Compare commits
3 Commits
feature/s3
...
feature/he
Author | SHA1 | Date | |
---|---|---|---|
655771c8ac | |||
7127914de2 | |||
33d8a30c69 |
16
charts/index.yaml
Executable file
16
charts/index.yaml
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
entries:
|
||||||
|
molgenis-preview:
|
||||||
|
- apiVersion: v1
|
||||||
|
appVersion: "1.0"
|
||||||
|
created: 2018-09-11T16:11:49.165533266+02:00
|
||||||
|
description: MOLGENIS - helm stack for testing purposes
|
||||||
|
digest: e1174bd0d8a71bf4d23f5463521cf4dbcac39dc93f16cd842c92cda1a963f6b2
|
||||||
|
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
|
||||||
|
name: molgenis-preview
|
||||||
|
sources:
|
||||||
|
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
|
||||||
|
urls:
|
||||||
|
- molgenis-preview-0.2.0.tgz
|
||||||
|
version: 0.2.0
|
||||||
|
generated: 2018-09-11T16:11:49.158086031+02:00
|
BIN
charts/molgenis-preview-0.2.0.tgz
Normal file
BIN
charts/molgenis-preview-0.2.0.tgz
Normal file
Binary file not shown.
0
molgenis-jenkins/resources/README.md
Normal file
0
molgenis-jenkins/resources/README.md
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: tiller-jenkins-binding
|
||||||
|
namespace: kube-system
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: tiller-user
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: default
|
||||||
|
namespace: molgenis-jenkins
|
18
molgenis-jenkins/resources/tiller-user-role.yaml
Normal file
18
molgenis-jenkins/resources/tiller-user-role.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: tiller-user
|
||||||
|
namespace: kube-system
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- pods/portforward
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- list
|
@ -2,5 +2,5 @@ apiVersion: v1
|
|||||||
appVersion: "1.0"
|
appVersion: "1.0"
|
||||||
description: MOLGENIS vault
|
description: MOLGENIS vault
|
||||||
name: molgenis-vault
|
name: molgenis-vault
|
||||||
version: 0.2.1
|
version: 0.1.1
|
||||||
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-vault/catalogIcon-molgenis-vault.svg
|
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-vault/catalogIcon-molgenis-vault.svg
|
||||||
|
@ -13,25 +13,21 @@ See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
|
|||||||
## Parameters
|
## Parameters
|
||||||
|
|
||||||
### Azure cloud credentials
|
### Azure cloud credentials
|
||||||
Define credentials for an S3 compatible backup bucket.
|
Define credentials for backup to the Azure Blob Store.
|
||||||
See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md).
|
See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
|
||||||
> Default values backup to the minio play server.
|
|
||||||
You can host the stable/minio chart to backup to a bucket on the cluster.
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| -------------------- | ---------------------------------------- | ------------------------------------------ |
|
| --------------- | ----------------------------- | ------------------ |
|
||||||
| `s3.accessKeyId` | key id storage account | `Q3AM3UQ867SPQQA43P2F` |
|
| `abs.account` | name of storage account | `fdlkops` |
|
||||||
| `s3.secretAccessKey` | secret access key of storage account | `zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG` |
|
| `abs.accessKey` | access key of storage account | `xxxx` |
|
||||||
| `s3.region` | region of the storage server | `us-east-1` |
|
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
|
||||||
| `s3.endpoint` | endpoint for the storage server | `https://play.minio.io:9000` |
|
|
||||||
| `s3.bucket` | name of the bucket on the storage server | `vault` |
|
|
||||||
|
|
||||||
### Backup job
|
### Backup job
|
||||||
Define the schedule of the backup job
|
Define the schedule of the backup job
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| -------------------- | ---------------------------- | ------------- |
|
| -------------------- | ---------------------------- | ------------- |
|
||||||
| `backupJob.suspend` | Suspend backup cronjob | `false` |
|
| `backupJob.enable` | Enable backup cronjob | `true` |
|
||||||
| `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1` |
|
| `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1` |
|
||||||
|
|
||||||
### UI
|
### UI
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
apiVersion: "etcd.database.coreos.com/v1beta2"
|
|
||||||
kind: "EtcdBackup"
|
|
||||||
metadata:
|
|
||||||
name: vault-backup
|
|
||||||
namespace: "vault-operator"
|
|
||||||
spec:
|
|
||||||
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
|
||||||
storageType: S3
|
|
||||||
clientTLSSecret: vault-etcd-client-tls
|
|
||||||
s3:
|
|
||||||
path: vault/backup-manual
|
|
||||||
awsSecret: aws
|
|
||||||
endpoint: http://minio.minio.svc:9000
|
|
@ -9,8 +9,7 @@ spec:
|
|||||||
etcdCluster:
|
etcdCluster:
|
||||||
# The namespace is the same as this EtcdRestore CR
|
# The namespace is the same as this EtcdRestore CR
|
||||||
name: vault-etcd
|
name: vault-etcd
|
||||||
backupStorageType: S3
|
backupStorageType: ABS
|
||||||
s3:
|
abs:
|
||||||
path: vault/backup-<name>
|
path: vault/backup-<specify the backup name>
|
||||||
awsSecret: aws
|
absSecret: abs
|
||||||
endpoint: http://minio.minio.svc:9000
|
|
@ -3,15 +3,11 @@ Vault operator created
|
|||||||
Next steps:
|
Next steps:
|
||||||
|
|
||||||
* Manually create a vault using resources/vault.yaml
|
* Manually create a vault using resources/vault.yaml
|
||||||
* Manually restore a backup using resources/restore.yaml
|
* Manually restore a backup using resources/backup.yaml
|
||||||
* Unseal the vault pods
|
* Unseal the vault pods
|
||||||
|
|
||||||
{{ if .Values.backupJob.suspend }}
|
{{ if .Values.backupJob.enable }}
|
||||||
!!!!!! BACKUP JOB SUSPENDED !!!!!!
|
|
||||||
{{ else }}
|
|
||||||
{{- if .Values.s3.endpoint -}}
|
|
||||||
Backing up to non-standard s3 endpoint {{ .Values.s3.endpoint }} {{ else -}}
|
|
||||||
Backing up to S3 on aws {{ end -}}
|
|
||||||
in bucket {{ .Values.s3.bucket }}.
|
|
||||||
!! Make sure to check if the backups succeed !!
|
!! Make sure to check if the backups succeed !!
|
||||||
|
{{ else }}
|
||||||
|
!!!!!! NO BACKUPS CONFIGURED !!!!!!
|
||||||
{{ end }}
|
{{ end }}
|
10
molgenis-vault/templates/abs-secret.yaml
Normal file
10
molgenis-vault/templates/abs-secret.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Secret to access microsoft azure blob store
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: abs
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
storage-account: {{ .Values.abs.account }}
|
||||||
|
storage-key: {{ .Values.abs.accessKey }}
|
||||||
|
cloud: {{ .Values.abs.cloud }}
|
@ -1,10 +0,0 @@
|
|||||||
# Secret to access s3 compatible store
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: aws
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }}
|
|
||||||
credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }}
|
|
||||||
|
|
@ -11,14 +11,8 @@ data:
|
|||||||
generateName: vault-backup-
|
generateName: vault-backup-
|
||||||
spec:
|
spec:
|
||||||
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
||||||
storageType: S3
|
storageType: ABS
|
||||||
clientTLSSecret: vault-etcd-client-tls
|
clientTLSSecret: vault-etcd-client-tls
|
||||||
s3:
|
abs:
|
||||||
path: {{ .Values.s3.bucket }}/backup.<NOW>
|
path: vault/backup.<NOW>
|
||||||
awsSecret: aws
|
absSecret: abs
|
||||||
{{- if .Values.s3.endpoint }}
|
|
||||||
endpoint: {{ .Values.s3.endpoint }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if hasKey .Values.s3 "forcePathStyle" }}
|
|
||||||
forcePathStyle: {{ .Values.s3.forcePathStyle }}
|
|
||||||
{{- end }}
|
|
@ -1,10 +1,10 @@
|
|||||||
|
{{- if .Values.backupJob.enable }}
|
||||||
# cronjob that creates etcdbackups using the etcd backup serviceaccount
|
# cronjob that creates etcdbackups using the etcd backup serviceaccount
|
||||||
apiVersion: batch/v1beta1
|
apiVersion: batch/v1beta1
|
||||||
kind: CronJob
|
kind: CronJob
|
||||||
metadata:
|
metadata:
|
||||||
name: etcd-backup
|
name: etcd-backup
|
||||||
spec:
|
spec:
|
||||||
suspend: {{ .Values.backupJob.suspend }}
|
|
||||||
schedule: {{ .Values.backupJob.schedule | quote }}
|
schedule: {{ .Values.backupJob.schedule | quote }}
|
||||||
jobTemplate:
|
jobTemplate:
|
||||||
spec:
|
spec:
|
||||||
@ -26,4 +26,5 @@ spec:
|
|||||||
volumes:
|
volumes:
|
||||||
- name: backup-config
|
- name: backup-config
|
||||||
configMap:
|
configMap:
|
||||||
name: backup-config
|
name: backup-config
|
||||||
|
{{- end }}
|
@ -2,26 +2,19 @@
|
|||||||
# This is a YAML-formatted file.
|
# This is a YAML-formatted file.
|
||||||
# Declare variables to be passed into your templates.
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
# s3 configures s3 backup storage
|
# abs gives details of the credentials to reach the azure backup storage
|
||||||
s3:
|
abs:
|
||||||
# accessKey for the s3 storage account
|
# account is the name of the Storage account
|
||||||
accessKeyId: Q3AM3UQ867SPQQA43P2F
|
account: fdlkops
|
||||||
# secretAccessKey for the s3 storage account
|
# access key for the Storage account
|
||||||
secretAccessKey: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
|
accessKey: xxxx
|
||||||
# region
|
# default cloud
|
||||||
region: us-east-1
|
cloud: AzurePublicCloud
|
||||||
# endpoint for the s3 storage
|
|
||||||
endpoint: https://play.minio.io:9000
|
|
||||||
# forcePathStyle if set to true forces requests to use path style
|
|
||||||
# (host/bucket instead of bucket.host)
|
|
||||||
forcePathStyle: true
|
|
||||||
# bucket is the name of the bucket
|
|
||||||
bucket: vault
|
|
||||||
|
|
||||||
# backupjob describes the backup cronjob
|
# backupjob describes the backup cronjob
|
||||||
backupJob:
|
backupJob:
|
||||||
# suspend suspends the backup job
|
# enable enables the backup job
|
||||||
suspend: false
|
enable: true
|
||||||
# schedule gives the cron schedule for the backup job
|
# schedule gives the cron schedule for the backup job
|
||||||
schedule: "0 12 * * 1"
|
schedule: "0 12 * * 1"
|
||||||
|
|
||||||
@ -47,12 +40,10 @@ etcd-operator:
|
|||||||
tag: v0.9.2
|
tag: v0.9.2
|
||||||
backupOperator:
|
backupOperator:
|
||||||
image:
|
image:
|
||||||
repository: fdlk/etcd-operator
|
tag: v0.9.2
|
||||||
tag: latest
|
|
||||||
restoreOperator:
|
restoreOperator:
|
||||||
image:
|
image:
|
||||||
repository: fdlk/etcd-operator
|
tag: v0.9.2
|
||||||
tag: latest
|
|
||||||
|
|
||||||
ui:
|
ui:
|
||||||
name: "vault-ui"
|
name: "vault-ui"
|
||||||
|
Reference in New Issue
Block a user