docker/persistsync/Dockerfile

@@ -7,3 +7,5 @@ ADD https://dl.minio.io/client/mc/release/linux-amd64/mc /usr/local/bin/mc
 ADD pvsync.sh /usr/local/bin/pvsync
 RUN chmod 755 /usr/local/bin/mc
 RUN mkdir -p /pvs
+
+ENTRYPOINT ["/usr/local/bin/pvsync"]

docker/persistsync/README.md

@@ -7,10 +7,10 @@ I'm a simple container to backup/restore encrypted persistant volume data to an
 ### Docker
 **Backup**
 ```
-docker run -it -V volume:/pvs/volume docker.io/haiku/persistsync pvsync backup volume s3user s3password encryptionpassword
+docker run -it -e S3_BUCKET="" -e S3_KEY="" -e S3_SECRET="" -e TWOSECRET="" -V volume:/pvs/volume docker.io/haiku/persistsync backup volume
 ```
 
 **Restore**
 ```
-docker run -it -V volume:/pvs/volume docker.io/haiku/persistsync pvsync restore volume s3user s3password encryptionpassword
+docker run -it -e S3_BUCKET="" -e S3_KEY="" -e S3_SECRET="" -e TWOSECRET="" -V volume:/pvs/volume docker.io/haiku/persistsync restore volume
 ```

docker/persistsync/pvsync.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
-if [[ $# -ne 5 ]]; then
+if [[ $# -ne 2 ]]; then
 	echo "Backup / Restore persistant volume data"
-	echo "Usage: $0 [backup|restore] <pv_name> <s3_key> <s3_secret> <gpg_secret>"
+	echo "Usage: $0 [backup|restore] <pv_name>"
 	exit 1
 fi
 
@@ -16,15 +16,35 @@ if ! [ -x "$(command -v gpg)" ]; then
   exit 1
 fi
 
+
 BASE="/pvs"
 ACTION="$1"
 VOLUME="$2"
+
 S3_NAME="s3remote"
 S3_HOST="http://s3.wasabisys.com"
-S3_BUCKET="persistent-snapshots"
-S3_KEY="$3"
-S3_SECRET="$4"
-SECRET="$5"
+
+#S3_BUCKET="persistent-snapshots"
+#S3_KEY=""
+#S3_SECRET=""
+#TWOSECRET=""
+
+if [ -z "$S3_BUCKET" ]; then
+	echo "Please set S3_BUCKET!"
+	exit 1
+fi
+if [ -z "$S3_KEY" ]; then
+	echo "Please set S3_KEY!"
+	exit 1
+fi
+if [ -z "$S3_SECRET" ]; then
+	echo "Please set S3_SECRET!"
+	exit 1
+fi
+if [ -z "$TWOSECRET" ]; then
+	echo "Please set TWOBUCKET!"
+	exit 1
+fi
 
 if [[ ! -d "$BASE/$VOLUME" ]]; then
 	echo "Error: '$BASE/$VOLUME' isn't present on local container! (pvc not mounted?)"
@@ -42,7 +62,7 @@ case $ACTION in
 			exit 1
 		fi
 		cd /tmp
-		echo $SECRET | gpg --batch --yes --passphrase-fd 0 --symmetric --cipher-algo TWOFISH /tmp/$SNAPSHOT_NAME
+		echo $TWOSECRET | gpg --batch --yes --passphrase-fd 0 --symmetric --cipher-algo TWOFISH /tmp/$SNAPSHOT_NAME
 		if [[ $? -ne 0 ]]; then
 			echo "Error: Problem encounted performing encryption! (gpg)"
 			rm /tmp/$SNAPSHOT_NAME
@@ -80,7 +100,7 @@ case $ACTION in
 			rm /tmp/$LATEST
 			exit 1
 		fi
-		echo $SECRET | gpg --batch --yes --passphrase-fd 0 -o /tmp/$VOLUME-restore.tar.xz -d /tmp/$LATEST
+		echo $TWOSECRET | gpg --batch --yes --passphrase-fd 0 -o /tmp/$VOLUME-restore.tar.xz -d /tmp/$LATEST
 		if [[ $? -ne 0 ]]; then
 			echo "Error: Problem encounted decrypting snapshot! (gpg)"
 			rm /tmp/$LATEST

k8s/git.yml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app: git
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: git
@@ -55,6 +55,49 @@ spec:
         persistentVolumeClaim:
           claimName: gerrit-data-pvc
 ---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: gerrit-backup-daily
+spec:
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: persistsync
+              image: haiku/persistsync
+              args:
+              - backup
+              - gerrit-data
+              env:
+              - name: S3_KEY
+                valueFrom:
+                  secretKeyRef:
+                    name: s3-backup
+                    key: s3_key
+              - name: S3_SECRET
+                valueFrom:
+                  secretKeyRef:
+                    name: s3-backup
+                    key: s3_secret
+              - name: S3_BUCKET
+                value: persistent-snapshots
+              - name: TWOSECRET
+                valueFrom:
+                  secretKeyRef:
+                    name: s3-backup
+                    key: twosecret
+              volumeMounts:
+              - name: gerrit-data
+                mountPath: /pvs/gerrit-data
+          volumes:
+          - name: gerrit-data
+            persistentVolumeClaim:
+              claimName: gerrit-data-pvc
+          restartPolicy: Never
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata: