fix: gpg encrypt permission warning message, update Kubernetes deployment example

README.md

@@ -95,8 +95,9 @@ For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: backup
+  name: backup-job
 spec:
+  ttlSecondsAfterFinished: 100
   template:
     spec:
       containers:
@@ -109,38 +110,27 @@ spec:
           command:
             - /bin/sh
             - -c
-            - bkup
+            - backup -d dbname
-            - backup
-            - --storage
-            - s3
           resources:
             limits:
               memory: "128Mi"
               cpu: "500m"
           env:
-            - name: DB_PORT
-              value: "5432"
             - name: DB_HOST
-              value: ""
+              value: "postgres"
-            - name: DB_NAME
-              value: ""
             - name: DB_USERNAME
-              value: ""
+              value: "postgres"
-            # Please use secret!
             - name: DB_PASSWORD
-              value: ""
+              value: "password"
-            - name: AWS_S3_ENDPOINT
+          volumeMounts:
-              value: "https://s3.amazonaws.com"
+            - mountPath: /backup
-            - name: AWS_S3_BUCKET_NAME
+              name: backup
-              value: "xxx"
+      volumes:
-            - name: AWS_REGION
+        - name: backup
-              value: "us-west-2"
+          hostPath:
-            - name: AWS_ACCESS_KEY
+            path: /home/toto/backup # directory location on host
-              value: "xxxx"
+            type: Directory # this field is optional
-            - name: AWS_SECRET_KEY
+      restartPolicy: Never
-              value: "xxxx"
-            - name: AWS_DISABLE_SSL
-              value: "false"
 ```
 ## Available image registries
 

docker/Dockerfile

@@ -38,7 +38,6 @@ ENV SOURCE_DB_PASSWORD=""
 ARG DEBIAN_FRONTEND=noninteractive
 ENV VERSION="v1.2.3"
 ENV BACKUP_CRON_EXPRESSION=""
-ENV GNUPGHOME="/tmp/gnupg"
 ARG WORKDIR="/config"
 ARG BACKUPDIR="/backup"
 ARG BACKUP_TMP_DIR="/tmp/backup"
@@ -55,25 +54,21 @@ RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir $WORKDIR
 RUN mkdir $BACKUPDIR
-RUN mkdir -p $BACKUP_TMP_DIR && \
+RUN mkdir -p $BACKUP_TMP_DIR
-  mkdir -p $GNUPGHOME
 RUN chmod 777 $WORKDIR
 RUN chmod 777 $BACKUPDIR
 RUN chmod 777 $BACKUP_TMP_DIR
 RUN touch $BACKUP_CRON && \
     touch $BACKUP_CRON_SCRIPT && \
+    chmod 777 $WORKDIR && \
     chmod 777 $BACKUP_CRON && \
-    chmod 777 $BACKUP_CRON_SCRIPT && \
+    chmod 777 $BACKUP_CRON_SCRIPT
-    chmod 777 $GNUPGHOME
-
 COPY --from=build /app/pg-bkup /usr/local/bin/pg-bkup
 RUN chmod +x /usr/local/bin/pg-bkup
 
 RUN ln -s /usr/local/bin/pg-bkup /usr/local/bin/bkup
 
 ADD docker/supervisord.conf /etc/supervisor/supervisord.conf
-
-WORKDIR $WORKDIR
 # Create the backup script and make it executable
 RUN echo '#!/bin/sh\n/usr/local/bin/pg-bkup backup "$@"' > /usr/local/bin/backup && \
     chmod +x /usr/local/bin/backup
@@ -84,4 +79,7 @@ RUN echo '#!/bin/sh\n/usr/local/bin/pg-bkup restore "$@"' > /usr/local/bin/resto
 # Create the migrate script and make it executable
 RUN echo '#!/bin/sh\n/usr/local/bin/pg-bkup migrate "$@"' > /usr/local/bin/migrate && \
     chmod +x /usr/local/bin/migrate
+
+WORKDIR $WORKDIR
 ENTRYPOINT ["/usr/local/bin/pg-bkup"]
+

docs/how-tos/deploy-on-kubernetes.md

@@ -30,10 +30,7 @@ spec:
         command:
         - /bin/sh
         - -c
-        - bkup
+        - backup --storage s3
-        - backup
-        - --storage
-        - s3
         resources:
           limits:
             memory: "128Mi"
@@ -87,10 +84,7 @@ spec:
         - /bin/sh
         - -c
         - bkup
-        - backup
+        - backup --storage ssh --disable-compression
-        - --storage
-        - ssh
-        - --disable-compression
         resources:
           limits:
             memory: "128Mi"
@@ -145,10 +139,7 @@ spec:
         - /bin/sh
         - -c
         - bkup
-        - restore
+        - restore --storage ssh --file store_20231219_022941.sql.gz
-        - --storage
-        - ssh
-        - --file store_20231219_022941.sql.gz
         resources:
           limits:
             memory: "128Mi"
@@ -205,10 +196,7 @@ spec:
             - /bin/sh
             - -c
             - bkup
-            - backup
+            - backup --storage ssh --disable-compression
-            - --storage
-            - ssh
-            - --disable-compression
             resources:
               limits:
                 memory: "128Mi"
@@ -272,11 +260,7 @@ spec:
               command:
                 - /bin/sh
                 - -c
-                - bkup
+                - backup --storage ssh --disable-compression
-                - backup
-                - --storage
-                - ssh
-                - --disable-compression
               resources:
                 limits:
                   memory: "128Mi"

docs/how-tos/migrate.md

@@ -73,3 +73,50 @@ SOURCE_DB_PASSWORD=password
  -v $PWD/backup:/backup/ \
  jkaninda/pg-bkup migrate -d database_name
 ```
+
+## Kubernetes
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: migrate-db
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+      - name: pg-bkup
+        # In production, it is advised to lock your image tag to a proper
+        # release version instead of using `latest`.
+        # Check https://github.com/jkaninda/pg-bkup/releases
+        # for a list of available releases.
+        image: jkaninda/pg-bkup
+        command:
+        - /bin/sh
+        - -c
+        - migrate -d targetdb
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        env:
+        ## Target DB
+          - name: DB_HOST
+            value: "postgres-target"
+          - name: DB_USERNAME
+            value: "postgres"
+          - name: DB_PASSWORD
+            value: "password"
+          ## Source DB
+          - name: SOURCE_DB_HOST
+            value: "postgres-source"
+          - name: SOURCE_DB_NAME
+            value: "sourcedb"
+          - name: SOURCE_DB_USERNAME
+            value: "postgres"
+          # Please use secret!
+          - name: SOURCE_DB_PASSWORD
+            value: "password"
+      restartPolicy: Never
+```

docs/index.md

@@ -78,7 +78,49 @@ services:
 networks:
   web:
 ```
+## Kubernetes
 
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: backup-job
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: pg-bkup
+          # In production, it is advised to lock your image tag to a proper
+          # release version instead of using `latest`.
+          # Check https://github.com/jkaninda/pg-bkup/releases
+          # for a list of available releases.
+          image: jkaninda/pg-bkup
+          command:
+            - /bin/sh
+            - -c
+            - backup -d dbname
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          env:
+            - name: DB_HOST
+              value: "postgres"
+            - name: DB_USERNAME
+              value: "postgres"
+            - name: DB_PASSWORD
+              value: "password"
+          volumeMounts:
+            - mountPath: /backup
+              name: backup
+      volumes:
+        - name: backup
+          hostPath:
+            path: /home/toto/backup # directory location on host
+            type: Directory # this field is optional
+      restartPolicy: Never
+```
 ## Available image registries
 
 This Docker image is published to both Docker Hub and the GitHub container registry.

pkg/encrypt.go

@@ -9,11 +9,17 @@ import (
 
 func Decrypt(inputFile string, passphrase string) error {
 	utils.Info("Decrypting backup file: %s...", inputFile)
+	//Create gpg home dir
+	err := utils.MakeDir(gpgHome)
+	if err != nil {
+		return err
+	}
+	utils.SetEnv("GNUPGHOME", gpgHome)
 	cmd := exec.Command("gpg", "--batch", "--passphrase", passphrase, "--output", RemoveLastExtension(inputFile), "--decrypt", inputFile)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 
-	err := cmd.Run()
+	err = cmd.Run()
 	if err != nil {
 		return err
 	}
@@ -24,11 +30,17 @@ func Decrypt(inputFile string, passphrase string) error {
 
 func Encrypt(inputFile string, passphrase string) error {
 	utils.Info("Encrypting backup...")
+	//Create gpg home dir
+	err := utils.MakeDir(gpgHome)
+	if err != nil {
+		return err
+	}
+	utils.SetEnv("GNUPGHOME", gpgHome)
 	cmd := exec.Command("gpg", "--batch", "--passphrase", passphrase, "--symmetric", "--cipher-algo", algorithm, inputFile)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 
-	err := cmd.Run()
+	err = cmd.Run()
 	if err != nil {
 		return err
 	}

pkg/var.go

@@ -3,17 +3,13 @@ package pkg
 const cronLogFile = "/var/log/pg-bkup.log"
 const tmpPath = "/tmp/backup"
 const backupCronFile = "/usr/local/bin/backup_cron.sh"
+const gpgHome = "gnupg"
 const algorithm = "aes256"
 const gpgExtension = "gpg"
 
 var (
-	storage = "local"
+	storage            = "local"
-	file    = ""
+	file               = ""
-	//dbPassword         = ""
-	//dbUserName         = ""
-	//dbName             = ""
-	//dbHost             = ""
-	//dbPort             = "5432"
 	executionMode      = "default"
 	storagePath        = "/backup"
 	disableCompression = false

utils/utils.go

@@ -149,3 +149,21 @@ func CheckEnvVars(vars []string) error {
 
 	return nil
 }
+
+// MakeDir create directory
+func MakeDir(dirPath string) error {
+	err := os.Mkdir(dirPath, 0700)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// MakeDirAll create directory
+func MakeDirAll(dirPath string) error {
+	err := os.MkdirAll(dirPath, 0700)
+	if err != nil {
+		return err
+	}
+	return nil
+}