Merge branch 'backup' of gitlab.com:domaindrivenarchitecture/c4k-gitea into backup

doc/BackupAndRestore.md

@@ -0,0 +1,41 @@
+# Backup Architecture details
+
+![](backup.svg)
+
+* we use restic to produce small & encrypted backups
+* backup is scheduled at `schedule: "10 23 * * *"`
+* Gitea stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up. 
+* The postgres db is also backed up
+
+## Manual init the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+
+## Manual backup the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+  `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+
+## Manual restore
+
+1. apply backup-and-restore pod:   
+  `kubectl scale deployment backup-restore --replicas=1`
+2. Scale down gitea deployment:
+   `kubectl scale deployment gitea --replicas=0`
+3. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
+4. Start gitea again:
+   `kubectl scale deployment gitea --replicas=1`
+5. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`

infrastructure/docker-backup/image/Dockerfile

@@ -1,4 +1,4 @@
-FROM domaindrivenarchitecture/dda-backup:1.0.5
+FROM domaindrivenarchitecture/dda-backup:1.0.6
 
 # Prepare Entrypoint Script
 ADD resources /tmp

infrastructure/docker-backup/image/resources/backup.sh

@@ -8,7 +8,6 @@ function main() {
     file_env RESTIC_DAYS_TO_KEEP 30
     file_env RESTIC_MONTHS_TO_KEEP 12
 
-    #backup-roles 'TODO'
     backup-db-dump
     backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
 }

infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 function main() {
+    create-pg-pass
 
     while true; do
         sleep 1m
@@ -8,4 +9,5 @@ function main() {
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 main

infrastructure/docker-backup/image/resources/entrypoint.sh

@@ -1,9 +1,11 @@
 #!/bin/bash
 
 function main() {
-    
+    create-pg-pass
+
 	/usr/local/bin/backup.sh
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 main

infrastructure/docker-backup/image/resources/init.sh

@@ -4,11 +4,11 @@ function main() {
     file_env AWS_ACCESS_KEY_ID
     file_env AWS_SECRET_ACCESS_KEY
 
-    init-role-repo
     init-database-repo
     init-file-repo
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 source /usr/local/lib/file-functions.sh
 main

infrastructure/docker-backup/image/resources/restic-snapshots.sh

@@ -7,6 +7,7 @@ function main() {
     file_env AWS_SECRET_ACCESS_KEY
 
     restic -r ${RESTIC_REPOSITORY}/files snapshots
+    restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
 }
 
 source /usr/local/lib/functions.sh

infrastructure/docker-backup/image/resources/restore.sh

@@ -15,20 +15,19 @@ function main() {
     rm -rf /var/backups/restore
     restore-directory '/var/backups/restore'
 
-    rm -rf /data/gitea/*
-    rm -rf /data/git/repositories/*
-    cp /var/backups/restore/gitea/* /data/gitea/
-    cp /var/backups/restore/git/repositories/* /data/git/repositories/
+    rm -rf /var/backups/gitea/*
+    rm -rf /var/backups/git/repositories/*
+    cp -r /var/backups/restore/gitea/* /var/backups/gitea/
+    cp -r /var/backups/restore/git/repositories/* /var/backups/git/repositories/
     
-    # adjust file permissions
-    chown -R git:git /data
+    # adjust file permissions for the git user
+    chown -R 1000:1000 /var/backups
 
-    # Regenerate Git Hooks
-    /usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
+    # TODO: Regenerate Git Hooks? Do we need this?
+    #/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
 
     # Restore db
     drop-create-db
-    #restore-roles
     restore-db
 }
 

src/main/resources/backup/backup-restore-deployment.yaml

@@ -22,6 +22,27 @@ spec:
         imagePullPolicy: IfNotPresent
         command: ["/entrypoint-start-and-wait.sh"]
         env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-user
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-password
+        - name: POSTGRES_DB
+          valueFrom:
+            configMapKeyRef:
+              name: postgres-config
+              key: postgres-db
+        - name: POSTGRES_HOST
+          value: "postgresql-service:5432"
+        - name: POSTGRES_SERVICE
+          value: "postgresql-service"
+        - name: POSTGRES_PORT
+          value: "5432"
         - name: AWS_DEFAULT_REGION
           value: eu-central-1
         - name: AWS_ACCESS_KEY_ID_FILE
@@ -35,6 +56,8 @@ spec:
               key: restic-repository
         - name: RESTIC_PASSWORD_FILE
           value: /var/run/secrets/backup-secrets/restic-password
+        - name: CERTIFICATE_FILE
+          value: ""
         volumeMounts:
         - name: gitea-data-volume
           mountPath: /var/backups