init

kosheeta · kosheeta · commit 815df9bb92c8 · 2023-01-09T22:58:33.000+03:00
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,12 @@
+FROM alpine:latest
+
+RUN apk update \
+	&& apk add coreutils \
+	&& apk add postgresql-client \
+	&& apk add python3 py3-pip && pip3 install --upgrade pip && pip3 install awscli \
+	&& apk add openssl \
+	&& rm -rf /var/cache/apk/*
+
+COPY entrypoint.sh /entrypoint.sh
+
+CMD ["sh", "/entrypoint.sh"]
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Nikita Koshelenko
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,116 @@
+# postgres2s3
+💾 Backup all PostgreSQL databases to S3 Storage
+
+## Usage
+```bash
+$ docker run \ 
+        -e POSTGRES_HOST=localhost
+        -e POSTGRES_USER=postgres
+        -e POSTGRES_PASSWORD=postgrespw
+        -e S3_ENDPOINT=http://localhost:9000
+        -e S3_ACCESS_KEY=accessKey
+        -e S3_SECRET_KEY=secretKey
+        -e S3_BUCKET=backups
+        -e ENCRYPTION_PASSWORD=supersecretpassword
+        --rm
+        nikitakoschelenko/postgres2s3
+```
+
+## Environment variables
+#### `POSTGRES_HOST`*
+Host of the PostgreSQL database.
+
+#### `POSTGRES_PORT`*
+Port of the PostgreSQL database. Default to `5432`.
+
+#### `POSTGRES_USER`*
+Username of the PostgreSQL user.
+
+#### `POSTGRES_PASSWORD`*
+Password of the PostgreSQL user.
+
+#### `S3_ENDPOINT`*
+Endpoint URL of the S3.
+
+#### `S3_ACCESS_KEY`*
+Access key of the S3.
+
+#### `S3_SECRET_KEY`*
+Secret key of the S3.
+
+#### `S3_BUCKET`*
+Name of the bucket for saving backups to S3.
+
+#### `S3_FILE_PREFIX`
+Prefix for the backup file name for saving to S3. Default to `backup-`.
+
+#### `ENCRYPTION_PASSWORD`
+Password for encryption.
+
+#### `PG_DUMPALL_EXTRA_ARGS`
+Extra options for `pg_dumpall` command.
+
+#### `OPENSSL_ENC_EXTRA_ARGS`
+Extra options for `openssl enc` command.
+
+#### `AWS_S3_CP_EXTRA_ARGS`
+Extra options for `aws s3 cp` command.
+
+## Decryption
+```bash
+openssl enc -d -aes-256-cbc -pbkdf2 -iter 20000 -in backup.bak.gz.enc -out backup.bak.gz
+```
+
+## Kubernetes
+To use with Kubernetes, you need to create a CronJob:
+```yaml
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: postgresql-backup
+  namespace: shared
+spec:
+  schedule: 0 */8 * * *
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: postgresql-backup
+              image: nikitakoschelenko/postgres2s3:15.1
+              env:
+                - name: POSTGRES_HOST
+                  value: postgresql.shared
+                - name: POSTGRES_USER
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgresql-backup-secret
+                      key: POSTGRES_USER
+                - name: POSTGRES_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgresql-backup-secret
+                      key: POSTGRES_PASSWORD
+                - name: S3_ENDPOINT
+                  value: http://minio.shared:9000/
+                - name: S3_ACCESS_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgresql-backup-secret
+                      key: S3_ACCESS_KEY
+                - name: S3_SECRET_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgresql-backup-secret
+                      key: S3_SECRET_KEY
+                - name: S3_BUCKET
+                  value: backups
+                - name: S3_PREFIX
+                  value: postresql/backup-
+                - name: ENCRYPTION_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgresql-backup-secret
+                      key: ENCRYPTION_PASSWORD
+          restartPolicy: OnFailure
+```
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,72 @@
+#! /bin/sh
+
+if [[ -z "$POSTGRES_HOST" ]]; then
+  echo "POSTGRES_HOST environment variable is required"
+  exit 1
+fi
+
+POSTGRES_PORT="${POSTGRES_PORT:-5432}"
+
+if [[ -z "$POSTGRES_USER" ]]; then
+  echo "POSTGRES_USER environment variable is required"
+  exit 1
+fi
+
+if [[ -z "$POSTGRES_PASSWORD" ]]; then
+  echo "POSTGRES_PASSWORD environment variable is required"
+  exit 1
+fi
+
+if [[ -z "$S3_ENDPOINT" ]]; then
+  echo "S3_ENDPOINT environment variable is required"
+  exit 1
+fi
+
+if [[ -z "$S3_ACCESS_KEY" ]]; then
+  echo "S3_ACCESS_KEY environment variable is required"
+  exit 1
+fi
+
+if [[ -z "$S3_SECRET_KEY" ]]; then
+  echo "S3_SECRET_KEY environment variable is required"
+  exit 1
+fi
+
+if [[ -z "$S3_BUCKET" ]]; then
+  echo "S3_BUCKET environment variable is required"
+  exit 1
+fi
+
+S3_FILE_PREFIX="${S3_FILE_PREFIX:-backup-}"
+
+pg_dumpall -V
+echo "Creating a dump of all databases..."
+
+SOURCE_FILE="output.bak.gz"
+DESTINATION_FILE="${S3_FILE_PREFIX}$(date +"%Y-%m-%dT%H:%M:%SZ").bak.gz"
+
+export PGPASSWORD=$POSTGRES_PASSWORD
+pg_dumpall -h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER $PG_DUMPALL_EXTRA_ARGS | gzip > $SOURCE_FILE
+
+echo "Dump created"
+
+if [[ -z "$ENCRYPTION_PASSWORD" ]]; then
+  echo "Encryption disabled"
+else
+  echo "Encryption of the dump..."
+
+  openssl enc -aes-256-cbc -pbkdf2 -iter 20000 -in $SOURCE_FILE -out ${SOURCE_FILE}.enc -k $ENCRYPTION_PASSWORD $OPENSSL_ENC_EXTRA_ARGS
+
+  SOURCE_FILE="${SOURCE_FILE}.enc"
+  DESTINATION_FILE="${DESTINATION_FILE}.enc"
+
+  echo "Dump encrypted"
+fi
+
+echo "Uploading the dump to S3..."
+
+export AWS_ACCESS_KEY_ID=$S3_ACCESS_KEY
+export AWS_SECRET_ACCESS_KEY=$S3_SECRET_KEY
+aws s3 cp $SOURCE_FILE s3://$S3_BUCKET/$DESTINATION_FILE --endpoint-url $S3_ENDPOINT $AWS_S3_CP_EXTRA_ARGS
+
+echo "Dump uploaded"
