arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backup): enable the daily backup CronJob on prod (Vault creds wired)

Browse Source 
tools#5 granted the erp prod Vault policy read on kvv2/data/longhorn/gcs-backup
(applied + verified: 1 changed, 0 destroyed). So the CronJob's VaultStaticSecret
can now resolve the GCS creds.

- backup.enabled: true (prod), vaultS3Path: longhorn/gcs-backup.
- sandbox overlay keeps backup.enabled: false (reproducible; its env policy wasn't
  granted the read).

ArgoCD will deploy the CronJob + ConfigMap + VaultStaticSecret in the erp namespace.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Gabriel Radureau
2026-06-30 17:41:39 +02:00
parent 223dae227e
commit 102a205ff8
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
chart/values-sandbox.yaml
View File

@@ -38,3 +38,9 @@ ingress:
paths:
- path: /
pathType: Prefix
# The sandbox is reproducible (iso-prod refresh), so it needs no offsite backup —
# and its env=sandbox Vault policy wasn't granted read on the GCS creds path
# (only prod was, tools#5). Keep the CronJob off here.
backup:
enabled: false