add secrets creation part

kanisterio · May 31, 2023 · 4e4b53d · 4e4b53d
1 parent ecf87ed
commit 4e4b53d
Showing 1 changed file with 120 additions and 1 deletion.
diff --git a/docs/architecture.rst b/docs/architecture.rst
@@ -540,13 +540,132 @@ As a reference, below is an example of a Repository Server
           namespace: kanister
         username: <server-user>
 
-RepositoryServerSecrets
+Repository Server Secrets
 =========================
 
 Kanister controller needs the following secrets to be created for starting the kopia
 repository server successfully. The secrets are referenced in the ``RepositoryServer``
 CR as described in  :ref:`RepositoryServer<repositoryservers>`
 
+Location Secret
+----------------
+
+# Try out filestore Location secret
+
+Credentials Secret
+------------------
+
+Following are the secret formats to be used for Azure, AWS and GCS storage credentials
+
+- ``AWS S3``
+
+.. code-block:: yaml
+  :linenos:
+
+  apiVersion: v1
+  kind: Secret
+  metadata:
+     name: s3-loc-creds
+     namespace: <kanister-namespace>
+  type: secrets.kanister.io/aws
+  data:
+     # required: base64 encoded value for key with proper permissions for the bucket
+     access-key: <redacted>
+     # required: base64 encoded value for the secret corresponding to the key above
+     secret-acccess-key: <redacted>
+     # optional: base64 encoded value for AWS IAM role
+     role: <redacted>
+
+- ``Azure``
+
+.. code-block:: yaml
+  :linenos:
+
+  apiVersion: v1
+  kind: Secret
+  metadata:
+     name: az-loc-creds
+     namespace: <kanister-namespace>
+  type: secrets.kanister.io/azure
+  data:
+     # required: base64 encoded value for account with proper permissions for the bucket
+     azure_storage_account_id: <redacted>
+     # required: base64 encoded value for the key corresponding to the account above
+     azure_storage_key: <redacted>
+     # optional: base64 encoded value for the storage enevironment.
+     # Acceptable values are AzureCloud, AzureChinaCloud, AzureUSGovernment, AzureGermanCloud
+     azure_storage_environment: <redacted>
+
+  - ``GCS``
+
+  .. code-block:: yaml
+  :linenos:
+
+  apiVersion: v1
+  kind: Secret
+  metadata:
+     name: gcs-loc-creds
+     namespace: <kanister-namespace>
+  type: secrets.kanister.io/gcp
+  data:
+     # required: base64 encoded value for project with proper permissions for the bucket
+     project-id: <redacted>
+     # required: base64 encoded value for the SA with proper permissions for the bucket.
+     # This value is base64 encoding of the service account json file when
+     # creating a new service account
+     service-account.json: <base64 encoded SA json file>
+
+
+Repository Password Secret
+--------------------------
+This is the password secret format used by controller to connect to kopia repository.
+
+.. code-block:: yaml
+  :linenos:
+  apiVersion: v1
+  kind: Secret
+  metadata:
+     name: repository-password
+     namespace: <kanister-namespace>
+  type: secrets.kanister.io/kopia-repository/password
+  data:
+     repo-password: <redacted>
+
+Repository Server Admin User Secret
+-----------------------------------
+This is the admin credentials secret format used by the controller to start the kopia
+repository server
+
+.. code-block:: yaml
+  :linenos:
+
+  apiVersion: v1
+  kind: Secret
+  metadata:
+     name: repository-server-admin
+     namespace: <kanister-namespace>
+  type: secrets.kanister.io/kopia-repository/serveradmin
+  data:
+     username: <redacted>
+     password: <redacted>
+
+
+TLS Secret
+----------
+
+This secret is in standard ``kubernetes.io/tls`` format
+
+
+
+Repository Server User Access Password Secret
+---------------------------------------------
+
+
+
+
+
+
+
 Controller
 ==========