-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat/backup script #2604
Feat/backup script #2604
Conversation
gen3/bin/dbbackup.sh
Outdated
create_or_get_kms_key | ||
create_s3_bucket $bucket_name $kms_key_arn | ||
create_s3_bucket $bucket_name_encrypted $kms_key_arn | ||
setup_csi_driver |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally this should be a separate script or terraform. Then we can call that separate script or terraform from within this script.
gen3/bin/dbbackup.sh
Outdated
|
||
gen3_log_info "policy_name: $policy_name" | ||
gen3_log_info "account_id: $account_id" | ||
gen3_log_info "vpc_name: $vpc_name" | ||
gen3_log_info "namespace: $namespace" | ||
gen3_log_info "sa_name: $sa_name" | ||
gen3_log_info "bucket_name: $bucket_name" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should not need a unencrypted bucket, we should only allow an encrypted bucket.
gen3/bin/dbbackup.sh
Outdated
} | ||
|
||
# Create policy for Mountpoint for Amazon S3 CSI driver | ||
create_s3_csi_policy() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same thing for all these other functions related to csi driver. These should go into a kube-setup-s3-csi
or similar script, and then this script can call that other script, we need to make sure the other script is idempotent as well.
fix tmp file name
added service account creation
Add all oidc_url's to the trust plicy
separate policies, roles per cluster
install mount-s3