#!/usr/bin/env bash set -euo pipefail # -------------------------------------------------- # Config # -------------------------------------------------- BACKUP_DATE="$(date +%Y-%m-%d_%H-%M-%S)" TMP_DIR="/tmp/infra-backup-${BACKUP_DATE}" K8S_STORAGE="/k8s_storage" POSTGRES_STORAGE_DIR="postgres" # Postgres (from secret) PGHOST="postgres.default.svc.cluster.local" PGPORT="5432" # Namespaces SOURCE_NS="default" TARGET_NS="${KUBERNETES_NAMESPACE:-arc-systems}" POSTGRES_SECRET="postgres-secret" # S3 S3_BASE="s3://mist-backups/${BACKUP_DATE}" mkdir -p "$TMP_DIR" echo "=== Infra backup started ===" echo "Date: $BACKUP_DATE" echo "Namespace: $TARGET_NS" # -------------------------------------------------- # 0. Ensure postgres-secret exists in runner namespace # -------------------------------------------------- echo "=== Ensuring postgres-secret exists ===" if ! kubectl get secret "$POSTGRES_SECRET" -n "$TARGET_NS" >/dev/null 2>&1; then echo "→ Copying postgres-secret from default → ${TARGET_NS}" kubectl get secret "$POSTGRES_SECRET" -n "$SOURCE_NS" -o yaml \ | sed "s/namespace: ${SOURCE_NS}/namespace: ${TARGET_NS}/" \ | kubectl apply -f - else echo "✓ postgres-secret already present" fi # -------------------------------------------------- # 1. Postgres logical backup (SAFE) # -------------------------------------------------- echo "=== Backing up Postgres via pg_dump ===" export PGPASSWORD="${POSTGRES_PASSWORD}" pg_dump \ --format=custom \ --no-owner \ --no-acl \ --host="$PGHOST" \ --port="$PGPORT" \ --username="$POSTGRES_USER" \ "$POSTGRES_DB" \ > "$TMP_DIR/postgres.dump" gzip "$TMP_DIR/postgres.dump" echo "✓ Postgres dump complete" # -------------------------------------------------- # 2. Tar k8s_storage (EXCLUDING Postgres) # -------------------------------------------------- echo "=== Archiving k8s_storage (excluding Postgres) ===" tar \ --exclude="$POSTGRES_STORAGE_DIR" \ --ignore-failed-read \ --warning=no-file-changed \ -czf "$TMP_DIR/k8s_storage_non_postgres.tar.gz" \ -C "$K8S_STORAGE" . echo "✓ Filesystem archive complete" # -------------------------------------------------- # 3. Upload to S3 # -------------------------------------------------- echo "=== Uploading to S3 ===" aws s3 cp \ "$TMP_DIR/postgres.dump.gz" \ "${S3_BASE}/postgres/stripe_invoice.dump.gz" aws s3 cp \ "$TMP_DIR/k8s_storage_non_postgres.tar.gz" \ "${S3_BASE}/k8s_storage_non_postgres.tar.gz" echo "✓ Upload complete" # -------------------------------------------------- # 4. Cleanup # -------------------------------------------------- rm -rf "$TMP_DIR" echo "=== Infra backup finished successfully ==="