Last active
May 18, 2022 04:05
-
-
Save integrii/04d947a8577173fbd355cbe374c0a923 to your computer and use it in GitHub Desktop.
Backup host directory with Kubernetes cronjob to rysnc.net with rustic
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: batch/v1beta1 | |
kind: CronJob | |
metadata: | |
name: restic-backup-synapse | |
namespace: synapse | |
spec: | |
schedule: "0 4 * * *" | |
concurrencyPolicy: Forbid | |
successfulJobsHistoryLimit: 3 | |
failedJobsHistoryLimit: 3 | |
jobTemplate: | |
spec: | |
backoffLimit: 2 | |
template: | |
spec: | |
nodeName: k8s-worker5 | |
volumes: | |
- name: host | |
hostPath: | |
path: / | |
type: Directory | |
- name: ssh-private-key | |
secret: | |
secretName: restic-ssh-private-key | |
items: | |
- key: id_rsa | |
mode: 0400 | |
path: id_rsa | |
- name: ssh-config | |
configMap: | |
name: ssh-config | |
restartPolicy: Never | |
containers: | |
- name: restic | |
image: restic/restic | |
env: | |
- name: RESTIC_PASSWORD | |
value: “<restic repo password>“ | |
- name: RESTIC_REPOSITORY | |
value: "sftp:<rsync.net user>@<rsync.net user>.rsync.net:garage/synapse" | |
command: ["restic", "backup", "--verbose", "--limit-upload=610", "--no-cache", "/host/synapse"] | |
volumeMounts: | |
- mountPath: /host | |
name: host | |
- mountPath: /ssh | |
name: ssh-private-key | |
- mountPath: /root/.ssh | |
name: ssh-config | |
securityContext: | |
privileged: true | |
runAsUser: 0 | |
--- | |
apiVersion: v1 | |
data: | |
config: | | |
Host <rsync.net user>.rsync.net | |
User <rsync.net user> | |
IdentityFile /ssh/id_rsa | |
StrictHostKeyChecking no | |
kind: ConfigMap | |
metadata: | |
name: ssh-config | |
namespace: synapse | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: restic-ssh-private-key | |
namespace: synapse | |
type: Opaque | |
data: | |
id_rsa: <base64 private key> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This privileged cronjob container uses a private key
secret
with a ssh configconfigmap
to run arustic
backup to rsync.net. This backs up the host directory/synapse
to the remote rustic repositorygarage/synapse
in my rsync.net account.This script is concurrency-safe and will automatically retry. Runs at 4am every day.