Skip to content

Instantly share code, notes, and snippets.

@revant
Last active September 6, 2023 14:46
Show Gist options
  • Save revant/2414cedce8e19d209d5d337ea19efabc to your computer and use it in GitHub Desktop.
Save revant/2414cedce8e19d209d5d337ea19efabc to your computer and use it in GitHub Desktop.
backup with restic and S3

For local example, start MinIO

docker run \
  -p 9000:9000 \
  -p 9001:9001 \
  --name localminio \
  -v ~/minio/data:/data \
  -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \
  -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
  quay.io/minio/minio server /data --console-address ":9001"

Initialize Restic Repo with S3

export RESTIC_REPOSITORY="s3:http://localhost:9000/restic-demo"
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export RESTIC_PASSWORD="secret"
restic init

Take backup

cd /home/frappe/frappe-bench
restic backup sites

List snapshots

restic snapshots

repository 4cd7ac50 opened successfully, password is correct
ID        Time                 Host            Tags        Paths
-------------------------------------------------------------------------------------------
369ee669  2022-03-11 22:00:24  develop-laptop             /home/frappe/frappe-bench/sites
-------------------------------------------------------------------------------------------
1 snapshots

Restore backup

cd /home/frappe/frappe-bench
restic restore 369ee669 --target .

Kubernetes Resources

  • restic-init-job.yaml: run restic init as k8s job.
  • restic-backup-cronjob.yaml: runs as a cron to backup a directory.
  • restic-restore-job.yaml: run restic restore for given snapshot id.
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup-sites
spec:
schedule: "0 */3 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: restic-restore
workingDir: /sites
image: restic/restic:latest
args:
- "backup"
- "."
env:
- name: RESTIC_REPOSITORY
value: "${RESTIC_REPOSITORY}"
- name: AWS_ACCESS_KEY_ID
value: "${AWS_ACCESS_KEY_ID}"
- name: AWS_SECRET_ACCESS_KEY
value: "${AWS_SECRET_ACCESS_KEY}"
- name: RESTIC_PASSWORD
value: "${RESTIC_PASSWORD}"
volumeMounts:
- name: sites-dir
mountPath: /sites
volumes:
- name: sites-dir
persistentVolumeClaim:
claimName: ${SITES_PVC}
readOnly: false
restartPolicy: OnFailure
apiVersion: batch/v1
kind: Job
metadata:
name: restic-init
spec:
backoffLimit: 0
template:
spec:
containers:
- name: restic-init
image: restic/restic:latest
args: ["init"]
env:
- name: RESTIC_REPOSITORY
value: "${RESTIC_REPOSITORY}"
- name: AWS_ACCESS_KEY_ID
value: "${AWS_ACCESS_KEY_ID}"
- name: AWS_SECRET_ACCESS_KEY
value: "${AWS_SECRET_ACCESS_KEY}"
- name: RESTIC_PASSWORD
value: "${RESTIC_PASSWORD}"
restartPolicy: Never
apiVersion: batch/v1
kind: Job
metadata:
name: restic-restore-sites
spec:
backoffLimit: 0
template:
spec:
containers:
- name: restic-restore
workingDir: /sites
image: restic/restic:latest
args:
- "restore"
- "$(SNAPSHOT_ID)"
- "--target"
- .
env:
- name: RESTIC_REPOSITORY
value: "${RESTIC_REPOSITORY}"
- name: AWS_ACCESS_KEY_ID
value: "${AWS_ACCESS_KEY_ID}"
- name: AWS_SECRET_ACCESS_KEY
value: "${AWS_SECRET_ACCESS_KEY}"
- name: RESTIC_PASSWORD
value: "${RESTIC_PASSWORD}"
- name: SNAPSHOT_ID
value: "${SNAPSHOT_ID}"
volumeMounts:
- name: sites-dir
mountPath: /sites
volumes:
- name: sites-dir
persistentVolumeClaim:
claimName: ${SITES_PVC}
readOnly: false
restartPolicy: Never
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment