arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backup): enable the daily backup CronJob on prod (Vault creds wired) #33

Merged
arcodange merged 1 commits from claude/dolibarr-backup-enable into main 2026-06-30 17:42:14 +02:00
Conversation 0 Commits 1 Files Changed 2 +10 -2
arcodange commented 2026-06-30 17:42:02 +02:00
Owner
Copy Link

Active le CronJob de backup quotidien sur prod, maintenant que les creds Vault sont câblés.

tools#5 a accordé à la policy Vault prod d'erp la lecture de kvv2/data/longhorn/gcs-backupappliqué + vérifié via la CI vault (OIDC) : Plan: 0 to add, 1 to change, 0 to destroy / Apply complete! 1 changed. Le VaultStaticSecret du CronJob peut donc résoudre les creds GCS.

  • backup.enabled: true (prod), vaultS3Path: longhorn/gcs-backup.
  • L'overlay sandbox garde backup.enabled: false (sandbox reproductible ; sa policy env n'a pas le grant).

Render Helm vérifié : prod → CronJob + path: longhorn/gcs-backup ; sandbox → 0 CronJob. ArgoCD déploiera le CronJob + ConfigMap + VaultStaticSecret dans le namespace erp.

🤖 Generated with Claude Code

Active le CronJob de backup quotidien sur prod, maintenant que les creds Vault sont câblés. [tools#5](https://gitea.arcodange.lab/arcodange-org/tools/pulls/5) a accordé à la policy Vault **prod** d'erp la lecture de `kvv2/data/longhorn/gcs-backup` — **appliqué + vérifié** via la CI vault (OIDC) : `Plan: 0 to add, 1 to change, 0 to destroy` / `Apply complete! 1 changed`. Le `VaultStaticSecret` du CronJob peut donc résoudre les creds GCS. - `backup.enabled: true` (prod), `vaultS3Path: longhorn/gcs-backup`. - L'overlay sandbox garde `backup.enabled: false` (sandbox reproductible ; sa policy env n'a pas le grant). Render Helm vérifié : prod → CronJob + `path: longhorn/gcs-backup` ; sandbox → 0 CronJob. ArgoCD déploiera le CronJob + ConfigMap + VaultStaticSecret dans le namespace erp. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
arcodange added 1 commit 2026-06-30 17:42:03 +02:00
feat(backup): enable the daily backup CronJob on prod (Vault creds wired) 102a205ff8 
tools#5 granted the erp prod Vault policy read on kvv2/data/longhorn/gcs-backup
(applied + verified: 1 changed, 0 destroyed). So the CronJob's VaultStaticSecret
can now resolve the GCS creds.

- backup.enabled: true (prod), vaultS3Path: longhorn/gcs-backup.
- sandbox overlay keeps backup.enabled: false (reproducible; its env policy wasn't
  granted the read).

ArgoCD will deploy the CronJob + ConfigMap + VaultStaticSecret in the erp namespace.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
arcodange merged commit 590dbe1f26 into main 2026-06-30 17:42:14 +02:00
arcodange deleted branch claude/dolibarr-backup-enable 2026-06-30 17:42:15 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
arcodange
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange-org/erp#33
Delete Branch "claude/dolibarr-backup-enable"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?