alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

switch to s3cmd

Browse Source
This commit is contained in:
Alex Lebens
2025-02-17 15:14:24 -06:00
parent 9d14ccb188
commit 4fc230c419
2 changed files with 34 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
clusters/cl01tl/platform/vault/templates/external-secret.yaml
View File

@@ -60,34 +60,31 @@ spec:
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None metadataPolicy: None
property: AWS_DEFAULT_REGION property: AWS_DEFAULT_REGION
- secretKey: AWS_ENDPOINT_URL
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-s3cmd-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-s3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: snapshot
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None metadataPolicy: None
property: AWS_ENDPOINT_URL property: s3cfg
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: AWS_RESPONSE_CHECKSUM_VALIDATION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_RESPONSE_CHECKSUM_VALIDATION
- secretKey: AWS_REQUEST_CHECKSUM_CALCULATION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/vault-backup
metadataPolicy: None
property: AWS_REQUEST_CHECKSUM_CALCULATION
--- ---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1

17
clusters/cl01tl/platform/vault/values.yaml
View File

@@ -207,8 +207,8 @@ snapshot:
memory: 64Mi memory: 64Mi
backup: backup:
image: image:
repository: amazon/aws-cli repository: d3fk/s3cmd
tag: 2.24.5 tag: latest@sha256:ae12ef40440ee069dac63d98a3590da0e02acc56ea4f60e9e4c5353d585a9140
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -216,7 +216,7 @@ snapshot:
- -ec - -ec
- | - |
until [ -f /opt/backup/vault-snapshot-s3.snap ]; do sleep 5; done; until [ -f /opt/backup/vault-snapshot-s3.snap ]; do sleep 5; done;
aws s3 cp /opt/backup/vault-snapshot-s3.snap s3://cl01tl/cl01tl-vault-snapshots/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap; s3cmd put /opt/backup/vault-snapshot-s3.snap s3://cl01tl/cl01tl-vault-snapshots/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
rm /opt/backup/vault-snapshot-s3.snap; rm /opt/backup/vault-snapshot-s3.snap;
envFrom: envFrom:
- secretRef: - secretRef:
@@ -238,6 +238,17 @@ snapshot:
backup: backup:
- path: /opt/backup - path: /opt/backup
readOnly: false readOnly: false
s3cmd-config:
enabled: true
type: secret
name: vault-s3cmd-config
advancedMounts:
snapshot:
backup:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
unseal: unseal:
global: global:
fullnameOverride: vault-unseal fullnameOverride: vault-unseal