Skip to content

Deployment

This page covers the supported deployment paths: Docker Compose, GitHub Container Registry, Helm, and plain Kubernetes manifests.

Image

Published image:

ghcr.io/cagatayuresin/odoo-backup-app:latest

For production, prefer a version tag or image digest after you publish releases.

Docker Compose From Source

This is the easiest path while developing or testing from a cloned checkout:

cp .env.example .env
openssl rand -hex 32
# Put two different generated values into OB_SECRET_KEY and OB_SESSION_SECRET.
docker compose up -d --build

Open:

http://localhost:8080

Default first login:

admin / admin

You will be forced to set a new password before using the app.

Docker Compose With GHCR

Use the published image by setting OB_IMAGE:

cp .env.example .env
sed -i 's#OB_IMAGE=.*#OB_IMAGE=ghcr.io/cagatayuresin/odoo-backup-app:latest#' .env
docker compose pull
docker compose up -d

If you expose the app behind HTTPS:

OB_APP_BASE_URL=https://backup.example.com
OB_SESSION_COOKIE_SECURE=true

Reset Local Data

This removes the SQLite database, stored credentials, Redis queue data, and local backups in the named Docker volumes:

make reset-volumes
docker compose up -d --build

Only run this when you intentionally want a clean first-run state.

Helm

Generate strong secrets:

export OB_SECRET_KEY="$(openssl rand -hex 32)"
export OB_SESSION_SECRET="$(openssl rand -hex 32)"

Install:

helm upgrade --install odoo-backup ./charts/odoo-backup-app \
  --namespace odoo-backup --create-namespace \
  --set secrets.secretKey="$OB_SECRET_KEY" \
  --set secrets.sessionSecret="$OB_SESSION_SECRET" \
  --set config.appBaseUrl="https://backup.example.com" \
  --set config.sessionCookieSecure="true"

Local access without ingress:

kubectl -n odoo-backup port-forward svc/odoo-backup-odoo-backup-app 8080:8080

Then open http://localhost:8080.

kind Local Test

Build and load the image into kind:

make kind-load
helm upgrade --install odoo-backup ./charts/odoo-backup-app \
  --namespace odoo-backup --create-namespace \
  --set image.repository=ghcr.io/cagatayuresin/odoo-backup-app \
  --set image.tag=latest \
  --set image.pullPolicy=IfNotPresent \
  --set secrets.secretKey="$(openssl rand -hex 32)" \
  --set secrets.sessionSecret="$(openssl rand -hex 32)"
kubectl -n odoo-backup port-forward svc/odoo-backup-odoo-backup-app 8080:8080

Plain Kubernetes YAML

The k8s/ directory contains plain manifests:

cp k8s/secret.example.yaml /tmp/odoo-backup-secret.yaml
# Edit /tmp/odoo-backup-secret.yaml and replace both secret values.
kubectl apply -f k8s/namespace.yaml
kubectl apply -f /tmp/odoo-backup-secret.yaml
kubectl apply -f k8s/pvc.yaml
kubectl apply -f k8s/redis.yaml
kubectl apply -f k8s/app.yaml
kubectl -n odoo-backup port-forward svc/odoo-backup-web 8080:8080

Use k8s/ingress.example.yaml as a starting point for TLS ingress.

Persistence

The app stores all durable state under /data:

  • SQLite database.
  • Encrypted secret key file.
  • Local backup archives.
  • Logs directory.

Back up the PVC or Docker volume. Losing /data/secret.key makes stored credentials unreadable.