ditkrg/db-backup-s3
4
0
Fork 0
mirror of https://github.com/ditkrg/db-backup-s3.git synced 2026-01-22 22:06:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
845507c728
db-backup-s3/k8s-mssql-secret-example.yaml
Shakar Bakr 7188e45927
Add mssql to the supported databases 
Signed-off-by: Shakar Bakr <5h4k4r.b4kr@gmail.com>
2025-10-23 14:51:33 +03:00

73 lines
2.7 KiB
YAML
Raw Blame History

# Example mssql-general Secret
# This secret contains ONLY sensitive credentials (passwords, keys)
# Non-sensitive configuration is in the ConfigMap (k8s-mssql-configmap-example.yaml)
#
# Usage:
# 1. Copy this file and update with your actual values
# 2. Apply ConfigMap: kubectl apply -f k8s-mssql-configmap.yaml
# 3. Apply Secret: kubectl apply -f k8s-mssql-secret.yaml
# 4. Deploy: kubectl apply -f k8s-statefulset-with-sidecar.yaml
apiVersion: v1
kind: Secret
metadata:
name: mssql-general
namespace: default # Update with your namespace
type: Opaque
stringData:
# ============================================
# MSSQL Server Credentials
# ============================================
MSSQL_SA_PASSWORD: "YourStrong@Passw0rd" # Must meet SQL Server complexity requirements
# ============================================
# Database Backup Credentials
# ============================================
DATABASE_USER: "sa"
DATABASE_PASSWORD: "YourStrong@Passw0rd" # Same as MSSQL_SA_PASSWORD
# ============================================
# AWS S3 Credentials
# ============================================
S3_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE"
S3_SECRET_ACCESS_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
# ============================================
# Optional: GPG Encryption Passphrase
# ============================================
# Uncomment to enable encryption of backup files before upload
# PASSPHRASE: "my-super-secret-gpg-passphrase"
---
# Notes:
#
# 1. Password Requirements:
# - MSSQL_SA_PASSWORD must meet SQL Server complexity requirements:
# * At least 8 characters
# * Mix of uppercase, lowercase, digits, and symbols
# * Example: "MyP@ssw0rd123"
#
# 2. For production, consider using:
# - SealedSecrets: https://github.com/bitnami-labs/sealed-secrets
# - External Secrets Operator: https://external-secrets.io/
# - AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault
#
# 3. Non-sensitive configuration (bucket, endpoints, schedule):
# These are now in the ConfigMap (k8s-mssql-configmap-example.yaml)
# This keeps secrets clean and allows easier configuration changes
#
# 4. Alternative: Create secret from command line:
# kubectl create secret generic mssql-general \
# --from-literal=MSSQL_SA_PASSWORD='YourStrong@Passw0rd' \
# --from-literal=DATABASE_USER='sa' \
# --from-literal=DATABASE_PASSWORD='YourStrong@Passw0rd' \
# --from-literal=S3_ACCESS_KEY_ID='YOUR_KEY' \
# --from-literal=S3_SECRET_ACCESS_KEY='YOUR_SECRET'
#
# 4. To view the secret (base64 encoded):
# kubectl get secret mssql-general -o yaml
#
# 5. To decode a specific key:
# kubectl get secret mssql-general -o jsonpath='{.data.DATABASE_NAME}' | base64 -d
Reference in New Issue View Git Blame Copy Permalink