alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
gitea-bot
2025-12-20 04:56:25 +00:00
parent ab6749ad7b
commit 68bb4d02b8
4 changed files with 80 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
clusters/cl01tl/manifests/vault/ConfigMap-vault-backup-script.yaml
View File

@@ -11,8 +11,35 @@ data:
backup.sh: | backup.sh: |
echo " "; echo " ";
echo ">> Running S3 backup for Vault snapshot"; echo ">> Running S3 backup for Vault snapshot";
if s3cmd sync --no-check-certificate -v /opt/backup "${BUCKET}/cl01tl/cl01tl-vault-snapshots/"; then OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
echo ">> Sync succeeded" STATUS=$?
echo " ";
if [ $STATUS -ne 0 ]; then
if echo "$OUTPUT" | grep -q "403 Forbidden"; then
MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
elif echo "$OUTPUT" | grep -q "404 Not Found"; then
MESSAGE="404 Error: The bucket or folder does not exist"
elif echo "$OUTPUT" | grep -q "Connection refused"; then
MESSAGE="Network Error: Cannot reach the S3 endpoint"
else else
echo ">> ERROR: Sync failed" MESSAGE="Unknown Error: $OUTPUT"
echo ">> Unknown Error, output:"
echo " "
echo "$OUTPUT"
echo " "
fi
echo ">> Message: $MESSAGE"
echo ">> Sending to NTFY ..."
curl \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Vault Backup Failed for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
else
echo ">> S3 Sync succeeded"
fi fi

15
clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml
View File

@@ -72,6 +72,11 @@ spec:
secretKeyRef: secretKeyRef:
key: BUCKET key: BUCKET
name: vault-s3cmd-external-config name: vault-s3cmd-external-config
- name: TARGET
value: External
envFrom:
- secretRef:
name: vault-backup-ntfy-secret
image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: s3-backup-external name: s3-backup-external
@@ -97,6 +102,11 @@ spec:
secretKeyRef: secretKeyRef:
key: BUCKET key: BUCKET
name: vault-s3cmd-local-config name: vault-s3cmd-local-config
- name: TARGET
value: Local
envFrom:
- secretRef:
name: vault-backup-ntfy-secret
image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: s3-backup-local name: s3-backup-local
@@ -122,6 +132,11 @@ spec:
secretKeyRef: secretKeyRef:
key: BUCKET key: BUCKET
name: vault-s3cmd-remote-config name: vault-s3cmd-remote-config
- name: TARGET
value: Remote
envFrom:
- secretRef:
name: vault-backup-ntfy-secret
image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: s3-backup-remote name: s3-backup-remote

58
clusters/cl01tl/manifests/vault/Deployment-vault.yaml
View File

@@ -1,58 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: vault
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: vault
helm.sh/chart: temp-4.5.0
namespace: vault
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: vault
app.kubernetes.io/instance: vault
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: vault
app.kubernetes.io/name: vault
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- command:
- sleep
- infinity
image: ubuntu:resolute-20251208
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 32Mi
volumeMounts:
- mountPath: /opt/backup
name: backup
- mountPath: /opt/backup-old
name: backup-old
volumes:
- name: backup
persistentVolumeClaim:
claimName: vault-storage-backup
- name: backup-old
persistentVolumeClaim:
claimName: vault-nfs-storage-backup

35
clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-ntfy-secret.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-backup-ntfy-secret
namespace: vault
labels:
app.kubernetes.io/name: vault-backup-ntfy-secret
app.kubernetes.io/instance: vault
app.kubernetes.io/part-of: vault
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
- secretKey: NTFY_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint
- secretKey: NTFY_TOPIC
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot
metadataPolicy: None
property: NTFY_TOPIC