feat: Add resources for helm role

Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm
chore: create indexed chart
2018-09-21 15:09:05 +02:00 · 2018-09-21 13:50:26 +02:00 · 2018-09-11 16:12:32 +02:00
15 changed files with 93 additions and 82 deletions
--- a/charts/index.yaml
+++ b/charts/index.yaml
@ -0,0 +1,16 @@
 apiVersion: v1
 entries:
  molgenis-preview:
  - apiVersion: v1
    appVersion: "1.0"
    created: 2018-09-11T16:11:49.165533266+02:00
    description: MOLGENIS - helm stack for testing purposes
    digest: e1174bd0d8a71bf4d23f5463521cf4dbcac39dc93f16cd842c92cda1a963f6b2
    icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
    name: molgenis-preview
    sources:
    - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
    urls:
    - molgenis-preview-0.2.0.tgz
    version: 0.2.0
 generated: 2018-09-11T16:11:49.158086031+02:00
--- a/charts/molgenis-preview-0.2.0.tgz
+++ b/charts/molgenis-preview-0.2.0.tgz
--- a/molgenis-jenkins/resources/README.md
+++ b/molgenis-jenkins/resources/README.md
--- a/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
+++ b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
@ -0,0 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: tiller-jenkins-binding
  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tiller-user
 subjects:
 - kind: ServiceAccount
  name: default
  namespace: molgenis-jenkins
--- a/molgenis-jenkins/resources/tiller-user-role.yaml
+++ b/molgenis-jenkins/resources/tiller-user-role.yaml
@ -0,0 +1,18 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: tiller-user
  namespace: kube-system
 rules:
 - apiGroups:
  - ""
  resources:
  - pods/portforward
  verbs:
  - create
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
--- a/molgenis-vault/Chart.yaml
+++ b/molgenis-vault/Chart.yaml
@ -2,5 +2,5 @@ apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS vault
 name: molgenis-vault
-version: 0.2.1
+version: 0.1.1
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-vault/catalogIcon-molgenis-vault.svg
--- a/molgenis-vault/README.md
+++ b/molgenis-vault/README.md
@ -13,25 +13,21 @@ See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
 ## Parameters
 ### Azure cloud credentials
-Define credentials for an S3 compatible backup bucket.
+Define credentials for backup to the Azure Blob Store.
-See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md).
+See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
 > Default values backup to the minio play server.
 You can host the stable/minio chart to backup to a bucket on the cluster.
-| Parameter            | Description                              | Default                                    |
+| Parameter       | Description                   | Default            |
-| -------------------- | ---------------------------------------- | ------------------------------------------ |
+| --------------- | ----------------------------- | ------------------ |
-| `s3.accessKeyId`     | key id storage account                   | `Q3AM3UQ867SPQQA43P2F`                     |
+| `abs.account`   | name of storage account       | `fdlkops`          |
-| `s3.secretAccessKey` | secret access key of storage account     | `zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG` |
+| `abs.accessKey` | access key of storage account | `xxxx`             |
-| `s3.region`          | region of the storage server             | `us-east-1`                                |
+| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
 | `s3.endpoint`        | endpoint for the storage server          | `https://play.minio.io:9000`               |
 | `s3.bucket`          | name of the bucket on the storage server | `vault`                                    |
 ### Backup job
 Define the schedule of the backup job
 | Parameter            | Description                  | Default       |
 | -------------------- | ---------------------------- | ------------- |
-| `backupJob.suspend`  | Suspend backup cronjob       | `false`       |
+| `backupJob.enable`   | Enable backup cronjob        | `true`        |
 | `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1`  |
 ### UI
--- a/molgenis-vault/resources/backup.yaml
+++ b/molgenis-vault/resources/backup.yaml
@ -1,13 +0,0 @@
 apiVersion: "etcd.database.coreos.com/v1beta2"
 kind: "EtcdBackup"
 metadata:
  name: vault-backup
  namespace: "vault-operator"
 spec:
  etcdEndpoints: ["https://vault-etcd-client:2379"]
  storageType: S3
  clientTLSSecret: vault-etcd-client-tls
  s3:
    path: vault/backup-manual
    awsSecret: aws
    endpoint: http://minio.minio.svc:9000
--- a/molgenis-vault/resources/restore.yaml
+++ b/molgenis-vault/resources/restore.yaml
@ -9,8 +9,7 @@ spec:
  etcdCluster:
    # The namespace is the same as this EtcdRestore CR
    name: vault-etcd
-  backupStorageType: S3
+  backupStorageType: ABS
-  s3:
+  abs:
-    path: vault/backup-<name>
+    path: vault/backup-<specify the backup name>
-    awsSecret: aws
+    absSecret: abs
    endpoint: http://minio.minio.svc:9000
--- a/molgenis-vault/templates/NOTES.txt
+++ b/molgenis-vault/templates/NOTES.txt
@ -3,15 +3,11 @@ Vault operator created
 Next steps:
 * Manually create a vault using resources/vault.yaml
-* Manually restore a backup using resources/restore.yaml
+* Manually restore a backup using resources/backup.yaml
 * Unseal the vault pods
-{{ if .Values.backupJob.suspend }}
+{{ if .Values.backupJob.enable }}
 !!!!!! BACKUP JOB SUSPENDED !!!!!!
 {{ else }}
 {{- if .Values.s3.endpoint -}}
 Backing up to non-standard s3 endpoint {{ .Values.s3.endpoint }} {{ else -}}
 Backing up to S3 on aws {{ end -}}
 in bucket {{ .Values.s3.bucket }}.
 !! Make sure to check if the backups succeed !!
 {{ else }}
 !!!!!! NO BACKUPS CONFIGURED !!!!!!
 {{ end }}
--- a/molgenis-vault/templates/abs-secret.yaml
+++ b/molgenis-vault/templates/abs-secret.yaml
@ -0,0 +1,10 @@
 # Secret to access microsoft azure blob store
 apiVersion: v1
 kind: Secret
 metadata:
  name: abs
 type: Opaque
 stringData:
  storage-account: {{ .Values.abs.account }}
  storage-key: {{ .Values.abs.accessKey }}
  cloud: {{ .Values.abs.cloud }}
--- a/molgenis-vault/templates/aws-secret.yaml
+++ b/molgenis-vault/templates/aws-secret.yaml
@ -1,10 +0,0 @@
 # Secret to access s3 compatible store
 apiVersion: v1
 kind: Secret
 metadata:
  name: aws
 type: Opaque
 data:
  config: {{ printf "[default]\nregion = %s" .Values.s3.region | b64enc | quote }}
  credentials: {{ printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\n" .Values.s3.accessKeyId .Values.s3.secretAccessKey | b64enc | quote }}
--- a/molgenis-vault/templates/backup-configmap.yaml
+++ b/molgenis-vault/templates/backup-configmap.yaml
@ -11,14 +11,8 @@ data:
      generateName: vault-backup-
    spec:
      etcdEndpoints: ["https://vault-etcd-client:2379"]
-      storageType: S3
+      storageType: ABS
      clientTLSSecret: vault-etcd-client-tls
-      s3:
+      abs:
-        path: {{ .Values.s3.bucket }}/backup.<NOW>
+        path: vault/backup.<NOW>
-        awsSecret: aws
+        absSecret: abs
 {{- if .Values.s3.endpoint }}
        endpoint: {{ .Values.s3.endpoint }}
 {{- end }}
 {{- if hasKey .Values.s3 "forcePathStyle" }}
        forcePathStyle: {{ .Values.s3.forcePathStyle }}
 {{- end }}
--- a/molgenis-vault/templates/backup-cronjob.yaml
+++ b/molgenis-vault/templates/backup-cronjob.yaml
@ -1,10 +1,10 @@
 {{- if .Values.backupJob.enable }}
 # cronjob that creates etcdbackups using the etcd backup serviceaccount
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
  name: etcd-backup
 spec:
  suspend: {{ .Values.backupJob.suspend }}
  schedule: {{ .Values.backupJob.schedule | quote }}
  jobTemplate:
    spec:
@ -26,4 +26,5 @@ spec:
          volumes:
          - name: backup-config
            configMap:
-              name: backup-config
+              name: backup-config
 {{- end }}
--- a/molgenis-vault/values.yaml
+++ b/molgenis-vault/values.yaml
@ -2,26 +2,19 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-# s3 configures s3 backup storage
+# abs gives details of the credentials to reach the azure backup storage
-s3:
+abs:
-  # accessKey for the s3 storage account
+  # account is the name of the Storage account
-  accessKeyId: Q3AM3UQ867SPQQA43P2F
+  account: fdlkops
-  # secretAccessKey for the s3 storage account
+  # access key for the Storage account
-  secretAccessKey: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
+  accessKey: xxxx
-  # region
+  # default cloud
-  region: us-east-1
+  cloud: AzurePublicCloud
  # endpoint for the s3 storage
  endpoint: https://play.minio.io:9000
  # forcePathStyle if set to true forces requests to use path style
  # (host/bucket instead of bucket.host)
  forcePathStyle: true
  # bucket is the name of the bucket
  bucket: vault
 # backupjob describes the backup cronjob
 backupJob:
-  # suspend suspends the backup job
+  # enable enables the backup job
-  suspend: false
+  enable: true
  # schedule gives the cron schedule for the backup job
  schedule: "0 12 * * 1"
@ -47,12 +40,10 @@ etcd-operator:
      tag: v0.9.2
  backupOperator:
    image:
-      repository: fdlk/etcd-operator
+      tag: v0.9.2
      tag: latest
  restoreOperator:
    image:
-      repository: fdlk/etcd-operator
+      tag: v0.9.2
      tag: latest
 ui:
  name: "vault-ui"
Author	SHA1	Message	Date
Fleur Kelpin	655771c8ac	feat: Add resources for helm role	2018-09-21 15:09:05 +02:00
Fleur Kelpin	7127914de2	Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm	2018-09-21 13:50:26 +02:00
Fleur Kelpin	33d8a30c69	chore: create indexed chart	2018-09-11 16:12:32 +02:00