eumel8/vcluster-backup.yaml

## vcluster-backup.yaml
# adjust s3 access_key,host_base, secret_key, and s3 bucketname
apiVersion: v1
kind: Secret
metadata:
  name: s3cfg
type: Opaque
stringData:
  .s3cfg: |-
    [default]
    access_key = xxxxx
    bucket_location = Default
    check_ssl_certificate = False
    check_ssl_hostname = False
    host_base = vcluster-backup.xxxxx
    host_bucket = vcluster-backup.cxxxx
    secret_key = xxxxx
---
apiVersion: v1
data:
  run.sh: |
    cd /data/server/db
    mkdir -p backup
    sqlite3 state.db ".backup backup/state-$(date +%Y-%m-%d-%H-%M-%S).db"
    cp ../token backup/token-$(date +%Y-%m-%d-%H-%M-%S)
    cd backup
    tar cvfz backup-$(date +%Y-%m-%d-%H-%M-%S).tgz *
    # encrypt file with a password
    openssl enc -aes256 -a -pass pass:vcl1pass01 -in backup-$(date +%Y-%m-%d-%H-%M-%S).tgz -out backup-$(date +%Y-%m-%d-%H-%M-%S).tgz.enc
    # put the encrypted file to the target bucket
    s3cmd -v put backup-$(date +%Y-%m-%d-%H-%M-%S).tgz.enc s3://vclusterbackup1
    cd ..
    rm -rf backup && exit 0
kind: ConfigMap
metadata:
  labels:
    app: vcluster-backup
  name: vcluster-backup
---
apiVersion: batch/v1
kind: CronJob
metadata:
  labels:
    job-name: vcluster-backup
  name: vcluster-backup
spec:
  schedule: "50 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: Never
          # set nodeName where vcluster is running to prevent multi-attach errors
          nodeName: worker-ip-10-125-40-118-eu-de-01
          securityContext:
            fsGroup: 1000
            supplementalGroups:
            - 1000
          containers:
            # this image needs s3cmd,sqlite
          - image: mtr.devops.telekom.de/caas/k8s-tools:latest
            imagePullPolicy: Always
            name: vcluster-backup
            command: ["sh","-c"]
            args: ["/sidecar/run.sh"]
            securityContext:
              capabilities:
                drop:
                - ALL
              runAsUser: 1000
              runAsGroup: 1000
              allowPrivilegeEscalation: false
              privileged: false
              readOnlyRootFilesystem: true
            volumeMounts:
            - name: data
              mountPath: /data
            - name: vcluster-backup
              mountPath: /sidecar
            - name: s3cfg
              readOnly: true
              mountPath: "/home/appuser"
          volumes:
          - name: s3cfg
            secret:
              secretName: s3cfg
          - name: vcluster-backup
            configMap:
              defaultMode: 0755
              name: vcluster-backup
          - name: data
            persistentVolumeClaim:
              # set claimName here
              claimName: data-kunde1-vcluster-0
# ---
# apiVersion: batch/v1
# kind: Job
# metadata:
#   labels:
#     job-name: vcluster-restore
#   name: vcluster-restore
# spec:
#   backoffLimit: 1
#   completions: 1
#   parallelism: 1
#   template:
#     spec:
#       nodeName: worker-ip-10-125-40-107-eu-de-01
#       securityContext:
#         fsGroup: 1000
#         supplementalGroups:
#         - 1000
#       restartPolicy: Never
#       containers:
#       - image: mtr.devops.telekom.de/caas/k8s-tools:latest
#         imagePullPolicy: Always
#         name: vcluster-restore
#         command: ["sh"]
#         #args: ["-c","cd /data; s3cmd get s3://vclusterbackup1/backup-2024-02-13-22-43-01.tgz.enc && exit 0"]
#         args: ["-c","cd /data; s3cmd sync s3://vclusterbackup1 restore && exit 0"]
#         securityContext:
#           capabilities:
#             drop:
#             - ALL
#           runAsUser: 1000
#           runAsGroup: 1000
#           allowPrivilegeEscalation: false
#           privileged: false
#           readOnlyRootFilesystem: true
#         volumeMounts:
#         - name: data
#           mountPath: /data
#         - name: s3cfg
#           readOnly: true
#           mountPath: "/home/appuser"
#       volumes:
#       - name: s3cfg
#         secret:
#           secretName: s3cfg
#       - name: data
#         persistentVolumeClaim:
#           claimName: data-kunde5-0
	# adjust s3 access_key,host_base, secret_key, and s3 bucketname
	apiVersion: v1
	kind: Secret
	metadata:
	name: s3cfg
	type: Opaque
	stringData:
	.s3cfg: \|-
	[default]
	access_key = xxxxx
	bucket_location = Default
	check_ssl_certificate = False
	check_ssl_hostname = False
	host_base = vcluster-backup.xxxxx
	host_bucket = vcluster-backup.cxxxx
	secret_key = xxxxx
	---
	apiVersion: v1
	data:
	run.sh: \|
	cd /data/server/db
	mkdir -p backup
	sqlite3 state.db ".backup backup/state-$(date +%Y-%m-%d-%H-%M-%S).db"
	cp ../token backup/token-$(date +%Y-%m-%d-%H-%M-%S)
	cd backup
	tar cvfz backup-$(date +%Y-%m-%d-%H-%M-%S).tgz *
	# encrypt file with a password
	openssl enc -aes256 -a -pass pass:vcl1pass01 -in backup-$(date +%Y-%m-%d-%H-%M-%S).tgz -out backup-$(date +%Y-%m-%d-%H-%M-%S).tgz.enc
	# put the encrypted file to the target bucket
	s3cmd -v put backup-$(date +%Y-%m-%d-%H-%M-%S).tgz.enc s3://vclusterbackup1
	cd ..
	rm -rf backup && exit 0
	kind: ConfigMap
	metadata:
	labels:
	app: vcluster-backup
	name: vcluster-backup
	---
	apiVersion: batch/v1
	kind: CronJob
	metadata:
	labels:
	job-name: vcluster-backup
	name: vcluster-backup
	spec:
	schedule: "50 * * * *"
	jobTemplate:
	spec:
	template:
	spec:
	restartPolicy: Never
	# set nodeName where vcluster is running to prevent multi-attach errors
	nodeName: worker-ip-10-125-40-118-eu-de-01
	securityContext:
	fsGroup: 1000
	supplementalGroups:
	- 1000
	containers:
	# this image needs s3cmd,sqlite
	- image: mtr.devops.telekom.de/caas/k8s-tools:latest
	imagePullPolicy: Always
	name: vcluster-backup
	command: ["sh","-c"]
	args: ["/sidecar/run.sh"]
	securityContext:
	capabilities:
	drop:
	- ALL
	runAsUser: 1000
	runAsGroup: 1000
	allowPrivilegeEscalation: false
	privileged: false
	readOnlyRootFilesystem: true
	volumeMounts:
	- name: data
	mountPath: /data
	- name: vcluster-backup
	mountPath: /sidecar
	- name: s3cfg
	readOnly: true
	mountPath: "/home/appuser"
	volumes:
	- name: s3cfg
	secret:
	secretName: s3cfg
	- name: vcluster-backup
	configMap:
	defaultMode: 0755
	name: vcluster-backup
	- name: data
	persistentVolumeClaim:
	# set claimName here
	claimName: data-kunde1-vcluster-0
	# ---
	# apiVersion: batch/v1
	# kind: Job
	# metadata:
	# labels:
	# job-name: vcluster-restore
	# name: vcluster-restore
	# spec:
	# backoffLimit: 1
	# completions: 1
	# parallelism: 1
	# template:
	# spec:
	# nodeName: worker-ip-10-125-40-107-eu-de-01
	# securityContext:
	# fsGroup: 1000
	# supplementalGroups:
	# - 1000
	# restartPolicy: Never
	# containers:
	# - image: mtr.devops.telekom.de/caas/k8s-tools:latest
	# imagePullPolicy: Always
	# name: vcluster-restore
	# command: ["sh"]
	# #args: ["-c","cd /data; s3cmd get s3://vclusterbackup1/backup-2024-02-13-22-43-01.tgz.enc && exit 0"]
	# args: ["-c","cd /data; s3cmd sync s3://vclusterbackup1 restore && exit 0"]
	# securityContext:
	# capabilities:
	# drop:
	# - ALL
	# runAsUser: 1000
	# runAsGroup: 1000
	# allowPrivilegeEscalation: false
	# privileged: false
	# readOnlyRootFilesystem: true
	# volumeMounts:
	# - name: data
	# mountPath: /data
	# - name: s3cfg
	# readOnly: true
	# mountPath: "/home/appuser"
	# volumes:
	# - name: s3cfg
	# secret:
	# secretName: s3cfg
	# - name: data
	# persistentVolumeClaim:
	# claimName: data-kunde5-0