Dump all the Kubernetes objects from cluster

dump-all-secrets.sh

#!/usr/bin/env bash

set -e

#  Replace with your kubeconfig
export KUBECONFIG=/home/alex/.kube/develop-config.yaml
# export KUBECONFIG=/home/alex/.kube/production-config.yaml

# Define whitelisted namespaces (empty array means process all except blacklisted)
WHITELIST=()

# Define blacklisted namespaces (only used when WHITELIST is empty)
BLACKLIST=(
    "kube-system"
)

# Set output directory (default to current directory)
OUTPUT_DIR="./secrets_$(date +%Y%m%d)"

# Create output directory
mkdir -p "${OUTPUT_DIR}"

# Get all namespaces
NAMESPACES=$(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}')

# Function to check if namespace should be processed
should_process_namespace() {
    local ns=$1
    
    # If whitelist is not empty, only process whitelisted namespaces
    if [ ${#WHITELIST[@]} -gt 0 ]; then
        for allowed in "${WHITELIST[@]}"; do
            if [[ "$ns" == "$allowed" ]]; then
                return 0
            fi
        done
        return 1
    fi
    
    # If whitelist is empty, process all except blacklisted
    for blocked in "${BLACKLIST[@]}"; do
        if [[ "$ns" == "$blocked" ]]; then
            return 1
        fi
    done
    return 0
}

# Iterate through each namespace
for NAMESPACE in $NAMESPACES; do
    # Check if namespace should be processed
    if ! should_process_namespace "$NAMESPACE"; then
        echo "󱞡 Skipping namespace: $NAMESPACE"
        continue
    fi
    
    echo "🔍 Processing namespace: $NAMESPACE"
    
    # Set output file for this namespace
    NAMESPACE_FILE="${OUTPUT_DIR}/${NAMESPACE}_secrets.txt"
    
    # Create/clear the namespace file
    > "${NAMESPACE_FILE}"
    
    # Add namespace header to file
    echo "==========================================
    Namespace: ${NAMESPACE}
==========================================
" > "${NAMESPACE_FILE}"
    
    # Get all secrets in the current namespace
    kubectl get secrets -n $NAMESPACE -o json | jq -r '.items[] | .metadata.name' | while read SECRET; do
        echo "   └─ Dumping secret: $SECRET in namespace: $NAMESPACE"
        
        # Add secret header to file
        echo "
--- Secret: ${SECRET} ---" >> "${NAMESPACE_FILE}"
        
        # Get each key in the secret
        kubectl get secret $SECRET -n $NAMESPACE -o json | jq -r '.data | to_entries[] | "\(.key)=\(.value)"' | while IFS='=' read -r key value; do
            # Decode the value from Base64 and append to file
            echo "Key: ${key}" >> "${NAMESPACE_FILE}"
            echo "Value:" $(echo "$value" | base64 --decode) >> "${NAMESPACE_FILE}"
            echo "" >> "${NAMESPACE_FILE}"
        done
    done
done

echo "🎉 All secrets have been dumped to ${OUTPUT_DIR}/"

dump-k8s-objects.sh

#!/usr/bin/env bash

set -e

NAMESPACE=dev
OBJECTS_TO_DUMP=pv,pvc,configmap,serviceaccount,secret,service,deployment,statefulset,job,cronjob

SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
DUMP_DIR=$SCRIPT_DIR/dump

neat () {
  yq --yaml-output 'del(.metadata.annotations,
             .metadata.creationTimestamp,
             .metadata.generateName,
             .metadata.generation,
             .metadata.managedFields,
             .metadata.namespace,
             .metadata.ownerReferences,
             .metadata.resourceVersion,
             .metadata.selfLink,
             .metadata.uid,
             .spec.clusterIP,
             .spec.clusterIPs,
             .spec.externalTrafficPolicy,
             .spec.sessionAffinity,
             .spec.progressDeadlineSeconds,
             .spec.revisionHistoryLimit,
             .spec.strategy.rollingUpdate,
             .spec.template.metadata.annotations,
             .spec.template.metadata.creationTimestamp,
             .spec.template.spec.affinity,
             .spec.template.spec.dnsPolicy,
             .spec.template.spec.restartPolicy,
             .spec.template.spec.schedulerName,
             .spec.template.spec.securityContext,
             .spec.template.spec.terminationGracePeriodSeconds,
             .spec.tolerations,
             .status)' -
}

neat_deployment () {
  yq --yaml-output 'del(.spec.template.spec.containers[].terminationMessagePath,
     .spec.template.spec.containers[].terminationMessagePolicy)' -
}

neat_service () {
  yq --yaml-output '.spec.type = "ClusterIP"' | yq --yaml-output 'del(.spec.ports[].nodePort)' -
}

for n in $(kubectl get -n $NAMESPACE -o=name $OBJECTS_TO_DUMP)
do
  resource=$(dirname $n)
  mkdir -p $DUMP_DIR/$resource

  if [ "$resource" == "deployment.apps" ]; then
    kubectl get -o=yaml -n $NAMESPACE $n | neat | neat_deployment > $DUMP_DIR/$n.yaml
  elif [ "$resource" == "service" ]; then
    kubectl get -o=yaml -n $NAMESPACE $n | neat | neat_service > $DUMP_DIR/$n.yaml
  else
    kubectl get -o=yaml -n $NAMESPACE $n | neat > $DUMP_DIR/$n.yaml
  fi
done

echo "🎉 All done!"

update-kustomization-file.sh

#!/usr/bin/env bash

set -e

SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
reldir=$0
 
# yamls=$(find $SCRIPT_DIR/base -type f -name "*.yaml" | grep -v kustomization.yaml)
# Собираем все yaml-файлы в папке base игнорируя папку postgres и файл kustomization.yaml
yamls=$(find $SCRIPT_DIR/base -name 'postgres' -prune -o -name '*.yaml' -print | grep -v kustomization.yaml)

for y in ${yamls[@]}; do
  echo $y
  cd $SCRIPT_DIR/base
  kustomize edit add resource ${y#$SCRIPT_DIR/base/}
done