Statemachine credRot devnotes
This commit is contained in:
parent
56bc215f26
commit
3bc3a0cd7e
1 changed files with 36 additions and 0 deletions
36
infrastructure/backup/doc/backup_dev_notes.md
Normal file
36
infrastructure/backup/doc/backup_dev_notes.md
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
## Init Statemachine
|
||||||
|
|
||||||
|
### Inputs
|
||||||
|
1. `restic-password: ""`
|
||||||
|
2. `restic-password-to-rotate: ""`
|
||||||
|
|
||||||
|
### Manual init the restic repository for the first time
|
||||||
|
|
||||||
|
1. apply backup-and-restore pod:
|
||||||
|
`kubectl scale deployment backup-restore --replicas=1`
|
||||||
|
2. exec into pod and execute restore pod (press tab to get your exact pod name)
|
||||||
|
`kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
|
||||||
|
3. remove backup-and-restore pod:
|
||||||
|
`kubectl scale deployment backup-restore --replicas=0`
|
||||||
|
|
||||||
|
### Password Rotation
|
||||||
|
|
||||||
|
1. apply backup-and-restore pod:
|
||||||
|
`kubectl scale deployment backup-restore --replicas=1`
|
||||||
|
2. add new password to restic repository
|
||||||
|
`restic key add ....`
|
||||||
|
=> Trigger ::
|
||||||
|
field (1) credential current
|
||||||
|
filed (2) credential new
|
||||||
|
3. replace field (1) with (2) & clear (2)
|
||||||
|
4. remove old key - ???
|
||||||
|
`restic remove ....`
|
||||||
|
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
stateDiagram-v2
|
||||||
|
[*] --> init
|
||||||
|
init --> backup_ready: trigger, restic-password !empty
|
||||||
|
backup_ready --> new_password_added: restic-password !empty && restic-password-to-rotate !empty
|
||||||
|
new_password_added --> backup_ready: restic-password !empty && restic-password-to-rotate empty
|
||||||
|
```
|
Loading…
Reference in a new issue