arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backup): enable the daily backup CronJob on prod (Vault creds wired) #33

Merged
arcodange merged 1 commits from claude/dolibarr-backup-enable into main 2026-06-30 17:42:14 +02:00
Conversation 0 Commits 1 Files Changed 2 +10 -2
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 102a205ff8 - Show all commits

6
chart/values-sandbox.yaml
View File

@@ -38,3 +38,9 @@ ingress:
paths: paths:
- path: / - path: /
pathType: Prefix pathType: Prefix
# The sandbox is reproducible (iso-prod refresh), so it needs no offsite backup —
# and its env=sandbox Vault policy wasn't granted read on the GCS creds path
# (only prod was, tools#5). Keep the CronJob off here.
backup:
enabled: false

6
chart/values.yaml
View File

@@ -138,9 +138,11 @@ affinity: {}
# `auth` Vault role must be granted read on kvv2/<vaultS3Path>). The manual # `auth` Vault role must be granted read on kvv2/<vaultS3Path>). The manual
# orchestrator ops/backup/dolibarr-backup.sh works today without this. # orchestrator ops/backup/dolibarr-backup.sh works today without this.
backup: backup:
enabled: false enabled: true
schedule: "0 3 * * *" # daily 03:00 UTC schedule: "0 3 * * *" # daily 03:00 UTC
bucket: arcodange-backup bucket: arcodange-backup
pgHost: "192.168.1.202" # direct Postgres host (matches ops/sandbox + ops/backup) pgHost: "192.168.1.202" # direct Postgres host (matches ops/sandbox + ops/backup)
image: postgres:16-alpine image: postgres:16-alpine
vaultS3Path: erp/backup # kvv2/<this> → AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_ENDPOINTS # Shared GCS HMAC creds; the erp prod Vault policy was granted read on this path
# (tools#5: kv_read_paths). VSO reads kvv2/data/longhorn/gcs-backup.
vaultS3Path: longhorn/gcs-backup