Skip to content

Commit

Permalink
Add GCP creds to Kanister Profile (#4734)
Browse files Browse the repository at this point in the history
* Add GCP creds to kanister profile helm

* Add location type

* Use diff fields to store creds in secret

* Address review suggestions

* update docs with profile changes
  • Loading branch information
SupriyaKasten authored and Ilya Kislenko committed Jan 23, 2019
1 parent 27efe42 commit 60a3dc4
Show file tree
Hide file tree
Showing 13 changed files with 125 additions and 92 deletions.
8 changes: 4 additions & 4 deletions docs/helm_instructions/create_profile.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,20 +10,20 @@ create as part of the first instance.
.. note:: Prior to creating the Profile CR, you will need to do the following:

* Create a bucket for artifacts on your S3 store. This will be your
``s3.bucket`` parameter to the command.
* Obtain ``s3.accessKey`` and ``s3.secretKey`` credentials for an
``location.bucket`` parameter to the command.
* Obtain ``aws.accessKey`` and ``aws.secretKey`` credentials for an
account with access to the bucket that you will use.
* Configure the permissions on the bucket to allow the account to
list, put, get, and delete.
* Make sure that your retention policy allows deletions so that artifacts
can be reclaimed based on your intended data backup retention.

.. note:: The ``s3.endpoint`` parameter is only required if you are using an
.. note:: The ``location.endpoint`` parameter is only required if you are using an
S3-compatible provider different from AWS.

If you are using an on-premises s3 provider, the endpoint specified needs be
accessible from within your Kubernetes cluster.

If, in your environment, the endpoint has a self-signed SSL certificate,
include ``--set s3.verifySSL=false`` in the above command to disable SSL
include ``--set verifySSL=false`` in the above command to disable SSL
verification for the S3 operations in the blueprint.
9 changes: 5 additions & 4 deletions docs/helm_instructions/elasticsearch_instructions.rst
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,11 @@ Then install the sample Elasticsearch application in its own namespace.
--namespace es-test \
--set profile.create='true' \
--set profile.profileName='es-test-profile' \
--set profile.s3.endpoint='https://my-custom-s3-provider:9000' \
--set profile.s3.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.s3.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set profile.s3.bucket='kanister-bucket'
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.aws.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.aws.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set kanister.controller_namespace="kanister"
.. only:: defaultns
Expand Down
9 changes: 5 additions & 4 deletions docs/helm_instructions/mongodb_instructions.rst
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,11 @@ Then install the sample MongoDB replica set application in its own namespace.
--namespace mongodb-test \
--set profile.create='true' \
--set profile.profileName='mongo-test-profile' \
--set profile.s3.bucket="kanister-bucket" \
--set profile.s3.endpoint="https://my-custom-s3-provider:9000" \
--set profile.s3.accessKey="AKIAIOSFODNN7EXAMPLE" \
--set profile.s3.secretKey="wJalrXUtnFEMI!K7MDENG!bPxRfiCYEXAMPLEKEY" \
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.aws.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.aws.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set kanister.controller_namespace="kanister" \
--set replicas=1 \
--set persistentVolume.size=2Gi
Expand Down
9 changes: 5 additions & 4 deletions docs/helm_instructions/mysql_instructions.rst
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,11 @@ Then install the sample MySQL application in its own namespace.
$ helm install kanister/kanister-mysql -n mysql --namespace mysql-test \
--set profile.create='true' \
--set profile.profileName='mysql-test-profile' \
--set profile.s3.bucket="kanister-bucket" \
--set profile.s3.endpoint="https://my-custom-s3-provider:9000" \
--set profile.s3.accessKey="AKIAIOSFODNN7EXAMPLE" \
--set profile.s3.secretKey="wJalrXUtnFEMI!K7MDENG!bPxRfiCYEXAMPLEKEY" \
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.aws.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.aws.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set kanister.controller_namespace="kanister" \
--set mysqlRootPassword="asd#45@mysqlEXAMPLE" \
--set persistence.size=10Gi
Expand Down
9 changes: 5 additions & 4 deletions docs/helm_instructions/pgsql_instructions.rst
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,11 @@ Then install the sample PostgreSQL application in its own namespace.
--namespace postgresql-test \
--set profile.create='true' \
--set profile.profileName='postgres-test-profile' \
--set profile.s3.bucket="kanister-bucket" \
--set profile.s3.endpoint="https://my-custom-s3-provider:9000" \
--set profile.s3.accessKey="AKIAIOSFODNN7EXAMPLE" \
--set profile.s3.secretKey="wJalrXUtnFEMI!K7MDENG!bPxRfiCYEXAMPLEKEY" \
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.aws.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.aws.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set kanister.controller_namespace="kanister"
Expand Down
31 changes: 17 additions & 14 deletions examples/helm/kanister/kanister-elasticsearch/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,12 @@ Then install the sample Elasticsearch application with the release name `my-rele
$ helm install kanister/kanister-elasticsearch -n my-release --namespace es-test \
--set profile.create='true' \
--set profile.profileName='es-test-profile' \
--set profile.s3.endpoint='https://my-custom-s3-provider:9000' \
--set profile.s3.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.s3.secretKey="${AWS_SECRET_ACCESS_KEY}" \
--set profile.s3.bucket='kanister-bucket' \
--set profile.s3.region=us-west-2
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.location.region=us-west-2 \
--set profile.aws.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.aws.secretKey="${AWS_SECRET_ACCESS_KEY}"
```

The command deploys Elasticsearch on the Kubernetes cluster in the default
Expand Down Expand Up @@ -185,11 +186,11 @@ default values. The Profile CR parameters are passed to the profile sub-chart.
| `profile.create` | (Optional) Specify if a Profile CR should be created as part of install. | ``false`` |
| `profile.defaultProfile` | (Optional if not creating a default Profile) Set to ``true`` to create a profile with name `default-profile` | ``false`` |
| `profile.profileName` | (Required if not creating a default Profile) Name for the profile that is created | `nil` |
| `profile.s3.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.s3.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.s3.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.s3.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.s3.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.aws.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.aws.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.location.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.location.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.location.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.verifySSL` | (Optional if creating profile) Set to ``false`` to disable SSL verification on the s3 endpoint. | `true` |
| `kanister.controller_namespace` | (Optional) Specify the namespace where the Kanister controller is running. | kasten-io |

Expand Down Expand Up @@ -324,8 +325,10 @@ $ helm install kanister/kanister-elasticsearch -n my-release --namespace es-test
--set data.storage=100Gi \
--set profile.create='true' \
--set profile.profileName='es-test-profile' \
--set profile.s3.endpoint='https://my-custom-s3-provider:9000' \
--set profile.s3.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.s3.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set profile.s3.bucket='kanister-bucket'
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.location.region=us-west-2 \
--set profile.aws.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.aws.secretKey="${AWS_SECRET_ACCESS_KEY}"
```
21 changes: 11 additions & 10 deletions examples/helm/kanister/kanister-mongodb-replicaset/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,12 @@ Then install the sample MongoDB application with the release name `my-release` i
$ helm install kanister/kanister-mongodb-replicaset -n my-release --namespace mongo-test \
--set profile.create='true' \
--set profile.profileName='mongo-test-profile' \
--set profile.s3.endpoint='https://my-custom-s3-provider:9000' \
--set profile.s3.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.s3.secretKey="${AWS_SECRET_ACCESS_KEY}" \
--set profile.s3.bucket='kanister-bucket' \
--set profile.s3.region=us-west-2
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.location.region=us-west-2 \
--set profile.aws.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.aws.secretKey="${AWS_SECRET_ACCESS_KEY}"
```

The command deploys MongoDB ReplicaSet on the Kubernetes cluster in the default
Expand Down Expand Up @@ -166,11 +167,11 @@ default values. The Profile CR parameters are passed to the profile sub-chart.
| `profile.create` | (Optional) Specify if a Profile CR should be created as part of install. | ``false`` |
| `profile.defaultProfile` | (Optional if not creating a default Profile) Set to ``true`` to create a profile with name `default-profile` | ``false`` |
| `profile.profileName` | (Required if not creating a default Profile) Name for the profile that is created | `nil` |
| `profile.s3.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.s3.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.s3.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.s3.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.s3.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.aws.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.aws.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.location.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.location.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.location.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.verifySSL` | (Optional if creating profile) Set to ``false`` to disable SSL verification on the s3 endpoint. | `true` |
| `kanister.controller_namespace` | (Optional) Specify the namespace where the Kanister controller is running. | `kasten-io` |
Expand Down
19 changes: 10 additions & 9 deletions examples/helm/kanister/kanister-mysql/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,11 @@ Then install the sample MySQL application in its own namespace.
$ helm install kanister/kanister-mysql -n my-release --namespace mysql-test \
--set profile.create='true' \
--set profile.profileName='mysql-test-profile' \
--set profile.s3.endpoint='https://my-custom-s3-provider:9000' \
--set profile.s3.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.s3.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set profile.s3.bucket='kanister-bucket' \
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.endpoint='https://my-custom-s3-provider:9000' \
--set profile.aws.accessKey='AKIAIOSFODNN7EXAMPLE' \
--set profile.aws.secretKey='wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \
--set mysqlRootPassword='asd#45@mysqlEXAMPLE' \
--set persistence.size=10Gi
```
Expand Down Expand Up @@ -87,11 +88,11 @@ default values. The Profile CR parameters are passed to the profile sub-chart.
| `profile.create` | (Optional) Specify if a Profile CR should be created as part of install. | ``false`` |
| `profile.defaultProfile` | (Optional if not creating a default Profile) Set to ``true`` to create a profile with name `default-profile` | ``false`` |
| `profile.profileName` | (Required if not creating a default Profile) Name for the profile that is created | `nil` |
| `profile.s3.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.s3.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.s3.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.s3.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.s3.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.aws.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.aws.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.location.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.location.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.location.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.verifySSL` | (Optional if creating profile) Set to ``false`` to disable SSL verification on the s3 endpoint. | `true` |
| `kanister.controller_namespace` | (Optional) Specify the namespace where the Kanister controller is running. | kanister |

Expand Down
28 changes: 15 additions & 13 deletions examples/helm/kanister/kanister-postgresql/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,11 @@ helm repo add kanister http://charts.kanister.io
helm install kanister/kanister-postgresql --name postgres-test --namespace postgres-test \
--set profile.create='true' \
--set profile.profileName='postgres-test-profile' \
--set profile.s3.accessKey=${AWS_ACCESS_KEY_ID} \
--set profile.s3.secretKey=${AWS_SECRET_ACCESS_KEY} \
--set profile.s3.bucket='<BUCKET_NAME e.g kanister_bucket>' \
--set profile.s3.region='<BUCKET_REGION e.g. us-west-2>' \
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.region=us-west-2 \
--set profile.aws.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.aws.secretKey="${AWS_SECRET_ACCESS_KEY}" \
--set kanister.controller_namespace=kanister
```

Expand Down Expand Up @@ -99,10 +100,11 @@ Then install the sample Postgres application in its own namespace.
$ helm install kanister/kanister-postgresql --name postgres-test --namespace postgres-test \
--set profile.create='true' \
--set profile.profileName='postgres-test-profile' \
--set profile.s3.accessKey=${AWS_ACCESS_KEY_ID} \
--set profile.s3.secretKey=${AWS_SECRET_ACCESS_KEY} \
--set profile.s3.bucket='<BUCKET_NAME e.g kanister_bucket>' \
--set profile.s3.region='<BUCKET_REGION e.g. us-west-2>' \
--set profile.location.type='s3Compliant' \
--set profile.location.bucket='kanister-bucket' \
--set profile.location.region=us-west-2 \
--set profile.aws.accessKey="${AWS_ACCESS_KEY_ID}" \
--set profile.aws.secretKey="${AWS_SECRET_ACCESS_KEY}" \
--set kanister.controller_namespace=kanister
```

Expand Down Expand Up @@ -148,11 +150,11 @@ default values. The Profile CR parameters are passed to the profile sub-chart.
| `profile.create` | (Optional) Specify if a Profile CR should be created as part of install. | ``false`` |
| `profile.defaultProfile` | (Optional) Set to ``true`` to create a profile with name `default-profile` | ``false`` |
| `profile.profileName` | (Required if not creating a default Profile) Name for the profile that is created | `nil` |
| `profile.s3.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.s3.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.s3.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.s3.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.s3.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.aws.accessKey` | (Required if creating profile) API Key for an s3 compatible object store. | `nil`|
| `profile.aws.secretKey` | (Required if creating profile) Corresponding secret for `accessKey`. | `nil` |
| `profile.location.bucket` | (Required if creating profile) A bucket that will be used to store Kanister artifacts. <br><br>The bucket must already exist and the account with the above API key and secret needs to have sufficient permissions to list, get, put, delete. | `nil` |
| `profile.location.region` | (Optional if creating profile) Region to be used for the bucket. | `nil` |
| `profile.location.endpoint` | (Optional if creating profile) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` |
| `profile.verifySSL` | (Optional if creating profile) Set to ``false`` to disable SSL verification on the s3 endpoint. | `true` |
| `kanister.controller_namespace` | (Optional) Specify the namespace where the Kanister controller is running. | kanister |

Expand Down
Loading

0 comments on commit 60a3dc4

Please sign in to comment.