From 1f6e91b6ace85ebf7a60e852526ad2e832251cae Mon Sep 17 00:00:00 2001 From: Daniel Sy Date: Fri, 12 Jun 2026 09:33:14 +0200 Subject: [PATCH] =?UTF-8?q?fix(secrets-backup):=20=F0=9F=90=9B=20add=20ope?= =?UTF-8?q?nssl=20install=20+=20upgrade=20image=20to=201.32.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit alpine/k8s:1.28.0 does not ship openssl. Script calls openssl enc on line 116 causing exit 127 on every run. Fix: - apk add --no-cache openssl at script start (defensive, idempotent) - upgrade image 1.28.0 -> 1.32.0 (kubectl client 5 minor versions behind cluster v1.33, outside supported skew of +/-1) --- .../secrets-backup/manifests/secrets-backup-cronjob.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/template/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml b/template/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml index bd1f913..aafcf84 100644 --- a/template/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml +++ b/template/stacks/core/secrets-backup/manifests/secrets-backup-cronjob.yaml @@ -61,7 +61,7 @@ spec: serviceAccountName: secrets-backup containers: - name: secrets-backup - image: alpine/k8s:1.28.0 + image: alpine/k8s:1.32.0 imagePullPolicy: IfNotPresent env: - name: AWS_ACCESS_KEY_ID @@ -92,6 +92,9 @@ spec: - | set -euo pipefail + # Ensure openssl is available (not bundled in alpine/k8s image) + apk add --no-cache openssl --quiet + TIMESTAMP=$(date +%Y%m%d-%H%M%S) BACKUP_DIR="/tmp/secrets-backup-${TIMESTAMP}" NAMESPACES="argocd cert-manager external-secrets"