From 38b90a2a3ae920ca4bdc8e6f358391d8d9d448f9 Mon Sep 17 00:00:00 2001
From: rjshrjndrn <rjshrjndrn@gmail.com>
Date: Tue, 8 Nov 2022 13:50:19 +0100
Subject: [PATCH] chore(init): Vault upload secrets to s3

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
---
 .../helmcharts/openreplay/templates/job.yaml  | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/scripts/helmcharts/openreplay/templates/job.yaml b/scripts/helmcharts/openreplay/templates/job.yaml
index b0ee31d01..37a1d0ccd 100644
--- a/scripts/helmcharts/openreplay/templates/job.yaml
+++ b/scripts/helmcharts/openreplay/templates/job.yaml
@@ -156,6 +156,34 @@ spec:
           mountPath: /opt/openreplay
         - name: dbmigrationscript
           mountPath: /opt/migrations/
+      - name: vault-s3-upload
+        env:
+          - name: AWS_ACCESS_KEY_ID
+            value: "{{ .Values.global.s3.accessKey }}"
+          - name: AWS_SECRET_ACCESS_KEY
+            value: "{{ .Values.global.s3.secretKey }}"
+          - name: AWS_DEFAULT_REGION
+            value: "{{ .Values.global.s3.region }}"
+          - name: AWS_ENDPOINT
+            value: "{{ .Values.global.s3.endpoint }}"
+        image: amazon/aws-cli
+        command: 
+        - /bin/bash
+        - -c
+        args:
+        - |
+          while true; do
+          [[ -f /opt/openreplay/vault_creds.txt ]] && {
+            aws s3 cp --endpoint ${AWS_ENDPOINT} /opt/openreplay/vault_creds.txt s3://static/vault/
+            exit 0
+          } || {
+            echo vault not yet initialized;
+            sleep 2
+          };
+          done
+        volumeMounts:
+        - name: shared
+          mountPath: /opt/openreplay
       {{- end }}
       - name: clickhouse
         image: yandex/clickhouse-client:21.9.4.35