chore: add forcePathStyle s3 property

feat (molgenis-vault): Switch backup storage to s3.
We can host s3 compatible storage locally by deploying the stable/minio chart. Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3.
2018-09-21 13:49:57 +02:00 · 2018-09-17 08:49:46 +02:00
24 changed files with 82 additions and 478 deletions
--- a/molgenis-jenkins/resources/README.md
+++ b/molgenis-jenkins/resources/README.md
@ -1,6 +0,0 @@
 To be able to run helm inside a jenkins pod, you'll need to 
 * create a role in the namespace where tiller is installed
 * bind that role to the user that jenkins pods run as
 This directory contains yaml for these resources.
 See also https://github.com/helm/helm/blob/master/docs/rbac.md
--- a/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
+++ b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
@ -1,13 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: tiller-jenkins-binding
  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tiller-user
 subjects:
 - kind: ServiceAccount
  name: default
  namespace: molgenis-jenkins
--- a/molgenis-jenkins/resources/tiller-user-role.yaml
+++ b/molgenis-jenkins/resources/tiller-user-role.yaml
@ -1,18 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: tiller-user
  namespace: kube-system
 rules:
 - apiGroups:
  - ""
  resources:
  - pods/portforward
  verbs:
  - create
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@ -82,17 +82,6 @@ jenkins:
                  <strategyId>1</strategyId>
                  <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
                </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
                <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                  <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                    <localBranch>**</localBranch>
                  </extension>
                </jenkins.plugins.git.traits.LocalBranchTrait>
                <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                  <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                    <name>MOLGENIS Jenkins</name>
                    <email>molgenis+ci@gmail.com</email>
                  </extension>
                </jenkins.plugins.git.traits.UserIdentityTrait>
              </traits>
            </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
          </navigators>
@ -142,17 +131,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -206,17 +184,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -270,17 +237,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -334,17 +290,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -398,17 +343,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -482,12 +416,6 @@ jenkins:
              key: VAULT_ADDR
              secretName: molgenis-pipeline-vault-secret
              secretKey: addr
        helm:
          Image: "lachlanevenson/k8s-helm"
          ImageTag: "v2.10.0"
          Command: cat
          WorkingDir: /home/jenkins
          TTY: true
      NodeSelector: {}
    node:
      Label: node-carbon
@ -519,69 +447,6 @@ jenkins:
              secretName: molgenis-pipeline-vault-secret
              secretKey: addr
      NodeSelector: {}
    molgenis-it:
      InheritFrom: molgenis
      Label: molgenis-it
      NodeUsageMode: EXCLUSIVE
      Containers:
        elasticsearch:
          Image: docker.elastic.co/elasticsearch/elasticsearch
          ImageTag: 5.5.3
          resources:
            requests:
              cpu: "100m"
              memory: "1Gi"
            limits:
              cpu: "1"
              memory: "1500Mi"
          EnvVars:
          - type: KeyValue
            key: ES_JAVA_OPTS
            value: "-Xms512m -Xmx512m"
          - type: KeyValue
            key: cluster.name
            value: molgenis
          - type: KeyValue
            key: bootstrap.memory_lock
            value: "true"
          - type: KeyValue
            key: xpack.security.enabled
            value: "false"
          - type: KeyValue
            key: discovery.type
            value: single-node
        postgres:
          Image: postgres
          ImageTag: 9.6-alpine
          resources:
            requests:
              cpu: "100m"
              memory: "250Mi"
            limits:
              cpu: "1"
              memory: "250Mi"
          EnvVars:
          - type: KeyValue
            key: POSTGRES_USER
            value: molgenis
          - type: KeyValue
            key: POSTGRES_PASSWORD
            value: molgenis
          - type: KeyValue
            key: POSTGRES_DB
            value: molgenis
        opencpu:
          Image: molgenis/opencpu
          AlwaysPullImage: true
          resources:
            requests:
              cpu: "100m"
              memory: "256Mi"
            limits:
              cpu: "1"
              memory: "512Mi"
      NodeSelector: {}
 #secret contains configuration for the kubernetes secrets that jenkins can access
 secret:
  # vault configures the vault secret
--- a/molgenis-opencpu/.helmignore
+++ b/molgenis-opencpu/.helmignore
@ -1,21 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
--- a/molgenis-opencpu/Chart.yaml
+++ b/molgenis-opencpu/Chart.yaml
@ -1,8 +0,0 @@
 apiVersion: v1
 appVersion: "1.0"
 description: Opencpu stack for MOLGENIS
 name: molgenis-opencpu
 version: 0.1.1
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-opencpu/catalogIcon-molgenis-opencpu.svg
--- a/molgenis-opencpu/README.md
+++ b/molgenis-opencpu/README.md
@ -1,38 +0,0 @@
 # MOLGENIS - OpenCPU Helm Chart
 NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
 ## Containers
 This chart will deploy the following containers:
 - OpenCPU
 - MOLGENIS-httpd (to proxy the registry and docker to one domain)
 ## Provisioning
 You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com. 
 You need to fill out 2 properties to determine which repository you are going to use.
 - ```opencpu.image.repository```
 - ```opencpu.image.tag```
 You can do this in the questions in Rancher or in the ```values.yaml```.
 ## Development
 You can test in install the chart by executing:
 ```helm lint .```
 To test if your helm chart-syntax is right and:
 ```helm install . --dry-run --debug```
 To test if your hem chart works and:
 ```helm install .```
 To deploy it on the cluster.
--- a/molgenis-opencpu/catalog-molgenis-opencpu.svg
+++ b/molgenis-opencpu/catalog-molgenis-opencpu.svg
--- a/molgenis-opencpu/questions.yml
+++ b/molgenis-opencpu/questions.yml
@ -1,28 +0,0 @@
 categories:
 - MOLGENIS
 questions:
 - variable: ingress.enabled
  label: Enable ingress
  default: false
  description: "Enable ingress"
  type: boolean
  required: true
  group: "Loadbalancing"
 - variable: opencpu.image.repository
  label: Registry
  default: "registry.hub.docker.com"
  description: "Select a registry to pull from"
  type: enum
  options:
  - "registry.hub.docker.com"
  - "registry.molgenis.org"
  required: true
  group: "Provisioning"
 - variable: opencpu.image.tag
  label: Version
  default: ""
  description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
  type: string
  required: true
  group: "Provisioning"
--- a/molgenis-opencpu/templates/_helpers.tpl
+++ b/molgenis-opencpu/templates/_helpers.tpl
@ -1,32 +0,0 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "opencpu.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "opencpu.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "opencpu.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
--- a/molgenis-opencpu/templates/deployment.yaml
+++ b/molgenis-opencpu/templates/deployment.yaml
@ -1,35 +0,0 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  {{- with .Values.ingress.annotations }}
  annotations:
 {{ toYaml . | indent 4 }}
  {{- end }}
  name: {{ template "opencpu.fullname" . }}
  labels:
    app: {{ template "opencpu.name" . }}
    chart: {{ template "opencpu.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ template "opencpu.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ template "opencpu.name" . }}
        release: {{ .Release.Name }}
    spec:
      containers:
      {{- with .Values.opencpu }}
      - name: {{ .name }}
        image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
        imagePullPolicy: {{ .image.pullPolicy }}
        ports:
        - containerPort: {{ .service.port }}
      {{- end }}
--- a/molgenis-opencpu/templates/ingress.yaml
+++ b/molgenis-opencpu/templates/ingress.yaml
@ -1,36 +0,0 @@
 {{- if .Values.ingress.enabled }}
 {{- range .Values.ingress.hosts }}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: "{{ $.Release.Name }}-ingress"
  labels:
    app:  {{ $.Values.opencpu.name }}
    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
    release: "{{ $.Release.Name }}"
    heritage: "{{ $.Release.Service }}"
  annotations:
    {{- if .tls }}
    ingress.kubernetes.io/secure-backends: "true"
    {{- end }}
    {{- range $key, $value := .annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
 spec:
  rules:
  - host: {{ .name }}
    http:
      paths:
        - path: {{ default "/" .path }}
          backend:
            serviceName: {{ $.Values.opencpu.service.name }}
            servicePort: {{ $.Values.opencpu.service.port }}
 {{- if .tls }}
  tls:
  - hosts:
    - {{ .name }}
    secretName: {{ .tlsSecret }}
 {{- end }}
 ---
 {{- end }}
 {{- end }}
--- a/molgenis-opencpu/templates/service.yaml
+++ b/molgenis-opencpu/templates/service.yaml
@ -1,20 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Values.opencpu.service.name }}
  labels:
    app: {{ .Values.opencpu.service.name }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  type: {{ .Values.opencpu.service.type }}
  loadBalancerSourceRanges:
  {{- range $index, $rule := .Values.opencpu.service.firewall }}
    - {{ $rule }}
  {{- end }}
  ports:
    - name: {{ .Values.opencpu.service.name }}
      port: {{ .Values.opencpu.service.port }}
  selector:
    app: {{ template "opencpu.name" . }}
    release: {{ .Release.Name }}
--- a/molgenis-opencpu/values.yaml
+++ b/molgenis-opencpu/values.yaml
@ -1,41 +0,0 @@
 # Default values for nexus.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 environment: production
 opencpu:
  name: opencpu
  strategy:
    type: Recreate
  restartPolicy: Always
  image:
    repository: registry.hub.docker.com
    name: molgenis/opencpu
    tag: stable
    pullPolicy: Always
  service:
    name: opencpu
    type: LoadBalancer
    port: 8004
    firewall:
    - 145.100.224.1/24
 ingress:
  enabled: false
  annotations: {
    kubernetes.io/ingress.class: "nginx",
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  }
  path: /
  hosts:
  - name: opencpu.molgenis.org
  tls: []
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/molgenis-vault/Chart.yaml
+++ b/molgenis-vault/Chart.yaml
@ -2,5 +2,5 @@ apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS vault
 name: molgenis-vault
-version: 0.1.1
+version: 0.2.1
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-vault/catalogIcon-molgenis-vault.svg
--- a/molgenis-vault/README.md
+++ b/molgenis-vault/README.md
@ -13,21 +13,25 @@ See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
 ## Parameters
 ### Azure cloud credentials
-Define credentials for backup to the Azure Blob Store.
+Define credentials for an S3 compatible backup bucket.
-See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
+See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md).
 > Default values backup to the minio play server.
 You can host the stable/minio chart to backup to a bucket on the cluster.
 | Parameter            | Description                              | Default                                    |
-| --------------- | ----------------------------- | ------------------ |
+| -------------------- | ---------------------------------------- | ------------------------------------------ |
-| `abs.account`   | name of storage account       | `fdlkops`          |
+| `s3.accessKeyId`     | key id storage account                   | `Q3AM3UQ867SPQQA43P2F`                     |
-| `abs.accessKey` | access key of storage account | `xxxx`             |
+| `s3.secretAccessKey` | secret access key of storage account     | `zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG` |
-| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
+| `s3.region`          | region of the storage server             | `us-east-1`                                |
 | `s3.endpoint`        | endpoint for the storage server          | `https://play.minio.io:9000`               |
 | `s3.bucket`          | name of the bucket on the storage server | `vault`                                    |
 ### Backup job
 Define the schedule of the backup job
 | Parameter            | Description                  | Default       |
 | -------------------- | ---------------------------- | ------------- |
-| `backupJob.enable`   | Enable backup cronjob        | `true`        |
+| `backupJob.suspend`  | Suspend backup cronjob       | `false`       |
 | `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1`  |
 ### UI
--- a/molgenis-vault/resources/backup.yaml
+++ b/molgenis-vault/resources/backup.yaml
@ -0,0 +1,13 @@
 apiVersion: "etcd.database.coreos.com/v1beta2"
 kind: "EtcdBackup"
 metadata:
  name: vault-backup
  namespace: "vault-operator"
 spec:
  etcdEndpoints: ["https://vault-etcd-client:2379"]
  storageType: S3
  clientTLSSecret: vault-etcd-client-tls
  s3:
    path: vault/backup-manual
    awsSecret: aws
    endpoint: http://minio.minio.svc:9000
--- a/molgenis-vault/resources/restore.yaml
+++ b/molgenis-vault/resources/restore.yaml
@ -9,7 +9,8 @@ spec:
  etcdCluster:
    # The namespace is the same as this EtcdRestore CR
    name: vault-etcd
-  backupStorageType: ABS
+  backupStorageType: S3
-  abs:
+  s3:
-    path: vault/backup-<specify the backup name>
+    path: vault/backup-<name>
-    absSecret: abs
+    awsSecret: aws
    endpoint: http://minio.minio.svc:9000
--- a/molgenis-vault/templates/NOTES.txt
+++ b/molgenis-vault/templates/NOTES.txt
@ -3,11 +3,15 @@ Vault operator created
 Next steps:
 * Manually create a vault using resources/vault.yaml
-* Manually restore a backup using resources/backup.yaml
+* Manually restore a backup using resources/restore.yaml
 * Unseal the vault pods
-{{ if .Values.backupJob.enable }}
+{{ if .Values.backupJob.suspend }}
-!! Make sure to check if the backups succeed !!
+!!!!!! BACKUP JOB SUSPENDED !!!!!!
 {{ else }}
-!!!!!! NO BACKUPS CONFIGURED !!!!!!
+{{- if .Values.s3.endpoint -}}
 Backing up to non-standard s3 endpoint {{ .Values.s3.endpoint }} {{ else -}}
 Backing up to S3 on aws {{ end -}}
 in bucket {{ .Values.s3.bucket }}.
 !! Make sure to check if the backups succeed !!
 {{ end }}
--- a/molgenis-vault/templates/abs-secret.yaml
+++ b/molgenis-vault/templates/abs-secret.yaml
@ -1,10 +0,0 @@
 # Secret to access microsoft azure blob store
 apiVersion: v1
 kind: Secret
 metadata:
  name: abs
 type: Opaque
 stringData:
  storage-account: {{ .Values.abs.account }}
  storage-key: {{ .Values.abs.accessKey }}
  cloud: {{ .Values.abs.cloud }}
--- a/molgenis-vault/templates/aws-secret.yaml
+++ b/molgenis-vault/templates/aws-secret.yaml
@ -0,0 +1,10 @@
 # Secret to access s3 compatible store
 apiVersion: v1
 kind: Secret
 metadata:
  name: aws
 type: Opaque
 data:
  config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }}
  credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }}
--- a/molgenis-vault/templates/backup-configmap.yaml
+++ b/molgenis-vault/templates/backup-configmap.yaml
@ -11,8 +11,14 @@ data:
      generateName: vault-backup-
    spec:
      etcdEndpoints: ["https://vault-etcd-client:2379"]
-      storageType: ABS
+      storageType: S3
      clientTLSSecret: vault-etcd-client-tls
-      abs:
+      s3:
-        path: vault/backup.<NOW>
+        path: {{ .Values.s3.bucket }}/backup.<NOW>
-        absSecret: abs
+        awsSecret: aws
 {{- if .Values.s3.endpoint }}
        endpoint: {{ .Values.s3.endpoint }}
 {{- end }}
 {{- if hasKey .Values.s3 "forcePathStyle" }}
        forcePathStyle: {{ .Values.s3.forcePathStyle }}
 {{- end }}
--- a/molgenis-vault/templates/backup-cronjob.yaml
+++ b/molgenis-vault/templates/backup-cronjob.yaml
@ -1,10 +1,10 @@
 {{- if .Values.backupJob.enable }}
 # cronjob that creates etcdbackups using the etcd backup serviceaccount
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
  name: etcd-backup
 spec:
  suspend: {{ .Values.backupJob.suspend }}
  schedule: {{ .Values.backupJob.schedule | quote }}
  jobTemplate:
    spec:
@ -27,4 +27,3 @@ spec:
          - name: backup-config
            configMap:
              name: backup-config
 {{- end }}
--- a/molgenis-vault/values.yaml
+++ b/molgenis-vault/values.yaml
@ -2,19 +2,26 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-# abs gives details of the credentials to reach the azure backup storage
+# s3 configures s3 backup storage
-abs:
+s3:
-  # account is the name of the Storage account
+  # accessKey for the s3 storage account
-  account: fdlkops
+  accessKeyId: Q3AM3UQ867SPQQA43P2F
-  # access key for the Storage account
+  # secretAccessKey for the s3 storage account
-  accessKey: xxxx
+  secretAccessKey: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
-  # default cloud
+  # region
-  cloud: AzurePublicCloud
+  region: us-east-1
  # endpoint for the s3 storage
  endpoint: https://play.minio.io:9000
  # forcePathStyle if set to true forces requests to use path style
  # (host/bucket instead of bucket.host)
  forcePathStyle: true
  # bucket is the name of the bucket
  bucket: vault
 # backupjob describes the backup cronjob
 backupJob:
-  # enable enables the backup job
+  # suspend suspends the backup job
-  enable: true
+  suspend: false
  # schedule gives the cron schedule for the backup job
  schedule: "0 12 * * 1"
@ -40,10 +47,12 @@ etcd-operator:
      tag: v0.9.2
  backupOperator:
    image:
-      tag: v0.9.2
+      repository: fdlk/etcd-operator
      tag: latest
  restoreOperator:
    image:
-      tag: v0.9.2
+      repository: fdlk/etcd-operator
      tag: latest
 ui:
  name: "vault-ui"