Skip to content
This repository was archived by the owner on Jun 24, 2025. It is now read-only.

thekoma/mikrotik-backup

BranchesTags

Repository files navigation

Mikrotik Backup Solution

A complete solution for automated backup of Mikrotik devices with S3-compatible storage support.

πŸš€ Features

  • Multiple Modes: Support for daemon and cronjob modes
  • Parallel Backups: Simultaneous backup execution from multiple routers
  • S3 Storage: Support for any S3-compatible storage (Wasabi, AWS S3, etc.)
  • Retention Management: Configurable retention policy for daily, monthly, and yearly backups
  • Security: Support for existing secrets or inline configuration
  • Flexibility: Configuration via values or environment variables

πŸ“‹ Requirements

  • Kubernetes 1.16+
  • Helm 3.0+
  • An S3-compatible bucket
  • SSH access to Mikrotik routers

πŸ› οΈ Installation

Using Existing Secrets

  1. Create the credentials secret:
apiVersion: v1
kind: Secret
metadata:
  name: mikrotik-existing-credentials
type: Opaque
stringData:
  s3-type: "wasabi"
  s3-bucket: "your-bucket"
  s3-endpoint: "https://s3.wasabisys.com"
  access-key: "your-access-key"
  secret-key: "your-secret-key"
  username: "backup-user"
  ssh-key: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    your-ssh-private-key
    -----END OPENSSH PRIVATE KEY-----
  1. Install the chart:
helm install mikrotik-backup oci://ghcr.io/thekoma/mikrotik-backup/charts \
  -f values-with-existing-secret.yaml

All-in-One Configuration

For test or development environments, you can use the all-in-one configuration:

helm install mikrotik-backup oci://ghcr.io/thekoma/mikrotik-backup/charts \
  -f values-all-in-one.yaml

Using Docker Compose

  1. Prepare configuration files:
# Create configuration file
cp config.example.toml config.toml
# Edit file with your parameters
nano config.toml

# Generate SSH key for authentication
ssh-keygen -t ed25519 -f mikrotik-rsa -C "backup@mikrotik"
  1. Start the container:
docker compose up -d

Docker Compose Configuration

The service can be configured in two ways:

  1. Using config.toml (recommended):
services:
  mikrotik-backup:
    image: ghcr.io/thekoma/mikrotik-backup/app:v2025.06.2
    volumes:
      - ./config.toml:/etc/mikrotik_backup.toml:ro
      - ./mikrotik-rsa:/mikrotik-rsa:ro
    environment:
      - TZ=Europe/Rome
  1. Using environment variables:
services:
  mikrotik-backup:
    image: ghcr.io/thekoma/mikrotik-backup/app:latest
    volumes:
      - ./mikrotik-rsa:/mikrotik-rsa:ro
    environment:
      - TZ=Europe/Rome
      - MIKROTIK_SSH_USER=backupper
      - MIKROTIK_S3_TYPE=wasabi
      - MIKROTIK_S3_BUCKET=mikrotik-bck
      - MIKROTIK_S3_ENDPOINT=https://s3.wasabisys.com
      - MIKROTIK_S3_ACCESS_KEY=your-access-key
      - MIKROTIK_S3_SECRET_KEY=your-secret-key

Docker Compose Parameters

Parameter Description
volumes Mount configuration files and SSH key
environment Configure timezone and configuration overrides
command Customize execution parameters
restart Container restart policy

Supported Environment Variables

Variable Description Default
MIKROTIK_SSH_USER SSH Username backupper
MIKROTIK_S3_TYPE S3 storage type wasabi
MIKROTIK_S3_BUCKET Bucket name -
MIKROTIK_S3_ENDPOINT S3 endpoint -
MIKROTIK_S3_ACCESS_KEY S3 access key -
MIKROTIK_S3_SECRET_KEY S3 secret key -
TZ Timezone UTC

βš™οΈ Configuration

Deployment Modes

Daemon Mode

deploymentMode: "daemon"
backup:
  times: ["02:00", "10:00", "18:00"]
  executeOnStart: true

CronJob Mode

deploymentMode: "cronjob"
backup:
  times: ["02:00", "10:00", "18:00"]

Storage Configuration

With Existing Secret

storage:
  existingSecret: "mikrotik-existing-credentials"

Inline Configuration

storage:
  type: "wasabi"
  bucket: "mikrotik-bck"
  endpoint: "https://s3.wasabisys.com"
  s3Credentials:
    accessKey: "your-access-key"
    secretKey: "your-secret-key"

SSH Configuration

With Existing Secret

ssh:
  keyPath: "/mikrotik-rsa"
  existingSecret: "mikrotik-existing-credentials"

Inline Configuration

ssh:
  username: "backupper"
  keyPath: "/mikrotik-rsa"
  key: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    your-ssh-private-key
    -----END OPENSSH PRIVATE KEY-----

Retention Policy

retention:
  daily: 30    # Keep 30 daily backups
  monthly: 12  # Keep 12 monthly backups
  yearly: 5    # Keep 5 yearly backups

πŸ”’ Security

Best Practices

  1. Secrets: Always use existing secrets in production
  2. SSH: Use a dedicated SSH key with minimal permissions
  3. S3: Create a dedicated IAM user with access only to the required bucket
  4. Network: Limit network access to only necessary routers

Mikrotik Router Configuration

  1. Create a dedicated group:
/user group add name=backup policy=read,test
  1. Create a dedicated user:
/user add name=backupper group=backup
  1. Import SSH key:
/user ssh-keys import public-key-file=mikrotik.pub user=backupper

πŸ” Troubleshooting

Common Issues

  1. SSH Connection Failed

    • Verify SSH key is correct
    • Check user permissions on router
    • Verify network connectivity

  2. S3 Upload Failed

    • Verify S3 credentials
    • Check bucket permissions
    • Verify S3 endpoint

  3. Pod Crashes

    • Check logs: kubectl logs -n mikrotik deployment/mikrotik-backup
    • Verify configuration in ConfigMap
    • Check available resources

πŸ“Š Monitoring

The backup provides detailed logging and statistics:

  • Number of completed/failed backups
  • Backup sizes
  • Execution times
  • Retention policy status

🀝 Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a branch for your changes
  3. Submit a Pull Request

πŸ“ License

MIT License

For Italian documentation, see README.it_IT.md

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 73

Release v2025.06.2 Latest
Jun 17, 2025
+ 72 releases

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages