{"id":26731686,"url":"https://github.com/bakito/kubexporter","last_synced_at":"2025-12-16T09:19:50.119Z","repository":{"id":39634288,"uuid":"318198108","full_name":"bakito/kubexporter","owner":"bakito","description":"📥 easily export your k8s resources","archived":false,"fork":false,"pushed_at":"2025-04-10T04:07:19.000Z","size":2656,"stargazers_count":40,"open_issues_count":6,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-10T05:24:47.596Z","etag":null,"topics":["kubectl-plugin","kubectl-plugins","kubernetes","oc-plugin"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bakito.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["bakito"]}},"created_at":"2020-12-03T13:13:18.000Z","updated_at":"2025-04-09T04:07:33.000Z","dependencies_parsed_at":"2023-10-15T11:06:01.083Z","dependency_job_id":"9cca6c9a-ee46-48ad-963a-1f2c14f9eae7","html_url":"https://github.com/bakito/kubexporter","commit_stats":null,"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakito%2Fkubexporter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakito%2Fkubexporter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakito%2Fkubexporter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakito%2Fkubexporter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bakito","download_url":"https://codeload.github.com/bakito/kubexporter/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248871614,"owners_count":21175259,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubectl-plugin","kubectl-plugins","kubernetes","oc-plugin"],"created_at":"2025-03-28T00:37:23.411Z","updated_at":"2025-12-16T09:19:50.110Z","avatar_url":"https://github.com/bakito.png","language":"Go","funding_links":["https://github.com/sponsors/bakito"],"categories":[],"sub_categories":[],"readme":"[![Go](https://github.com/bakito/kubexporter/workflows/Go/badge.svg)](https://github.com/bakito/kubexporter/actions?query=workflow%3AGo)\n[![Go Report Card](https://goreportcard.com/badge/github.com/bakito/kubexporter)](https://goreportcard.com/report/github.com/bakito/kubexporter)\n[![GitHub Release](https://img.shields.io/github/release/bakito/kubexporter.svg?style=flat)](https://github.com/bakito/kubexporter/releases)\n[![Coverage Status](https://coveralls.io/repos/github/bakito/kubexporter/badge.svg?branch=main)](https://coveralls.io/github/bakito/kubexporter?branch=main)\n[![Static Badge](https://img.shields.io/badge/try_me-on_Killercoda-black)](https://killercoda.com/bakito/scenario/kubernetes-kubexporter)\n\n\n\u003cdiv align=\"right\"\u003e\n  \u003cimg src=\"docs/icons/kubexporter.png\" alt=\"kubexporter\" width=\"100\"/\u003e\n\u003c/div\u003e\n\n# KubExporter\n\nKubExporter allows you to export resources from kubernetes as yaml/json files.\n\nThe configuration allows customization on which resources and which fields to exclude.\n\n## Install\n\nDownload the latest binary from https://github.com/bakito/kubexporter/releases.\n\n[![Packaging status](https://repology.org/badge/vertical-allrepos/kubexporter.svg)](https://repology.org/project/kubexporter/versions)\n\n### Brew\n\n```bash\n# Add the tap\nbrew tap bakito/tap\n\n# install kubexporter \nbrew install --cask kubexporter\n```\n\n### Snap\n\n```bash\nsudo snap install kubexporter\n```\n\n### Use as kubectl plugin\n\nRename the binary to kubectl-exporter.\n\n```bash\nkubectl exporter ...\n```\n\n## Usage\n\n```bash\nUsage:\n  kubexporter [flags]\n\nFlags:\n      --as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.\n      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.\n      --as-uid string                  UID to impersonate for the operation.\n      --cache-dir string               Default cache directory (default \"/home/bakito/.kube/cache\")\n      --certificate-authority string   Path to a cert file for the certificate authority\n  -c, --clear-target                   If enabled, the target dir is deleted before running the new export\n      --client-certificate string      Path to a client certificate file for TLS\n      --client-key string              Path to a client key file for TLS\n      --cluster string                 The name of the kubeconfig cluster to use\n      --config string                  config file\n      --context string                 The name of the kubeconfig context to use\n      --created-within duration        The max allowed age duration for the resources\n      --disable-compression            If true, opt-out of response compression for all requests to the server\n  -e, --exclude-kinds strings          Do not export excluded kinds\n  -h, --help                           help for kubexporter\n  -i, --include-kinds strings          Export only included kinds, if included kinds are defined, excluded will be ignored\n      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure\n      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.\n  -l, --lists                          If enabled, all resources are exported as lists instead of individual files\n  -n, --namespace string               If present, the namespace scope for this CLI request\n  -o, --output string                  Output format. One of: (json, yaml). (default \"yaml\")\n  -p, --progress string                Progress mode bar|simple|none (default bar)  (default \"bar\")\n  -q, --quiet                          If enabled, output is prevented\n      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default \"0\")\n  -s, --server string                  The address and port of the Kubernetes API server\n      --show-managed-fields            If true, keep the managedFields when printing objects in JSON or YAML format.\n      --summary                        If enabled, a summary is printed\n  -t, --target string                  Set the target directory (default exports) (default \"exports\")\n      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used\n      --token string                   Bearer token for authentication to the API server\n      --user string                    The name of the kubeconfig user to use\n  -v, --verbose                        If enabled, errors during export are listed in summary\n      --version                        version for kubexporter\n  -w, --worker int                     The number of worker to use for the export (default 1)\n\n```\n\n[![asciicast](https://asciinema.org/a/J793zgHiRBgDTgWbKjHrsM8YL.svg)](https://asciinema.org/a/J793zgHiRBgDTgWbKjHrsM8YL)\n\n## Configuration\n\n### Config\n\nKubExporter exports by default all resources and allows to exclude unwanted resources.\nThe benefit is that new custom resource definitions are automatically considered in the export.\n\nExample configuration\n\n```yaml\n# print a summary\nsummary: true\n# print progress (bar|simple|none)\nprogress: bar\n# create an archive\narchive: true\n# S3 Configuration to upload the archive to an S3 compatible storage\n#s3:\n#  endpoint: \u003cyour-s3-endpoint\u003e\n#  accessKeyID: \u003cyour-access-key-id\u003e\n#  secretAccessKey: \u003cyour-secret-access-key\u003e\n#  token: \u003cyour-session-token\u003e # Optional\n#  secure: true # Use HTTPS (default)\n#  bucket: \u003cyour-bucket-name\u003e\n#gcs:\n#  bucket: \u003cyour-bucket-name\u003e\n\n# define a single namespace (default all)\nnamespace:\n# define the number of parallel worker\nworker: 1\n# export as lists\nasLists: false\n# enable pagination on queries (only supported when asLists = false)\n#queryPageSize: 1000\n# clear the target directory before exporting\nclearTarget: true\nexcluded:\n  # list all kinds to be excluded\n  kinds:\n    - Binding\n    - ComponentStatus\n    - Endpoints\n    - Event\n    - LimitRange\n    - LocalSubjectAccessReview\n    - PersistentVolume\n    - Pod\n    - ReplicationController\n    - ReplicationControllerDummy\n    - RoleBindingRestriction\n    - apps.ReplicaSet\n    - batch.Job\n    - events.k8s.io.Event\n    - extensions.ReplicaSet\n  # list fields that should be removed for all resources before exported; slices are also traversed\n  fields:\n    - [status]\n    - [metadata, uid]\n    - [metadata, selfLink]\n    - [metadata, resourceVersion]\n    - [metadata, creationTimestamp]\n    - [metadata, generation]\n    - [metadata, annotations, \"kubectl.kubernetes.io/last-applied-configuration\"]\n  # kind specific excluded fields\n  kindFields:\n    Service:\n      - [spec, clusterIP]\n  # allows to exclude single instances with certain field values\n  kindByField:\n    Service:\n      - field: [metadata, name]\n        # the value is compared to the string representation of the actual kind value\n        values: [exclude-me-1, exclude-me-2]\n    Secret:\n      - field: [type]\n        # exclude helm secrets\n        values: ['helm.sh/release', 'helm.sh/release.v1']\n# excludes resources if the owner reference kind is excluded\nconsiderOwnerReferences: false\n# mask certain fields \nmasked:\n  # the replacement string to be used for masked fields (default '***')\n  replacement: '***'\n  # generate a checksum from the value to be masked value instead of the replacement. (supported 'md5', 'sha1', 'sha256')  \n  checksum: ''\n  # kind specific fields that should be masked\n  kindFields:\n    Secret:\n      - [data]\n# encrypt certain fields \n#encrypted:\n#  # the aes key to use to encrypt the field values. The key can also be provided via env variable 'KUBEXPORTER_AES_KEY'\n#  aesKey: '***'\n#  # kind specific fields that should be encrypted. NOTE: if the same fields or a parent branch is also masked, masking wins over encryption.\n#  kindFields:\n#    Secret:\n#      - [ data ]\n\n# sort the slice field value before exporting\nsortSlices:\n  User:\n    - [roles]\n```\n\n### S3\n\nYou can configure `kubexporter` to upload the created archive to an S3 compatible storage.\n\nThe following fields are available for S3 configuration:\n\n* `endpoint`: The S3 endpoint.\n* `accessKeyID`: The access key ID.\n* `secretAccessKey`: The secret access key.\n* `token`: The session token (optional).\n* `secure`: Set to `true` for HTTPS, `false` for HTTP.\n* `bucket`: The name of the S3 bucket.\n\n#### Authentication\n\nCredentials must be provided in the config file. Environment variables are not automatically used if these fields are\nset (even if empty).\n\nExample:\n\n```yaml\ns3:\n  endpoint: \u003cyour-s3-endpoint\u003e\n  accessKeyID: \u003cyour-access-key-id\u003e\n  secretAccessKey: \u003cyour-secret-access-key\u003e\n  token: \u003cyour-session-token\u003e # Optional\n  secure: true # Use HTTPS (default)\n  bucket: \u003cyour-bucket-name\u003e\n```\n\n### GCS\n\nYou can configure `kubexporter` to upload the created archive to a GCS bucket.\n\nThe following fields are available for GCS configuration:\n\n* `bucket`: The name of the GCS bucket.\n\n#### Authentication\n\nAuthentication to Google Cloud Storage is handled automatically\nvia [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).\n\nYou can configure ADC in one of the following ways:\n\n* **Service Account Key File:** Set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to the path of the JSON\n  file that contains your service account key.\n  ```bash\n  export GOOGLE_APPLICATION_CREDENTIALS=\"/path/to/your/keyfile.json\"\n  ```\n* **gcloud CLI:** Authenticate with the gcloud CLI.\n  ```bash\n  gcloud auth application-default login\n  ```\n* **Workload Identity (Recommended for GKE):** When running in a GKE cluster, the recommended way to authenticate is by\n  using Workload Identity. This allows your Kubernetes pod to impersonate a Google Service Account without needing to\n  handle service account keys.\n\nExample:\n\n```yaml\ngcs:\n  bucket: \u003cyour-bucket-name\u003e\n```\n\n### Update Owner References\n\nAllows updating Owner references against a running cluster.\n\n```shell\nkubexporter update-owner-references\n\n FILE                                                                                 OWNER KIND  OWNER NAME                                 UID FROM                              UID TO                               \n cert-manager/cilium.io.CiliumEndpoint.cert-manager-cainjector-7fd8f6bbbf-9nlf2.yaml  Pod         cert-manager-cainjector-7fd8f6bbbf-9nlf2   1d494969-hhhh-4c79-96d4-25d31c66c895  1d494969-db54-4c79-96d4-25d31c66c895 \n cert-manager/cilium.io.CiliumEndpoint.cert-manager-webhook-787cd749dc-7sfvq.yaml     Pod         cert-manager-webhook-787cd749dc-7sfvq-XXX  eeeb48d9-751c-4aa9-9389-6aab845dba1e  \u003cNOT FOUND\u003e      \n```\n\n### Decrypt encrypted values\n\nExported files with encrypted values can be decrypted with the decrypt command.\n\nThe aes key can b provided via arg `--aes-key`, env variable `KUBEXPORTER_AES_KEY`. If not provided the key can be\nentered via password prompt.\n\n1 - n file paths are defined via command arguments.\n\n```shell\nkubexporter decrypt exports/argocd/Secret.argocd-secret.yaml\n\n FILE                                      NAMESPACE  KIND    NAME           DECRYPTED FIELDS\n exports/argocd/Secret.argocd-secret.yaml  argocd     Secret  argocd-secret                 5\n\n```\n\n#### Decrypt multiple files\n\n```shell\nkubexporter decrypt $(ls exports/argocd/Secret*)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbakito%2Fkubexporter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbakito%2Fkubexporter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbakito%2Fkubexporter/lists"}