Implement restic-backup for Gitea #46
|
@ -7,6 +7,17 @@ resources:
|
||||||
- gitea-ingress.yaml
|
- gitea-ingress.yaml
|
||||||
- runner-pvc.yaml
|
- runner-pvc.yaml
|
||||||
- runner-deployment.yaml
|
- runner-deployment.yaml
|
||||||
|
- restic-sa.yaml
|
||||||
|
- restic-role.yaml
|
||||||
|
- restic-role-binding.yaml
|
||||||
|
- restic-backup-cronjob.yaml
|
||||||
|
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: restic-backup-script
|
||||||
|
behavior: merge
|
||||||
|
files:
|
||||||
|
- restic-backup.sh
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- secret-generator.yaml
|
- secret-generator.yaml
|
||||||
|
|
|
@ -9,45 +9,51 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
|
|
||||||
|
serviceAccountName: restic-admin-sa
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: gitea-data
|
- name: gitea-data
|
||||||
emptyDir: {}
|
persistentVolumeClaim:
|
||||||
- name: backup-vol
|
claimName: gitea-shared-storage
|
||||||
emptyDir: {}
|
|
||||||
- name: postgres-data
|
- name: postgres-data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: data-gitea-postgresql-0
|
claimName: data-gitea-postgresql-0
|
||||||
|
- name: postgres-backup-vol
|
||||||
|
emptyDir: {}
|
||||||
|
- name: backup-script
|
||||||
|
configMap:
|
||||||
|
name: restic-backup-script
|
||||||
|
- name: repo-env
|
||||||
|
secret:
|
||||||
|
secretName: repo-env-secret
|
||||||
|
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: postgres-dump-init
|
- name: postgres-dump-init
|
||||||
image: bitnami/postgresql:15.3.0-debian-11-r24
|
image: bitnami/postgresql:15.3.0-debian-11-r24
|
||||||
command: ["/bin/sh", "-c"]
|
command: ["/bin/sh", "-c"]
|
||||||
args: ["pg_dump -U gitea gitea -Fc > /backup-vol/postgres_backup.dump"]
|
args: ["pg_dump -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"]
|
||||||
env:
|
|
||||||
- name: PGPASSWORD
|
|
||||||
value: "<password>"
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: backup-vol
|
- name: backup-vol
|
||||||
mountPath: /backup-vol
|
mountPath: /pg_backup
|
||||||
- name: postgres-data
|
- name: postgres-data
|
||||||
mountPath: /bitnami/postgresql/data
|
mountPath: /bitnami/postgresql/data
|
||||||
|
|
||||||
- name: gitea-dump-init
|
|
||||||
image: gitea-image:tag
|
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args: ["cp /path/to/backup.zip /backup-vol/backup.zip"]
|
|
||||||
volumeMounts:
|
|
||||||
- name: gitea-data
|
|
||||||
mountPath: /path/to/backup
|
|
||||||
- name: backup-vol
|
|
||||||
mountPath: /backup-vol
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
- name: restic-container
|
- name: restic-container
|
||||||
image: git.namesny.com/cluster/restic:0.16.2-r0
|
image: git.namesny.com/cluster/restic:latest
|
||||||
command: ["/bin/bash", "/path/to/backup.sh"]
|
imagePullPolicy: Always
|
||||||
|
command: ["/bin/bash", "/app/restic-backup.sh"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: backup-vol
|
- name: backup-vol
|
||||||
mountPath: /backup-vol
|
mountPath: /pg_backup
|
||||||
|
- name: gitea-data
|
||||||
|
mountPath: /gitea
|
||||||
|
- name: backup-script
|
||||||
|
mountPath: /app
|
||||||
|
subpath: restic-backup.sh
|
||||||
|
- name: repo-env
|
||||||
|
mountPath: /app
|
||||||
|
subpath: repo.env
|
||||||
|
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
source .restic.env
|
||||||
|
|
||||||
|
# Set up colors
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
NC='\033[0m'
|
||||||
|
|
||||||
|
echo -e "\n${GREEN}`date` - Starting backup...${NC}\n"
|
||||||
|
|
||||||
|
# Gitea
|
||||||
|
echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n"
|
||||||
|
gitea=$(kubectl get po -n gitea -l app=gitea -o name --no-headers=true)
|
||||||
|
kubectl scale --replicas=0 $gitea -n gitea
|
||||||
|
restic backup /gitea
|
||||||
|
restic backup /pg_backup/postgres_backup.dump
|
||||||
|
kubectl scale --replicas=1 $gitea -n gitea
|
||||||
|
|
||||||
|
# Forget and prune
|
||||||
|
echo -e "\n${GREEN}`date` - Running forget and prune...${NC}\n"
|
||||||
|
restic forget --prune --keep-daily 7 --keep-weekly 2
|
||||||
|
echo -e "\n${GREEN}`date` - Backup finished.${NC}\n"
|
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: restic-role-binding
|
||||||
|
namespace: gitea
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: restic-sa
|
||||||
|
namespace: gitea
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: restic-role
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: restic-role
|
||||||
|
namespace: gitea
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["deployments", "pods"]
|
||||||
|
verbs: ["get", "list", "update", "patch"]
|
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: restic-sa
|
||||||
|
namespace: gitea
|
Loading…
Reference in New Issue