meissa/c4k-forgejo
6
0
Fork 0
Code Issues Pull requests Projects Releases30 Packages Wiki Activity
c4k-forgejo/doc/BackupAndRestore.md
Michael Jerger fd0ff2880d infra work
2025-01-13 16:04:12 +01:00

2.4 KiB
Raw Blame History

Backup Architecture details

  • we use restic to produce small & encrypted backups
  • backup is scheduled at schedule: "10 23 * * *"
  • Forgejo stores files in /data/gitea and /data/git/repositories, these files are backed up.
  • The postgres db is also backed up

Manual backup

  1. Scale down forgejo deployment:
    kubectl -n forgejo scale deployment forgejo --replicas=0
  2. apply backup-and-restore pod:
    kubectl -n forgejo scale deployment backup-restore --replicas=1
  3. exec into pod and execute backup pod (press tab to get your exact pod name)
    kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb
  4. remove backup-and-restore pod:
    kubectl -n forgejo scale deployment backup-restore --replicas=0
  5. Scale up forgejo deployment:
    kubectl -n forgejo scale deployment forgejo --replicas=1

Manual restore

  1. Scale down forgejo deployment: kubectl -n forgejo scale deployment forgejo --replicas=0
  2. apply backup-and-restore pod:
    kubectl -n forgejo scale deployment backup-restore --replicas=1
  3. exec into pod and execute restore pod (press tab to get your exact pod name)
    kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb
  4. Start forgejo again: kubectl -n forgejo scale deployment forgejo --replicas=1
  5. remove backup-and-restore pod:
    kubectl -n forgejo scale deployment backup-restore --replicas=0

Change Password

  1. Check restic-new-password env is set in backup deployment 
    kind: Deployment
metadata:
  name: backup-restore
spec:
    spec:
      containers:
      - name: backup-app
        env:
        - name: RESTIC_NEW_PASSWORD_FILE
          value: /var/run/secrets/backup-secrets/restic-new-password
  2. Add restic-new-password to secret 
    kind: Secret
metadata:
  name: backup-secret
data:
  restic-password: old
  restic-new-password: new
  3. Scale backup-restore deployment up:
    kubectl -n nextcloud scale deployment backup-restore --replicas=1
  4. exec into pod and execute restore pod
    kubectl -n nextcloud exec -it backup-restore -- change-password.bb
  5. Scale backup-restore deployment down:
    kubectl -n nextcloud scale deployment backup-restore --replicas=0
  6. Replace restic-password with restic-new-password in secret 
    kind: Secret
metadata:
  name: backup-secret
data:
  restic-password: new