describe pw change process

doc/BackupAndRestore.md

@@ -9,16 +9,12 @@
 
 ## Manual backup
 
-1. Scale Cloud deployment down:   
-  `kubectl -n nextcloud scale deployment cloud-deployment --replicas=0`
 1. Scale backup-restore deployment up:   
    `kubectl -n nextcloud scale deployment backup-restore --replicas=1`
-1. exec into pod and execute restore pod   
+2. exec into pod and execute restore pod   
    `kubectl -n nextcloud exec -it backup-restore -- backup.bb`
-1. Scale backup-restore deployment down:   
+3. Scale backup-restore deployment down:   
   `kubectl -n nextcloud scale deployment backup-restore --replicas=0`
-1. Scale Cloud deployment up:   
-   `kubectl -n nextcloud scale deployment cloud-deployment --replicas=1`
 
 ## Manual restore
 
@@ -32,3 +28,40 @@
   `kubectl -n nextcloud scale deployment backup-restore --replicas=0`
 5. Scale Cloud deployment up:   
    `kubectl -n nextcloud scale deployment cloud-deployment --replicas=1`
+
+## Change Password
+
+1. Apply restic-new-password to secret & backup deployment   
+   ```
+   kind: Deployment
+   metadata:
+     name: backup-restore
+   spec:
+       spec:
+         containers:
+         - name: backup-app
+           env:
+           - name: RESTIC_NEW_PASSWORD_FILE
+             value: /var/run/secrets/backup-secrets/restic-new-password
+   ---
+   kind: Secret
+   metadata:
+     name: backup-secret
+   data:
+     restic-password: old
+     restic-new-password: new
+   ```
+2. Scale backup-restore deployment up:   
+   `kubectl -n nextcloud scale deployment backup-restore --replicas=1`
+3. exec into pod and execute restore pod   
+   `kubectl -n nextcloud exec -it backup-restore -- change-password.bb`
+4. Scale backup-restore deployment down:   
+  `kubectl -n nextcloud scale deployment backup-restore --replicas=0`
+5. Replace restic-password with restic-new-password in secret   
+   ```
+   kind: Secret
+   metadata:
+     name: backup-secret
+   data:
+     restic-password: new
+   ```

infrastructure/backup/image/resources/install.bb

@@ -11,6 +11,7 @@
 (in/install! "backup.bb")
 (in/install! "restore.bb")
 (in/install! "list-snapshots.bb")
+(in/install! "change-password.bb")
 (in/install! "start-maintenance.sh")
 (in/install! "end-maintenance.sh")
 (in/install! "restore.bb")

src/main/resources/backup/cron.yaml

@@ -53,8 +53,6 @@ spec:
                   key: restic-repository
             - name: RESTIC_PASSWORD_FILE
               value: /var/run/secrets/backup-secrets/restic-password
-            - name: RESTIC_NEW_PASSWORD_FILE
-              value: /var/run/secrets/backup-secrets/restic-new-password
             volumeMounts:
             - name: cloud-data-volume
               mountPath: /var/backups

src/test/cljc/dda/c4k_nextcloud/backup_test.cljc

@@ -85,8 +85,7 @@
                   {:name "AWS_ACCESS_KEY_ID_FILE", :value "/var/run/secrets/backup-secrets/aws-access-key-id"}
                   {:name "AWS_SECRET_ACCESS_KEY_FILE", :value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
                   {:name "RESTIC_REPOSITORY", :valueFrom {:configMapKeyRef {:name "backup-config", :key "restic-repository"}}}
-                  {:name "RESTIC_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-password"}
+                  {:name "RESTIC_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-password"}]
-                   {:name "RESTIC_NEW_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-new-password"}]
                  :volumeMounts
                  [{:name "cloud-data-volume", :mountPath "/var/backups"}
                   {:name "backup-secret-volume", :mountPath "/var/run/secrets/backup-secrets", :readOnly true}