Merge pull request 'feat(backup): enable the daily backup CronJob on prod (Vault creds wired)' (#33) from claude/dolibarr-backup-enable into main
This commit was merged in pull request #33.
This commit is contained in:
@@ -38,3 +38,9 @@ ingress:
|
|||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|
||||||
|
# The sandbox is reproducible (iso-prod refresh), so it needs no offsite backup —
|
||||||
|
# and its env=sandbox Vault policy wasn't granted read on the GCS creds path
|
||||||
|
# (only prod was, tools#5). Keep the CronJob off here.
|
||||||
|
backup:
|
||||||
|
enabled: false
|
||||||
|
|||||||
@@ -138,9 +138,11 @@ affinity: {}
|
|||||||
# `auth` Vault role must be granted read on kvv2/<vaultS3Path>). The manual
|
# `auth` Vault role must be granted read on kvv2/<vaultS3Path>). The manual
|
||||||
# orchestrator ops/backup/dolibarr-backup.sh works today without this.
|
# orchestrator ops/backup/dolibarr-backup.sh works today without this.
|
||||||
backup:
|
backup:
|
||||||
enabled: false
|
enabled: true
|
||||||
schedule: "0 3 * * *" # daily 03:00 UTC
|
schedule: "0 3 * * *" # daily 03:00 UTC
|
||||||
bucket: arcodange-backup
|
bucket: arcodange-backup
|
||||||
pgHost: "192.168.1.202" # direct Postgres host (matches ops/sandbox + ops/backup)
|
pgHost: "192.168.1.202" # direct Postgres host (matches ops/sandbox + ops/backup)
|
||||||
image: postgres:16-alpine
|
image: postgres:16-alpine
|
||||||
vaultS3Path: erp/backup # kvv2/<this> → AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_ENDPOINTS
|
# Shared GCS HMAC creds; the erp prod Vault policy was granted read on this path
|
||||||
|
# (tools#5: kv_read_paths). VSO reads kvv2/data/longhorn/gcs-backup.
|
||||||
|
vaultS3Path: longhorn/gcs-backup
|
||||||
|
|||||||
Reference in New Issue
Block a user