2.4 KiB
2.4 KiB
Backup Architecture details
- we use restic to produce small & encrypted backups
- backup is scheduled at
schedule: "10 23 * * *"
- Forgejo stores files in
/data/gitea
and/data/git/repositories
, these files are backed up. - The postgres db is also backed up
Manual backup
- Scale down forgejo deployment:
kubectl -n forgejo scale deployment forgejo --replicas=0
- apply backup-and-restore pod:
kubectl -n forgejo scale deployment backup-restore --replicas=1
- exec into pod and execute backup pod (press tab to get your exact pod name)
kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb
- remove backup-and-restore pod:
kubectl -n forgejo scale deployment backup-restore --replicas=0
- Scale up forgejo deployment:
kubectl -n forgejo scale deployment forgejo --replicas=1
Manual restore
- Scale down forgejo deployment:
kubectl -n forgejo scale deployment forgejo --replicas=0
- apply backup-and-restore pod:
kubectl -n forgejo scale deployment backup-restore --replicas=1
- exec into pod and execute restore pod (press tab to get your exact pod name)
kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb
- Start forgejo again:
kubectl -n forgejo scale deployment forgejo --replicas=1
- remove backup-and-restore pod:
kubectl -n forgejo scale deployment backup-restore --replicas=0
Change Password
- Check restic-new-password env is set in backup deployment
kind: Deployment metadata: name: backup-restore spec: spec: containers: - name: backup-app env: - name: RESTIC_NEW_PASSWORD_FILE value: /var/run/secrets/backup-secrets/restic-new-password
- Add restic-new-password to secret
kind: Secret metadata: name: backup-secret data: restic-password: old restic-new-password: new
- Scale backup-restore deployment up:
kubectl -n nextcloud scale deployment backup-restore --replicas=1
- exec into pod and execute restore pod
kubectl -n nextcloud exec -it backup-restore -- change-password.bb
- Scale backup-restore deployment down:
kubectl -n nextcloud scale deployment backup-restore --replicas=0
- Replace restic-password with restic-new-password in secret
kind: Secret metadata: name: backup-secret data: restic-password: new