Compare commits
No commits in common. "537334364ac75cea5dce2555b93a59f6efa88d61" and "f34b0dc85f199afd731bbc68c7bffa7bba82ad39" have entirely different histories.
537334364a
...
f34b0dc85f
|
@ -104,8 +104,7 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
|
||||||
- [Jenkins](molgenis-jenkins/README.md)
|
- [Jenkins](molgenis-jenkins/README.md)
|
||||||
- [NEXUS](molgenis-nexus/README.md)
|
- [NEXUS](molgenis-nexus/README.md)
|
||||||
- [HTTPD](molgenis-httpd/README.md)
|
- [HTTPD](molgenis-httpd/README.md)
|
||||||
- [MOLGENIS preview](molgenis-preview/README.md)
|
- [MOLNIGES preview](molgenis-preview/README.md)
|
||||||
- [MOLGENIS vault](molgenis-vault/README.md)
|
|
||||||
|
|
||||||
### Useful commands
|
### Useful commands
|
||||||
You can you need to know to easily develop and deploy helm-charts
|
You can you need to know to easily develop and deploy helm-charts
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: "etcd.database.coreos.com/v1beta2"
|
||||||
|
kind: "EtcdBackup"
|
||||||
|
metadata:
|
||||||
|
name: backup
|
||||||
|
namespace: "vault-operator"
|
||||||
|
spec:
|
||||||
|
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
||||||
|
storageType: ABS
|
||||||
|
clientTLSSecret: vault-etcd-client-tls
|
||||||
|
abs:
|
||||||
|
path: vault/backup
|
||||||
|
absSecret: abs
|
|
@ -1,4 +1,3 @@
|
||||||
# Use kubectl create -f restore.yaml to manually execute a restore of the vault
|
|
||||||
apiVersion: "etcd.database.coreos.com/v1beta2"
|
apiVersion: "etcd.database.coreos.com/v1beta2"
|
||||||
kind: "EtcdRestore"
|
kind: "EtcdRestore"
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -11,5 +10,5 @@ spec:
|
||||||
name: vault-etcd
|
name: vault-etcd
|
||||||
backupStorageType: ABS
|
backupStorageType: ABS
|
||||||
abs:
|
abs:
|
||||||
path: vault/backup-<specify the backup name>
|
path: vault/backup
|
||||||
absSecret: abs
|
absSecret: abs
|
|
@ -1,4 +1,3 @@
|
||||||
# Use kubectl create -f vault.yaml to manually create a vault
|
|
||||||
apiVersion: "vault.security.coreos.com/v1alpha1"
|
apiVersion: "vault.security.coreos.com/v1alpha1"
|
||||||
kind: "VaultService"
|
kind: "VaultService"
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,13 +1 @@
|
||||||
Vault operator created
|
Good luck!
|
||||||
|
|
||||||
Next steps:
|
|
||||||
|
|
||||||
* Manually create a vault using resources/vault.yaml
|
|
||||||
* Manually restore a backup using resources/backup.yaml
|
|
||||||
* Unseal the vault pods
|
|
||||||
|
|
||||||
{{ if .Values.backupJob.enable }}
|
|
||||||
!! Make sure to check if the backups succeed !!
|
|
||||||
{{ else }}
|
|
||||||
!!!!!! NO BACKUPS CONFIGURED !!!!!!
|
|
||||||
{{ end }}
|
|
|
@ -1,4 +1,3 @@
|
||||||
# Secret to access microsoft azure block store
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# configmap to use as a template for backup cron jobs
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{{- if .Values.backupJob.enable }}
|
{{- if .Values.backupJob.enable }}
|
||||||
# cronjob that creates etcdbackups using the etcd backup serviceaccount
|
|
||||||
apiVersion: batch/v1beta1
|
apiVersion: batch/v1beta1
|
||||||
kind: CronJob
|
kind: CronJob
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
{{- if .Values.ingress.enabled -}}
|
||||||
|
{{- $fullName := include "molgenis-vault.fullname" . -}}
|
||||||
|
{{- $ingressPath := .Values.ingress.path -}}
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "molgenis-vault.name" . }}
|
||||||
|
chart: {{ template "molgenis-vault.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
{{- with .Values.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml . | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.ingress.tls }}
|
||||||
|
tls:
|
||||||
|
{{- range .Values.ingress.tls }}
|
||||||
|
- hosts:
|
||||||
|
{{- range .hosts }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
secretName: {{ .secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.ingress.hosts }}
|
||||||
|
- host: {{ . }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: {{ $ingressPath }}
|
||||||
|
backend:
|
||||||
|
serviceName: {{ $fullName }}
|
||||||
|
servicePort: http
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
Loading…
Reference in New Issue