Last active
May 18, 2022 04:05
-
-
Save integrii/04d947a8577173fbd355cbe374c0a923 to your computer and use it in GitHub Desktop.
Backup host directory with Kubernetes cronjob to rysnc.net with rustic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: batch/v1beta1 | |
| kind: CronJob | |
| metadata: | |
| name: restic-backup-synapse | |
| namespace: synapse | |
| spec: | |
| schedule: "0 4 * * *" | |
| concurrencyPolicy: Forbid | |
| successfulJobsHistoryLimit: 3 | |
| failedJobsHistoryLimit: 3 | |
| jobTemplate: | |
| spec: | |
| backoffLimit: 2 | |
| template: | |
| spec: | |
| nodeName: k8s-worker5 | |
| volumes: | |
| - name: host | |
| hostPath: | |
| path: / | |
| type: Directory | |
| - name: ssh-private-key | |
| secret: | |
| secretName: restic-ssh-private-key | |
| items: | |
| - key: id_rsa | |
| mode: 0400 | |
| path: id_rsa | |
| - name: ssh-config | |
| configMap: | |
| name: ssh-config | |
| restartPolicy: Never | |
| containers: | |
| - name: restic | |
| image: restic/restic | |
| env: | |
| - name: RESTIC_PASSWORD | |
| value: “<restic repo password>“ | |
| - name: RESTIC_REPOSITORY | |
| value: "sftp:<rsync.net user>@<rsync.net user>.rsync.net:garage/synapse" | |
| command: ["restic", "backup", "--verbose", "--limit-upload=610", "--no-cache", "/host/synapse"] | |
| volumeMounts: | |
| - mountPath: /host | |
| name: host | |
| - mountPath: /ssh | |
| name: ssh-private-key | |
| - mountPath: /root/.ssh | |
| name: ssh-config | |
| securityContext: | |
| privileged: true | |
| runAsUser: 0 | |
| --- | |
| apiVersion: v1 | |
| data: | |
| config: | | |
| Host <rsync.net user>.rsync.net | |
| User <rsync.net user> | |
| IdentityFile /ssh/id_rsa | |
| StrictHostKeyChecking no | |
| kind: ConfigMap | |
| metadata: | |
| name: ssh-config | |
| namespace: synapse | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: restic-ssh-private-key | |
| namespace: synapse | |
| type: Opaque | |
| data: | |
| id_rsa: <base64 private key> |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This privileged cronjob container uses a private key
secretwith a ssh configconfigmapto run arusticbackup to rsync.net. This backs up the host directory/synapseto the remote rustic repositorygarage/synapsein my rsync.net account.This script is concurrency-safe and will automatically retry. Runs at 4am every day.