Add example ConfigMap and Secret for MSSQL backup configuration

- Introduced `k8s-mssql-configmap-example.yaml` and `k8s-mssql-secret-example.yaml` to provide templates for non-sensitive and sensitive configurations, respectively. - Updated `README.md` and `k8s-statefulset-test.yaml` to reference the new example files. - Created `k8s-statefulset-with-sidecar.yaml` for deploying MSSQL with a backup sidecar, enhancing the backup functionality. Signed-off-by: Shakar Bakr <5h4k4r.b4kr@gmail.com>
2026-01-25 15:23:03 +00:00 · 2025-10-27 13:22:19 +03:00
parent a9c7cc4be3
commit 90c114c647
7 changed files with 26 additions and 21 deletions
--- a/tests/k8s-mssql-secret-example.yaml
+++ b/tests/k8s-mssql-secret-example.yaml
@@ -0,0 +1,72 @@
+# Example mssql-general Secret
+# This secret contains ONLY sensitive credentials (passwords, keys)
+# Non-sensitive configuration is in the ConfigMap (tests/k8s-mssql-configmap-example.yaml)
+#
+# Usage:
+#   1. Copy this file and update with your actual values
+#   2. Apply ConfigMap: kubectl apply -f tests/k8s-mssql-configmap.yaml
+#   3. Apply Secret: kubectl apply -f tests/k8s-mssql-secret.yaml
+#   4. Deploy: kubectl apply -f tests/k8s-statefulset-with-sidecar.yaml
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mssql-general
+  namespace: default # Update with your namespace
+type: Opaque
+stringData:
+  # ============================================
+  # MSSQL Server Credentials
+  # ============================================
+  MSSQL_SA_PASSWORD: "YourStrong@Passw0rd" # Must meet SQL Server complexity requirements
+
+  # ============================================
+  # Database Backup Credentials
+  # ============================================
+  DATABASE_USER: "sa"
+  DATABASE_PASSWORD: "YourStrong@Passw0rd" # Same as MSSQL_SA_PASSWORD
+
+  # ============================================
+  # AWS S3 Credentials
+  # ============================================
+  S3_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE"
+  S3_SECRET_ACCESS_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+
+  # ============================================
+  # Optional: GPG Encryption Passphrase
+  # ============================================
+  # Uncomment to enable encryption of backup files before upload
+  # PASSPHRASE: "my-super-secret-gpg-passphrase"
+
+---
+# Notes:
+#
+# 1. Password Requirements:
+#    - MSSQL_SA_PASSWORD must meet SQL Server complexity requirements:
+#      * At least 8 characters
+#      * Mix of uppercase, lowercase, digits, and symbols
+#      * Example: "MyP@ssw0rd123"
+#
+# 2. For production, consider using:
+#    - SealedSecrets: https://github.com/bitnami-labs/sealed-secrets
+#    - External Secrets Operator: https://external-secrets.io/
+#    - AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault
+#
+# 3. Non-sensitive configuration (bucket, endpoints, schedule):
+#    These are now in the ConfigMap (tests/k8s-mssql-configmap-example.yaml)
+#    This keeps secrets clean and allows easier configuration changes
+#
+# 4. Alternative: Create secret from command line:
+#    kubectl create secret generic mssql-general \
+#      --from-literal=MSSQL_SA_PASSWORD='YourStrong@Passw0rd' \
+#      --from-literal=DATABASE_USER='sa' \
+#      --from-literal=DATABASE_PASSWORD='YourStrong@Passw0rd' \
+#      --from-literal=S3_ACCESS_KEY_ID='YOUR_KEY' \
+#      --from-literal=S3_SECRET_ACCESS_KEY='YOUR_SECRET'
+#
+# 4. To view the secret (base64 encoded):
+#    kubectl get secret mssql-general -o yaml
+#
+# 5. To decode a specific key:
+#    kubectl get secret mssql-general -o jsonpath='{.data.DATABASE_NAME}' | base64 -d
+