From 0428a13d16acf9e66a659a5fe855ef420b10b554 Mon Sep 17 00:00:00 2001
From: gitea-bot <gitea-bot@alexlebens.net>
Date: Sat, 20 Dec 2025 04:24:50 +0000
Subject: [PATCH] chore: Update manifests after change

---
 .../vault/ConfigMap-vault-backup-script.yaml  | 18 +++++++
 .../ConfigMap-vault-snapshot-script.yaml      | 48 +++++++++++++++----
 2 files changed, 57 insertions(+), 9 deletions(-)
 create mode 100644 clusters/cl01tl/manifests/vault/ConfigMap-vault-backup-script.yaml

diff --git a/clusters/cl01tl/manifests/vault/ConfigMap-vault-backup-script.yaml b/clusters/cl01tl/manifests/vault/ConfigMap-vault-backup-script.yaml
new file mode 100644
index 000000000..177e70baf
--- /dev/null
+++ b/clusters/cl01tl/manifests/vault/ConfigMap-vault-backup-script.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vault-backup-script
+  namespace: vault
+  labels:
+    app.kubernetes.io/name: vault-backup-script
+    app.kubernetes.io/instance: vault
+    app.kubernetes.io/part-of: vault
+data:
+  backup.sh: |
+    echo " ";
+    echo ">> Running S3 backup for Vault snapshot";
+    if s3cmd sync --no-check-certificate -v /opt/backup "${BUCKET}/cl01tl/cl01tl-vault-snapshots/"; then
+        echo ">> Sync succeeded"
+    else
+        echo ">> ERROR: Sync failed"
+    fi
diff --git a/clusters/cl01tl/manifests/vault/ConfigMap-vault-snapshot-script.yaml b/clusters/cl01tl/manifests/vault/ConfigMap-vault-snapshot-script.yaml
index 8d4149982..8caac4f76 100644
--- a/clusters/cl01tl/manifests/vault/ConfigMap-vault-snapshot-script.yaml
+++ b/clusters/cl01tl/manifests/vault/ConfigMap-vault-snapshot-script.yaml
@@ -8,15 +8,45 @@ metadata:
     app.kubernetes.io/instance: vault
     app.kubernetes.io/part-of: vault
 data:
-  update.sh: |
-    BACKUP_FOLDER=/opt/backup
-    BACKUP_FILE=$(ls -t $BACKUP_FOLDER | head -n 1)
+  snapshot.sh: |
+    MAX_RETRIES=5
+    SUCCESS=false
+
+    for ((i=1; i<=$MAX_RETRIES; i++)); do
+        if apk update --short &> /dev/null; then
+            echo ">> Attempt $i: Repositories are reachable";
+            SUCCESS=true;
+            break;
+        else
+            echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
+            sleep 5;
+        fi;
+    done;
+
+    if [ "$SUCCESS" = false ]; then
+        echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
+        exit 1;
+    fi
+
+    if ! command -v jq 2>&1 >/dev/null;
+    then
+        echo "jq could not be found, installing";
+        apk add --no-cache jq;
+        if [ $? -eq 0 ]; then
+            echo ">> Installation successful";
+        else
+            echo ">> Installation failed with exit code $?";
+            exit 1;
+        fi;
+    fi;
 
     echo " ";
-    echo ">> Running S3 backup for Vault snapshot";
+    echo ">> Fetching Vault token";
+    export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
 
-    if s3cmd put --no-check-md5 --no-check-certificate -v "$BACKUP_FOLDER/$BACKUP_FILE" "${BUCKET}/cl01tl/cl01tl-vault-snapshots/$BACKUP_FILE"; then
-        echo ">> Upload succeeded"
-    else
-        echo ">> ERROR: Upload failed"
-    fi
+    echo " ";
+    echo ">> Taking Vault snapsot ...";
+    vault operator raft snapshot save /opt/backup/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap
+
+    echo " ";
+    echo ">> Completed Vault snapshot";