From 73eceab1feb627cacd47dac4f2ff8370a1253e39 Mon Sep 17 00:00:00 2001
From: lecaros <lecaros@calyptia.com>
Date: Fri, 24 Jan 2025 19:46:12 -0300
Subject: [PATCH 1/2] fix: exclude secrets from the resources export

Signed-off-by: lecaros <lecaros@calyptia.com>
---
 support.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/support.sh b/support.sh
index a38fb25..57f29a1 100755
--- a/support.sh
+++ b/support.sh
@@ -46,8 +46,8 @@ mkdir -p "$OUTPUT_DIR"/cluster
 # Grab stuff not returned by `get all`
 for namespace in $(\kubectl get namespaces --output=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}')
 do
-    # Get YAML for everything in the namespace
-    for resource_type in $(\kubectl api-resources --namespaced --verbs=list -o name | tr "\n" " ");
+    # Get YAML for everything in the namespace, except secrets. If more resources need to be excluded, add them to the grep list.
+    for resource_type in $(\kubectl api-resources --namespaced --verbs=list -o name | grep -Ewv "^(secrets)$" | tr "\n" " ");
     do
         mkdir -p "${OUTPUT_DIR}/namespaces/${namespace}"
         \kubectl get -n "$namespace" "$resource_type" --show-kind --ignore-not-found -o yaml > "${OUTPUT_DIR}/namespaces/${namespace}"/"$resource_type".yaml

From 985aaf6cf404a580b296bdd126bc37afac1e5e2c Mon Sep 17 00:00:00 2001
From: lecaros <lecaros@chronosphere.io>
Date: Fri, 24 Jan 2025 20:05:28 -0300
Subject: [PATCH 2/2] fix: get all the secrets (redacted) from the
 corresponding namespace.

All values for the keys inside .data will be redacted.
Getting the list of secrets and the metadata could be useful for troubleshooting.

Signed-off-by: lecaros <lecaros@chronosphere.io>
---
 support.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/support.sh b/support.sh
index 57f29a1..82096b4 100755
--- a/support.sh
+++ b/support.sh
@@ -53,6 +53,12 @@ do
         \kubectl get -n "$namespace" "$resource_type" --show-kind --ignore-not-found -o yaml > "${OUTPUT_DIR}/namespaces/${namespace}"/"$resource_type".yaml
     done
 
+    # Get secrets in the namespace. All data values will be redacted.
+    for secret in $(\kubectl get secrets -n "$namespace" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}')
+    do
+        \kubectl get secret "$secret" -n "$namespace" -o json | jq '.data |= with_entries(.value = "--REDACTED--")' >> "${OUTPUT_DIR}/namespaces/${namespace}"/secrets.json
+    done
+
     # Attempt to discover token and url for cloud-api in cluster
     if [[ -z "$CALYPTIA_CLOUD_TOKEN" ]]; then
         if \kubectl get --namespace "$namespace" secret auth-secret &>/dev/null; then