fix(secrets-backup): 🐛 add openssl install + upgrade image to 1.32.0

alpine/k8s:1.28.0 does not ship openssl. Script calls openssl enc on line 116 causing exit 127 on every run since initial deploy. Fix: - apk add --no-cache openssl at script start (defensive, idempotent) - upgrade image 1.28.0 -> 1.32.0 (kubectl client was 5 minor versions behind cluster v1.33, outside supported skew of +/-1)
2026-06-12 09:32:35 +02:00 · 2026-06-12 09:32:35 +02:00 · 9bbcf4efca
commit 9bbcf4efca
parent cf8271fd86
1 changed files with 4 additions and 1 deletions
--- a/otc/dev.t09.de/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml
+++ b/otc/dev.t09.de/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml
@ -61,7 +61,7 @@ spec:
          serviceAccountName: secrets-backup
          containers:
            - name: secrets-backup
-              image: alpine/k8s:1.28.0
+              image: alpine/k8s:1.32.0
              imagePullPolicy: IfNotPresent
              env:
                - name: AWS_ACCESS_KEY_ID
@ -92,6 +92,9 @@ spec:
                - |
                  set -euo pipefail

+                  # Ensure openssl is available (not bundled in alpine/k8s image)
+                  apk add --no-cache openssl --quiet
+
                  TIMESTAMP=$(date +%Y%m%d-%H%M%S)
                  BACKUP_DIR="/tmp/secrets-backup-${TIMESTAMP}"
                  NAMESPACES="argocd cert-manager external-secrets"