-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathk8s-backup.sh
104 lines (89 loc) · 3.97 KB
/
k8s-backup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/bash
###########
# Global Configurations
#======================
set -e
BACKUP_DIR=/usr/local/backup
AWS_CMD=/usr/bin/aws
TIME_STAMP=$(date +%Y-%m-%d_%H-%M)
######################
function get_secret {
kubectl get secret -n ${1} -o=yaml --field-selector type!=kubernetes.io/service-account-token | sed -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d'
}
function get_configmap {
kubectl get configmap -n ${1} -o=yaml | sed -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d'
}
function get_ingress {
kubectl get ing -n ${1} -o=yaml | sed -e '/status:/,+2d' -e '/\- ip: \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/d' -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d'
}
function get_service {
kubectl get service -n ${1} -o=yaml | sed -e '/ownerReferences:/,+5d' -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d' -e '/clusterIP: \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/d'
}
function get_deployment {
kubectl get deployment -n ${1} -o=yaml | sed -e '/deployment\.kubernetes\.io\/revision: "[0-9]\+"/d' -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d' -e '/status:/,+18d'
}
function get_cronjob {
kubectl get cronjob -n ${1} -o=yaml | sed -e '/status:/,+1d' -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d'
}
function get_pvc {
kubectl get pvc -n ${1} -o=yaml | sed -e '/control\-plane\.alpha\.kubernetes\.io\/leader\:/d' -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d'
}
function get_pv {
for pvolume in `kubectl get pvc -n ${1} -o=custom-columns=:.spec.volumeName`
do
kubectl get pv -o=yaml --field-selector metadata.name=${pvolume} | sed -e '/resourceVersion: "[0-9]\+"/d' -e '/uid: [a-z0-9-]\+/d' -e '/selfLink: [a-z0-9A-Z/]\+/d'
done
}
function export_ns {
mkdir -p ${BACKUP_DIR}/${CLUSTER_NAME}/
cd ${BACKUP_DIR}/${CLUSTER_NAME}/
for namespace in `kubectl get namespaces --no-headers=true | awk '{ print $1 }' | grep -v -e "cattle-prometheus" -e "cattle-system" -e "kube-system" -e "kube-public"`
do
echo "Namespace: $namespace"
echo "+++++++++++++++++++++++++"
mkdir -p $namespace
for object_kind in configmap ingress service secret deployment cronjob pvc
do
if kubectl get ${object_kind} -n ${namespace} 2>&1 | grep "No resources" > /dev/null; then
echo "No resources found for ${object_kind} in ${namespace}"
else
get_${object_kind} ${namespace} > ${namespace}/${object_kind}.${namespace}.yaml && echo "${object_kind}.${namespace}";
if [ ${object_kind} = "pvc" ]; then
get_pv ${namespace} > ${namespace}/pv.${namespace}.yaml && echo "pv.${namespace}";
fi
fi
done
echo "+++++++++++++++++++++++++"
done
}
###########################################################
## Archiving k8s data with password to upload it to AWS S3.
## This password is available on our password manager.
############################################################
function archive_ns {
cd ${BACKUP_DIR}
tar cz ${CLUSTER_NAME} | openssl enc -aes-256-cbc -e -k ${KUBE_ARCHIVE_PW} > ${BACKUP_DIR}/${CLUSTER_NAME}-${TIME_STAMP}.tar.gz.enc
}
# Upload Backups
#===============
function upload_backup_to_s3 {
${AWS_CMD} s3 cp ${BACKUP_DIR}/${CLUSTER_NAME}-${TIME_STAMP}.tar.gz.enc s3://${S3_BUCKET}/${CLUSTER_NAME}/
if [ $? -eq 0 ]; then
echo "${CLUSTER_NAME}-${TIME_STAMP}.tar.gz.enc is successfully uploaded"
rm -rf ${BACKUP_DIR}/${CLUSTER_NAME} ${BACKUP_DIR}/k8s-data-${TIME_STAMP}.tar.gz.enc
else
echo "${CLUSTER_NAME}-${TIME_STAMP}.tar.gz.enc failed to be uploaded"
exit 1
fi
}
# Execute Healthcheck Ping
function healthcheck_ping {
if [ -n "${HEALTHCHECK_URL}" ]; then
curl -m 10 --retry 5 "${HEALTHCHECK_URL}";
fi
}
###########
export_ns
archive_ns
upload_backup_to_s3
healthcheck_ping