A simple project for exporting current Kubernetes resource files. Intended destination: git, bitbucket Supports multiple projects for destination paths.
Assuming python3 is installed.
pip3 install -r requirements.txt
check out the config.yaml file for possible configurations.
Add or remove namespaces by modifying namespaces
Filter the kube-system namespace if wanted: add kube-system to the list of namespaces, and add apps to backup in the list of kube_system_filter, or leave it blank []
define path to backup dir by modifying: repo_path
Add or remove apis by modifying resource_types.
Note that the resource_types must have been defined in the k8s_client_apis.yaml.
Define new resource types when necessary at k8s_client_apis.yaml. Find the list of available APIS here: https://github.com/kubernetes-client/python/blob/master/kubernetes/README.md
Run:
k8s_yaml_exporter.py-> exports resources from current cluster torepo_path, assuming the cluster name is defined in the local cluster config in the formatSOMEIDENTIFIER_CLUSTERNAMEorCLUSTERNAME. Iterates throughresource_types.
python3 k8s_yaml_exporter.py
or run:
main.py-> pullsremote_repotorepo_pathassuming~/.sshexist locally. Exports resources from current cluster torepo_pathand overwrites any files with same name, commits changes, and pushes it toremote_repoonremote_branch.
python3 main.py
NOTE There are two environment variables available:
- CLUSTER_NAME: Overwrites the folder name
- KEEP_OLD: defaults to True. Set to false to delete files that are no longer running in cluster.
Run as cronjob in local kubernetes cluster.
Build docker image: docker build -t k8s-resources-backup:TAG .
You need to add id_rsa and known_hosts files as secret to the cluster.
Either run:
kubectl create secret generic k8s-resources-backup-ssh --from-file=id_rsa=id_rsa --from-file=known_hosts=known_hosts
or
apiVersion: v1
data:
id_rsa: <base64 encoded private-key>
known_hosts: <base64 encoded known_hosts>
kind: Secret
metadata:
name: k8s-resources-backup-ssh
namespace: default
type: Opaque
Deploying using kubectl
-
create secret;
kubectl create secret generic k8s-resources-backup-ssh --from-file=id_rsa=id_rsa --from-file=known_hosts=known_hosts -
apply rbac;
kubectl apply -f k8s-resources-backup-rbac.yamlIf any errors, you might need permissions. try;
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole cluster-admin \
--user $(gcloud config get-value account)
-
apply configmap;
kubectl apply -f k8s-resources-backup-configmap.yaml -
run cronjob;
kubectl apply -f k8s-resources-backup-cronjob.yaml