Generic Restic Environment Variables

Most of the supported backup backends allow you to specify authentication details as secret values.

One such example is the S3 backend spec; it has accessKeyIDSecretRef and secretAccessKeySecretRef fields.

It is however sometimes useful to pass additional environment variables to the container that runs the backup. This can be achieved with the help of the envFrom field that references a config map or a secret at the backend level.

Please be aware that you could potentially add conflicting or duplicate environment variables.

Check the api reference for the Backend.

You can read the kubernetes documentation for more information on how to use envFrom.

Open Stack Swift Authentication Example

The following example shows you how to configure Open Stack Swift authentication using a Kubernetes secret and envFrom configuration for your backend.

You can read more on Open Stack Client Authentication.

apiVersion: v1
kind: Secret
metadata:
  name: "open-stack-secret"
stringData:
  OS_AUTH_URL: "https://your-provider.auth.com/v3"
  OS_IDENTITY_API_VERSION: "3"
  OS_USER_DOMAIN_NAME: "Default"
  OS_PROJECT_DOMAIN_NAME: "Default"
  OS_TENANT_ID: "Open Stack Tenant Id"
  OS_TENANT_NAME: "Open Stack Tenant Name"
  OS_USERNAME: "Username"
  OS_PASSWORD: "Password"
  OS_REGION_NAME: "US"

---
apiVersion: v1
kind: Secret
metadata:
  name: "restic-repository-password"
stringData:
  password: "secret_pass"

---
apiVersion: k8up.io/v1
kind: Backup
metadata:
  name: k8up-test-swift
spec:
  tags:
    - prod
    - archive
    - important
  failedJobsHistoryLimit: 4
  successfulJobsHistoryLimit: 0
  backend:
    envFrom:
    - secretRef:
        name: "open-stack-secret"
    repoPasswordSecretRef:
      name: "restic-repository-password"
      key: "password"
    swift:
      path: "/container-path"
      container: "my-backup-container"