From 4e4b53da9c80fef6c6790655e296db404bfbea6c Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Wed, 31 May 2023 17:48:57 +0530 Subject: [PATCH] add secrets creation part --- docs/architecture.rst | 121 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 120 insertions(+), 1 deletion(-) diff --git a/docs/architecture.rst b/docs/architecture.rst index 65d852f5602..538784a8bec 100644 --- a/docs/architecture.rst +++ b/docs/architecture.rst @@ -540,13 +540,132 @@ As a reference, below is an example of a Repository Server namespace: kanister username: -RepositoryServerSecrets +Repository Server Secrets ========================= Kanister controller needs the following secrets to be created for starting the kopia repository server successfully. The secrets are referenced in the ``RepositoryServer`` CR as described in :ref:`RepositoryServer` +Location Secret +---------------- + +# Try out filestore Location secret + +Credentials Secret +------------------ + +Following are the secret formats to be used for Azure, AWS and GCS storage credentials + +- ``AWS S3`` + +.. code-block:: yaml + :linenos: + + apiVersion: v1 + kind: Secret + metadata: + name: s3-loc-creds + namespace: + type: secrets.kanister.io/aws + data: + # required: base64 encoded value for key with proper permissions for the bucket + access-key: + # required: base64 encoded value for the secret corresponding to the key above + secret-acccess-key: + # optional: base64 encoded value for AWS IAM role + role: + +- ``Azure`` + +.. code-block:: yaml + :linenos: + + apiVersion: v1 + kind: Secret + metadata: + name: az-loc-creds + namespace: + type: secrets.kanister.io/azure + data: + # required: base64 encoded value for account with proper permissions for the bucket + azure_storage_account_id: + # required: base64 encoded value for the key corresponding to the account above + azure_storage_key: + # optional: base64 encoded value for the storage enevironment. + # Acceptable values are AzureCloud, AzureChinaCloud, AzureUSGovernment, AzureGermanCloud + azure_storage_environment: + + - ``GCS`` + + .. code-block:: yaml + :linenos: + + apiVersion: v1 + kind: Secret + metadata: + name: gcs-loc-creds + namespace: + type: secrets.kanister.io/gcp + data: + # required: base64 encoded value for project with proper permissions for the bucket + project-id: + # required: base64 encoded value for the SA with proper permissions for the bucket. + # This value is base64 encoding of the service account json file when + # creating a new service account + service-account.json: + + +Repository Password Secret +-------------------------- +This is the password secret format used by controller to connect to kopia repository. + +.. code-block:: yaml + :linenos: + apiVersion: v1 + kind: Secret + metadata: + name: repository-password + namespace: + type: secrets.kanister.io/kopia-repository/password + data: + repo-password: + +Repository Server Admin User Secret +----------------------------------- +This is the admin credentials secret format used by the controller to start the kopia +repository server + +.. code-block:: yaml + :linenos: + + apiVersion: v1 + kind: Secret + metadata: + name: repository-server-admin + namespace: + type: secrets.kanister.io/kopia-repository/serveradmin + data: + username: + password: + + +TLS Secret +---------- + +This secret is in standard ``kubernetes.io/tls`` format + + + +Repository Server User Access Password Secret +--------------------------------------------- + + + + + + + Controller ==========