https://github.com/oguzhan-yilmaz/argocd-backup-s3

Kubernetes CronJob to backup ArgoCD with `argocd admin export` cmd and upload to S3 compatible storage
https://github.com/oguzhan-yilmaz/argocd-backup-s3

argocd argocd-application argocd-backup artifacthub aws aws-s3 backup backup-utility ghcr-io github-pages helm helm-chart kubernetes s3

Last synced: 2 months ago
JSON representation

Kubernetes CronJob to backup ArgoCD with `argocd admin export` cmd and upload to S3 compatible storage

• Host: GitHub
• URL: https://github.com/oguzhan-yilmaz/argocd-backup-s3
• Owner: oguzhan-yilmaz
• License: apache-2.0
• Created: 2025-03-21T11:28:49.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2025-03-30T21:23:49.000Z (3 months ago)
• Last Synced: 2025-03-30T21:24:41.469Z (3 months ago)
• Topics: argocd, argocd-application, argocd-backup, artifacthub, aws, aws-s3, backup, backup-utility, ghcr-io, github-pages, helm, helm-chart, kubernetes, s3
• Language: Shell
• Homepage: https://artifacthub.io/packages/helm/argocd-backup-s3/argocd-backup-s3
• Size: 51.8 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# argocd-backup-s3

[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argocd-backup-s3)](https://artifacthub.io/packages/helm/argocd-backup-s3/argocd-backup-s3)

[![Build and publish Docker image to ghcr.io](https://github.com/oguzhan-yilmaz/argocd-backup-s3/actions/workflows/docker-build-and-push.yaml/badge.svg)](https://github.com/oguzhan-yilmaz/argocd-backup-s3/actions/workflows/docker-build-and-push.yaml)

[![Helm package and push to Github Pages](https://github.com/oguzhan-yilmaz/argocd-backup-s3/actions/workflows/helm-package-and-publish.yaml/badge.svg)](https://github.com/oguzhan-yilmaz/argocd-backup-s3/actions/workflows/helm-package-and-publish.yaml)

## Backup your ArgoCD Instance — the easy way

- 🔄 Automated backups using Kubernetes CronJob

- 📦 Uses official `argocd admin export` command for reliable backups

- 🗄️ Supports any S3-compatible storage (AWS S3, MinIO, etc.)

- 🔒 Secure credential management through Kubernetes secrets

- 🚀 Easy deployment via Helm chart or ArgoCD application

- ⏰ Configurable backup schedule and timezone

- 🔍 Detailed logging and error reporting

## Quick Links

- 🐋 [Docker Image](https://github.com/oguzhan-yilmaz/argocd-backup-s3/pkgs/container/argocd-backup-s3)

- 📜 [Helm Package](https://artifacthub.io/packages/helm/argocd-backup-s3/argocd-backup-s3)

- 🔰 [Helm Index](https://oguzhan-yilmaz.github.io/argocd-backup-s3/)

- 📝 [Github Releases](https://github.com/oguzhan-yilmaz/argocd-backup-s3/releases)

---

## Installation

### Option 1: Install with Helm

1. Add the Helm repository:

```bash

helm repo add argocd-backup-s3 https://oguzhan-yilmaz.github.io/argocd-backup-s3/

helm repo update argocd-backup-s3

```

2. Get the default values file:

```bash

helm show values argocd-backup-s3/argocd-backup-s3 > my-argocd-backup-s3.values.yaml

```

3. Configure the required values in `my-argocd-backup-s3.values.yaml`:

```yaml

timeZone: 'Asia/Istanbul'  # optional -- https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

schedule: "00 20 * * *"    # https://crontab.guru/#00_20_*_*_*

secretEnvVars:

  AWS_ACCESS_KEY_ID: ""

  AWS_SECRET_ACCESS_KEY: ""

  AWS_DEFAULT_REGION: ""

  S3_UPLOAD_PREFIX: ""

  S3_BUCKET_NAME: ""

  ARGOCD_SERVER: ""

  ARGOCD_ADMIN_PASSWORD: ""

```

4. Install the chart:

```bash

helm upgrade --install \

  -n argocd \

  -f my-argocd-backup-s3.values.yaml \

  argocd-backup-s3 argocd-backup-s3/argocd-backup-s3

```

### Option 2: Install with ArgoCD

1. Download the ArgoCD application manifest:

```bash

curl -sL https://raw.githubusercontent.com/oguzhan-yilmaz/argocd-backup-s3/refs/heads/main/argocd-application.yaml -o argocd-backup-s3.argoapp.yaml

```

2. Edit the `.valuesObject` section in the manifest with your configuration

3. Apply the manifest:

```bash

kubectl apply -f argocd-backup-s3.argoapp.yaml

```

---

## AWS S3 Setup

The following script helps you set up the required AWS resources (S3 bucket and IAM user) for the backup solution:

```bash

# Set your company prefix

PREFIX="mycompany-argocd-backup-s3"

# Get AWS Account Info

AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

AWS_REGION=$(aws configure get region 2>/dev/null || echo "eu-west-1")

echo "AWS_ACCOUNT_ID: ${AWS_ACCOUNT_ID}"

echo "AWS_REGION: ${AWS_REGION}"

# Create bucket name using AWS Account ID as suffix

BUCKET_NAME="${PREFIX}-${AWS_ACCOUNT_ID}"

IAM_USER_NAME="${BUCKET_NAME}"

echo "BUCKET_NAME: ${BUCKET_NAME}"

echo "IAM_USER_NAME: ${IAM_USER_NAME}"

# Create S3 Bucket

aws s3 mb "s3://${BUCKET_NAME}" --region "${AWS_REGION}"

# Create IAM User and Policy

aws iam create-user --user-name "${IAM_USER_NAME}"

POLICY_NAME="${IAM_USER_NAME}-bucket-access-policy"

aws iam create-policy \

    --policy-name "${POLICY_NAME}" \

    --policy-document '{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": [

                "s3:PutObject",

                "s3:GetObject",

                "s3:ListBucket",

                "s3:DeleteObject"

            ],

            "Resource": [

                "arn:aws:s3:::'"${BUCKET_NAME}"'",

                "arn:aws:s3:::'"${BUCKET_NAME}"'/*"

            ]

        }

    ]

}'

# Attach Policy to User

aws iam attach-user-policy \

    --user-name "${IAM_USER_NAME}" \

    --policy-arn "$(aws iam list-policies --query "Policies[?PolicyName=='${POLICY_NAME}'].Arn" --output text)"

# Create Access Keys

CREDENTIALS=$(aws iam create-access-key --user-name "${IAM_USER_NAME}")

# Print Helm Values

echo "------ SUCCESS ------"

echo "Helm values.yaml:"

echo ""

echo "secretEnvVars:"

echo "  AWS_ACCESS_KEY_ID: '$(echo "${CREDENTIALS}" | jq -r '.AccessKey.AccessKeyId')'"

echo "  AWS_SECRET_ACCESS_KEY: '$(echo "${CREDENTIALS}" | jq -r '.AccessKey.SecretAccessKey')'"

echo "  AWS_DEFAULT_REGION: ${AWS_REGION}"

echo "  S3_BUCKET_NAME: ${BUCKET_NAME}"

echo "  S3_UPLOAD_PREFIX: my-argo-instance/"

echo "  ARGOCD_SERVER: argocd-server.argocd"

echo "  ARGOCD_ADMIN_PASSWORD: ''"

echo "  AWS_S3_ENDPOINT: 'https://s3.amazonaws.com'"

```

## Configuration

### Required Environment Variables

- `AWS_ACCESS_KEY_ID`: AWS access key for S3 access

- `AWS_SECRET_ACCESS_KEY`: AWS secret key for S3 access

- `AWS_DEFAULT_REGION`: AWS region for S3 bucket

- `S3_BUCKET_NAME`: Name of the S3 bucket

- `S3_UPLOAD_PREFIX`: Prefix for uploaded backup files

- `ARGOCD_SERVER`: ArgoCD server address

- `ARGOCD_ADMIN_PASSWORD`: ArgoCD admin password

### Optional Configuration

- `timeZone`: Timezone for the CronJob (default: UTC)  

- `schedule`: Cron schedule for backups (default: "00 20 * * *")

- `AWS_S3_ENDPOINT`: Custom S3 endpoint for non-AWS S3 storage

- `serviceAccount.irsaEnabled`: This value allows your pods to access AWS S3 API via IAM Role please check the details

## Credits

- [WoodProgrammer](https://github.com/WoodProgrammer): added Service Account EKS IRSA support 

## License

This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.