vincent-zurczak/backup-k8s-secrets.sh

## backup-k8s-secrets.sh
mkdir -p /tmp/backup
cd /tmp/backup

# Only backup "opaque" secrets
# (not those for service accounts, etc).
#
# To back up them all, use the following query:
# kubectl get secrets -o json | jq -r '.items[].metadata.name'
for secret in $(kubectl get secrets -o json | jq -r '.items[] | select(.type == "Opaque") | .metadata.name'); do
	echo "Backing up ${secret}..."

	# --export is deprecated (and was not perfect)
	# https://github.com/kubernetes/kubernetes/pull/73787
	kubectl get secret "${secret}" -o yaml | \
		sed '/namespace: /d' | \
		sed '/resourceVersion: /d' | \
		sed '/selfLink: /d' | \
		sed '/uid: /d' | \
		sed '/creationTimestamp: /d' | \
		sed '/field.cattle.io/d' > "${secret}".yaml
done

the_date=`date '+%Y-%m-%d--%H-%M-%S'`
tar -czvf "secrets-backup-${the_date}.tar.gz" *.yaml

## restore-k8s-secrets.sh
mkdir restore
tar -C restore -xvf secrets-backup-some_date.tar.gz
kubectl create -f restore
	mkdir -p /tmp/backup
	cd /tmp/backup

	# Only backup "opaque" secrets
	# (not those for service accounts, etc).
	#
	# To back up them all, use the following query:
	# kubectl get secrets -o json \| jq -r '.items[].metadata.name'
	for secret in $(kubectl get secrets -o json \| jq -r '.items[] \| select(.type == "Opaque") \| .metadata.name'); do
	echo "Backing up ${secret}..."

	# --export is deprecated (and was not perfect)
	# https://github.com/kubernetes/kubernetes/pull/73787
	kubectl get secret "${secret}" -o yaml \| \
	sed '/namespace: /d' \| \
	sed '/resourceVersion: /d' \| \
	sed '/selfLink: /d' \| \
	sed '/uid: /d' \| \
	sed '/creationTimestamp: /d' \| \
	sed '/field.cattle.io/d' > "${secret}".yaml
	done

	the_date=`date '+%Y-%m-%d--%H-%M-%S'`
	tar -czvf "secrets-backup-${the_date}.tar.gz" *.yaml
	mkdir restore
	tar -C restore -xvf secrets-backup-some_date.tar.gz
	kubectl create -f restore