c4k-forgejo/doc/BackupAndRestore.md

74 lines
2.4 KiB
Markdown
Raw Normal View History

2022-09-16 09:57:24 +00:00
# Backup Architecture details
![](backup.svg)
* we use restic to produce small & encrypted backups
* backup is scheduled at `schedule: "10 23 * * *"`
2023-04-21 06:56:06 +00:00
* Forgejo stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up.
2022-09-16 09:57:24 +00:00
* The postgres db is also backed up
2025-01-13 15:04:12 +00:00
## Manual backup
2022-09-16 09:57:24 +00:00
2025-01-13 15:04:12 +00:00
1. Scale down forgejo deployment:
`kubectl -n forgejo scale deployment forgejo --replicas=0`
2. apply backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
2025-01-13 15:04:12 +00:00
3. exec into pod and execute backup pod (press tab to get your exact pod name)
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb`
2025-01-13 15:04:12 +00:00
4. remove backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
2025-01-13 15:04:12 +00:00
5. Scale up forgejo deployment:
`kubectl -n forgejo scale deployment forgejo --replicas=1`
2022-09-16 09:57:24 +00:00
## Manual restore
2025-01-13 15:04:12 +00:00
1. Scale down forgejo deployment:
`kubectl -n forgejo scale deployment forgejo --replicas=0`
2025-01-13 15:04:12 +00:00
2. apply backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=1`
2022-09-16 13:23:25 +00:00
3. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb`
2023-04-21 06:56:06 +00:00
4. Start forgejo again:
`kubectl -n forgejo scale deployment forgejo --replicas=1`
2022-09-16 13:23:25 +00:00
5. remove backup-and-restore pod:
`kubectl -n forgejo scale deployment backup-restore --replicas=0`
2025-01-13 15:04:12 +00:00
## Change Password
1. Check restic-new-password env is set in backup deployment
```
kind: Deployment
metadata:
name: backup-restore
spec:
spec:
containers:
- name: backup-app
env:
- name: RESTIC_NEW_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-new-password
```
2. Add restic-new-password to secret
```
kind: Secret
metadata:
name: backup-secret
data:
restic-password: old
restic-new-password: new
```
3. Scale backup-restore deployment up:
`kubectl -n nextcloud scale deployment backup-restore --replicas=1`
4. exec into pod and execute restore pod
`kubectl -n nextcloud exec -it backup-restore -- change-password.bb`
5. Scale backup-restore deployment down:
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
6. Replace restic-password with restic-new-password in secret
```
kind: Secret
metadata:
name: backup-secret
data:
restic-password: new
```