/
cronjob.yaml
49 lines (49 loc) · 1.37 KB
/
cronjob.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# https://igorzhivilo.com/vault/scheduled-backup-vault-cronjob/
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: vault-backup
spec:
schedule: "0 1 * * *"
jobTemplate:
spec:
template:
spec:
restartPolicy: Never
nodeSelector:
instance-type: spot
containers:
- name: awscli
image: amazon/aws-cli:latest
command:
- "aws"
- "s3"
- "cp"
- "/data/vault_secrets.enc"
- "s3://jenkins-backups/vault_secrets.enc"
imagePullPolicy: Always
envFrom:
- secretRef:
name: aws-creds-secret
volumeMounts:
- name: backup-dir
mountPath: /data
initContainers:
- name: vault-backup
image: warolv/vault-backup
command:
- "python3"
- "vault_handler.py"
- "dump"
- "-dp"
- "/data/vault_secrets.enc"
imagePullPolicy: Always
envFrom:
- secretRef:
name: vault-backup-secret
volumeMounts:
- name: backup-dir
mountPath: /data
volumes:
- name: backup-dir
emptyDir: {}