chore(init): Vault upload secrets to s3

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
2022-11-08 13:50:19 +01:00 · 2022-11-08 13:50:19 +01:00 · 38b90a2a3a
commit 38b90a2a3a
parent 0b5db60cf2
1 changed files with 28 additions and 0 deletions
--- a/scripts/helmcharts/openreplay/templates/job.yaml
+++ b/scripts/helmcharts/openreplay/templates/job.yaml
@ -156,6 +156,34 @@ spec:
          mountPath: /opt/openreplay
        - name: dbmigrationscript
          mountPath: /opt/migrations/
+      - name: vault-s3-upload
+        env:
+          - name: AWS_ACCESS_KEY_ID
+            value: "{{ .Values.global.s3.accessKey }}"
+          - name: AWS_SECRET_ACCESS_KEY
+            value: "{{ .Values.global.s3.secretKey }}"
+          - name: AWS_DEFAULT_REGION
+            value: "{{ .Values.global.s3.region }}"
+          - name: AWS_ENDPOINT
+            value: "{{ .Values.global.s3.endpoint }}"
+        image: amazon/aws-cli
+        command: 
+        - /bin/bash
+        - -c
+        args:
+        - |
+          while true; do
+          [[ -f /opt/openreplay/vault_creds.txt ]] && {
+            aws s3 cp --endpoint ${AWS_ENDPOINT} /opt/openreplay/vault_creds.txt s3://static/vault/
+            exit 0
+          } || {
+            echo vault not yet initialized;
+            sleep 2
+          };
+          done
+        volumeMounts:
+        - name: shared
+          mountPath: /opt/openreplay
      {{- end }}
      - name: clickhouse
        image: yandex/clickhouse-client:21.9.4.35