backup 4.1 KB

Raw Blame History Permalink

#!/bin/sh

set -ex

setup_s3() {
	AWS_PROFILE="$(cat /config/AWS_PROFILE)"
	S3_BUCKET="$(cat /config/S3_BUCKET)"
	S3_PREFIX="$(cat /config/S3_PREFIX)"
	export AWS_PROFILE
}

case "$1" in
	# restore/backup
	(list-s3)
		# s5cmd image doesn't have many tools installed
		S3_ENABLED="$(cat /config/S3_ENABLED)"
		if [ true = "$S3_ENABLED" ]; then
			setup_s3
			if /s5cmd ls "s3://$S3_BUCKET/$S3_PREFIX/*" > /work-space/s3-file-listing.tmp; then
				mv /work-space/s3-file-listing.tmp /work-space/s3-file-listing
				echo "$S3_BUCKET" > /work-space/S3_BUCKET
				echo "$S3_PREFIX" > /work-space/S3_PREFIX
				cat /work-space/s3-file-listing
			fi
		fi
		;;
	# backup
	(calculate-delete-s3)
		# this is broken
		KEEP_COUNT="$(cat /config/KEEP_COUNT)"
		if [ -e /work-space/s3-file-listing ] && [ "z$KEEP_COUNT" != "z" ]; then
			S3_BUCKET="$(cat /work-space/S3_BUCKET)"
			S3_PREFIX="$(cat /work-space/S3_PREFIX)"
			sort /work-space/s3-file-listing
			if [ "z$SECRETS_TARBALL" = z ]; then
				SECRETS_TARBALL="$(gawk '/wp-content.tgz$/{print $4}' < /work-space/s3-file-listing | sort | tail -1)"
				if [ "z$SECRETS_TARBALL" != z ]; then
					SECRETS_TARBALL="s3://$S3_BUCKET/$S3_PREFIX$SECRETS_TARBALL"
				fi
			fi
		fi
		if [ "z$SECRETS_TARBALL" != z ]; then
			echo "$SECRETS_TARBALL" > /work-space/secrets-tarball.file
		fi
		;;
	# backup
	(create-secrets-tarball)
		APP_NAME="$(cat /config/APP_NAME)"
		secret_template="{{ \$item.metadata.namespace }}:{{ \$item.metadata.name }}{{ \"\n\" }}"
		secret_template_list="{{ range \$index, \$item := .items }}$secret_template{{ end }}"

		kubectl auth can-i --list
		_get_backup_secrets() {
			kubectl get secret -l 'backup.cert-manager.brainfood.com=true' -l "app.backup.cert-manager.brainfood.com=$APP_NAME" -o go-template --template "$secret_template_list"
		}

		date="$(date)"
		timestamp_year_month="$(date -d "$date" '+%Y/%m')"
		timestamp_name="$(date -d "$date" '+%Y%m%d-%H%M%S')"
		mkdir "/work-space/$date"
		(_get_backup_secrets) | while IFS=":" read namespace name; do
			mkdir -p "/work-space/$timestamp_name/$namespace"
			kubectl get -n "$namespace" secret "$name" -o yaml > "/work-space/$timestamp_name/$namespace/$name.yaml"
		done

		tar -C "/work-space/$timestamp_name" -f - -c . | gzip -9 > "/work-space/$timestamp_name.tar.gz"
		echo "$timestamp_name.tar.gz" > /work-space/secrets-tarball.file
		echo "$timestamp_year_month" > /work-space/timestamp_year_month
		;;
	# backup
	(copy-to-s3)
		# s5cmd image doesn't have many tools installed
		S3_ENABLED="$(cat /config/S3_ENABLED)"
		if [ true = "$S3_ENABLED" ]; then
			SECRETS_TARBALL="$(cat /work-space/secrets-tarball.file)"
			timestamp_year_month="$(cat /work-space/timestamp_year_month)"
			if [ "z$SECRETS_TARBALL" != z ]; then
				setup_s3
				/s5cmd cp "/work-space/$SECRETS_TARBALL" "s3://$S3_BUCKET/$S3_PREFIX/$timestamp_year_month/$SECRETS_TARBALL"
			fi
			:
		fi
		;;

	# restore
	(calculate-restore-s3)
		if [ -e /work-space/s3-file-listing ]; then
			S3_BUCKET="$(cat /work-space/S3_BUCKET)"
			S3_PREFIX="$(cat /work-space/S3_PREFIX)"
			sort /work-space/s3-file-listing
			ls -alR /work-space
			if [ "z$SECRETS_TARBALL" = z ]; then
				SECRETS_TARBALL="$(grep -E '[0-9]{4}\/[0-9]{2}\/[0-9]{8}-[0-9]{6}.tar.gz' /work-space/s3-file-listing | awk '{print $4}' | sort | tail -n 1)"
				if [ "z$SECRETS_TARBALL" != z ]; then
					SECRETS_TARBALL="s3://$S3_BUCKET/$S3_PREFIX/$SECRETS_TARBALL"
				fi
			fi
		fi
		if [ "z$SECRETS_TARBALL" != z ]; then
			echo "$SECRETS_TARBALL" > /work-space/secrets-tarball.file
		fi
		;;
	# restore
	(copy-from-s3)
		# s5cmd image doesn't have many tools installed
		S3_ENABLED="$(cat /config/S3_ENABLED)"
		if [ true = "$S3_ENABLED" ]; then
			setup_s3
			if [ -s /work-space/secrets-tarball.file ]; then
				/s5cmd cp "$(cat /work-space/secrets-tarball.file)" /work-space/secrets.tar.gz
			fi
		fi
		;;
	# restore
	(restore-secrets)
		if [ -e /work-space/secrets.tar.gz ]; then
			rm -rf /work-space/secret-restore
			mkdir /work-space/secret-restore
			tar -zxC /work-space/secret-restore -f /work-space/secrets.tar.gz
			kubectl create --dry-run=client -o yaml -f /work-space/secret-restore/* | kubectl apply -f -
		fi
		;;
esac