Merge pull request pieterlange#21 from benmathews/organize-by-object

Organize by object
chenqiangzhishen · Jan 11, 2018 · 29b1f23 · 29b1f23
2 parents 54b594b + 5ae8c68
commit 29b1f23
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 52 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,5 @@
 FROM alpine:3.7
 
-ENV KUBECTL_VERSION 1.8.4
-ENV KUBECTL_SHA256 fb3cbf25e71f414381e8a6b8a2dc2abb19344feea660ac0445ccf5d43a093f10
-ENV KUBECTL_URI https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
-
 RUN apk update && \
   apk add --update \
     bash \
@@ -29,12 +25,18 @@ RUN apk update && \
   apk del libressl-dev make g++ && \
   rm -rf /var/cache/apk/*
 
-RUN curl -SL ${KUBECTL_URI} -o kubectl && chmod +x kubectl
-RUN echo "${KUBECTL_SHA256}  kubectl" | sha256sum -c - || exit 10
-
 RUN pip install ijson awscli
 RUN adduser -h /backup -D backup
 
+ENV KUBECTL_VERSION 1.9.1
+ENV KUBECTL_SHA256 ec1abbc1b91fb23e00558c09892d053012c7581afe6e5a36cada3713b0b7c37b
+ENV KUBECTL_URI https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
+
+RUN curl -SL ${KUBECTL_URI} -o kubectl && chmod +x kubectl
+
+RUN echo "${KUBECTL_SHA256}  kubectl" | sha256sum -c - || exit 10
+ENV PATH="/:${PATH}"
+
 COPY entrypoint.sh /
 USER backup
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/cronjob-ssh.yaml b/cronjob-ssh.yaml
@@ -6,7 +6,7 @@ metadata:
 
 ---
 
-apiVersion: batch/v2alpha1
+apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
   name: kube-state-backup

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,14 +1,14 @@
 #!/bin/bash -e
 
 if [ -z "$NAMESPACES" ]; then
-  NAMESPACES=$(/kubectl get ns -o jsonpath={.items[*].metadata.name})
+    NAMESPACES=$(kubectl get ns -o jsonpath={.items[*].metadata.name})
 fi
 
-RESOURCETYPES="${RESOURCETYPES:-"ingress deployment configmap svc rc ds thirdpartyresource networkpolicy statefulset storageclass cronjob"}"
+RESOURCETYPES="${RESOURCETYPES:-"ingress deployment configmap svc rc ds crd networkpolicy statefulset storageclass cronjob"}"
 GLOBALRESOURCES="${GLOBALRESOURCES:-"namespace storageclasses"}"
 
 # Initialize git repo
-[ -z "$GIT_REPO" ] && echo "Need to define GIT_REPO environment variable" && exit 1
+[ -z "$DRY_RUN" ] && [ -z "$GIT_REPO" ] && echo "Need to define GIT_REPO environment variable" && exit 1
 GIT_REPO_PATH="${GIT_REPO_PATH:-"/backup/git"}"
 GIT_PREFIX_PATH="${GIT_PREFIX_PATH:-"."}"
 GIT_USERNAME="${GIT_USERNAME:-"kube-backup"}"
@@ -18,77 +18,82 @@ GITCRYPT_ENABLE="${GITCRYPT_ENABLE:-"false"}"
 GITCRYPT_PRIVATE_KEY="${GITCRYPT_PRIVATE_KEY:-"/secrets/gpg-private.key"}"
 GITCRYPT_SYMMETRIC_KEY="${GITCRYPT_SYMMETRIC_KEY:-"/secrets/symmetric.key"}"
 
-if [[ ! -f /backup/.ssh/id_rsa ]] ; then
+if [[ ! -f /backup/.ssh/id_rsa ]]; then
     git config --global credential.helper '!aws codecommit credential-helper $@'
     git config --global credential.UseHttpPath true
 fi
-git config --global user.name "$GIT_USERNAME"
-git config --global user.email "$GIT_EMAIL"
+[ -z "$DRY_RUN" ] && git config --global user.name "$GIT_USERNAME"
+[ -z "$DRY_RUN" ] && git config --global user.email "$GIT_EMAIL"
 
-test -d "$GIT_REPO_PATH" || git clone --depth 1 "$GIT_REPO" "$GIT_REPO_PATH" --branch "$GIT_BRANCH" || git clone "$GIT_REPO" "$GIT_REPO_PATH"
+[ -z "$DRY_RUN" ] && (test -d "$GIT_REPO_PATH" || git clone --depth 1 "$GIT_REPO" "$GIT_REPO_PATH" --branch "$GIT_BRANCH" || git clone "$GIT_REPO" "$GIT_REPO_PATH")
 cd "$GIT_REPO_PATH"
-git checkout "${GIT_BRANCH}" || git checkout -b "${GIT_BRANCH}"
-git stash
+[ -z "$DRY_RUN" ] && (git checkout "${GIT_BRANCH}" || git checkout -b "${GIT_BRANCH}")
+[ -z "$DRY_RUN" ] && git stash
 if [ "$GITCRYPT_ENABLE" = "true" ]; then
-  if [ -f "$GITCRYPT_PRIVATE_KEY" ]; then
-    gpg --allow-secret-key-import --import "$GITCRYPT_PRIVATE_KEY"
-    git-crypt unlock
-  elif [ -f "$GITCRYPT_SYMMETRIC_KEY" ]; then
-    git-crypt unlock "$GITCRYPT_SYMMETRIC_KEY"
-  else
-    echo "[ERROR] Please verify your env variables (GITCRYPT_PRIVATE_KEY or GITCRYPT_SYMMETRIC_KEY)"
-    exit 1
-  fi
+    if [ -f "$GITCRYPT_PRIVATE_KEY" ]; then
+        gpg --allow-secret-key-import --import "$GITCRYPT_PRIVATE_KEY"
+        git-crypt unlock
+    elif [ -f "$GITCRYPT_SYMMETRIC_KEY" ]; then
+        git-crypt unlock "$GITCRYPT_SYMMETRIC_KEY"
+    else
+        echo "[ERROR] Please verify your env variables (GITCRYPT_PRIVATE_KEY or GITCRYPT_SYMMETRIC_KEY)"
+        exit 1
+    fi
 fi
 cd "$GIT_REPO_PATH/$GIT_PREFIX_PATH"
 git rm -r **/*.yaml || true
 
 # Start kubernetes state export
 for resource in $GLOBALRESOURCES; do
-  [ -d "$GIT_REPO_PATH/$GIT_PREFIX_PATH" ] || mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH"
-  echo "Exporting resource: ${resource}" > /dev/stderr
-  /kubectl get --export -o=json "$resource" | jq --sort-keys \
-      'del(
+    [ -d "$GIT_REPO_PATH/$GIT_PREFIX_PATH" ] || mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH"
+    echo "Exporting resource: ${resource}" >/dev/stderr
+    kubectl get --export -o=json "$resource" | jq --sort-keys \
+        'del(
           .items[].metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
           .items[].metadata.annotations."control-plane.alpha.kubernetes.io/leader",
           .items[].metadata.uid,
           .items[].metadata.selfLink,
           .items[].metadata.resourceVersion,
           .items[].metadata.creationTimestamp,
           .items[].metadata.generation
-      )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' > "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${resource}.yaml"
+      )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' >"$GIT_REPO_PATH/$GIT_PREFIX_PATH/${resource}.yaml"
 done
 
 for namespace in $NAMESPACES; do
-  [ -d "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}" ] || mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}"
+    [ -d "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}" ] || mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}"
 
-  for type in $RESOURCETYPES; do
-    echo "[${namespace}] Exporting resources: ${type}" > /dev/stderr
+    for type in $RESOURCETYPES; do
+        echo "[${namespace}] Exporting resources: ${type}" >/dev/stderr
 
-    label_selector=""
-    if [[ "$type" == 'configmap' && -z "${INCLUDE_TILLER_CONFIGMAPS:-}" ]]; then
-      label_selector="-l OWNER!=TILLER"
-    fi
+        label_selector=""
+        if [[ "$type" == 'configmap' && -z "${INCLUDE_TILLER_CONFIGMAPS:-}" ]]; then
+            label_selector="-l OWNER!=TILLER"
+        fi
 
-    /kubectl --namespace="${namespace}" get --export -o=json "$type" $label_selector | jq --sort-keys \
-        'select(.type!="kubernetes.io/service-account-token") |
+        kubectl --namespace="${namespace}" get "$type" $label_selector -o custom-columns=SPACE:.metadata.namespace,KIND:..kind,NAME:.metadata.name --no-headers | while read -r a b name; do
+
+            kubectl --namespace="${namespace}" get --export -o=json "$type" "$name" | jq --sort-keys \
+                'select(.type!="kubernetes.io/service-account-token") |
         del(
-            .items[].metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
-            .items[].metadata.annotations."control-plane.alpha.kubernetes.io/leader",
-            .items[].spec.clusterIP,
-            .items[].metadata.uid,
-            .items[].metadata.selfLink,
-            .items[].metadata.resourceVersion,
-            .items[].metadata.creationTimestamp,
-            .items[].metadata.generation,
-            .items[].status
-        )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' > "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}/${type}.yaml"
-  done
+            .metadata.annotations."control-plane.alpha.kubernetes.io/leader",
+            .metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
+            .metadata.creationTimestamp,
+            .metadata.generation,
+            .metadata.resourceVersion,
+            .metadata.selfLink,
+            .metadata.uid,
+            .spec.clusterIP,
+            .status
+        )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' >"$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}/${name}.${type}.yaml"
+        done
+    done
 done
 
+[ -z "$DRY_RUN" ] || exit
+
 git add .
 
-if ! git diff-index --quiet HEAD -- ; then
+if ! git diff-index --quiet HEAD --; then
     git commit -m "Automatic backup at $(date)"
     git push origin "${GIT_BRANCH}"
 else