83 lines
2.7 KiB
Markdown
83 lines
2.7 KiB
Markdown
# Application Backup for k8s
|
|
|
|
|
|
|
|
* we use restic to produce small & encrypted backups
|
|
* backups are stored in s3
|
|
* backup is scheduled at `schedule: "10 23 * * *"`
|
|
* backup supports file or postgres-db-dump backup.
|
|
* supported restic usecases are backup, restore, change password, list snapshots, support retentions
|
|
|
|
## Parameter determined by k8s-application
|
|
|
|
1. name of application deployments **deployment-name** to scale down during backup / restore
|
|
2. namespace of application deployments **deployment-namespace**
|
|
|
|
## backup / restore
|
|
|
|
### Scale application down
|
|
|
|
1. Scale [deployment-name] deployment down:
|
|
`kubectl -n [deployment-namespace] scale deployment [deployment-name] --replicas=0`
|
|
|
|
### Manual backup
|
|
|
|
1. Scale backup-restore deployment up:
|
|
`kubectl -n [deployment-namespace] scale deployment backup-restore --replicas=1`
|
|
2. exec into pod and execute restore pod
|
|
`kubectl -n [deployment-namespace] exec -it backup-restore -- backup.bb`
|
|
3. Scale backup-restore deployment down:
|
|
`kubectl -n [deployment-namespace] scale deployment backup-restore --replicas=0`
|
|
|
|
### Manual restore
|
|
|
|
1. Scale backup-restore deployment up:
|
|
`kubectl -n [deployment-namespace] scale deployment backup-restore --replicas=1`
|
|
3. exec into pod and execute restore pod
|
|
`kubectl -n [deployment-namespace] exec -it backup-restore -- restore.bb`
|
|
4. Scale backup-restore deployment down:
|
|
`kubectl -n [deployment-namespace] scale deployment backup-restore --replicas=0`
|
|
|
|
### Scale application up
|
|
|
|
1. Scale [deployment-name] deployment up:
|
|
`kubectl -n [deployment-namespace] scale deployment [deployment-name] --replicas=1`
|
|
|
|
## Change Password
|
|
|
|
1. Check restic-new-password env is set in backup deployment
|
|
```
|
|
kind: Deployment
|
|
metadata:
|
|
name: backup-restore
|
|
spec:
|
|
spec:
|
|
containers:
|
|
- name: backup-app
|
|
env:
|
|
- name: RESTIC_NEW_PASSWORD_FILE
|
|
value: /var/run/secrets/backup-secrets/restic-new-password
|
|
```
|
|
2. Add restic-new-password to secret
|
|
```
|
|
kind: Secret
|
|
metadata:
|
|
name: backup-secret
|
|
data:
|
|
restic-password: old
|
|
restic-new-password: new
|
|
```
|
|
3. Scale backup-restore deployment up:
|
|
`kubectl -n [deployment-namespace] scale deployment backup-restore --replicas=1`
|
|
4. exec into pod and execute restore pod
|
|
`kubectl -n [deployment-namespace] exec -it backup-restore -- change-password.bb`
|
|
5. Scale backup-restore deployment down:
|
|
`kubectl -n [deployment-namespace] scale deployment backup-restore --replicas=0`
|
|
6. Replace restic-password with restic-new-password in secret
|
|
```
|
|
kind: Secret
|
|
metadata:
|
|
name: backup-secret
|
|
data:
|
|
restic-password: new
|
|
```
|
