A simple project for exporting current Kubernetes resource files. Intended destination: git, bitbucket Supports multiple projects for destination paths.

Assuming python3 is installed.

pip3 install -r requirements.txt

check out the config.yaml file for possible configurations.

Add or remove namespaces by modifying namespaces

Filter the kube-system namespace if wanted: add kube-system to the list of namespaces, and add apps to backup in the list of kube_system_filter, or leave it blank []

define path to backup dir by modifying: repo_path

Add or remove apis by modifying resource_types. Note that the resource_types must have been defined in the k8s_client_apis.yaml. Define new resource types when necessary at k8s_client_apis.yaml. Find the list of available APIS here: https://github.com/kubernetes-client/python/blob/master/kubernetes/README.md

Run:

• k8s_yaml_exporter.py -> exports resources from current cluster to repo_path, assuming the cluster name is defined in the local cluster config in the format SOMEIDENTIFIER_CLUSTERNAME or CLUSTERNAME. Iterates through resource_types.

python3 k8s_yaml_exporter.py

or run:

• main.py -> pulls remote_repo to repo_path assuming ~/.ssh exist locally. Exports resources from current cluster to repo_path and overwrites any files with same name, commits changes, and pushes it to remote_repo on remote_branch.

python3 main.py

NOTE There are two environment variables available:

• CLUSTER_NAME: Overwrites the folder name
• KEEP_OLD: defaults to True. Set to false to delete files that are no longer running in cluster.

Run as cronjob in local kubernetes cluster.

Build docker image: docker build -t k8s-resources-backup:TAG .

You need to add id_rsa and known_hosts files as secret to the cluster.

Either run:

kubectl create secret generic k8s-resources-backup-ssh --from-file=id_rsa=id_rsa --from-file=known_hosts=known_hosts

or

apiVersion: v1
data:
  id_rsa: <base64 encoded private-key>
  known_hosts: <base64 encoded known_hosts>
kind: Secret
metadata:
  name: k8s-resources-backup-ssh
  namespace: default
type: Opaque

Deploying using kubectl

1. create secret; kubectl create secret generic k8s-resources-backup-ssh --from-file=id_rsa=id_rsa --from-file=known_hosts=known_hosts

2. apply rbac; kubectl apply -f k8s-resources-backup-rbac.yaml If any errors, you might need permissions. try;

kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole cluster-admin \
  --user $(gcloud config get-value account)

3. apply configmap; kubectl apply -f k8s-resources-backup-configmap.yaml

4. run cronjob; kubectl apply -f k8s-resources-backup-cronjob.yaml

1