backups: git.limbosolutions.com/kb/borg-backup:latest alpine revision

2025-09-14 01:29:26 +00:00
parent 192e1df7c5
commit 944caaa545
5 changed files with 54 additions and 49 deletions
--- a/README.md
+++ b/README.md
@@ -5,19 +5,18 @@ Welcome to public repository of my [Git Server](https://git.limbosolutions.com)
 Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
 - [Setup](#setup)
-   - [kubernetes Namespace](#kubernetes-namespace)
+  - [kubernetes Namespace](#kubernetes-namespace)
-   - [Add Help Chart](#add-help-chart)
+  - [Add Help Chart](#add-help-chart)
-   - [Update Helm charts](#update-helm-charts)
+  - [Update Helm charts](#update-helm-charts)
-   - [Install / Update](#install--update)
+  - [Install / Update](#install--update)
-   - [ssh ingress](#ssh-ingress)
+  - [ssh ingress](#ssh-ingress)
 - [Backups](#backups)
-   - [secrets](#secrets)
+  - [secrets](#secrets)
-   - [Proxmox Backup Server (kubernetes cron job)](#proxmox-backup-server-kubernetes-cron-job)
+  - [Proxmox Backup Server (kubernetes cron job)](#proxmox-backup-server-kubernetes-cron-job)
-   - [Borg and Offsite sync (kubernetes cron job)](#borg-and-offsite-sync-kubernetes-cron-job)
+  - [Borg and Offsite sync (kubernetes cron job)](#borg-and-offsite-sync-kubernetes-cron-job)
-   - [borgbackup sidekick](#borgbackup-sidekick)
+  - [borgbackup sidekick](#borgbackup-sidekick)
-      - [Create borgbackup-sidekick pod](#create-borgbackup-sidekick-pod)
+    - [Create borgbackup-sidekick pod](#create-borgbackup-sidekick-pod)
-      - [Remove borgbackup-sidekick pod](#remove-borgbackup-sidekick-pod)
+    - [Remove borgbackup-sidekick pod](#remove-borgbackup-sidekick-pod)
 ## Setup
@@ -71,10 +70,10 @@ set +a
 envsubst < ./backups/gitea-backup-secrets.yaml | kubectl apply -n git-limbosolutions-com -f -
 SSH_ID_RSA=$(echo -n "$SSH_ID_RSA" | base64 -w 0)
-BORG_KEY_FILE=$(echo -n "$BORG_KEY_FILE" | base64 -w 0)
+BORG_KEY=$(echo -n "$BORG_KEY" | base64 -w 0)
-kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"SSH_ID_RSA\":\"$SSH_ID_RSA\"}}" -n git-limbosolutions-com 
+kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"ssh_id_rsa\":\"$SSH_ID_RSA\"}}" -n git-limbosolutions-com 
-kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"BORG_KEY_FILE\":\"$BORG_KEY_FILE\"}}" -n git-limbosolutions-com 
+kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"borg_key\":\"$BORG_KEY\"}}" -n git-limbosolutions-com 
 ```
 ### Proxmox Backup Server (kubernetes cron job)
--- a/backups/backup-cronjob.yaml
+++ b/backups/backup-cronjob.yaml
@@ -41,6 +41,7 @@ spec:
          containers:
            - name: gitea-pbs-client
              image: git.limbosolutions.com/kb/pbsclient
              imagePullPolicy: Always
              env:  
                - name: MODE
                  value: shell
@@ -48,17 +49,17 @@ spec:
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
-                      key:  PBS_REPOSITORY
+                      key:  pbs_repository
                - name: PBS_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
-                      key: PBS_PASSWORD
+                      key: pbs_password
                - name: PBS_FINGERPRINT
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
-                      key: PBS_FINGERPRINT
+                      key: pbs_fingerprint
              command: ["bash", "-c"]
              args:
--- a/backups/borgbackup-offsite-cronjob.yaml
+++ b/backups/borgbackup-offsite-cronjob.yaml
@@ -33,9 +33,12 @@ spec:
                mountPath: /root/.gitea-inline-config
                readOnly: true
          containers:
            - name: borg-client
              image: git.limbosolutions.com/kb/borg-backup:latest
              imagePullPolicy: Always
              resources:
                limits:
                  memory: "512Mi"
@@ -48,35 +51,33 @@ spec:
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
-                      key: BORG_REPO
+                      key: borg_repo
                - name: BORG_PASSPHRASE
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
-                      key: BORG_PASSPHRASE
+                      key: borg_passphrase
                - name: BORG_RSH
-                  value: ssh -o StrictHostKeyChecking=no -o LogLevel=ERROR
+                  value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR
                - name: REPO_SYNC_MAX_SIZE
                  value: "6442450944" # 6GB
                - name: BORG_KEY_FILE
                  value: /root/.borg/key
-              command: ["sh", "-c"]
+              command: ["bash", "-c"]
              args:
              - |
                set -e
                source loadenv
                SCRIPT_START_TIME=$(date +%s)
                # while true; do
                #   sleep 5
                # done
                borg create ${BORG_REPO}::postgresql-export-$(date +%Y%m%d%H%M%S) /data/postgresql-export
                borg create ${BORG_REPO}::gitea-data-$(date +%Y%m%d%H%M%S) /data/gitea-data
@@ -87,7 +88,7 @@ spec:
                borg compact ${BORG_REPO} 
                # check repo size
-                REPO_SIZE_IN_BYTES=$(${BORG_RSH} mf@backupsrv01.dev.lan -p 2222 "du -b ~/borg-repos/git.limbosolutions.com -d 0 | cut -f1 ")
+                REPO_SIZE_IN_BYTES=$(remote-connect du -b "$SSH_FOLDER" -d 0  | awk '{print $1}')
                echo "Repository size: $((REPO_SIZE_IN_BYTES / 1024 / 1024)) MB"
                if [ $REPO_SIZE_IN_BYTES -gt $REPO_SYNC_MAX_SIZE ]; then \
@@ -96,8 +97,7 @@ spec:
                else 
                  # Repository size is within limits for offsite sync
                  # ssh to backup server and enforce rclone to onedrive
-                  ${BORG_RSH} mf@backupsrv01.dev.lan -p 2222 \
+                  remote-connect "rclone sync ~/borg-repos/git.limbosolutions.com mf_onedrive:.backups/git.limbosolutions.com/borg" && \
                  "rclone sync ~/borg-repos/git.limbosolutions.com mf_onedrive:.backups/git.limbosolutions.com/borg" && \
                  SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME)) && \
                  echo "INFO: Finished Backup of git.limbosolutions.com (offsite) ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) "
                fi
@@ -105,6 +105,7 @@ spec:
                #outputs info
                borg info ${BORG_REPO}
                #borg info ${BORG_REPO} --json
              volumeMounts:
                - name: gitea-data
                  mountPath: /data/gitea-data
@@ -114,15 +115,17 @@ spec:
                  subPath: postgresql-export
                - name: gitea-backup-secret
-                  mountPath: /root/.borg/key
+                  mountPath: /root/.ssh/id_rsa
-                  subPath: BORG_KEY_FILE
+                  subPath: ssh_id_rsa
                  readOnly: true
                - name: gitea-backup-secret
-                  mountPath: /root/.ssh/id_rsa
+                  mountPath: /app/borg/key
-                  subPath: SSH_ID_RSA
+                  subPath: borg_key
          volumes:
            - name: gitea-data
              persistentVolumeClaim:
                claimName: gitea-shared-storage
@@ -130,7 +133,7 @@ spec:
            - name: gitea-inline-config
              secret:
                secretName: gitea-inline-config
-            
+
            - name: gitea-backup-secret
              secret:
                secretName: gitea-backup-secret
--- a/backups/borgbackup-sidekick.yaml
+++ b/backups/borgbackup-sidekick.yaml
@@ -9,6 +9,7 @@ spec:
  containers:
      - name: borgbackup-sidekick
        image: git.limbosolutions.com/kb/borg-backup:latest
        imagePullPolicy: Always
        resources:
          limits:
            memory: "512Mi"
@@ -21,18 +22,18 @@ spec:
            valueFrom:
              secretKeyRef:
                name: gitea-backup-secret
-                key: BORG_REPO
+                key: borg_repo
          - name: BORG_PASSPHRASE
            valueFrom:
              secretKeyRef:
                name: gitea-backup-secret
-                key: BORG_PASSPHRASE
+                key: borg_passphrase
          - name: BORG_RSH
-            value: ssh -o StrictHostKeyChecking=no
+            value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR
-          - name: BORG_KEY_FILE
+          - name: borg_key_file
            value: /root/.borg/key
        command: ["sh", "-c"]
@@ -44,13 +45,14 @@ spec:
        volumeMounts:
-          - name: gitea-backup-secret
+        - name: gitea-backup-secret
-            mountPath: /root/.borg/key
+          mountPath: /root/.ssh/id_rsa
-            subPath: BORG_KEY_FILE
+          subPath: ssh_id_rsa
          readOnly: true
-          - name: gitea-backup-secret
+        - name: gitea-backup-secret
-            mountPath: /root/.ssh/id_rsa
+          mountPath: /app/borg/key
-            subPath: SSH_ID_RSA
+          subPath: borg_key
  volumes:
    - name: gitea-backup-secret
      secret:
--- a/backups/gitea-backup-secrets.yaml
+++ b/backups/gitea-backup-secrets.yaml
@@ -6,11 +6,11 @@ metadata:
  namespace: git-limbosolutions-com
 type: Opaque
 stringData:
-  PBS_REPOSITORY: ${PBS_REPOSITORY}
+  pbs_repository: ${PBS_REPOSITORY}
-  PBS_PASSWORD: ${PBS_PASSWORD}
+  pbs_password: ${PBS_PASSWORD}
-  PBS_FINGERPRINT: ${PBS_FINGERPRINT}
+  pbs_fingerprint: ${PBS_FINGERPRINT}
-  BORG_REPO: ${BORG_REPO}
+  borg_repo: ${BORG_REPO}
-  BORG_PASSPHRASE: ${BORG_PASSPHRASE}
+  borg_passphrase: ${BORG_PASSPHRASE}
  #SSH_ID_RSA: ""
-  #BORG_KEY_FILE: ""
+  #BORG_KEY: ""