{"id":13549871,"url":"https://github.com/Paxa/kube-backup","last_synced_at":"2025-04-02T23:31:16.348Z","repository":{"id":136209736,"uuid":"141112023","full_name":"Paxa/kube-backup","owner":"Paxa","description":"Kubernetes resource yamls backup to git","archived":false,"fork":false,"pushed_at":"2023-01-27T10:12:21.000Z","size":52,"stargazers_count":85,"open_issues_count":5,"forks_count":14,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-03-16T23:43:28.852Z","etag":null,"topics":["backup-script","devops","kubernetes","kubernetes-monitoring","ruby"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Paxa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-07-16T08:48:32.000Z","updated_at":"2024-02-10T19:12:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"ebe64542-9751-426e-8405-f8547cb137a7","html_url":"https://github.com/Paxa/kube-backup","commit_stats":null,"previous_names":["paxa/kube-backup"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Paxa%2Fkube-backup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Paxa%2Fkube-backup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Paxa%2Fkube-backup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Paxa%2Fkube-backup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Paxa","download_url":"https://codeload.github.com/Paxa/kube-backup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246910955,"owners_count":20853652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup-script","devops","kubernetes","kubernetes-monitoring","ruby"],"created_at":"2024-08-01T12:01:26.515Z","updated_at":"2025-04-02T23:31:15.916Z","avatar_url":"https://github.com/Paxa.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Kube-backup\n\nKubernetes resource state backup to git\n\n### Git structure\n\n```\n_global_ - global resources such as Node, ClusterRole, StorageClass\n_grafana_ - grafana configs (when grafana enabled)\n\u003cnamespace\u003e - such as kube-system, default, etc...\n  \u003cResourceType\u003e - folder for each resource type\n    \u003cresource-name.yaml\u003e - file for each resource\n```\n\n### Screenshots\n\u003cimg src=\"https://user-images.githubusercontent.com/26019/48974539-12be7600-f097-11e8-91d7-b19c4c8d3e23.png\" width=\"40%\"\u003e \u003cimg src=\"https://user-images.githubusercontent.com/26019/48974571-b9a31200-f097-11e8-8f0a-52afc67e4112.png\" width=\"57%\"\u003e\n\n### Deployment\n\nYaml manifests are in  [deploy folder](https://github.com/kuberhost/kube-backup/tree/master/deploy).\n\n#### Create Deployment Key\n\nGithub and gitlab support adding key only for one repository\n\n* Create repo\n* Generate ssh key `ssh-keygen -f ./new_key`\n* Add new ssh key to repo with write access\n* Save key to [2_config_map.yaml](https://github.com/kuberhost/kube-backup/blob/master/deploy/2_config_map.yaml) (see comments in file)\n\n#### Testing Deployment\n\nI recommend to run it periodically with kubernetes' CronJob resource, if you want to test how it works without waiting then can change running schedule or create pod with same parameters\n\n### Commands\n\n* `kube_backup backup` - pull remote git repository, save kubernetes state, make git commit in local repository\n* `kube_backup push` - push changes to remote repository\n* `kube_backup help` - shows help\n\nDocker image by default runs `kube_backup backup \u0026\u0026 kube_backup push`\n\n### Config\n\n* `GIT_REPO_URL` - remote git URL like `git@github.com:kuberhost/kube-backup.git` (required)\n* `BACKUP_VERBOSE` use 1 to enable verbose logging\n* `TARGET_PATH` - local git repository folder, default `./kube_state`\n* `SKIP_NAMESPACES` - namespaces to exclude, separated by coma (,)\n* `ONLY_NAMESPACES` - whitelist namespaces\n* `GLOBAL_RESOURCES` - override global resources list, default is `node, apiservice, clusterrole, clusterrolebinding, podsecuritypolicy, storageclass, persistentvolume, customresourcedefinition, mutatingwebhookconfiguration, validatingwebhookconfiguration, priorityclass`\n* `EXTRA_GLOBAL_RESOURCES` - use it to add resources to `GLOBAL_RESOURCES` list\n* `SKIP_GLOBAL_RESOURCES` - blacklist global resources\n* `RESOURCES` - default list of namespaces resources, see `KubeBackup::TYPES`\n* `EXTRA_RESOURCES` - use it to add resources to `RESOURCES` list\n* `SKIP_RESOURCES` - exclude resources\n* `SKIP_OBJECTS` - use it to skip individual objects, such as `kube-backup/ConfigMap/kube-backup-ssh-config` (separated by coma, spaces around coma ignored)\n* `GIT_USER` - default is `kube-backup`\n* `GIT_EMAIL` - default is `kube-backup@$(HOSTNAME)`\n* `GIT_BRANCH` - Git branch, default is `master`\n* `GIT_PREFIX` - Path to the subdirectory in your repository\n* `GRAFANA_URL` - grafana api URL, e.g. `https://grafana.my-cluster.com`\n* `GRAFANA_TOKEN` - grafana API token, create at https://your-grafana/org/apikeys\n* `TZ` - timezone of commit times. e.g. `:Europe/Berlin`\n\n### Security\n\nTo avoid man in a middle attack it's recommended to provide `known_hosts` file. Default `known_hosts` contain keys for github.com, gitlab.com and bitbucket.org\n\n#### Custom Resources\n\nLet's say we have a cluster with prometheus and certmanager, they register custom resources and we want to add them in backup.\n\nGet list of custom resource definitions:\n```\n$ kubectl get crd\n\nNAME                                    CREATED AT\nalertmanagers.monitoring.coreos.com     2018-06-27T10:33:00Z\ncertificates.certmanager.k8s.io         2018-06-27T09:39:43Z\nclusterissuers.certmanager.k8s.io       2018-06-27T09:39:43Z\nissuers.certmanager.k8s.io              2018-06-27T09:39:44Z\nprometheuses.monitoring.coreos.com      2018-06-27T10:33:00Z\nprometheusrules.monitoring.coreos.com   2018-06-27T10:33:00Z\nservicemonitors.monitoring.coreos.com   2018-06-27T10:33:00Z\n```\n\nOr get more useful output:\n```\n$ kubectl get crd -o json | jq -r '.items | (.[] | [.spec.names.singular, .spec.group, .spec.scope]) | @tsv'\nalertmanager    monitoring.coreos.com  Namespaced\ncertificate     certmanager.k8s.io     Namespaced\nclusterissuer   certmanager.k8s.io     Cluster\nissuer          certmanager.k8s.io     Namespaced\nprometheus      monitoring.coreos.com  Namespaced\nprometheusrule  monitoring.coreos.com  Namespaced\nservicemonitor  monitoring.coreos.com  Namespaced\n```\n\nSet env variables in container spec:\n```yaml\nenv:\n  - name: EXTRA_GLOBAL_RESOURCES\n    value: clusterissuer\n  - name: EXTRA_RESOURCES\n    value: alertmanager, prometheus, prometheusrule, servicemonitor, certificate, issuer\n```\n\n---\n\nSpecial thanks to Pieter Lange for [original idea](https://github.com/pieterlange/kube-backup/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPaxa%2Fkube-backup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPaxa%2Fkube-backup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPaxa%2Fkube-backup/lists"}