update config
This commit is contained in:
@@ -27,43 +27,6 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: VAULT_APPROLE_SECRET_ID
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: vault-snapshot-s3
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vault-snapshot-s3
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/vault-backup
|
||||
metadataPolicy: None
|
||||
property: AWS_ACCESS_KEY_ID
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/vault-backup
|
||||
metadataPolicy: None
|
||||
property: AWS_SECRET_ACCESS_KEY
|
||||
- secretKey: S3_REPOSITORY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/vault-backup
|
||||
metadataPolicy: None
|
||||
property: S3_REPOSITORY
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
@@ -83,9 +46,16 @@ spec:
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/vault/snapshot
|
||||
key: /digital-ocean/home-infra/vault-backup
|
||||
metadataPolicy: None
|
||||
property: s3cfg
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/vault-backup
|
||||
metadataPolicy: None
|
||||
property: BUCKET
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
|
||||
@@ -206,12 +206,15 @@ snapshot:
|
||||
- -ec
|
||||
- |
|
||||
echo ">> Running S3 backup for Vault snapshot"
|
||||
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/vault-snapshot-s3.snap ${S3_REPOSITORY}/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
|
||||
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/vault-snapshot-s3.snap ${BUCKET}/cl01tl/cl01tl-vault-snapshots/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
|
||||
rm -f /opt/backup/vault-snapshot-s3.snap;
|
||||
echo ">> Completed S3 backup for Vault snapshot"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: vault-snapshot-s3
|
||||
env:
|
||||
- name: BUCKET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-s3cmd-config
|
||||
key: BUCKET
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
@@ -227,17 +230,24 @@ snapshot:
|
||||
- -ec
|
||||
- |
|
||||
export MONTH_AGO=$(date -d @$(( $(date +%s) - 2592000 )) +%Y-%m-%d\ %H:%M:%S);
|
||||
export TIME_RANGE="$MONTH_AGO"
|
||||
echo ">> Running S3 prune for Vault snapshot repository"
|
||||
echo ">> Backups prior to '$MONTH_AGO' will be removed"
|
||||
s3cmd ls -v $S3_REPOSITORY |
|
||||
echo ">> Backups prior to '$TIME_RANGE' will be removed"
|
||||
echo ">> File list:"
|
||||
s3cmd ls -v ${BUCKET}/cl01tl/cl01tl-vault-snapshots/
|
||||
echo ">> Deleting ..."
|
||||
s3cmd ls -v ${BUCKET}/cl01tl/cl01tl-vault-snapshots/ |
|
||||
awk -v month_ago="$MONTH_AGO" '$1 < month_ago {print $4}' |
|
||||
while read file;
|
||||
do s3cmd del -v "$file";
|
||||
done;
|
||||
echo ">> Completed S3 prune for Vault snapshot repository"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: vault-snapshot-s3
|
||||
env:
|
||||
- name: BUCKET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-s3cmd-config
|
||||
key: BUCKET
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
|
||||
Reference in New Issue
Block a user