Stash supports Google Cloud Storage(GCS) as a backend. This tutorial will show you how to configure Restic and storage Secret for GCS backend.
To configure storage secret for this backend, following secret keys are needed:
| Key | Description |
|---|---|
RESTIC_PASSWORD |
Required. Password used to encrypt snapshots by restic |
GOOGLE_PROJECT_ID |
Required. Google Cloud project ID |
GOOGLE_SERVICE_ACCOUNT_JSON_KEY |
Required. Google Cloud service account json key |
Create storage secret as below,
$ echo -n 'changeit' > RESTIC_PASSWORD
$ echo -n '<your-project-id>' > GOOGLE_PROJECT_ID
$ mv downloaded-sa-json.key GOOGLE_SERVICE_ACCOUNT_JSON_KEY
$ kubectl create secret generic gcs-secret \
--from-file=./RESTIC_PASSWORD \
--from-file=./GOOGLE_PROJECT_ID \
--from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY
secret "gcs-secret" created
Verify that the secret has been created with respective keys,
$ kubectl get secret gcs-secret -o yaml
apiVersion: v1
data:
GOOGLE_PROJECT_ID: PHlvdXItcHJvamVjdC1pZD4=
GOOGLE_SERVICE_ACCOUNT_JSON_KEY: ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3V...9tIgp9Cg==
RESTIC_PASSWORD: Y2hhbmdlaXQ=
kind: Secret
metadata:
creationTimestamp: 2017-06-28T13:06:51Z
name: gcs-secret
namespace: default
resourceVersion: "5461"
selfLink: /api/v1/namespaces/default/secrets/gcs-secret
uid: a6983b00-5c02-11e7-bb52-08002711f4aa
type: Opaque
Now, you have to configure Restic crd to use GCS bucket. You have to provide previously created storage secret in spec.backend.storageSecretName field.
Following parameters are available for gcs backend.
| Parameter | Description |
|---|---|
gcs.bucket |
Required. Name of Bucket. If the bucket does not exist yet, it will be created in the default location (US). It is not possible at the moment to have restic create a new bucket in a different location, so you need to create it using a different program. |
gcs.prefix |
Optional. Path prefix into bucket where repository will be created. |
Below, the YAML for Restic crd configured to use GCS bucket.
apiVersion: stash.appscode.com/v1alpha1
kind: Restic
metadata:
name: gcs-restic
namespace: default
spec:
selector:
matchLabels:
app: gcs-restic
fileGroups:
- path: /source/data
retentionPolicyName: 'keep-last-5'
backend:
gcs:
bucket: stash-qa
prefix: demo
storageSecretName: gcs-secret
schedule: '@every 1m'
volumeMounts:
- mountPath: /source/data
name: source-data
retentionPolicies:
- name: 'keep-last-5'
keepLast: 5
prune: true
Now, create the Restic we have configured above for gcs backend,
$ kubectl apply -f https://github.com/stashed/docs/raw/v2020.07.09-beta.0/docs/examples/backends/gcs/gcs-restic.yaml
restic "gcs-restic" created