t.behrendt/backupsidecar
1
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Activity

refactor: v2 (#5)
Some checks failed
Build and Release Docker Image / Create and Push Multi-Arch Manifest (push) Has been cancelled
Details
Build and Release Docker Image / Build and Push arm64 (push) Has been cancelled
Details
Build and Release Docker Image / Build and Push amd64 (push) Has been cancelled
Details

Browse Source 
Reviewed-on: #5
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
This commit was merged in pull request #5.
This commit is contained in:
Timo Behrendt
2025-02-07 20:56:02 +01:00
committed by t.behrendt
parent 07832050dc
commit 6ff6e8759e
8 changed files with 384 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
README.md
View File

@@ -1,20 +1,113 @@
# backupsidecar
# BackupSidecar
Backup sidecar that automatically creates backups of one PVC and saves it to another PVC via restic
BackupSidecar is a lightweight backup solution designed to run as a cron job in Kubernetes. It automates backups using Restic and supports both directory and PostgreSQL database backups. Notifications are sent via Gotify to keep you informed of backup results.
## Function
A cronjob inside the container runs in the configured interval creating the backup and purging old backups.
A notification is sent to gotify on completion of the backup or on error of either the backup or purge.
## Configuration
## Environment Variables
| ENV Variable | Required |Description| Example Value
|--------------|----------|--------------|-
|INTERVAL|yes|cronjob interval string|15 14 * * *|
|RESTIC_REPOSITORY|yes|path of the restic repository|/mnt/backups/gitea|
|SOURCEDIR |yes|path of the path to backup|/mnt/toBackup/|
|KEEPLAST|yes|number of increments to keep (keep in mind that the number of backups to keep correlates with the interval in which they are created) |10|
|RESTIC_PASSWORD|yes|password for the restic repository|******|
|RUNONSTART|no|set to true to force a backup at the start of the container|true|
|GOTIFYHOST|yes|URL of the gotify server (without trailing slash)|https://gotify.example.com|
|GOTIFYTOKEN|yes|gotify app token|******|
|GOTIFYTOPIC|yes|gotify topic to include in the notification|gotify|
BackupSidecar is configured through environment variables. Below is a breakdown of the available settings.
### General Settings
These variables apply to both directory and PostgreSQL backups.
- **`BACKUP_MODE`** _(optional)_ - Defines the backup type (`directory` or `postgres`). Defaults to `directory`.
- **`RESTIC_PASSWORD`** _(required)_ - The encryption password for Restic.
- **`RESTIC_REPOSITORY`** _(required)_ - The URI of the Restic repository (e.g., `rest:http://your-rest-server:8000/backup`).
- **`RESTIC_REST_USERNAME`** _(optional)_ - The username for REST server authentication.
- **`RESTIC_REST_PASSWORD`** _(optional)_ - The password for REST server authentication.
- **`GOTIFYHOST`** _(required)_ - The Gotify server URL.
- **`GOTIFYTOKEN`** _(required)_ - The API token for Gotify.
- **`GOTIFYTOPIC`** _(required)_ - The topic under which backup notifications will be sent.
### Directory Backup
When running in `directory` mode, the following variable must be set:
- **`SOURCEDIR`** _(required)_ - The path of the directory to be backed up.
### PostgreSQL Backup
For `postgres` mode, the following database-related variables are required:
- **`PGHOST`** _(required)_ - The hostname of the PostgreSQL server.
- **`PGDATABASE`** _(required)_ - The name of the database to back up.
- **`PGUSER`** _(required)_ - The PostgreSQL username.
- **`PGPORT`** _(optional)_ - The port for PostgreSQL (defaults to `5432`).
- **`PGPASSWORD`** _(optional)_ - The password for authentication. Setting this prevents interactive prompts.
- **`PG_DUMP_ARGS`** _(optional)_ - Additional flags for `pg_dump`.
## Dependencies
Ensure the following commands are available in the container:
- `restic`
- `curl`
- `jq`
- `pg_dump` _(only required for `postgres` mode)_
## Usage
Example Kubernetes CronJob manifest for running BackupSidecar as a cron job for directory backups in minimal configuration:
```yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: backupsidecar-cron
namespace: authentik
spec:
schedule: "0 7 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 5
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 3
activeDeadlineSeconds: 300
template:
spec:
restartPolicy: OnFailure
containers:
- name: backupsidecar
image: backupsidecar:latest
env:
- name: RESTIC_REPOSITORY
value: "rest:http://rest-server:8000/backup"
- name: RESTIC_PASSWORD
valueFrom:
secretKeyRef:
name: backupsidecar-secret
key: restic_password
- name: BACKUP_MODE
value: "directory" # or "postgres"
- name: SOURCEDIR
value: "/data/source"
- name: GOTIFYHOST
value: "http://gotify.example.com"
- name: GOTIFYTOKEN
valueFrom:
secretKeyRef:
name: backupsidecar-secret
key: gotify_token
- name: GOTIFYTOPIC
value: "Backup Notification"
# (For PostgreSQL mode, add PGHOST, PGDATABASE, PGUSER, PGPORT, PGPASSWORD)
volumeMounts:
- name: source-data
mountPath: /data/source
restartPolicy: OnFailure
volumes:
- name: source-data
persistentVolumeClaim:
claimName: source-data-pvc
```
## Notifications
The script sends success or failure notifications via Gotify.
Example success notification:
```
Backup successful. Snapshot 56ff6a909a44e01f67d2d88f9a76aa713d437809d7ed14a2361e28893f38befb: files new: 1, files changed: 0, data added: 1019 bytes in 0.277535184 sec
```