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.opencpu.service.type }}
loadBalancerSourceRanges:
{{- range $index, $rule := .Values.opencpu.service.firewall }}
- {{ $rule }}
{{- end }}
ports:
- name: {{ .Values.opencpu.service.name }}
port: {{ .Values.opencpu.service.port }}
selector:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}

41
molgenis-opencpu/values.yaml
View File

@ -1,41 +0,0 @@
# Default values for nexus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
environment: production
opencpu:
name: opencpu
strategy:
type: Recreate
restartPolicy: Always
image:
repository: registry.hub.docker.com
name: molgenis/opencpu
tag: stable
pullPolicy: Always
service:
name: opencpu
type: LoadBalancer
port: 8004
firewall:
- 145.100.224.1/24
ingress:
enabled: false
annotations: {
kubernetes.io/ingress.class: "nginx",
nginx.ingress.kubernetes.io/proxy-body-size: "0"
}
path: /
hosts:
- name: opencpu.molgenis.org
tls: []
nodeSelector: {}
tolerations: []
affinity: {}

2
molgenis-vault/Chart.yaml
View File

@ -2,5 +2,5 @@ apiVersion: v1
appVersion: "1.0"
description: MOLGENIS vault
name: molgenis-vault
version: 0.1.1
version: 0.2.1
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-vault/catalogIcon-molgenis-vault.svg

20
molgenis-vault/README.md
View File

@ -13,21 +13,25 @@ See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
## Parameters
### Azure cloud credentials
Define credentials for backup to the Azure Blob Store.
See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
Define credentials for an S3 compatible backup bucket.
See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md).
> Default values backup to the minio play server.
You can host the stable/minio chart to backup to a bucket on the cluster.
| Parameter | Description | Default |
| --------------- | ----------------------------- | ------------------ |
| `abs.account` | name of storage account | `fdlkops` |
| `abs.accessKey` | access key of storage account | `xxxx` |
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
| Parameter | Description | Default |
| -------------------- | ---------------------------------------- | ------------------------------------------ |
| `s3.accessKeyId` | key id storage account | `Q3AM3UQ867SPQQA43P2F` |
| `s3.secretAccessKey` | secret access key of storage account | `zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG` |
| `s3.region` | region of the storage server | `us-east-1` |
| `s3.endpoint` | endpoint for the storage server | `https://play.minio.io:9000` |
| `s3.bucket` | name of the bucket on the storage server | `vault` |
### Backup job
Define the schedule of the backup job
| Parameter | Description | Default |
| -------------------- | ---------------------------- | ------------- |
| `backupJob.enable` | Enable backup cronjob | `true` |
| `backupJob.suspend` | Suspend backup cronjob | `false` |
| `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1` |
### UI

13
molgenis-vault/resources/backup.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: vault-backup
namespace: "vault-operator"
spec:
etcdEndpoints: ["https://vault-etcd-client:2379"]
storageType: S3
clientTLSSecret: vault-etcd-client-tls
s3:
path: vault/backup-manual
awsSecret: aws
endpoint: http://minio.minio.svc:9000

9
molgenis-vault/resources/restore.yaml
View File

@ -9,7 +9,8 @@ spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: vault-etcd
backupStorageType: ABS
abs:
path: vault/backup-<specify the backup name>
absSecret: abs
backupStorageType: S3
s3:
path: vault/backup-<name>
awsSecret: aws
endpoint: http://minio.minio.svc:9000

12
molgenis-vault/templates/NOTES.txt
View File

@ -3,11 +3,15 @@ Vault operator created
Next steps:
* Manually create a vault using resources/vault.yaml
* Manually restore a backup using resources/backup.yaml
* Manually restore a backup using resources/restore.yaml
* Unseal the vault pods
{{ if .Values.backupJob.enable }}
!! Make sure to check if the backups succeed !!
{{ if .Values.backupJob.suspend }}
!!!!!! BACKUP JOB SUSPENDED !!!!!!
{{ else }}
!!!!!! NO BACKUPS CONFIGURED !!!!!!
{{- if .Values.s3.endpoint -}}
Backing up to non-standard s3 endpoint {{ .Values.s3.endpoint }} {{ else -}}
Backing up to S3 on aws {{ end -}}
in bucket {{ .Values.s3.bucket }}.
!! Make sure to check if the backups succeed !!
{{ end }}

10
molgenis-vault/templates/abs-secret.yaml
View File

@ -1,10 +0,0 @@
# Secret to access microsoft azure blob store
apiVersion: v1
kind: Secret
metadata:
name: abs
type: Opaque
stringData:
storage-account: {{ .Values.abs.account }}
storage-key: {{ .Values.abs.accessKey }}
cloud: {{ .Values.abs.cloud }}

10
molgenis-vault/templates/aws-secret.yaml Normal file
View File

@ -0,0 +1,10 @@
# Secret to access s3 compatible store
apiVersion: v1
kind: Secret
metadata:
name: aws
type: Opaque
data:
config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }}
credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }}

14
molgenis-vault/templates/backup-configmap.yaml
View File

@ -11,8 +11,14 @@ data:
generateName: vault-backup-
spec:
etcdEndpoints: ["https://vault-etcd-client:2379"]
storageType: ABS
storageType: S3
clientTLSSecret: vault-etcd-client-tls
abs:
path: vault/backup.<NOW>
absSecret: abs
s3:
path: {{ .Values.s3.bucket }}/backup.<NOW>
awsSecret: aws
{{- if .Values.s3.endpoint }}
endpoint: {{ .Values.s3.endpoint }}
{{- end }}
{{- if hasKey .Values.s3 "forcePathStyle" }}
forcePathStyle: {{ .Values.s3.forcePathStyle }}
{{- end }}

5
molgenis-vault/templates/backup-cronjob.yaml
View File

@ -1,10 +1,10 @@
{{- if .Values.backupJob.enable }}
# cronjob that creates etcdbackups using the etcd backup serviceaccount
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: etcd-backup
spec:
suspend: {{ .Values.backupJob.suspend }}
schedule: {{ .Values.backupJob.schedule | quote }}
jobTemplate:
spec:
@ -26,5 +26,4 @@ spec:
volumes:
- name: backup-config
configMap:
name: backup-config
{{- end }}
name: backup-config

33
molgenis-vault/values.yaml
View File

@ -2,19 +2,26 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# abs gives details of the credentials to reach the azure backup storage
abs:
# account is the name of the Storage account
account: fdlkops
# access key for the Storage account
accessKey: xxxx
# default cloud
cloud: AzurePublicCloud
# s3 configures s3 backup storage
s3:
# accessKey for the s3 storage account
accessKeyId: Q3AM3UQ867SPQQA43P2F
# secretAccessKey for the s3 storage account
secretAccessKey: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
# region
region: us-east-1
# endpoint for the s3 storage
endpoint: https://play.minio.io:9000
# forcePathStyle if set to true forces requests to use path style
# (host/bucket instead of bucket.host)
forcePathStyle: true
# bucket is the name of the bucket
bucket: vault
# backupjob describes the backup cronjob
backupJob:
# enable enables the backup job
enable: true
# suspend suspends the backup job
suspend: false
# schedule gives the cron schedule for the backup job
schedule: "0 12 * * 1"
@ -40,10 +47,12 @@ etcd-operator:
tag: v0.9.2
backupOperator:
image:
tag: v0.9.2
repository: fdlk/etcd-operator
tag: latest
restoreOperator:
image:
tag: v0.9.2
repository: fdlk/etcd-operator
tag: latest
ui:
name: "vault-ui"