Backup Secrets #28
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/backup-bot-two#28
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
There should be a backup of the app secrets as well. If you need to reinitialize the swarm for any reason or want to restore the app on another server the secrets are required. Further you don't need to handle a way to store all the autogenerated secrets locally anymore.
Also somehow related: coop-cloud/organising#480
Unfortunately I couldn't find any other way to access the secrets, than attaching them to a container and reading
/var/run/secrets
.Therefore my idea is to attach all secrets of all apps that have the
'backupbot.backup
label to the backupbot. Than the secrets can easily be handled by restic.Another approach:
mount
/var/lib/docker/containers/
inside the backupbot. So the secrets can be accessed via/var/lib/docker/containers/<container-id>/mounts/secrets
.This solves two problems with attaching the secrets to the backupbot:
New approach:
ef9fbda7d0
For each app that is included in the backup the secrets are copied from
/var/lib/docker/containers/<container-id>/mounts/secrets/<secret_id>
to/secrets/<secret_name>
and/secret
is included as backup path forrestic
.