diff --git a/README.md b/README.md index 136683b..517b86d 100644 --- a/README.md +++ b/README.md @@ -5,19 +5,18 @@ Welcome to public repository of my [Git Server](https://git.limbosolutions.com) Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. - [Setup](#setup) - - [kubernetes Namespace](#kubernetes-namespace) - - [Add Help Chart](#add-help-chart) - - [Update Helm charts](#update-helm-charts) - - [Install / Update](#install--update) - - [ssh ingress](#ssh-ingress) - + - [kubernetes Namespace](#kubernetes-namespace) + - [Add Help Chart](#add-help-chart) + - [Update Helm charts](#update-helm-charts) + - [Install / Update](#install--update) + - [ssh ingress](#ssh-ingress) - [Backups](#backups) - - [secrets](#secrets) - - [Proxmox Backup Server (kubernetes cron job)](#proxmox-backup-server-kubernetes-cron-job) - - [Borg and Offsite sync (kubernetes cron job)](#borg-and-offsite-sync-kubernetes-cron-job) - - [borgbackup sidekick](#borgbackup-sidekick) - - [Create borgbackup-sidekick pod](#create-borgbackup-sidekick-pod) - - [Remove borgbackup-sidekick pod](#remove-borgbackup-sidekick-pod) + - [secrets](#secrets) + - [Proxmox Backup Server (kubernetes cron job)](#proxmox-backup-server-kubernetes-cron-job) + - [Borg and Offsite sync (kubernetes cron job)](#borg-and-offsite-sync-kubernetes-cron-job) + - [borgbackup sidekick](#borgbackup-sidekick) + - [Create borgbackup-sidekick pod](#create-borgbackup-sidekick-pod) + - [Remove borgbackup-sidekick pod](#remove-borgbackup-sidekick-pod) ## Setup @@ -71,10 +70,10 @@ set +a envsubst < ./backups/gitea-backup-secrets.yaml | kubectl apply -n git-limbosolutions-com -f - SSH_ID_RSA=$(echo -n "$SSH_ID_RSA" | base64 -w 0) -BORG_KEY_FILE=$(echo -n "$BORG_KEY_FILE" | base64 -w 0) +BORG_KEY=$(echo -n "$BORG_KEY" | base64 -w 0) -kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"SSH_ID_RSA\":\"$SSH_ID_RSA\"}}" -n git-limbosolutions-com -kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"BORG_KEY_FILE\":\"$BORG_KEY_FILE\"}}" -n git-limbosolutions-com +kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"ssh_id_rsa\":\"$SSH_ID_RSA\"}}" -n git-limbosolutions-com +kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"borg_key\":\"$BORG_KEY\"}}" -n git-limbosolutions-com ``` ### Proxmox Backup Server (kubernetes cron job) diff --git a/backups/backup-cronjob.yaml b/backups/backup-cronjob.yaml index 896cec1..caf9d63 100644 --- a/backups/backup-cronjob.yaml +++ b/backups/backup-cronjob.yaml @@ -41,6 +41,7 @@ spec: containers: - name: gitea-pbs-client image: git.limbosolutions.com/kb/pbsclient + imagePullPolicy: Always env: - name: MODE value: shell @@ -48,17 +49,17 @@ spec: valueFrom: secretKeyRef: name: gitea-backup-secret - key: PBS_REPOSITORY + key: pbs_repository - name: PBS_PASSWORD valueFrom: secretKeyRef: name: gitea-backup-secret - key: PBS_PASSWORD + key: pbs_password - name: PBS_FINGERPRINT valueFrom: secretKeyRef: name: gitea-backup-secret - key: PBS_FINGERPRINT + key: pbs_fingerprint command: ["bash", "-c"] args: diff --git a/backups/borgbackup-offsite-cronjob.yaml b/backups/borgbackup-offsite-cronjob.yaml index 7d87d4f..b3da100 100644 --- a/backups/borgbackup-offsite-cronjob.yaml +++ b/backups/borgbackup-offsite-cronjob.yaml @@ -33,9 +33,12 @@ spec: mountPath: /root/.gitea-inline-config readOnly: true + + containers: - name: borg-client image: git.limbosolutions.com/kb/borg-backup:latest + imagePullPolicy: Always resources: limits: memory: "512Mi" @@ -48,35 +51,33 @@ spec: valueFrom: secretKeyRef: name: gitea-backup-secret - key: BORG_REPO + key: borg_repo - name: BORG_PASSPHRASE valueFrom: secretKeyRef: name: gitea-backup-secret - key: BORG_PASSPHRASE + key: borg_passphrase - name: BORG_RSH - value: ssh -o StrictHostKeyChecking=no -o LogLevel=ERROR + value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR - name: REPO_SYNC_MAX_SIZE value: "6442450944" # 6GB - - name: BORG_KEY_FILE - value: /root/.borg/key - command: ["sh", "-c"] + command: ["bash", "-c"] args: - | set -e + source loadenv SCRIPT_START_TIME=$(date +%s) # while true; do # sleep 5 # done - borg create ${BORG_REPO}::postgresql-export-$(date +%Y%m%d%H%M%S) /data/postgresql-export borg create ${BORG_REPO}::gitea-data-$(date +%Y%m%d%H%M%S) /data/gitea-data @@ -87,7 +88,7 @@ spec: borg compact ${BORG_REPO} # check repo size - REPO_SIZE_IN_BYTES=$(${BORG_RSH} mf@backupsrv01.dev.lan -p 2222 "du -b ~/borg-repos/git.limbosolutions.com -d 0 | cut -f1 ") + REPO_SIZE_IN_BYTES=$(remote-connect du -b "$SSH_FOLDER" -d 0 | awk '{print $1}') echo "Repository size: $((REPO_SIZE_IN_BYTES / 1024 / 1024)) MB" if [ $REPO_SIZE_IN_BYTES -gt $REPO_SYNC_MAX_SIZE ]; then \ @@ -96,8 +97,7 @@ spec: else # Repository size is within limits for offsite sync # ssh to backup server and enforce rclone to onedrive - ${BORG_RSH} mf@backupsrv01.dev.lan -p 2222 \ - "rclone sync ~/borg-repos/git.limbosolutions.com mf_onedrive:.backups/git.limbosolutions.com/borg" && \ + remote-connect "rclone sync ~/borg-repos/git.limbosolutions.com mf_onedrive:.backups/git.limbosolutions.com/borg" && \ SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME)) && \ echo "INFO: Finished Backup of git.limbosolutions.com (offsite) ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) " fi @@ -105,6 +105,7 @@ spec: #outputs info borg info ${BORG_REPO} #borg info ${BORG_REPO} --json + volumeMounts: - name: gitea-data mountPath: /data/gitea-data @@ -114,15 +115,17 @@ spec: subPath: postgresql-export - name: gitea-backup-secret - mountPath: /root/.borg/key - subPath: BORG_KEY_FILE + mountPath: /root/.ssh/id_rsa + subPath: ssh_id_rsa + readOnly: true - name: gitea-backup-secret - mountPath: /root/.ssh/id_rsa - subPath: SSH_ID_RSA + mountPath: /app/borg/key + subPath: borg_key volumes: + - name: gitea-data persistentVolumeClaim: claimName: gitea-shared-storage @@ -130,7 +133,7 @@ spec: - name: gitea-inline-config secret: secretName: gitea-inline-config - + - name: gitea-backup-secret secret: secretName: gitea-backup-secret diff --git a/backups/borgbackup-sidekick.yaml b/backups/borgbackup-sidekick.yaml index a9a0954..154f657 100644 --- a/backups/borgbackup-sidekick.yaml +++ b/backups/borgbackup-sidekick.yaml @@ -9,6 +9,7 @@ spec: containers: - name: borgbackup-sidekick image: git.limbosolutions.com/kb/borg-backup:latest + imagePullPolicy: Always resources: limits: memory: "512Mi" @@ -21,18 +22,18 @@ spec: valueFrom: secretKeyRef: name: gitea-backup-secret - key: BORG_REPO + key: borg_repo - name: BORG_PASSPHRASE valueFrom: secretKeyRef: name: gitea-backup-secret - key: BORG_PASSPHRASE + key: borg_passphrase - name: BORG_RSH - value: ssh -o StrictHostKeyChecking=no + value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR - - name: BORG_KEY_FILE + - name: borg_key_file value: /root/.borg/key command: ["sh", "-c"] @@ -44,13 +45,14 @@ spec: volumeMounts: - - name: gitea-backup-secret - mountPath: /root/.borg/key - subPath: BORG_KEY_FILE + - name: gitea-backup-secret + mountPath: /root/.ssh/id_rsa + subPath: ssh_id_rsa + readOnly: true - - name: gitea-backup-secret - mountPath: /root/.ssh/id_rsa - subPath: SSH_ID_RSA + - name: gitea-backup-secret + mountPath: /app/borg/key + subPath: borg_key volumes: - name: gitea-backup-secret secret: diff --git a/backups/gitea-backup-secrets.yaml b/backups/gitea-backup-secrets.yaml index 467eaf9..aa5ca9f 100644 --- a/backups/gitea-backup-secrets.yaml +++ b/backups/gitea-backup-secrets.yaml @@ -6,11 +6,11 @@ metadata: namespace: git-limbosolutions-com type: Opaque stringData: - PBS_REPOSITORY: ${PBS_REPOSITORY} - PBS_PASSWORD: ${PBS_PASSWORD} - PBS_FINGERPRINT: ${PBS_FINGERPRINT} - BORG_REPO: ${BORG_REPO} - BORG_PASSPHRASE: ${BORG_PASSPHRASE} + pbs_repository: ${PBS_REPOSITORY} + pbs_password: ${PBS_PASSWORD} + pbs_fingerprint: ${PBS_FINGERPRINT} + borg_repo: ${BORG_REPO} + borg_passphrase: ${BORG_PASSPHRASE} #SSH_ID_RSA: "" - #BORG_KEY_FILE: "" + #BORG_KEY: "" \ No newline at end of file