Compare commits
2 Commits
f34b0dc85f
...
537334364a
Author | SHA1 | Date |
---|---|---|
Fleur Kelpin | 537334364a | |
Fleur Kelpin | 4c7bd01ac1 |
|
@ -104,7 +104,8 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
|
||||||
- [Jenkins](molgenis-jenkins/README.md)
|
- [Jenkins](molgenis-jenkins/README.md)
|
||||||
- [NEXUS](molgenis-nexus/README.md)
|
- [NEXUS](molgenis-nexus/README.md)
|
||||||
- [HTTPD](molgenis-httpd/README.md)
|
- [HTTPD](molgenis-httpd/README.md)
|
||||||
- [MOLNIGES preview](molgenis-preview/README.md)
|
- [MOLGENIS preview](molgenis-preview/README.md)
|
||||||
|
- [MOLGENIS vault](molgenis-vault/README.md)
|
||||||
|
|
||||||
### Useful commands
|
### Useful commands
|
||||||
You can you need to know to easily develop and deploy helm-charts
|
You can you need to know to easily develop and deploy helm-charts
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
apiVersion: "etcd.database.coreos.com/v1beta2"
|
|
||||||
kind: "EtcdBackup"
|
|
||||||
metadata:
|
|
||||||
name: backup
|
|
||||||
namespace: "vault-operator"
|
|
||||||
spec:
|
|
||||||
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
|
||||||
storageType: ABS
|
|
||||||
clientTLSSecret: vault-etcd-client-tls
|
|
||||||
abs:
|
|
||||||
path: vault/backup
|
|
||||||
absSecret: abs
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# Use kubectl create -f restore.yaml to manually execute a restore of the vault
|
||||||
apiVersion: "etcd.database.coreos.com/v1beta2"
|
apiVersion: "etcd.database.coreos.com/v1beta2"
|
||||||
kind: "EtcdRestore"
|
kind: "EtcdRestore"
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -10,5 +11,5 @@ spec:
|
||||||
name: vault-etcd
|
name: vault-etcd
|
||||||
backupStorageType: ABS
|
backupStorageType: ABS
|
||||||
abs:
|
abs:
|
||||||
path: vault/backup
|
path: vault/backup-<specify the backup name>
|
||||||
absSecret: abs
|
absSecret: abs
|
|
@ -1,3 +1,4 @@
|
||||||
|
# Use kubectl create -f vault.yaml to manually create a vault
|
||||||
apiVersion: "vault.security.coreos.com/v1alpha1"
|
apiVersion: "vault.security.coreos.com/v1alpha1"
|
||||||
kind: "VaultService"
|
kind: "VaultService"
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1 +1,13 @@
|
||||||
Good luck!
|
Vault operator created
|
||||||
|
|
||||||
|
Next steps:
|
||||||
|
|
||||||
|
* Manually create a vault using resources/vault.yaml
|
||||||
|
* Manually restore a backup using resources/backup.yaml
|
||||||
|
* Unseal the vault pods
|
||||||
|
|
||||||
|
{{ if .Values.backupJob.enable }}
|
||||||
|
!! Make sure to check if the backups succeed !!
|
||||||
|
{{ else }}
|
||||||
|
!!!!!! NO BACKUPS CONFIGURED !!!!!!
|
||||||
|
{{ end }}
|
|
@ -1,3 +1,4 @@
|
||||||
|
# Secret to access microsoft azure block store
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# configmap to use as a template for backup cron jobs
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{{- if .Values.backupJob.enable }}
|
{{- if .Values.backupJob.enable }}
|
||||||
|
# cronjob that creates etcdbackups using the etcd backup serviceaccount
|
||||||
apiVersion: batch/v1beta1
|
apiVersion: batch/v1beta1
|
||||||
kind: CronJob
|
kind: CronJob
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
{{- if .Values.ingress.enabled -}}
|
|
||||||
{{- $fullName := include "molgenis-vault.fullname" . -}}
|
|
||||||
{{- $ingressPath := .Values.ingress.path -}}
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
labels:
|
|
||||||
app: {{ template "molgenis-vault.name" . }}
|
|
||||||
chart: {{ template "molgenis-vault.chart" . }}
|
|
||||||
release: {{ .Release.Name }}
|
|
||||||
heritage: {{ .Release.Service }}
|
|
||||||
{{- with .Values.ingress.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.ingress.tls }}
|
|
||||||
tls:
|
|
||||||
{{- range .Values.ingress.tls }}
|
|
||||||
- hosts:
|
|
||||||
{{- range .hosts }}
|
|
||||||
- {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
secretName: {{ .secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
rules:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
- host: {{ . }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: {{ $ingressPath }}
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $fullName }}
|
|
||||||
servicePort: http
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
Loading…
Reference in New Issue