# K8s Script Pack

Kubernetes-focused shell scripts intended for cronjobs and operational utilities.

## Scripts

### `automated-nfs-backup.sh`

Backs up each top-level folder found in `NFS_SOURCE_PATH` into an encrypted `.7z` archive, with optional Kubernetes workload quiescing when a folder name exactly matches a namespace name.

Behavior:
- Exact folder-to-namespace mapping only.
- Unmapped folder: backup still runs, Kubernetes scale actions are skipped.
- Mapped folder: saves replicas, scales selected workloads down, waits, runs backup, restores replicas, waits again.
- Scale-down issues are warnings by policy (backup still runs).
- Restore issues are warnings by policy (run can still complete successfully).

## Environment Variables

Required:
- `NFS_SOURCE_PATH`: Root path containing folders to back up.
- `BACKUP_OUTPUT_PATH`: Destination path for generated `.7z` archives.
- `BACKUP_PASSWORD`: Password used for 7z encryption.

Optional:
- `KUBECTL_BIN` (default: `kubectl`)
- `KUBE_CONTEXT` (default: empty)
- `WORKLOAD_KINDS` (default: `deployment,statefulset,replicaset,replicationcontroller`)
- `ARCHIVE_PREFIX` (default: `nfs-backup`)
- `ARCHIVE_TS_FORMAT` (default: `%Y%m%d_%H%M%S`)
- `SEVENZ_METHOD` (default: `lzma2`)
- `SEVENZ_LEVEL` (default: `9`)
- `SEVENZ_HEADER_ENCRYPT` (default: `on`)
- `SEVENZ_THREADS` (default: `on`)
- `SCALE_TIMEOUT_SECONDS` (default: `600`)
- `SCALE_RETRY_COUNT` (default: `3`)
- `SCALE_RETRY_DELAY_SECONDS` (default: `5`)
- `LOG_LEVEL` (default: `info`)
- `TMP_STATE_DIR` (default: `/tmp/k8s-nfs-backup`)
- `NOTIFY_SUCCESS_URL` (default: empty, disabled)
- `NOTIFY_FAILURE_URL` (default: empty, disabled)
- `NOTIFY_TITLE` (default: `Kubernetes`)
- `NOTIFY_ASSET` (default: `kube config`)

Notification payload (success and failure):

```json
{
  "title": "Kubernetes",
  "asset": "kube config",
  "backupSizeInMB": 123
}
```

## Cronjob Notes

- Script is designed to run sequentially (one folder at a time).
- Provide Kubernetes RBAC allowing `get`, `list`, and `scale` on configured workload kinds in target namespaces.
- Ensure `kubectl` context and credentials are present in the runtime.
- Ensure `7z` is installed in the runtime image/host.

## Failure Semantics

- Missing required env vars, missing commands, invalid paths, or inability to list namespaces: script exits non-zero immediately.
- Folder backup failures: counted and script exits non-zero at end.
- Scale-down warnings/timeouts: logged and counted, backup continues.
- Restore warnings/timeouts: logged and counted, script does not fail solely because of restore warnings.
- If `NOTIFY_SUCCESS_URL` is set, success notification is sent at the end of a successful run.
- If `NOTIFY_FAILURE_URL` is set, failure notification is sent when backup failures are detected.
- Final summary always logs:
  - `processed`
  - `mapped`
  - `unmapped`
  - `backup_successes`
  - `backup_failures`
  - `scale_warnings`
  - `restore_warnings`