t.behrendt/backupsidecar

Fork 0

Go to file

Renovate Bot 3f544409f1

Build and Release Docker Image / Build and Push amd64 (push) Successful in 13s

Details

Build and Release Docker Image / Create and Push Multi-Arch Manifest (push) Has been cancelled

Details

Build and Release Docker Image / Build and Push arm64 (push) Has been cancelled

Details

chore: Configure Renovate (#8 )

Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---
### Detected Package Files

 * `Dockerfile` (dockerfile)
 * `.gitea/workflows/cd.yaml` (github-actions)

### What to Expect

It looks like your repository dependencies are already up-to-date and no Pull Requests will be necessary right away.

---

❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section.
If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions).

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

<!--renovate-config-hash:94693a990c975907e7f13da3309b9d56ba02b3983519b41786edf5cf031e457c-->

Reviewed-on: #8
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>

2025-04-18 13:58:29 +02:00

.gitea/workflows

refactor: v2 (#5 )

2025-02-07 20:56:02 +01:00

src

refactor: v2 (#5 )

2025-02-07 20:56:02 +01:00

Dockerfile

refactor: v2 (#5 )

2025-02-07 20:56:02 +01:00

LICENSE

Initial commit

2023-04-28 20:04:23 +02:00

README.md

refactor: v2 (#5 )

2025-02-07 20:56:02 +01:00

renovate.json

chore: Configure Renovate (#8 )

2025-04-18 13:58:29 +02:00

README.md

BackupSidecar

BackupSidecar is a lightweight backup solution designed to run as a cron job in Kubernetes. It automates backups using Restic and supports both directory and PostgreSQL database backups. Notifications are sent via Gotify to keep you informed of backup results.

Configuration

BackupSidecar is configured through environment variables. Below is a breakdown of the available settings.

General Settings

These variables apply to both directory and PostgreSQL backups.

BACKUP_MODE (optional) - Defines the backup type (directory or postgres). Defaults to directory.
RESTIC_PASSWORD (required) - The encryption password for Restic.
RESTIC_REPOSITORY (required) - The URI of the Restic repository (e.g., rest:http://your-rest-server:8000/backup).
RESTIC_REST_USERNAME (optional) - The username for REST server authentication.
RESTIC_REST_PASSWORD (optional) - The password for REST server authentication.
GOTIFYHOST (required) - The Gotify server URL.
GOTIFYTOKEN (required) - The API token for Gotify.
GOTIFYTOPIC (required) - The topic under which backup notifications will be sent.

Directory Backup

When running in directory mode, the following variable must be set:

SOURCEDIR (required) - The path of the directory to be backed up.

PostgreSQL Backup

For postgres mode, the following database-related variables are required:

PGHOST (required) - The hostname of the PostgreSQL server.
PGDATABASE (required) - The name of the database to back up.
PGUSER (required) - The PostgreSQL username.
PGPORT (optional) - The port for PostgreSQL (defaults to 5432).
PGPASSWORD (optional) - The password for authentication. Setting this prevents interactive prompts.
PG_DUMP_ARGS (optional) - Additional flags for pg_dump.

Dependencies

Ensure the following commands are available in the container:

restic
curl
jq
pg_dump (only required for postgres mode)

Usage

Example Kubernetes CronJob manifest for running BackupSidecar as a cron job for directory backups in minimal configuration:

apiVersion: batch/v1
kind: CronJob
metadata:
  name: backupsidecar-cron
  namespace: authentik
spec:
  schedule: "0 7 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 5
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 3
      activeDeadlineSeconds: 300
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - name: backupsidecar
              image: backupsidecar:latest
              env:
                - name: RESTIC_REPOSITORY
                  value: "rest:http://rest-server:8000/backup"
                - name: RESTIC_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: backupsidecar-secret
                      key: restic_password
                - name: BACKUP_MODE
                  value: "directory" # or "postgres"
                - name: SOURCEDIR
                  value: "/data/source"
                - name: GOTIFYHOST
                  value: "http://gotify.example.com"
                - name: GOTIFYTOKEN
                  valueFrom:
                    secretKeyRef:
                      name: backupsidecar-secret
                      key: gotify_token
                - name: GOTIFYTOPIC
                  value: "Backup Notification"
              # (For PostgreSQL mode, add PGHOST, PGDATABASE, PGUSER, PGPORT, PGPASSWORD)
              volumeMounts:
                - name: source-data
                  mountPath: /data/source
          restartPolicy: OnFailure
          volumes:
            - name: source-data
              persistentVolumeClaim:
                claimName: source-data-pvc

Notifications

The script sends success or failure notifications via Gotify.

Example success notification:

Backup successful. Snapshot 56ff6a909a44e01f67d2d88f9a76aa713d437809d7ed14a2361e28893f38befb: files new: 1, files changed: 0, data added: 1019 bytes in 0.277535184 sec