john/borg-operator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
7 commits 1 branch 0 tags 103 KiB
  • Python 67.7%
  • Just 11.4%
  • Dockerfile 9.5%
  • Smarty 6.8%
  • Shell 4.6%
Find a file
Exact
John Hackett 23df6d724c justfile and test-repo
2025-07-21 16:46:46 +01:00
chart helm chart 2025-07-21 16:24:33 +01:00
borg-operator.py metrics endpoint 2025-07-21 16:24:43 +01:00
CLAUDE.md borg operator poc 2025-07-21 14:32:46 +01:00
crds.yaml first e2e working version 2025-06-26 18:33:59 +01:00
entrypoint.sh first e2e working version 2025-06-26 18:33:59 +01:00
justfile justfile and test-repo 2025-07-21 16:46:46 +01:00
monitoring.yaml first e2e working version 2025-06-26 18:33:59 +01:00
obj.yaml borg operator poc 2025-07-21 14:32:46 +01:00
operator-deployment.yaml first e2e working version 2025-06-26 18:33:59 +01:00
Operator.Dockerfile first e2e working version 2025-06-26 18:33:59 +01:00
poetry.lock first e2e working version 2025-06-26 18:33:59 +01:00
pyproject.toml first e2e working version 2025-06-26 18:33:59 +01:00
README.md borg operator poc 2025-07-21 14:32:46 +01:00
rebuild-cluster.sh update command to rebuild cluster for helm 2025-07-21 16:24:58 +01:00
Service.Dockerfile first e2e working version 2025-06-26 18:33:59 +01:00
test-repo.yaml justfile and test-repo 2025-07-21 16:46:46 +01:00

README.md

BorgBackup Operator for Kubernetes

This Kubernetes operator manages BorgBackupRepository resources, providing a declarative way to deploy and manage secure Borg backup servers within your cluster.

Features

  • Declarative Repositories: Define Borg repositories as custom Kubernetes resources.
  • Persistent Storage: Automatically creates a PersistentVolumeClaim for each repository.
  • Secure SSH Access: Manages authorized SSH keys in a Secret, restricting clients to only borg serve commands.
  • Delayed Deletion: Implements a 30-day grace period before a deleted repository's data is permanently removed.
  • Dynamic Updates: Supports resizing storage and updating authorized keys on the fly.
  • Monitoring: Exposes operator metrics for Prometheus.

Installation

1. Build and Push Container Images

The operator uses two container images: one for the operator logic and one for the Borg server itself.

First, build and push the images to a container registry accessible by your Kubernetes cluster. Replace your-registry with your actual registry path.

# Build the operator controller image
docker build -t your-registry/borg-operator-controller:latest -f Operator.Dockerfile .
docker push your-registry/borg-operator-controller:latest

# Build the Borg server image
docker build -t your-registry/borg-operator:latest -f Service.Dockerfile .
docker push your-registry/borg-operator:latest

2. Update Image Names

Update the image name in /home/john/Code/borg-operator/operator-deployment.yaml to point to your newly pushed controller image.

3. Deploy to Kubernetes

Apply the manifests to your cluster.

# 1. Create the Custom Resource Definition (CRD)
kubectl apply -f crds.yaml

# 2. Deploy the operator
kubectl apply -f operator-deployment.yaml

# 3. (Optional) If you use the Prometheus Operator, deploy the ServiceMonitor
kubectl apply -f monitoring.yaml

Usage

Creating a Borg Repository

To create a new Borg backup repository, define a BorgBackupRepository resource in a YAML file.

Example: my-repository.yaml

apiVersion: kopf.dev/v1
kind: BorgBackupRepository
metadata:
  # The name of the repository. This will be used for the PVC, Deployment, and Service.
  name: project-alpha-backups
  # The namespace where the repository and its resources will be created.
  namespace: backup-services
spec:
  # The size of the persistent volume for the backup data.
  # The format follows Kubernetes quantity notation.
  storage: "100Gi"

  # A list of public SSH keys that are allowed to connect.
  # The operator will configure these keys to only allow `borg serve`.
  authorizedKeys:
    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMp5bL7A/I/pL9gC4Y3d2aF9bE7n3bH5gK9j8L6k4Rz9 dev-laptop"
    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC... build-server@example.com"

  # (Optional) The container image to use for the Borg server.
  # If omitted, it will use the default specified in the operator's logic.
  # Make sure this points to the image you built in the installation step.
  image: "your-registry/borg-operator:latest"

Create a namespace and apply the resource:

kubectl create namespace backup-services
kubectl apply -f my-repository.yaml

The operator will now create a Deployment, Service, Secret, and PersistentVolumeClaim in the backup-services namespace.

Connecting to the Repository

The operator creates a ClusterIP service, which is only accessible from within the cluster. To connect from your local machine, you can use kubectl port-forward.

  1. Forward the port:

    # Forward local port 2222 to the service's port 22
kubectl port-forward -n backup-services svc/project-alpha-backups 2222:22

  2. Initialize the Borg repository: Use the borg client to initialize the repository. The repository path on the server is /data/<repository-name>.

    # Use your corresponding private SSH key
borg init --encryption=repokey -o "StrictHostKeyChecking=no" \
  ssh://borg@localhost:2222/data/project-alpha-backups

  3. Create a backup:

    borg create --stats --progress \
  ssh://borg@localhost:2222/data/project-alpha-backups::my-first-backup \
  /path/to/your/local/data

Deleting a Repository

When you delete a BorgBackupRepository resource, the operator places it in a Terminating state for a 30-day grace period. This prevents accidental data loss. After 30 days, the operator's deletion daemon will automatically remove the Deployment, Service, Secret, and the PersistentVolumeClaim containing the data.