diff --git a/garage/backup/config/buckets b/garage/backup/config/buckets new file mode 100644 index 0000000..be7c664 --- /dev/null +++ b/garage/backup/config/buckets @@ -0,0 +1,11 @@ +forgejo +zipline +noco +csi +fider +k3s +hedgedoc +obsidian +linkwarden +backup +blog \ No newline at end of file diff --git a/garage/backup/kustomization.yaml b/garage/backup/kustomization.yaml new file mode 100644 index 0000000..885df82 --- /dev/null +++ b/garage/backup/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: garage + +images: + - name: rclone + newName: rclone/rclone + newTag: "1.66" + +resources: +- resources/cronjob.yaml +- resources/secret.rclone.yaml + +configMapGenerator: + - name: backup-config + files: + - config/buckets \ No newline at end of file diff --git a/garage/backup/resources/cronjob.yaml b/garage/backup/resources/cronjob.yaml new file mode 100644 index 0000000..961b596 --- /dev/null +++ b/garage/backup/resources/cronjob.yaml @@ -0,0 +1,53 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: backup +spec: + schedule: "42 */6 * * *" + jobTemplate: + spec: + completions: 11 + parallelism: 3 + completionMode: Indexed + ttlSecondsAfterFinished: 300 + backoffLimitPerIndex: 3 + template: + spec: + containers: + - name: rclone + image: rclone + command: ["/bin/ash", "-c"] + args: + - | + for bucket in $(cat /config/backup/buckets | head -n $JOB_COMPLETION_INDEX | tail -n 1); + do + if [ -z "$bucket" ]; then exit 0; fi + echo "Syncing bucket $bucket"; + rclone sync -P --update --no-update-modtime --no-update-dir-modtime --ignore-errors -v "garage:$bucket" "storagebox:garage/$bucket/"; + done + volumeMounts: + - name: rclone-config + mountPath: /config/rclone + - name: backup-config + mountPath: /config/backup + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + restartPolicy: OnFailure + volumes: + - name: rclone-config + secret: + secretName: rclone-backup-config + defaultMode: 420 + - name: backup-config + configMap: + name: backup-config + defaultMode: 420 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true \ No newline at end of file diff --git a/garage/backup/resources/secret.rclone.yaml b/garage/backup/resources/secret.rclone.yaml new file mode 100644 index 0000000..39e61d8 Binary files /dev/null and b/garage/backup/resources/secret.rclone.yaml differ diff --git a/garage/kustomization.yaml b/garage/kustomization.yaml index 8d1d5b5..2ce3287 100644 --- a/garage/kustomization.yaml +++ b/garage/kustomization.yaml @@ -24,6 +24,7 @@ resources: - resources/services.yaml - resources/api_routes.yaml - resources/web_routes.yaml + - backup/ configMapGenerator: - name: garage-config