Backup system

When I created the cortado cluster (which is a single node cluster), I used a ZFS zpool (created manually) and local-path-provisionner to create persistent volumes on the mounted ZFS filesystem.

To backup the data, I use volsync to create backup and send backup (using restic) to a minio server.

I will have a restic repository per backup source.

Create a restic repository

export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_KEY
export RESTIC_PASSWORD=REPOSITORY_PASSWORD
export RESTIC_REPOSITORY=s3:http://MINIO_URL:9000/BUCKET

From your workstation, create the repository

restic init

Then, create a secret in the cluster with the credentials to access the repository

kubectl create secret generic -n kube-system restic-credentials \
  --from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  --from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  --from-literal=RESTIC_PASSWORD=$RESTIC_PASSWORD \
  --from-literal=RESTIC_REPOSITORY=$RESTIC_REPOSITORY
Use an ExternalSecret
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: restic-credentials
  namespace: komga
spec:
  refreshInterval: "30s"
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: restic-credentials
  data:
    - secretKey: AWS_ACCESS_KEY_ID
      remoteRef:
        key: restic
        property: AWS_ACCESS_KEY_ID
    - secretKey: AWS_SECRET_ACCESS_KEY
      remoteRef:
        key: restic
        property: AWS_SECRET_ACCESS_KEY
    - secretKey: RESTIC_PASSWORD
      remoteRef:
        key: restic
        property: RESTIC_PASSWORD
    - secretKey: RESTIC_REPOSITORY
      remoteRef:
        key: restic
        property: RESTIC_REPOSITORY

You can now create a ReplicationSource to backup a specific PVC.

apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
  name: komga
spec:
  # The PVC name to backup
  sourcePVC: komga-data
  trigger:
    schedule: "*/5 * * * *"
  restic:
    pruneIntervalDays: 7
    repository: restic-credentials
    retain:
      hourly: 6
      daily: 5
      weekly: 4
      monthly: 2
      yearly: 1
    copyMethod: Direct

From your workstation, you can see backups

$ restic snapshots
repository f8c8acc2 opened (version 2, compression level auto)
created new cache in /Users/qjoly/Library/Caches/restic
ID        Time                 Host        Tags        Paths  Size
-----------------------------------------------------------------------
7ebbffdd  2024-12-24 09:38:48  volsync                 /data  1.689 MiB
8a7574a4  2024-12-24 09:55:06  volsync                 /data  1.689 MiB
9b5b7a1a  2024-12-24 10:00:07  volsync                 /data  1.689 MiB
-----------------------------------------------------------------------
3 snapshots

Restore a backup

Eh, eh, this is still a work in progress. I will update this section when I have more information.