fix(secrets-backup): 🔥 remove client-side openssl encryption
Some checks failed
Build secrets-backup image / build-and-push (push) Failing after 3s
Some checks failed
Build secrets-backup image / build-and-push (push) Failing after 3s
OBS bucket has server-side KMS encryption. Client-side openssl was redundant and caused failures (Alpine CDN unreachable at 03:30 UTC). Changes: - Dockerfile: remove openssl apk install (no longer needed) - CronJob: remove openssl enc step, upload .tar.gz directly - CronJob: remove secrets-backup-config Secret (encryption passphrase) - CronJob: remove ENCRYPTION_PASSPHRASE env var - Bump image tag to 1.0.1, update workflow and manifest reference Flow: kubectl export → tar.gz → upload to OBS (SSE-KMS handles rest) Ref: IPCEICIS-9317
This commit is contained in:
parent
6b29aa3916
commit
81b721bb5a
GPG key ID:
1F39A8BBCD2EE3D3
3 changed files with 43 additions and 30 deletions
3
build/secrets-backup/Dockerfile
Normal file
3
build/secrets-backup/Dockerfile
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
FROM alpine/k8s:1.32.0
|
||||
# No extra packages needed — kubectl and aws CLI are bundled in alpine/k8s
|
||||
# OBS SSE-KMS handles encryption at rest; no openssl required
|
||||
Loading…
Add table
Add a link
Reference in a new issue