From be09a12730e87458bdef50963fb0df1646a79909 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Wed, 8 May 2024 15:00:41 +0200 Subject: [PATCH] feat(garage): configure backup --- garage/backup/config/buckets | 11 +++++ garage/backup/kustomization.yaml | 18 +++++++ garage/backup/resources/cronjob.yaml | 53 +++++++++++++++++++++ garage/backup/resources/secret.rclone.yaml | Bin 0 -> 898 bytes garage/kustomization.yaml | 1 + 5 files changed, 83 insertions(+) create mode 100644 garage/backup/config/buckets create mode 100644 garage/backup/kustomization.yaml create mode 100644 garage/backup/resources/cronjob.yaml create mode 100644 garage/backup/resources/secret.rclone.yaml diff --git a/garage/backup/config/buckets b/garage/backup/config/buckets new file mode 100644 index 0000000..be7c664 --- /dev/null +++ b/garage/backup/config/buckets @@ -0,0 +1,11 @@ +forgejo +zipline +noco +csi +fider +k3s +hedgedoc +obsidian +linkwarden +backup +blog \ No newline at end of file diff --git a/garage/backup/kustomization.yaml b/garage/backup/kustomization.yaml new file mode 100644 index 0000000..885df82 --- /dev/null +++ b/garage/backup/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: garage + +images: + - name: rclone + newName: rclone/rclone + newTag: "1.66" + +resources: +- resources/cronjob.yaml +- resources/secret.rclone.yaml + +configMapGenerator: + - name: backup-config + files: + - config/buckets \ No newline at end of file diff --git a/garage/backup/resources/cronjob.yaml b/garage/backup/resources/cronjob.yaml new file mode 100644 index 0000000..961b596 --- /dev/null +++ b/garage/backup/resources/cronjob.yaml @@ -0,0 +1,53 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: backup +spec: + schedule: "42 */6 * * *" + jobTemplate: + spec: + completions: 11 + parallelism: 3 + completionMode: Indexed + ttlSecondsAfterFinished: 300 + backoffLimitPerIndex: 3 + template: + spec: + containers: + - name: rclone + image: rclone + command: ["/bin/ash", "-c"] + args: + - | + for bucket in $(cat /config/backup/buckets | head -n $JOB_COMPLETION_INDEX | tail -n 1); + do + if [ -z "$bucket" ]; then exit 0; fi + echo "Syncing bucket $bucket"; + rclone sync -P --update --no-update-modtime --no-update-dir-modtime --ignore-errors -v "garage:$bucket" "storagebox:garage/$bucket/"; + done + volumeMounts: + - name: rclone-config + mountPath: /config/rclone + - name: backup-config + mountPath: /config/backup + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + restartPolicy: OnFailure + volumes: + - name: rclone-config + secret: + secretName: rclone-backup-config + defaultMode: 420 + - name: backup-config + configMap: + name: backup-config + defaultMode: 420 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true \ No newline at end of file diff --git a/garage/backup/resources/secret.rclone.yaml b/garage/backup/resources/secret.rclone.yaml new file mode 100644 index 0000000000000000000000000000000000000000..39e61d8bf69935a3e54bd04e4cbacc6950597ebe GIT binary patch literal 898 zcmV-|1AY8qXJsvAZewzJaCB*JZZ2S2J{Ga6t+!J|I{!H8n9gATvaGG+9bTcTGt)O=dJ_FHu7| zRZU1^RZeYkZ*WF3YIIg+Mr?CRYgI=@3Sm@tH!({wSaV`?a6v(NMQm4ARB|*?Mparf zNKQ$0HBfXiWH4cBLq=+A3N0-yAWKPhP-IzmcuYe!b7p2TFLpIpMQ2Pxb4539ZAnmW zMsHzZa%XpWG)_uM3j0oMkz`q!g6&w0&8I|Qel{2vm|h`YRsy4H%2u458-|gC&uI72 zGoRJQ4T~Xc(F-h(4iLVN+K|U6aM^jHNt2pwFDE;7iX~#4+}Jxgi6;-PnRIp}J^+Pk zxlI%lRde6sD+(i62Rh{+srjC(0m#4VgJ5-)ymRUhX1oat;d)En8_364%jctf!B7YM z>Iaq2((6?5YG`&aX^SsxlS3C;fU*AnAVvc5oaBlus)69)`AToLJCv2oocqUTzZ0Zo zW!6JnDWVRUvr|7Yrjmgs<}+vhlflfb(<~URNptZ`l{C`3-f<5qR z_V9Ttb)9~vl1GFwy~kpaoazeloM0K0p1V0)${$x*4~hx53k{NDcPtEunxo_7tKZ#K zqnJO~%v;HVs#_6u}OY(hf_A?Q_`^ht&oG(?A6c zrY5xlul`x>=+O$w8t^(Zpt@WKFP#yzm^YMcwXV`+KULx$guk#L{xBA*d17Z&KHX&5 zgi6j}2c}Y_gj+w9JNaE3DgycG?gzS7FmV3id6EZY!OxLE!T7KIUz_v`x8$Fw|7)?< zw&zy=MrVuZ&BwCN!T(GlpR&7TMid2Ub=NuvQ|`bqr&!3H)Y7H7N#uCg_qQz#(_VH2 z6lPDsPse1`gNe+3ErfsRZQ!RR3VEGOxnP!6D4qgI%o_3Ve6H~zqQ%8sGorvl(C?Lo z@Unt~HpSedk-XFU(ppHp(c`QP^Dia^X(*^l>fZRZdcK7ElxQZ69V9^S-M1