Implement restic-backup for Gitea #46

Merged
Mathis merged 9 commits from restic-backup into main 2024-02-10 22:45:41 +00:00
7 changed files with 60 additions and 27 deletions
Showing only changes of commit f37f961a10 - Show all commits

View File

@ -10,17 +10,18 @@ resources:
- restic-sa.yaml - restic-sa.yaml
- restic-role.yaml - restic-role.yaml
- restic-role-binding.yaml - restic-role-binding.yaml
- restic-backup-cronjob.yaml - restic-cronjob.yaml
configMapGenerator: configMapGenerator:
- name: restic-backup-script - name: restic-backup-script
behavior: merge namespace: gitea
files: files:
- restic-backup.sh - ./restic-backup.sh
generators: generators:
- secret-generator.yaml - secret-generator.yaml
# - configmap-generator.yaml
helmCharts: helmCharts:
- name: gitea - name: gitea

View File

@ -1,7 +1,5 @@
#!/bin/sh #!/bin/sh
source .restic.env
# Set up colors # Set up colors
GREEN='\033[0;32m' GREEN='\033[0;32m'
NC='\033[0m' NC='\033[0m'
@ -10,11 +8,11 @@ echo -e "\n${GREEN}`date` - Starting backup...${NC}\n"
# Gitea # Gitea
echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n" echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n"
gitea=$(kubectl get po -n gitea -l app=gitea -o name --no-headers=true) gitea=$(kubectl get deploy -n gitea -l app=gitea -o name --no-headers=true)
kubectl scale --replicas=0 $gitea -n gitea kubectl scale -n gitea --replicas=0 $gitea
restic backup /gitea restic backup /gitea
restic backup /pg_backup/postgres_backup.dump restic backup /pg_backup/postgres_backup.dump
kubectl scale --replicas=1 $gitea -n gitea kubectl scale -n gitea --replicas=1 $gitea
# Forget and prune # Forget and prune
echo -e "\n${GREEN}`date` - Running forget and prune...${NC}\n" echo -e "\n${GREEN}`date` - Running forget and prune...${NC}\n"

View File

@ -1,4 +1,4 @@
apiVersion: batch/v1beta1 apiVersion: batch/v1
kind: CronJob kind: CronJob
metadata: metadata:
name: restic-backup-cronjob name: restic-backup-cronjob
@ -10,7 +10,7 @@ spec:
template: template:
spec: spec:
serviceAccountName: restic-admin-sa serviceAccountName: restic-sa
volumes: volumes:
- name: gitea-data - name: gitea-data
@ -21,20 +21,23 @@ spec:
claimName: data-gitea-postgresql-0 claimName: data-gitea-postgresql-0
- name: postgres-backup-vol - name: postgres-backup-vol
emptyDir: {} emptyDir: {}
- name: backup-script - name: backup-script-vol
configMap: configMap:
name: restic-backup-script name: restic-backup-script
- name: repo-env
secret:
secretName: repo-env-secret
initContainers: initContainers:
- name: postgres-dump-init - name: postgres-dump-init
image: bitnami/postgresql:15.3.0-debian-11-r24 image: bitnami/postgresql:15.3.0-debian-11-r24
command: ["/bin/sh", "-c"] command: ["/bin/sh", "-c"]
args: ["pg_dump -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"] args: ["pg_dump -h gitea-postgresql -p 5432 -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"]
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: gitea-postgresql
key: postgres-password
volumeMounts: volumeMounts:
- name: backup-vol - name: postgres-backup-vol
mountPath: /pg_backup mountPath: /pg_backup
- name: postgres-data - name: postgres-data
mountPath: /bitnami/postgresql/data mountPath: /bitnami/postgresql/data
@ -43,17 +46,16 @@ spec:
- name: restic-container - name: restic-container
image: git.namesny.com/cluster/restic:latest image: git.namesny.com/cluster/restic:latest
imagePullPolicy: Always imagePullPolicy: Always
command: ["/bin/bash", "/app/restic-backup.sh"] command: ["/bin/sh", "/app/restic-backup.sh"]
envFrom:
- secretRef:
name: restic-secret
volumeMounts: volumeMounts:
- name: backup-vol - name: postgres-backup-vol
mountPath: /pg_backup mountPath: /pg_backup
- name: gitea-data - name: gitea-data
mountPath: /gitea mountPath: /gitea
- name: backup-script - name: backup-script-vol
mountPath: /app mountPath: /app
subpath: restic-backup.sh
- name: repo-env
mountPath: /app
subpath: repo.env
restartPolicy: OnFailure restartPolicy: OnFailure

View File

@ -4,6 +4,6 @@ metadata:
name: restic-role name: restic-role
namespace: gitea namespace: gitea
rules: rules:
- apiGroups: [""] - apiGroups: ["apps"]
resources: ["deployments", "pods"] resources: ["deployments", "deployments/scale"]
verbs: ["get", "list", "update", "patch"] verbs: ["get", "list", "update", "patch"]

View File

@ -0,0 +1,30 @@
apiVersion: v1
kind: Secret
metadata:
name: restic-secret
namespace: gitea
stringData:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:IjDw3i+8BIvA816obn5BpQBTkzo=,iv:A/CrhyIm5kljCwvneQziux36O6+SWG5Z9mOlV+mRIXQ=,tag:XVh4X8Xf587nmbDCtgazAg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:WdfHxdXnPOLvIOecN+WFONAEDr2Sc/r6bKQ/H9KS1BT2C9cj,iv:GCY6MaSEhu9WEsVA23hWN30Ix7x6dz/umNRsQ0jsb8I=,tag:8Qa0dvU3bq+J2S6trBDFDw==,type:str]
RESTIC_REPOSITORY: ENC[AES256_GCM,data:FZCqro3fpgQ7NJc+4ORVC2yWdqMNCLd4AjCwdolXgu5uJXq0IQ==,iv:nWttNrSvFpcj1HMOFwZNfJqVUy0esR7fVXlvidp3MlY=,tag:T0HzAZ/w83IFrvap8Gx3gg==,type:str]
RESTIC_PASSWORD: ENC[AES256_GCM,data:PjSE4FejVPW8e8e/PDtoSCsuskI=,iv:MTUMYim3obMHaYBEoEJBMEj9GMbaqdbdVV09o3ep/fw=,tag:pQ6vakVWHUdk4F/PwqpgAw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RTlocERzUmtUdnhsNHJk
SkNXZFpVdmM5Y1hnQlQzcUg1OUxNYkRiaEFZCi82MW9TbkI2VCtjMDVKYTlWTVBs
QVZMekVoT1JSQWRZV3F3SHgxOGR3a2sKLS0tIGJCd21aY05jS0xva2RmclBlQWdl
UVZSNm9pRUM3YmFFSWl3NGNUdnZOOGsKIuepNrrdgoNoOMZQ77cIrtwPTL8acahG
paE+K2EKa8pqXnAVkxORTkUYRlorKRLjiyalxrDZYsMAbCSrrtfx/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T17:21:08Z"
mac: ENC[AES256_GCM,data:mR4vi8WLLiuUY5i7NgIYHfAZcBsQ3u2Cg9TtXcFtwtDAuyy9Xzx07yeR1HC0D+YhiAu+mYAJPmk6jHZsCE2OX26sLTyvEULqDQc71sCgM8dsyl50hoZ2BsbY7o6g8D9Yks+2szuKmlxZ0nN5aHxcf+67+gotzjlBfcmLx+E1TfA=,iv:+9Kv7ZwGoMU0QBTvCgq232nHo+tjoeHTJBdOuOiqpPk=,tag:9VrOFmUFbdiPKSWnt+8z7w==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View File

@ -10,3 +10,5 @@ files:
- ./gitea-admin-secret.enc.yaml - ./gitea-admin-secret.enc.yaml
- ./renovate-bot-secret.enc.yaml - ./renovate-bot-secret.enc.yaml
- ./runner-secret.enc.yaml - ./runner-secret.enc.yaml
- ./restic-secret.enc.yaml