apiVersion: batch/v1 kind: CronJob metadata: name: vault-snapshot labels: app.kubernetes.io/controller: snapshot app.kubernetes.io/instance: vault app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault helm.sh/chart: snapshot-4.5.0 namespace: vault spec: suspend: false concurrencyPolicy: Forbid startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 4 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 3 jobTemplate: spec: parallelism: 1 backoffLimit: 3 template: metadata: labels: app.kubernetes.io/controller: snapshot app.kubernetes.io/instance: vault app.kubernetes.io/name: vault spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true securityContext: runAsGroup: 1000 runAsUser: 100 hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst restartPolicy: Never initContainers: - args: - -ec - /scripts/snapshot.sh command: - /bin/ash env: - name: VAULT_ADDR value: http://vault-active.vault.svc.cluster.local:8200 envFrom: - secretRef: name: vault-snapshot-agent-token image: hashicorp/vault:1.21.1 imagePullPolicy: IfNotPresent name: snapshot volumeMounts: - mountPath: /opt/backup name: backup - mountPath: /scripts/snapshot.sh name: snapshot-script subPath: snapshot.sh containers: - args: - -ec - /scripts/backup.sh command: - /bin/sh env: - name: BUCKET valueFrom: secretKeyRef: key: BUCKET name: vault-s3cmd-external-config image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f imagePullPolicy: IfNotPresent name: s3-backup-external volumeMounts: - mountPath: /opt/backup name: backup - mountPath: /scripts/backup.sh name: backup-script subPath: backup.sh - mountPath: /root/.s3cfg mountPropagation: None name: s3cmd-external-config readOnly: true subPath: .s3cfg - args: - -ec - /scripts/backup.sh command: - /bin/sh env: - name: BUCKET valueFrom: secretKeyRef: key: BUCKET name: vault-s3cmd-local-config image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f imagePullPolicy: IfNotPresent name: s3-backup-local volumeMounts: - mountPath: /opt/backup name: backup - mountPath: /scripts/backup.sh name: backup-script subPath: backup.sh - mountPath: /root/.s3cfg mountPropagation: None name: s3cmd-local-config readOnly: true subPath: .s3cfg - args: - -ec - /scripts/backup.sh command: - /bin/sh env: - name: BUCKET valueFrom: secretKeyRef: key: BUCKET name: vault-s3cmd-remote-config image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f imagePullPolicy: IfNotPresent name: s3-backup-remote volumeMounts: - mountPath: /opt/backup name: backup - mountPath: /scripts/backup.sh name: backup-script subPath: backup.sh - mountPath: /root/.s3cfg mountPropagation: None name: s3cmd-remote-config readOnly: true subPath: .s3cfg volumes: - name: backup persistentVolumeClaim: claimName: vault-storage-backup - configMap: defaultMode: 493 name: vault-backup-script name: backup-script - name: s3cmd-external-config secret: secretName: vault-s3cmd-external-config - name: s3cmd-local-config secret: secretName: vault-s3cmd-local-config - name: s3cmd-remote-config secret: secretName: vault-s3cmd-remote-config - configMap: defaultMode: 493 name: vault-snapshot-script name: snapshot-script