limbosolutions.com/git.limbosolutions.com
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

feat: added borg backup job with offsite borg sync

Browse Source
This commit is contained in:
Márcio Fernandes
2025-03-10 21:22:09 +00:00
parent 9445b85859
commit 4929cf97b7
4 changed files with 138 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backup/backup-cronjob.yaml
View File

@@ -18,26 +18,24 @@ spec:
args: args:
- | - |
echo "INFO: Starting export" echo "INFO: Starting export"
. /run/database-access-secret/database . /root/.gitea-inline-config/database
export PGPASSWORD=$PASSWD export PGPASSWORD=$PASSWD
echo "INFO: Exporting database" echo "INFO: Exporting database"
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR: Exporting database failed" echo "ERROR: Exporting database failed"
exit 1 exit 1
fi fi
echo "INFO: Exporting database finished" echo "INFO: Exporting database finished"
volumeMounts: volumeMounts:
- name: db-postgresql-data
mountPath: /var/lib/postgresql/data
- name: backup-run-data - name: backup-run-data
mountPath: /data/postgresql-export mountPath: /data/postgresql-export
subPath: postgresql-export subPath: postgresql-export
- name: database-access-secret - name: gitea-inline-config
mountPath: /run/database-access-secret mountPath: /root/.gitea-inline-config
readOnly: true readOnly: true
containers: containers:
@@ -96,6 +94,6 @@ spec:
- name: backup-run-data - name: backup-run-data
emptyDir: {} emptyDir: {}
- name: database-access-secret - name: gitea-inline-config
secret: secret:
secretName: gitea-inline-config secretName: gitea-inline-config

127
backup/borbackup-offsite-cronjob.yaml Normal file
View File

@@ -0,0 +1,127 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-backup-offsite
namespace: git-limbosolutions-com
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
initContainers:
- name: postgres-export
image: postgres:latest
command: ["sh", "-c"]
args:
- |
echo "INFO: Starting export"
. /root/.gitea-inline-config/database
export PGPASSWORD=$PASSWD
echo "INFO: Exporting database"
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
if [ $? -ne 0 ]; then
echo "ERROR: Exporting database failed"
exit 1
fi
echo "INFO: Exporting database finished"
volumeMounts:
- name: backup-var-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: gitea-inline-config
mountPath: /root/.gitea-inline-config
readOnly: true
containers:
- name: borg-client
image: git.limbosolutions.com/kb/borg-backup:latest
resources:
limits:
memory: "512Mi"
cpu: "500m"
requests:
memory: "256Mi"
cpu: "250m"
env:
- name: BORG_REPO
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: BORG_REPO
- name: BORG_PASSPHRASE
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: BORG_PASSPHRASE
- name: BORG_RSH
value: ssh -o StrictHostKeyChecking=no
- name: BORG_KEY_FILE
value: /root/.borg/key
command: ["sh", "-c"]
args:
- |
borg create ${BORG_REPO}::"postgresql-export-$(date +%Y-%m-%d_%H:%M:%S)" /data/postgresql-export
if [ $? -ne 0 ]; then
echo "ERROR: Borg backup failed"
exit 1
fi
borg create ${BORG_REPO}::"gitea-data-$(date +%Y-%m-%d_%H:%M:%S)" /data/gitea-data
if [ $? -ne 0 ]; then
echo "ERROR: Borg backup failed"
exit 1
fi
${BORG_RSH} mf@backupsrv01.dev.lan \
"rclone sync ~/borg-repos/git.limbosolutions.com mf.onedrive:.backups/git.limbosolutions.com/borg" &&
echo "INFO: borg repo offsite sync finished"
volumeMounts:
- name: gitea-data
mountPath: /data/gitea-data
- name: backup-var-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: gitea-backup-secret
mountPath: /root/.borg/key
subPath: BORG_KEY_FILE
- name: gitea-backup-secret
mountPath: /root/.ssh/id_rsa
subPath: SSH_ID_RSA
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-shared-storage
- name: gitea-inline-config
secret:
secretName: gitea-inline-config
- name: gitea-backup-secret
secret:
secretName: gitea-backup-secret
defaultMode: 0600
- name: backup-var-data
emptyDir: {}

2
backup/gitea-backup-secret-deploy.sh
View File

@@ -5,4 +5,4 @@
export $(cut -d= -f1 ./.env) export $(cut -d= -f1 ./.env)
envsubst < secret.yaml | kubectl apply -f - envsubst < gitea-backup-secret.yaml | kubectl apply -f -

8
backup/gitea-backup-secret.yaml
View File

@@ -8,7 +8,7 @@ data:
PBS_REPOSITORY: ${PBS_REPOSITORY} PBS_REPOSITORY: ${PBS_REPOSITORY}
PBS_PASSWORD: ${PBS_PASSWORD} PBS_PASSWORD: ${PBS_PASSWORD}
PBS_FINGERPRINT: ${PBS_FINGERPRINT} PBS_FINGERPRINT: ${PBS_FINGERPRINT}
DB_USER: ${DB_USER} BORG_KEY_FILE: ${BORG_KEY_FILE}
DB_PASSWORD: ${DB_PASSWORD} BORG_REPO: ${BORG_REPO}
DB_NAME: ${DB_NAME} BORG_PASSPHRASE: ${BORG_PASSPHRASE}
DB_HOST: ${DB_HOST} SSH_ID_RSA: ${SSH_ID_RSA}