DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(secrets-backup): 🐛 add openssl install + upgrade image to 1.32.0

Browse source 
alpine/k8s:1.28.0 does not ship openssl. Script calls openssl enc
on line 116 causing exit 127 on every run since initial deploy.

Fix:
- apk add --no-cache openssl at script start (defensive, idempotent)
- upgrade image 1.28.0 -> 1.32.0 (kubectl client was 5 minor versions
  behind cluster v1.33, outside supported skew of +/-1)
This commit is contained in:
Daniel Sy 2026-06-12 09:32:35 +02:00
parent cf8271fd86
commit 9bbcf4efca
Signed by untrusted user: danielsy
GPG key ID: 1F39A8BBCD2EE3D3
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
otc/dev.t09.de/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml
View file

@ -61,7 +61,7 @@ spec:
serviceAccountName: secrets-backup serviceAccountName: secrets-backup
containers: containers:
- name: secrets-backup - name: secrets-backup
image: alpine/k8s:1.28.0 image: alpine/k8s:1.32.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
@ -92,6 +92,9 @@ spec:
- | - |
set -euo pipefail set -euo pipefail
# Ensure openssl is available (not bundled in alpine/k8s image)
apk add --no-cache openssl --quiet
TIMESTAMP=$(date +%Y%m%d-%H%M%S) TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BACKUP_DIR="/tmp/secrets-backup-${TIMESTAMP}" BACKUP_DIR="/tmp/secrets-backup-${TIMESTAMP}"
NAMESPACES="argocd cert-manager external-secrets" NAMESPACES="argocd cert-manager external-secrets"