Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

A simple script to backup your Gitlab data. This script will copy the backup archives of your gitlab installation via rsync, or scp. Also, you can copy backups to Backblaze’s B2 Cloud Storage service.

Stars: ✭ 291 (-30.55%)

Mutual labels: backup

Wikiteam

Tools for downloading and preserving wikis. We archive wikis, from Wikipedia to tiniest wikis. As of 2020, WikiTeam has preserved more than 250,000 wikis.

Stars: ✭ 404 (-3.58%)

Mutual labels: backup

Seedvault

A backup application for the Android Open Source Project.

Stars: ✭ 325 (-22.43%)

Mutual labels: backup

Linux Timemachine

Rsync-based OSX-like time machine for Linux, MacOS and BSD for atomic and resumable local and remote backups

Stars: ✭ 358 (-14.56%)

Mutual labels: backup

Wal E

Continuous Archiving for Postgres

Stars: ✭ 3,313 (+690.69%)

Mutual labels: backup

Export Saved Reddit

Export saved Reddit posts into a HTML file for import into Google Chrome.

Stars: ✭ 323 (-22.91%)

Mutual labels: backup

Django Smuggler

Django Smuggler is a pluggable application for Django Web Framework that helps you to import/export fixtures via the automatically-generated administration interface.

Stars: ✭ 350 (-16.47%)

Mutual labels: backup

Ludusavi

Backup tool for PC game saves

Stars: ✭ 301 (-28.16%)

Mutual labels: backup

Clickhouse Backup

Tool for easy ClickHouse backup and restore with cloud storages support

Stars: ✭ 359 (-14.32%)

Mutual labels: backup

Reshifter

Kubernetes cluster state management

Stars: ✭ 292 (-30.31%)

Mutual labels: backup

Across

Across the Great Wall we can reach every corner in the world

Stars: ✭ 3,654 (+772.08%)

Mutual labels: backup

Telegram backup

Java app to download all your telegram data.

Stars: ✭ 409 (-2.39%)

Mutual labels: backup

Pg probackup

Backup and recovery manager for PostgreSQL

Stars: ✭ 383 (-8.59%)

Mutual labels: backup

Xen Orchestra

The complete web solution to manage and backup XCP-ng and Citrix Hypervisor.

Stars: ✭ 358 (-14.56%)

Mutual labels: backup

View All Similar Projects ➔

kube-backup

Quick 'n dirty kubernetes state backup script, designed to be ran as kubernetes Job. Think of it like RANCID for kubernetes.

Props to @gianrubio for coming up with the idea.

Setup

Use the deployment example (ssh or AWS CodeCommit authentication) and deploy a kubernetes CronJob primitive in your kubernetes (1.5 and up) cluster ensuring backups of kubernetes resource definitions to your private git repo.

Define the following environment parameters:

GIT_REPO - GIT repo url. Required
GIT_PREFIX_PATH - Path to the subdirectory in your repository. Default: .
NAMESPACES - List of namespaces to export. Default: all
GLOBALRESOURCES - List of global resource types to export. Default: namespace
RESOURCETYPES - List of resource types to export. Default: ingress deployment configmap svc rc ds networkpolicy statefulset storageclass cronjob. Notice that Secret objects are intentionally not exported by default (see git-crypt section for details).
GIT_USERNAME - Display name of git user. Default: kube-backup
GIT_EMAIL - Email address of git user. Default: [email protected]
GIT_BRANCH - Use a specific git branch . Default: master
GITCRYPT_ENABLE - Use git-crypt for data encryption. See git-crypt section for details. Default: false
GITCRYPT_PRIVATE_KEY - Path to private gpg key for git-crypt. See git-crypt section for details. Default: /secrets/gpg-private.key
GITCRYPT_SYMMETRIC_KEY - Path to shared symmetric key for git-crypt. See git-crypt section. Default: /secrets/symmetric.key

Choose one of two authentication mechanisms:

When using AWS CodeCommit and policy-based access from AWS, modify your cluster configuration to provide GitPull and GitPush access for that CodeCommit repo to your cluster. If using kops, the configuration will look something like this:

  additionalPolicies:
    node: |
      [
        {
          "Effect": "Allow",
          "Action": [
            "codecommit:GitPull",
            "codecommit:GitPush"
          ],
          "Resource": "arn:aws:codecommit:<region>:<account name>:<repo-name>"
        }
      ]

NOTE: in this deployment, the ssh volume and secret are not present.

When using a different repository (GitHub, BitBucket, etc.), mount a configured ssh directory in /backup/.ssh with the following files:
- known_hosts - Preloaded with SSH host key of $GIT_REPO host.
- id_rsa - SSH private key of user allowed to push to $GIT_REPO.

Easiest way of doing this is:

ssh-keygen -f ./id_rsa
ssh-keyscan $YOUR_GIT_HOST > known_hosts

kubectl create secret generic kube-backup-ssh -n kube-system --from-file=id_rsa --from-file=known_hosts

NOTE: If id_rsa isn't found in your ssh directory, the backup script will assume you're using AWS CodeCommit.

Optional:

Modify the snapshot frequency in spec.schedule using the cron format.
Modify the number of successful and failed finished jobs to retain in spec.successfulJobsHistoryLimit and spec.failedJobsHistoryLimit.
If using RBAC (1.6+), use the ClusterRole and ClusterRoleBindings in rbac.yaml.

git-crypt

For security reasons Secret objects are not exported by default. However there is a possibility to store them safely using the git-crypt project.

Prerequisites

Your repository has to be already initialized with git-crypt. Minimal configuration is listed below. For details and full information see using git-crypt.

cd repo
git-crypt init
cat <<EOF > .gitattributes
*.secret.yaml filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
EOF
git-crypt add-gpg-user <USER_ID>
git add -A
git commit -a -m "initialize git-crypt"

Optional:

You may choose any subdirectory for storing .gitattributes file (useful when using GIT_PREFIX_PATH).
You may encrypt additional files other than secret.yaml. Add additional lines before the .gitattribute filter. You may also use wildcard * to encrypt all files within the directory.

Enable git-crypt

To enable encryption feature:

Set pod environment variable GITCRYPT_ENABLE to true

spec:
  containers:
  - env:
    - name: GITCRYPT_ENABLE
      value: "true"

Create additional Secret object containing either gpg-private or symmetric key

apiVersion: v1
kind: Secret
metadata:
  name: kube-backup-gpg
  namespace: kube-system
data:
  gpg-private.key: <base64_encoded_key>
  symmetric.key: <base64_encoded_key>

Mount keys from Secret as additional volume

spec:
  containers:
  - volumeMounts:
    - mountPath: /secrets
      name: gpgkey
  volumes:
  - name: gpgkey
    secret:
      defaultMode: 420
      secretName: kube-backup-gpg

Add secret object name to RESOURCETYPES variable

spec:
  containers:
  - env:
    - name: RESOURCETYPES
      value: "ingress deployment configmap secret svc rc ds thirdpartyresource networkpolicy statefulset storageclass cronjob"

If using RBAC (1.6+), add secrets to resources

rules:
- apiGroups: ["*"]
  resources: [
    "configmaps",
    "secrets",

(Optional): $GITCRYPT_PRIVATE_KEY and $GITCRYPT_SYMMETRIC_KEY variables are the combination of path where Secret volume is mounted and the name of item key from that object. If you change any value of them from the above example you may need to set this variables accordingly.

Result

All configured resources will be exported into a directory tree structure in YAML format following a $namespace/$name.$type.yaml file structure.

.
├── kube-system
│   ├── attachdetach-controller.serviceaccounts.yaml
│   ├── canal-config.configmap.yaml
│   ├── canal.daemonset.yaml
│   ├── canal.serviceaccounts.yaml
│   ├── certificate-controller.serviceaccounts.yaml
│   ├── cronjob-controller.serviceaccounts.yaml
│   ├── daemon-set-controller.serviceaccounts.yaml
│   ├── default.serviceaccounts.yaml
│   ├── deployment-controller.serviceaccounts.yaml
│   ├── disruption-controller.serviceaccounts.yaml
│   ├── dns-controller.deployment.yaml
│   ├── dns-controller.serviceaccounts.yaml
│   ├── endpoint-controller.serviceaccounts.yaml
│   ├── generic-garbage-collector.serviceaccounts.yaml
│   ├── horizontal-pod-autoscaler.serviceaccounts.yaml
│   ├── job-controller.serviceaccounts.yaml
│   ├── kube-backup-gpg.secret.yaml
│   ├── kube-backup.serviceaccounts.yaml
│   ├── kube-backup-ssh.secret.yaml
│   ├── kube-dns-autoscaler.configmap.yaml
│   ├── kube-dns-autoscaler.deployment.yaml
│   ├── kube-dns-autoscaler.serviceaccounts.yaml
│   ├── kube-dns.deployment.yaml
│   ├── kube-dns.serviceaccounts.yaml
│   ├── kube-dns.service.yaml
│   ├── kubelet.service.yaml
│   ├── kube-prometheus-exporter-kube-controller-manager.service.yaml
│   ├── kube-prometheus-exporter-kube-dns.service.yaml
│   ├── kube-prometheus-exporter-kube-etcd.service.yaml
│   ├── kube-prometheus-exporter-kube-scheduler.service.yaml
│   ├── kube-proxy.serviceaccounts.yaml
│   ├── kube-state-backup-new.cronjob.yaml
│   ├── kube-sysctl.daemonset.yaml
│   ├── letsencrypt-prod.secret.yaml
│   ├── namespace-controller.serviceaccounts.yaml
│   ├── node-controller.serviceaccounts.yaml
│   ├── openvpn-ccd.configmap.yaml
│   ├── openvpn-crl.configmap.yaml
│   ├── openvpn.deployment.yaml
│   ├── openvpn-ingress.service.yaml
│   ├── openvpn-pki.secret.yaml
│   ├── openvpn-portmapping.configmap.yaml
│   ├── openvpn-settings.configmap.yaml
│   ├── persistent-volume-binder.serviceaccounts.yaml
│   ├── pod-garbage-collector.serviceaccounts.yaml
│   ├── replicaset-controller.serviceaccounts.yaml
│   ├── replication-controller.serviceaccounts.yaml
│   ├── resourcequota-controller.serviceaccounts.yaml
│   ├── route53-config.secret.yaml
│   ├── service-account-controller.serviceaccounts.yaml
│   ├── service-controller.serviceaccounts.yaml
│   ├── statefulset-controller.serviceaccounts.yaml
│   ├── sysctl-options.configmap.yaml
│   ├── tiller-deploy.deployment.yaml
│   ├── tiller-deploy.service.yaml
│   ├── tiller.serviceaccounts.yaml
│   └── ttl-controller.serviceaccounts.yaml
├── prd
│   ├── initdb.configmap.yaml
│   ├── example-app.deployment.yaml
│   ├── example-app.ingress.yaml
│   ├── example-app.secret.yaml
│   ├── example-app.service.yaml
│   ├── postgres-admin.secret.yaml
│   ├── postgresql.deployment.yaml
│   ├── postgresql.service.yaml
│   ├── postgres.secret.yaml
│   ├── prd.example.com.secret.yaml
│   ├── redis.service.yaml
│   └── redis-standalone.rc.yaml
└── staging
    ├── initdb.configmap.yaml
    ├── example-app.deployment.yaml
    ├── example-app.ingress.yaml
    ├── example-app.secret.yaml
    ├── example-app.service.yaml
    ├── postgres-admin.secret.yaml
    ├── postgresql.deployment.yaml
    ├── postgresql.service.yaml
    ├── postgres.secret.yaml
    ├── staging.example.com.secret.yaml
    ├── redis.service.yaml
    └── redis-standalone.rc.yaml

3 directories, 80 files

This project is MIT licensed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 419

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (12) 🔗