ops(sol): add offline canary recovery path
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 6m45s
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 6m45s
This commit is contained in:
32
environments/sol/trade-r001-canary/scripts/snapshot-sol-secrets.sh
Executable file
32
environments/sol/trade-r001-canary/scripts/snapshot-sol-secrets.sh
Executable file
@@ -0,0 +1,32 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
TARGET_HOST="${TARGET_HOST:-mevnode}"
|
||||
TARGET_NAMESPACE="${TARGET_NAMESPACE:-trade-r001-canary}"
|
||||
SNAPSHOT_DIR="${SNAPSHOT_DIR:-$HOME/.local/share/trade-bootstrap/sol/trade-r001-canary-secrets}"
|
||||
|
||||
SECRETS=(
|
||||
gitea-registry
|
||||
trade-api
|
||||
trade-basic-auth
|
||||
trade-dlob-rpc
|
||||
trade-frontend-tokens
|
||||
trade-hasura
|
||||
trade-ingestor-tokens
|
||||
trade-postgres
|
||||
)
|
||||
|
||||
ssh_target() {
|
||||
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
|
||||
}
|
||||
|
||||
install -d -m 700 "$SNAPSHOT_DIR"
|
||||
|
||||
for secret_name in "${SECRETS[@]}"; do
|
||||
ssh_target "sudo k3s kubectl -n ${TARGET_NAMESPACE} get secret ${secret_name} -o json" \
|
||||
> "${SNAPSHOT_DIR}/${secret_name}.json"
|
||||
chmod 600 "${SNAPSHOT_DIR}/${secret_name}.json"
|
||||
echo "Snapshotted ${secret_name} to ${SNAPSHOT_DIR}/${secret_name}.json"
|
||||
done
|
||||
|
||||
echo "Secret snapshot ready at ${SNAPSHOT_DIR}"
|
||||
Reference in New Issue
Block a user