pieterlange · Exagone313 · Feb 19, 2021 · Feb 19, 2021 · Feb 19, 2021 · Feb 19, 2021
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,7 +1,12 @@
-#!/bin/bash -e
+#!/bin/sh -e
+
+if [ -n "$1" ]; then
+    exec "$@"
+    exit
+fi
 
 if [ -z "$NAMESPACES" ]; then
-    NAMESPACES=$(kubectl get ns -o jsonpath={.items[*].metadata.name})
+    NAMESPACES=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
 fi
 
 RESOURCETYPES="${RESOURCETYPES:-"ingress deployment configmap svc rc ds networkpolicy statefulset cronjob pvc"}"
@@ -18,7 +23,7 @@ GITCRYPT_ENABLE="${GITCRYPT_ENABLE:-"false"}"
 GITCRYPT_PRIVATE_KEY="${GITCRYPT_PRIVATE_KEY:-"/secrets/gpg-private.key"}"
 GITCRYPT_SYMMETRIC_KEY="${GITCRYPT_SYMMETRIC_KEY:-"/secrets/symmetric.key"}"
 
-if [[ ! -f /backup/.ssh/id_rsa ]]; then
+if [ ! -f /backup/.ssh/id_rsa ]; then
     git config --global credential.helper '!aws codecommit credential-helper $@'
     git config --global credential.UseHttpPath true
 fi
@@ -48,51 +53,51 @@ fi
 
 # Start kubernetes state export
 for resource in $GLOBALRESOURCES; do
-    [ -d "$GIT_REPO_PATH/$GIT_PREFIX_PATH" ] || mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH"
-    echo "Exporting resource: ${resource}" >/dev/stderr
+    echo "Exporting resource: ${resource}" >&2
     kubectl get -o=json "$resource" | jq --sort-keys \
         'del(
-          .items[].metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
-          .items[].metadata.annotations."control-plane.alpha.kubernetes.io/leader",
-          .items[].metadata.uid,
-          .items[].metadata.selfLink,
-          .items[].metadata.resourceVersion,
-          .items[].metadata.creationTimestamp,
-          .items[].metadata.generation
-      )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' >"$GIT_REPO_PATH/$GIT_PREFIX_PATH/${resource}.yaml"
+            .items[].metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
+            .items[].metadata.annotations."control-plane.alpha.kubernetes.io/leader",
+            .items[].metadata.uid,
+            .items[].metadata.selfLink,
+            .items[].metadata.resourceVersion,
+            .items[].metadata.creationTimestamp,
+            .items[].metadata.generation
+        )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' >"$GIT_REPO_PATH/$GIT_PREFIX_PATH/${resource}.yaml"
 done
 
 for namespace in $NAMESPACES; do
-    [ -d "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}" ] || mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}"
+    mkdir -p "$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}"
 
     for type in $RESOURCETYPES; do
-        echo "[${namespace}] Exporting resources: ${type}" >/dev/stderr
+        echo "[${namespace}] Exporting resources: ${type}" >&2
 
         label_selector=""
-        if [[ "$type" == 'configmap' && -z "${INCLUDE_TILLER_CONFIGMAPS:-}" ]]; then
+        if [ "$type" = 'configmap' ] && [ -z "${INCLUDE_TILLER_CONFIGMAPS:-}" ]; then
             label_selector="-l OWNER!=TILLER"
         fi
 
-        kubectl --namespace="${namespace}" get "$type" $label_selector -o custom-columns=SPACE:.metadata.namespace,KIND:..kind,NAME:.metadata.name --no-headers | while read -r a b name; do
+        # shellcheck disable=SC2086
+        kubectl --namespace="${namespace}" get "$type" $label_selector -o custom-columns=SPACE:.metadata.namespace,KIND:..kind,NAME:.metadata.name --no-headers | while read -r _ _ name; do
             [ -z "$name" ] && continue
 
-        # Service account tokens cannot be exported
-        if [[ "$type" == 'secret' && $(kubectl get -n "${namespace}" -o jsonpath="{.type}" secret "$name") == "kubernetes.io/service-account-token" ]]; then
-            continue
-        fi
-
-        kubectl --namespace="${namespace}" get -o=json "$type" "$name" | jq --sort-keys \
-        'del(
-            .metadata.annotations."control-plane.alpha.kubernetes.io/leader",
-            .metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
-            .metadata.creationTimestamp,
-            .metadata.generation,
-            .metadata.resourceVersion,
-            .metadata.selfLink,
-            .metadata.uid,
-            .spec.clusterIP,
-            .status
-        )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' >"$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}/${name}.${type}.yaml"
+            # Service account tokens cannot be exported
+            if [ "$type" = 'secret' ] && [ "$(kubectl get -n "${namespace}" -o jsonpath="{.type}" secret "$name")" = "kubernetes.io/service-account-token" ]; then
+                continue
+            fi
+
+            kubectl --namespace="${namespace}" get -o=json "$type" "$name" | jq --sort-keys \
+            'del(
+                .metadata.annotations."control-plane.alpha.kubernetes.io/leader",
+                .metadata.annotations."kubectl.kubernetes.io/last-applied-configuration",
+                .metadata.creationTimestamp,
+                .metadata.generation,
+                .metadata.resourceVersion,
+                .metadata.selfLink,
+                .metadata.uid,
+                .spec.clusterIP,
+                .status
+            )' | python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' >"$GIT_REPO_PATH/$GIT_PREFIX_PATH/${namespace}/${name}.${type}.yaml"
         done
     done
 done