https://github.com/oguzhan-yilmaz/argocd-backup-s3
Kubernetes CronJob to backup ArgoCD with `argocd admin export` cmd and upload to S3 compatible storage
https://github.com/oguzhan-yilmaz/argocd-backup-s3
argocd argocd-application argocd-backup artifacthub aws aws-s3 backup backup-utility ghcr-io github-pages helm helm-chart kubernetes s3
Last synced: 2 months ago
JSON representation
Kubernetes CronJob to backup ArgoCD with `argocd admin export` cmd and upload to S3 compatible storage
- Host: GitHub
- URL: https://github.com/oguzhan-yilmaz/argocd-backup-s3
- Owner: oguzhan-yilmaz
- License: apache-2.0
- Created: 2025-03-21T11:28:49.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2025-03-30T21:23:49.000Z (3 months ago)
- Last Synced: 2025-03-30T21:24:41.469Z (3 months ago)
- Topics: argocd, argocd-application, argocd-backup, artifacthub, aws, aws-s3, backup, backup-utility, ghcr-io, github-pages, helm, helm-chart, kubernetes, s3
- Language: Shell
- Homepage: https://artifacthub.io/packages/helm/argocd-backup-s3/argocd-backup-s3
- Size: 51.8 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# argocd-backup-s3
[](https://artifacthub.io/packages/helm/argocd-backup-s3/argocd-backup-s3)
[](https://github.com/oguzhan-yilmaz/argocd-backup-s3/actions/workflows/docker-build-and-push.yaml)
[](https://github.com/oguzhan-yilmaz/argocd-backup-s3/actions/workflows/helm-package-and-publish.yaml)## Backup your ArgoCD Instance — the easy way
- 🔄 Automated backups using Kubernetes CronJob
- 📦 Uses official `argocd admin export` command for reliable backups
- 🗄️ Supports any S3-compatible storage (AWS S3, MinIO, etc.)
- 🔒 Secure credential management through Kubernetes secrets
- 🚀 Easy deployment via Helm chart or ArgoCD application
- ⏰ Configurable backup schedule and timezone
- 🔍 Detailed logging and error reporting## Quick Links
- 🐋 [Docker Image](https://github.com/oguzhan-yilmaz/argocd-backup-s3/pkgs/container/argocd-backup-s3)
- 📜 [Helm Package](https://artifacthub.io/packages/helm/argocd-backup-s3/argocd-backup-s3)
- 🔰 [Helm Index](https://oguzhan-yilmaz.github.io/argocd-backup-s3/)
- 📝 [Github Releases](https://github.com/oguzhan-yilmaz/argocd-backup-s3/releases)---
## Installation
### Option 1: Install with Helm
1. Add the Helm repository:
```bash
helm repo add argocd-backup-s3 https://oguzhan-yilmaz.github.io/argocd-backup-s3/
helm repo update argocd-backup-s3
```2. Get the default values file:
```bash
helm show values argocd-backup-s3/argocd-backup-s3 > my-argocd-backup-s3.values.yaml
```3. Configure the required values in `my-argocd-backup-s3.values.yaml`:
```yaml
timeZone: 'Asia/Istanbul' # optional -- https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
schedule: "00 20 * * *" # https://crontab.guru/#00_20_*_*_*secretEnvVars:
AWS_ACCESS_KEY_ID: ""
AWS_SECRET_ACCESS_KEY: ""
AWS_DEFAULT_REGION: ""
S3_UPLOAD_PREFIX: ""
S3_BUCKET_NAME: ""
ARGOCD_SERVER: ""
ARGOCD_ADMIN_PASSWORD: ""
```4. Install the chart:
```bash
helm upgrade --install \
-n argocd \
-f my-argocd-backup-s3.values.yaml \
argocd-backup-s3 argocd-backup-s3/argocd-backup-s3
```### Option 2: Install with ArgoCD
1. Download the ArgoCD application manifest:
```bash
curl -sL https://raw.githubusercontent.com/oguzhan-yilmaz/argocd-backup-s3/refs/heads/main/argocd-application.yaml -o argocd-backup-s3.argoapp.yaml
```2. Edit the `.valuesObject` section in the manifest with your configuration
3. Apply the manifest:
```bash
kubectl apply -f argocd-backup-s3.argoapp.yaml
```---
## AWS S3 Setup
The following script helps you set up the required AWS resources (S3 bucket and IAM user) for the backup solution:
```bash
# Set your company prefix
PREFIX="mycompany-argocd-backup-s3"# Get AWS Account Info
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
AWS_REGION=$(aws configure get region 2>/dev/null || echo "eu-west-1")echo "AWS_ACCOUNT_ID: ${AWS_ACCOUNT_ID}"
echo "AWS_REGION: ${AWS_REGION}"# Create bucket name using AWS Account ID as suffix
BUCKET_NAME="${PREFIX}-${AWS_ACCOUNT_ID}"
IAM_USER_NAME="${BUCKET_NAME}"echo "BUCKET_NAME: ${BUCKET_NAME}"
echo "IAM_USER_NAME: ${IAM_USER_NAME}"# Create S3 Bucket
aws s3 mb "s3://${BUCKET_NAME}" --region "${AWS_REGION}"# Create IAM User and Policy
aws iam create-user --user-name "${IAM_USER_NAME}"POLICY_NAME="${IAM_USER_NAME}-bucket-access-policy"
aws iam create-policy \
--policy-name "${POLICY_NAME}" \
--policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::'"${BUCKET_NAME}"'",
"arn:aws:s3:::'"${BUCKET_NAME}"'/*"
]
}
]
}'# Attach Policy to User
aws iam attach-user-policy \
--user-name "${IAM_USER_NAME}" \
--policy-arn "$(aws iam list-policies --query "Policies[?PolicyName=='${POLICY_NAME}'].Arn" --output text)"# Create Access Keys
CREDENTIALS=$(aws iam create-access-key --user-name "${IAM_USER_NAME}")# Print Helm Values
echo "------ SUCCESS ------"
echo "Helm values.yaml:"
echo ""
echo "secretEnvVars:"
echo " AWS_ACCESS_KEY_ID: '$(echo "${CREDENTIALS}" | jq -r '.AccessKey.AccessKeyId')'"
echo " AWS_SECRET_ACCESS_KEY: '$(echo "${CREDENTIALS}" | jq -r '.AccessKey.SecretAccessKey')'"
echo " AWS_DEFAULT_REGION: ${AWS_REGION}"
echo " S3_BUCKET_NAME: ${BUCKET_NAME}"
echo " S3_UPLOAD_PREFIX: my-argo-instance/"
echo " ARGOCD_SERVER: argocd-server.argocd"
echo " ARGOCD_ADMIN_PASSWORD: ''"
echo " AWS_S3_ENDPOINT: 'https://s3.amazonaws.com'"
```## Configuration
### Required Environment Variables
- `AWS_ACCESS_KEY_ID`: AWS access key for S3 access
- `AWS_SECRET_ACCESS_KEY`: AWS secret key for S3 access
- `AWS_DEFAULT_REGION`: AWS region for S3 bucket
- `S3_BUCKET_NAME`: Name of the S3 bucket
- `S3_UPLOAD_PREFIX`: Prefix for uploaded backup files
- `ARGOCD_SERVER`: ArgoCD server address
- `ARGOCD_ADMIN_PASSWORD`: ArgoCD admin password### Optional Configuration
- `timeZone`: Timezone for the CronJob (default: UTC)
- `schedule`: Cron schedule for backups (default: "00 20 * * *")
- `AWS_S3_ENDPOINT`: Custom S3 endpoint for non-AWS S3 storage
- `serviceAccount.irsaEnabled`: This value allows your pods to access AWS S3 API via IAM Role please check the details## Credits
- [WoodProgrammer](https://github.com/WoodProgrammer): added Service Account EKS IRSA support
## License
This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.