ops(sol): add offline canary recovery path
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 6m45s

This commit is contained in:
mpabi
2026-04-12 19:25:55 +02:00
parent c76eb7d5f3
commit 1acb8d403e
7 changed files with 212 additions and 4 deletions

View File

@@ -0,0 +1,32 @@
#!/usr/bin/env bash
set -euo pipefail
TARGET_HOST="${TARGET_HOST:-mevnode}"
TARGET_NAMESPACE="${TARGET_NAMESPACE:-trade-r001-canary}"
SNAPSHOT_DIR="${SNAPSHOT_DIR:-$HOME/.local/share/trade-bootstrap/sol/trade-r001-canary-secrets}"
SECRETS=(
gitea-registry
trade-api
trade-basic-auth
trade-dlob-rpc
trade-frontend-tokens
trade-hasura
trade-ingestor-tokens
trade-postgres
)
ssh_target() {
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
}
install -d -m 700 "$SNAPSHOT_DIR"
for secret_name in "${SECRETS[@]}"; do
ssh_target "sudo k3s kubectl -n ${TARGET_NAMESPACE} get secret ${secret_name} -o json" \
> "${SNAPSHOT_DIR}/${secret_name}.json"
chmod 600 "${SNAPSHOT_DIR}/${secret_name}.json"
echo "Snapshotted ${secret_name} to ${SNAPSHOT_DIR}/${secret_name}.json"
done
echo "Secret snapshot ready at ${SNAPSHOT_DIR}"