feat: added borg backup job with offsite borg sync
This commit is contained in:
@@ -18,26 +18,24 @@ spec:
|
||||
args:
|
||||
- |
|
||||
echo "INFO: Starting export"
|
||||
. /run/database-access-secret/database
|
||||
. /root/.gitea-inline-config/database
|
||||
export PGPASSWORD=$PASSWD
|
||||
echo "INFO: Exporting database"
|
||||
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: Exporting database failed"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
echo "INFO: Exporting database finished"
|
||||
|
||||
volumeMounts:
|
||||
- name: db-postgresql-data
|
||||
mountPath: /var/lib/postgresql/data
|
||||
|
||||
|
||||
- name: backup-run-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: database-access-secret
|
||||
mountPath: /run/database-access-secret
|
||||
- name: gitea-inline-config
|
||||
mountPath: /root/.gitea-inline-config
|
||||
readOnly: true
|
||||
|
||||
containers:
|
||||
@@ -96,6 +94,6 @@ spec:
|
||||
- name: backup-run-data
|
||||
emptyDir: {}
|
||||
|
||||
- name: database-access-secret
|
||||
- name: gitea-inline-config
|
||||
secret:
|
||||
secretName: gitea-inline-config
|
||||
127
backup/borbackup-offsite-cronjob.yaml
Normal file
127
backup/borbackup-offsite-cronjob.yaml
Normal file
@@ -0,0 +1,127 @@
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: gitea-backup-offsite
|
||||
namespace: git-limbosolutions-com
|
||||
spec:
|
||||
schedule: "0 2 * * *"
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
- name: postgres-export
|
||||
image: postgres:latest
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo "INFO: Starting export"
|
||||
. /root/.gitea-inline-config/database
|
||||
export PGPASSWORD=$PASSWD
|
||||
echo "INFO: Exporting database"
|
||||
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: Exporting database failed"
|
||||
exit 1
|
||||
fi
|
||||
echo "INFO: Exporting database finished"
|
||||
|
||||
volumeMounts:
|
||||
|
||||
- name: backup-var-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: gitea-inline-config
|
||||
mountPath: /root/.gitea-inline-config
|
||||
readOnly: true
|
||||
|
||||
containers:
|
||||
- name: borg-client
|
||||
image: git.limbosolutions.com/kb/borg-backup:latest
|
||||
resources:
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "250m"
|
||||
env:
|
||||
- name: BORG_REPO
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup-secret
|
||||
key: BORG_REPO
|
||||
|
||||
- name: BORG_PASSPHRASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup-secret
|
||||
key: BORG_PASSPHRASE
|
||||
|
||||
- name: BORG_RSH
|
||||
value: ssh -o StrictHostKeyChecking=no
|
||||
|
||||
- name: BORG_KEY_FILE
|
||||
value: /root/.borg/key
|
||||
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
|
||||
borg create ${BORG_REPO}::"postgresql-export-$(date +%Y-%m-%d_%H:%M:%S)" /data/postgresql-export
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: Borg backup failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
borg create ${BORG_REPO}::"gitea-data-$(date +%Y-%m-%d_%H:%M:%S)" /data/gitea-data
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: Borg backup failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
${BORG_RSH} mf@backupsrv01.dev.lan \
|
||||
"rclone sync ~/borg-repos/git.limbosolutions.com mf.onedrive:.backups/git.limbosolutions.com/borg" &&
|
||||
echo "INFO: borg repo offsite sync finished"
|
||||
|
||||
volumeMounts:
|
||||
- name: gitea-data
|
||||
mountPath: /data/gitea-data
|
||||
|
||||
- name: backup-var-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: gitea-backup-secret
|
||||
mountPath: /root/.borg/key
|
||||
subPath: BORG_KEY_FILE
|
||||
|
||||
- name: gitea-backup-secret
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: SSH_ID_RSA
|
||||
|
||||
|
||||
volumes:
|
||||
- name: gitea-data
|
||||
persistentVolumeClaim:
|
||||
claimName: gitea-shared-storage
|
||||
|
||||
- name: gitea-inline-config
|
||||
secret:
|
||||
secretName: gitea-inline-config
|
||||
|
||||
- name: gitea-backup-secret
|
||||
secret:
|
||||
secretName: gitea-backup-secret
|
||||
defaultMode: 0600
|
||||
|
||||
- name: backup-var-data
|
||||
emptyDir: {}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -5,4 +5,4 @@
|
||||
export $(cut -d= -f1 ./.env)
|
||||
|
||||
|
||||
envsubst < secret.yaml | kubectl apply -f -
|
||||
envsubst < gitea-backup-secret.yaml | kubectl apply -f -
|
||||
@@ -8,7 +8,7 @@ data:
|
||||
PBS_REPOSITORY: ${PBS_REPOSITORY}
|
||||
PBS_PASSWORD: ${PBS_PASSWORD}
|
||||
PBS_FINGERPRINT: ${PBS_FINGERPRINT}
|
||||
DB_USER: ${DB_USER}
|
||||
DB_PASSWORD: ${DB_PASSWORD}
|
||||
DB_NAME: ${DB_NAME}
|
||||
DB_HOST: ${DB_HOST}
|
||||
BORG_KEY_FILE: ${BORG_KEY_FILE}
|
||||
BORG_REPO: ${BORG_REPO}
|
||||
BORG_PASSPHRASE: ${BORG_PASSPHRASE}
|
||||
SSH_ID_RSA: ${SSH_ID_RSA}
|
||||
|
||||
Reference in New Issue
Block a user