65 lines
2.5 KiB
YAML
65 lines
2.5 KiB
YAML
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: vault-snapshot-cronjob
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app.kubernetes.io/name: vault-snapshot-cronjob
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
|
app.kubernetes.io/component: storage
|
|
app.kubernetes.io/part-of: {{ .Release.Name }}
|
|
spec:
|
|
schedule: "@every 24h"
|
|
successfulJobsHistoryLimit: 3
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: snapshot
|
|
image: hashicorp/vault:1.16.2
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/ash
|
|
args:
|
|
- -ec
|
|
- |
|
|
apk add --no-cache jq;
|
|
export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
|
|
vault operator raft snapshot save /opt/backup/vault-snapshot-latest.snap;
|
|
cp /opt/backup/vault-snapshot-latest.snap /opt/backup/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
|
|
cp /opt/backup/vault-snapshot-latest.snap /opt/backup/vault-snapshot-s3.snap;
|
|
envFrom:
|
|
- secretRef:
|
|
name: vault-snapshot-agent-token
|
|
env:
|
|
- name: VAULT_ADDR
|
|
value: http://vault-active.vault.svc.cluster.local:8200
|
|
volumeMounts:
|
|
- mountPath: /opt/backup
|
|
name: backup
|
|
- name: upload
|
|
image: amazon/aws-cli:2.15.42
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
until [ -f /opt/backup/vault-snapshot-s3.snap ]; do sleep 5; done;
|
|
aws s3 cp /opt/backup/vault-snapshot-s3.snap s3://cl01tl-vault-snapshots/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
|
|
rm /opt/backup/vault-snapshot-s3.snap;
|
|
envFrom:
|
|
- secretRef:
|
|
name: vault-snapshot-s3
|
|
volumeMounts:
|
|
- mountPath: /opt/backup
|
|
name: backup
|
|
volumes:
|
|
- name: backup
|
|
persistentVolumeClaim:
|
|
claimName: vault-nfs-storage-backup
|