Merge pull request #70 from cstaff14/main

added secret for rox api key

Author: srcporter

backups/api-key-secret.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rox-api-token
+stringData:
+  token: ### insert api token generated by stackrox

backups/cron-backup.yaml

@@ -16,8 +16,6 @@ spec:
         spec:
           containers:
             - args:
-                - -p
-                - $(ACS_ADMIN_PASSWORD)
                 - --output
                 - /mnt
                 - -e
@@ -28,11 +26,11 @@ spec:
                 - central
                 - backup
               env:  ###either retreieve the rox pass or create a token and store it in a secret the set the env, don't use passwords in Git!
-                - name: ACS_ADMIN_PASSWORD
+                - name: ROX_API_TOKEN
                   valueFrom:
                     secretKeyRef:
-                      key: password
-                      name: acs-password
+                      key: token
+                      name: rox-api-token
               image: registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8:3.71.2
               imagePullPolicy: IfNotPresent
               name: backup-cron

backups/cron-clean-backup.yaml

@@ -0,0 +1,44 @@
+kind: CronJob
+apiVersion: batch/v1
+metadata:
+  name: clean-backup-cron
+  namespace: stackrox
+spec:
+  schedule: 10 1 * * *
+  concurrencyPolicy: Allow
+  suspend: false
+  jobTemplate:
+    metadata:
+      creationTimestamp: null
+    spec:
+      template:
+        metadata:
+          creationTimestamp: null
+        spec:
+          volumes:
+            - name: stackrox-backups-uat
+              persistentVolumeClaim:
+                claimName: stackrox-backups-uat
+          containers:
+            - name: clean-backup-cron
+              image: registry.access.redhat.com/ubi8/ubi
+              args:
+                - /bin/sh
+                - '-c'
+                - 'find /mnt* -mtime +30 -exec rm {} \;'
+              resources: {}
+              volumeMounts:
+                - name: stackrox-backups-uat
+                  mountPath: /mnt
+              terminationMessagePath: /dev/termination-log
+              terminationMessagePolicy: File
+              imagePullPolicy: IfNotPresent
+          restartPolicy: OnFailure
+          terminationGracePeriodSeconds: 30
+          dnsPolicy: ClusterFirst
+          securityContext: {}
+          schedulerName: default-scheduler
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+status: {}
+

backups/readme.md

@@ -1,7 +1,9 @@
 This is a simple example of running ACS/Stackrox backups in a container and storing them on a persistent volume. 
 
+api-key-secret.yaml creates a secret from a generated rox api token
+- you must fill the token value in with a stackrox api token. You can see how to do that [here](https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/3.71/html-single/roxctl_cli/index#cli-authentication_cli-getting-started)
+
 cron-backups.yaml creates a container from the roxctl image and runs a backup storing it in a PVC mounted on /mnt
-- You can utilize ROX_API_TOKEN as an env variable and store an API token in a secret
 - You can utilize ROX_CENTRAL_ADDRESS as an env variable as well
 - The above env variables were not used in this case with hopes of showing simple examples that could be built upon.