Skip to content

Commit

Permalink
Add database backup workflow for aks
Browse files Browse the repository at this point in the history
  • Loading branch information
johnake committed Oct 25, 2023
1 parent 5db1569 commit c6f53ee
Show file tree
Hide file tree
Showing 6 changed files with 200 additions and 80 deletions.
166 changes: 166 additions & 0 deletions .github/workflows/actions/database-backup/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
name: Backup AKS Database
description: backs up AKS database to Azure Storage

inputs:
environment:
description: "The name of the environment"
required: true
azure_credentials:
description: "JSON object containing a service principal that can read from Azure Key Vault"
required: true

outputs:
backup_artifact:
description: "The backup artifact name"
value: ${{ inputs.environment }}-backup

runs:
using: composite

steps:
- uses: actions/checkout@v4
id: Checkout

- name: Set KV environment variables
id: set_kv_env_vars
run: |
tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}_aks.tfvars.json
echo "INF_VAULT_NAME=$(jq -r '.inf_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "NAMESPACE=$(jq -r '.namespace' ${tf_vars_file})" >> $GITHUB_ENV
echo "APP_ENVIRONMENT=$(jq -r '.app_environment' ${tf_vars_file})" >> $GITHUB_ENV
echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV
if [ -z "$INF_VAULT_NAME" ]; then
echo "::error ::Failed to extract inf_vault_name from $TFVARS"
exit 1
fi
if [ -z "$NAMESPACE" ]; then
echo "::error ::Failed to extract namespace from $TFVARS"
exit 1
fi
if [ -z "$CLUSTER" ]; then
echo "::error ::Failed to extract cluster from $TFVARS"
exit 1
fi
if [ -z "$APP_ENVIRONMENT" ]; then
echo "::error ::Failed to extract app_environment from $TFVARS"
exit 1
fi
echo "INF_VAULT_NAME=$INF_VAULT_NAME" >> $GITHUB_OUTPUT
echo "NAMESPACE=$NAMESPACE" >> $GITHUB_OUTPUT
echo "CLUSTER=$CLUSTER" >> $GITHUB_OUTPUT
echo "APP_ENVIRONMENT=$APP_ENVIRONMENT" >> $GITHUB_OUTPUT
shell: bash
env:
TFVARS: ${{ inputs.tfvars }}
working-directory: terraform/aks

- uses: Azure/login@v1
with:
creds: ${{ inputs.azure_credentials }}

- name: Fetch slack web hook
uses: azure/CLI@v1
id: slack-web-hook
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ env.INF_VAULT_NAME }}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT
- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
version: "v1.26.1"

- run: |
test_cluster_rg=s189t01-tsc-ts-rg
test_cluster_name=s189t01-tsc-test-aks
production_cluster_rg=s189p01-tsc-pd-rg
production_cluster_name=s189p01-tsc-production-aks
case "${ENVIRONMENT_NAME}" in
development_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "app_name=find-a-lost-trn-development" >> $GITHUB_ENV
;;
test_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "app_name=find-a-lost-trn-test" >> $GITHUB_ENV
;;
preproduction_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "app_name=find-a-lost-trn-preproduction" >> $GITHUB_ENV
;;
production_aks)
echo "cluster_rg=$production_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$production_cluster_name" >> $GITHUB_ENV
echo "app_name=find-a-lost-trn-production" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
- uses: azure/setup-kubectl@v3

- name: K8 setup
shell: bash
run: |
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
make bin/konduit.sh
- name: Setup postgres client
uses: DFE-Digital/github-actions/install-postgres-client@master

- name: Set environment variable
run: |
BACKUP_FILE_NAME=faltrn_${{ inputs.environment }}_$(date +"%F")
- name: Backup ${{ inputs.environment }} DB
run: |
bin/konduit.sh find-a-lost-trn-${{ inputs.environment }} -- pg_dump -E utf8 --clean --if-exists --no-owner --verbose --no-password -f ${BACKUP_FILE_NAME}.sql
tar -cvzf ${BACKUP_FILE_NAME}.tar.gz ${BACKUP_FILE_NAME}.sql
- name: Set Connection String
run: |
STORAGE_CONN_STR="$(az keyvault secret show --name FALTRN-BACKUP-STORAGE-CONNECTION-STRING-AKS --vault-name ${{ env.INF_VAULT_NAME }} | jq -r .value)"
echo "::add-mask::$STORAGE_CONN_STR"
echo "STORAGE_CONN_STR=$STORAGE_CONN_STR" >> $GITHUB_ENV
- name: Upload Backup to Azure Storage
run: |
az storage blob upload --container-name database-backup \
--file ${BACKUP_FILE_NAME}.tar.gz --name ${BACKUP_FILE_NAME}.tar.gz --overwrite \
--connection-string '${{ env.STORAGE_CONN_STR }}'
rm ${BACKUP_FILE_NAME}.tar.gz
- name: Disk cleanup
shell: bash
run: |
sudo rm -rf /usr/local/lib/android || true
sudo rm -rf /usr/share/dotnet || true
sudo rm -rf /opt/ghc || true
- name: Remove backup file
shell: bash
run: |
rm ${{ env.BACKUP_FILE_NAME }}.sql
- name: Check for Failure
if: ${{ failure() }}
uses: rtCamp/action-slack-notify@master
env:
SLACK_USERNAME: CI Deployment
SLACK_TITLE: Database backup failure
SLACK_MESSAGE: ${{ inputs.environment }} database backup job failed
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }}
SLACK_COLOR: failure
SLACK_FOOTER: Sent from backup job in database-backup workflow
26 changes: 26 additions & 0 deletions .github/workflows/aks-db-backup.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Backup AKS Database

on:
workflow_dispatch:
inputs:
environment:
description: Environment
type: choice
options:
- development
- test
- preproduction
- production
schedule: # 01:00 UTC
- cron: "0 1 * * *"

jobs:
backup:
name: Backup AKS Database
runs-on: ubuntu-latest
steps:
- uses: ./.github/workflows/actions/database-backup
id: aks_db_backup
with:
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
environment: ${{ inputs.environment }}
79 changes: 0 additions & 79 deletions .github/workflows/database-backup.yml

This file was deleted.

2 changes: 2 additions & 0 deletions terraform/aks/databases.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ module "postgres" {
azure_enable_monitoring = var.enable_monitoring
azure_extensions = ["plpgsql", "citext", "uuid-ossp"]
server_version = "14"

azure_enable_backup_storage = var.azure_enable_backup_storage
}

module "redis" {
Expand Down
4 changes: 4 additions & 0 deletions terraform/aks/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@ variable "inf_vault_name" {
description = "infrastructure kv name"
}

variable "azure_enable_backup_storage" {
default = false
}

variable "review_url_db_name" {
default = null
description = "the name of the secret storing review db url"
Expand Down
3 changes: 2 additions & 1 deletion terraform/aks/workspace_variables/production_aks.tfvars.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,6 @@
"inf_vault_name": "s189p01-faltrn-pd-inf-kv",
"key_vault_resource_group": "s189p01-faltrn-pd-rg",
"worker_replicas": 2,
"replicas": 2
"replicas": 2,
"azure_enable_backup_storage": true
}

0 comments on commit c6f53ee

Please sign in to comment.