airship
/
porthole
Code Issues Proposed changes
porthole/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl

203 lines
7.5 KiB
Smarty
Raw Blame History

#!/bin/bash
{{- $envAll := . }}
export ETCD_POD_NAMESPACE=$1
if [[ $ETCD_POD_NAMESPACE == "" ]]; then
echo "No namespace given - cannot spawn ondemand job."
exit 1
fi
export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }}
export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility)
export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g')
if [[ $NODE == "" ]];then
echo "Cannot find node to run ondemand job from."
exit 1
fi
if [[ $ETCD_IMAGE_NAME == "" ]]; then
echo "Cannot find the utility image for populating ETCD_IMAGE_NAME variable."
exit 1
fi
export TMP_FILE=$(mktemp -p /tmp)
cat > $TMP_FILE << EOF
---
apiVersion: batch/v1
kind: Job
metadata:
name: etcd-ondemand
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "etcd-ondemand" "ondemand" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
template:
metadata:
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "etcd-ondemand" "containerNames" (list "etcd-ondemand" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
labels:
{{ tuple $envAll "etcd-ondemand" "ondemand" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "etcd_ondemand" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
restartPolicy: OnFailure
serviceAccountName: kubernetes-etcd-etcd-backup
nodeName: ${NODE}
containers:
- name: etcd-ondemand
image: ${ETCD_IMAGE_NAME}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.etcd_ondemand | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "etcd_ondemand" "container" "etcd_ondemand" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /bin/sleep
- "1000000"
env:
- name: ETCDCTL_API
value: "{{ .Values.conf.etcd.etcdctl_api }}"
- name: ETCDCTL_DIAL_TIMEOUT
value: 10s
- name: ETCDCTL_CACERT
value: /etc/etcd/tls/certs/client-ca.pem
- name: ETCDCTL_CERT
value: /etc/etcd/tls/certs/anchor-etcd-client.pem
- name: ETCDCTL_KEY
value: /etc/etcd/tls/keys/anchor-etcd-client-key.pem
- name: ETCDCTL_ENDPOINTS
value: https://{{ .Values.conf.etcd.endpoints }}:{{ .Values.endpoints.etcd.port.client.default }}
- name: ONDEMAND_JOB
value: etcd-ondemand
- name: ARCHIVE_DIR
value: $ETCD_BACKUP_BASE_PATH/db/$ETCD_POD_NAMESPACE/etcd/archive
- name: BACKUP_RESTORE_SCOPE
value: etcd
- name: BACKUP_RESTORE_NAMESPACE_LIST
value: $ETCD_POD_NAMESPACE
- name: ETCD_BACKUP_BASE_DIR
valueFrom:
secretKeyRef:
key: BACKUP_BASE_PATH
name: ${ETCD_CONF_SECRET}
- name: POD_NAMESPACE
value: ${ETCD_POD_NAMESPACE}
- name: REMOTE_BACKUP_ENABLED
valueFrom:
secretKeyRef:
key: REMOTE_BACKUP_ENABLED
name: ${ETCD_CONF_SECRET}
- name: STORAGE_POLICY
valueFrom:
secretKeyRef:
key: REMOTE_BACKUP_STORAGE_POLICY
name: ${ETCD_CONF_SECRET}
- name: CONTAINER_NAME
valueFrom:
secretKeyRef:
key: REMOTE_BACKUP_CONTAINER
name: ${ETCD_CONF_SECRET}
- name: OS_IDENTITY_API_VERSION
value: "3"
EOF
if $ETCD_REMOTE_BACKUP_ENABLED; then
export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }}
cat >> $TMP_FILE << EOF
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_REGION_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_USERNAME
- name: OS_PROJECT_NAME
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_PROJECT_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_USER_DOMAIN_NAME
- name: OS_PROJECT_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_PROJECT_DOMAIN_NAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: ${ETCD_RGW_SECRET}
key: OS_PASSWORD
EOF
fi
cat >> $TMP_FILE << EOF
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: kubernetes-etcd-certs
mountPath: /etc/etcd/tls/certs
- name: kubernetes-etcd-keys
mountPath: /etc/etcd/tls/keys
- mountPath: /tmp/restore_etcd.sh
name: kubernetes-etcd-bin
readOnly: true
subPath: restore_etcd.sh
- mountPath: /tmp/restore_main.sh
name: kubernetes-etcd-bin
readOnly: true
subPath: restore_main.sh
- mountPath: /tmp/backup_etcd.sh
name: kubernetes-etcd-bin
readOnly: true
subPath: backup_etcd.sh
- mountPath: /tmp/bin/backup_main.sh
name: kubernetes-etcd-bin
readOnly: true
subPath: backup_main.sh
- mountPath: {{ .Values.conf.backup.host_backup_path }}
name: kubernetes-etcd-backup-dir
subPath: .
- name: host-etcd
mountPath: /var/lib/etcd
subPath: .
volumes:
- name: pod-tmp
emptyDir: {}
- name: kubernetes-etcd-certs
configMap:
name: kubernetes-etcd-certs
defaultMode: 0444
- name: kubernetes-etcd-keys
secret:
secretName: kubernetes-etcd-keys
defaultMode: 0444
- name: kubernetes-etcd-bin
configMap:
name: kubernetes-etcd-bin
defaultMode: 0555
- name: kubernetes-etcd-backup-dir
hostPath:
path: {{ .Values.conf.backup.host_backup_path }}
- name: host-etcd
hostPath:
path: /var/lib/etcd
EOF
kubectl create -n $ETCD_POD_NAMESPACE -f $TMP_FILE
rm -rf $TMP_FILE
View Git Blame Copy Permalink