tyriis
commented
3 weeks ago backup should be done with tekton to backup the raft storage to a google bucket
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: vault-snapshot-task
spec:
workspaces:
- name: output
steps:
- name: take-snapshot
image: vault:1.8.2
script: |
#!/usr/bin/env sh
set -e
export VAULT_ADDR=http://vault-active.vault.svc.cluster.local:8200
export VAULT_TOKEN=$(vault write -field=token auth/kubernetes/login jwt=$SA_TOKEN role=vault-backup)
vault operator raft snapshot save /workspace/output/vault-raft.snap
volumeMounts:
- name: vault-token
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
volumes:
- name: vault-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 7200
audience: vaultexampple code untested
Todos