1
0
molgenis-ops-docker-helm/molgenis-vault
Fleur Kelpin 5f542e7632 feat (molgenis-vault): Switch backup storage to s3.
We can host s3 compatible storage locally by deploying the stable/minio chart.
Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3.
2018-09-17 08:49:46 +02:00
..
charts chore (molgenis-vault): Add dependencies vault-operator and etcd-operator 2018-09-07 21:46:25 +02:00
resources feat (molgenis-vault): Switch backup storage to s3. 2018-09-17 08:49:46 +02:00
templates feat (molgenis-vault): Switch backup storage to s3. 2018-09-17 08:49:46 +02:00
.helmignore chore (molgenis-vault): helm init molgenis-vault 2018-09-07 21:46:04 +02:00
catalogIcon-molgenis-vault.svg doc (molgenis-vault): add icon 2018-09-07 22:45:32 +02:00
Chart.yaml feat (molgenis-vault): Switch backup storage to s3. 2018-09-17 08:49:46 +02:00
README.md feat (molgenis-vault): Switch backup storage to s3. 2018-09-17 08:49:46 +02:00
requirements.lock chore (molgenis-vault): Add dependencies vault-operator and etcd-operator 2018-09-07 21:46:25 +02:00
requirements.yaml chore (molgenis-vault): Add dependencies vault-operator and etcd-operator 2018-09-07 21:46:25 +02:00
values.yaml feat (molgenis-vault): Switch backup storage to s3. 2018-09-17 08:49:46 +02:00

MOLGENIS Vault helm chart

This chart creates a vault operator, but NO vault. The vault operator defines a new custom resource named vault that you can use to create vaults.

After launching the operator, create the molgenis vault manually: kubectl create -f resources/vault.yaml

That creates a new vault with two vault pods.

See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md

Parameters

Azure cloud credentials

Define credentials for an S3 compatible backup bucket. See etcd-operator documentation.

Default values backup to the minio play server. You can host the stable/minio chart to backup to a bucket on the cluster.

Parameter Description Default
s3.accessKeyId key id storage account Q3AM3UQ867SPQQA43P2F
s3.secretAccessKey secret access key of storage account zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
s3.region region of the storage server us-east-1
s3.endpoint endpoint for the storage server https://play.minio.io:9000
s3.bucket name of the bucket on the storage server vault

Backup job

Define the schedule of the backup job

Parameter Description Default
backupJob.suspend Suspend backup cronjob false
backupJob.schedule cron schedule for the backup 0 12 * * 1

UI

Parameter Description Default
ui.replicaCount desired number of Vault UI pod 1
ui.image.repository Vault UI container image repository djenriquez/vault-ui
ui.image.tag Vault UI container image tag latest
ui.resources Vault UI pod resource requests & limits {}
ui.nodeSelector node labels for Vault UI pod assignment {}
ui.ingress.enabled If true, Vault UI Ingress will be created true
ui.ingress.annotations Vault UI Ingress annotations {}
ui.ingress.host Vault UI Ingress hostname vault.molgenis.org
ui.ingress.tls Vault UI Ingress TLS configuration (YAML) []
ui.vault.url Vault UI default vault url https://vault.vault-operator:8200
ui.vault.auth Vault UI login method GITHUB
ui.service.name Vault UI service name vault-ui
ui.service.type type of ui service to create ClusterIP
ui.service.externalPort Vault UI service target port 8000
ui.service.internalPort Vault UI container port 8000
ui.service.nodePort Port to be used as the service NodePort (ignored if server.service.type is not NodePort) 0