|
| 1 | +# crane export |
| 2 | + |
| 3 | +Export namespace resources from a source Kubernetes cluster to disk. |
| 4 | + |
| 5 | +## Synopsis |
| 6 | + |
| 7 | +```bash |
| 8 | +crane export [flags] |
| 9 | +``` |
| 10 | + |
| 11 | +## Description |
| 12 | + |
| 13 | +`crane export` discovers all API types in a Kubernetes cluster, lists objects in the specified namespace (plus related cluster-scoped RBAC resources), and writes manifests to an export directory. This is the first step in the Crane migration pipeline. |
| 14 | + |
| 15 | +Exported resources are written as individual YAML files under `export/resources/<namespace>/`. Cluster-scoped resources related to the namespace (ClusterRoleBindings, ClusterRoles, SCCs) are written to `export/resources/<namespace>/_cluster/`. Any errors encountered during listing are recorded in `export/failures/<namespace>/`. |
| 16 | + |
| 17 | +### CRD Collection |
| 18 | + |
| 19 | +When custom resources are found in the namespace, Crane automatically collects their corresponding CustomResourceDefinitions. Operator-managed CRDs (identified via owner references) are skipped, since they should be installed by the operator on the target cluster rather than migrated directly. If the migration user lacks permission to read CRDs, Crane logs a warning and continues — the assumption is that the CRDs already exist on the target. |
| 20 | + |
| 21 | +## Flags |
| 22 | + |
| 23 | +| Flag | Short | Default | Description | |
| 24 | +|------|-------|---------|-------------| |
| 25 | +| `--export-dir` | `-e` | `export` | The path where files are exported | |
| 26 | +| `--label-selector` | `-l` | | Restrict export to resources matching a label selector | |
| 27 | +| `--namespace` | `-n` | _(context default)_ | Namespace to export | |
| 28 | +| `--crd-skip-group` | | | API groups to skip for CRD export (repeatable) | |
| 29 | +| `--crd-include-group` | | | API groups to force-include for CRD export (repeatable) | |
| 30 | +| `--as-extras` | | | Extra impersonation info (format: `key=val1,val2;key2=val3`) | |
| 31 | +| `--qps` | `-q` | `100` | Query-per-second rate for API requests | |
| 32 | +| `--burst` | `-b` | `1000` | API burst rate | |
| 33 | + |
| 34 | +Standard kubeconfig flags (`--kubeconfig`, `--context`, `--cluster`, `--as`, `--as-group`, etc.) are also available. |
| 35 | + |
| 36 | +## Output Structure |
| 37 | + |
| 38 | +```text |
| 39 | +export/ |
| 40 | +├── resources/ |
| 41 | +│ └── <namespace>/ |
| 42 | +│ ├── Deployment_apps_v1_<ns>_<name>.yaml |
| 43 | +│ ├── Service__v1_<ns>_<name>.yaml |
| 44 | +│ ├── ConfigMap__v1_<ns>_<name>.yaml |
| 45 | +│ └── _cluster/ |
| 46 | +│ ├── ClusterRoleBinding_rbac.authorization.k8s.io_v1_clusterscoped_<name>.yaml |
| 47 | +│ ├── ClusterRole_rbac.authorization.k8s.io_v1_clusterscoped_<name>.yaml |
| 48 | +│ └── CustomResourceDefinition_apiextensions.k8s.io_v1_clusterscoped_<name>.yaml |
| 49 | +└── failures/ |
| 50 | + └── <namespace>/ |
| 51 | + └── <error-files> |
| 52 | +``` |
| 53 | + |
| 54 | +Resource filenames follow the format: `Kind_group_version_namespace_name.yaml` |
| 55 | + |
| 56 | +## Examples |
| 57 | + |
| 58 | +### Basic namespace export |
| 59 | + |
| 60 | +```bash |
| 61 | +crane export -n my-app |
| 62 | +``` |
| 63 | + |
| 64 | +### Export with label selector |
| 65 | + |
| 66 | +```bash |
| 67 | +crane export -n my-app --label-selector "app=frontend" |
| 68 | +``` |
| 69 | + |
| 70 | +### Export with custom directory |
| 71 | + |
| 72 | +```bash |
| 73 | +crane export -n my-app --export-dir ./migration/export |
| 74 | +``` |
| 75 | + |
| 76 | +### Export with impersonation |
| 77 | + |
| 78 | +```bash |
| 79 | +crane export -n my-app --as system:serviceaccount:my-app:deployer |
| 80 | +``` |
| 81 | + |
| 82 | +### Export with extra impersonation info |
| 83 | + |
| 84 | +```bash |
| 85 | +crane export -n my-app \ |
| 86 | + --as user@example.com \ |
| 87 | + --as-extras "scope=read,write;project=my-project" |
| 88 | +``` |
| 89 | + |
| 90 | +### Export skipping specific CRD groups |
| 91 | + |
| 92 | +```bash |
| 93 | +crane export -n my-app --crd-skip-group monitoring.coreos.com |
| 94 | +``` |
| 95 | + |
| 96 | +## Common Errors |
| 97 | + |
| 98 | +| Error | Cause | Solution | |
| 99 | +|-------|-------|----------| |
| 100 | +| `namespace must be set` | No namespace specified and none in kubeconfig context | Use `-n <namespace>` | |
| 101 | +| `namespaces "X" not found` | Namespace does not exist | Verify namespace name | |
| 102 | +| `cannot verify namespace exists` | Insufficient RBAC (warning only) | Export proceeds; verify namespace exists manually | |
| 103 | +| `extras requires specifying a user or group` | `--as-extras` used without `--as` | Add `--as` or `--as-group` flag | |
| 104 | + |
| 105 | +## Next Steps |
| 106 | + |
| 107 | +After exporting, transform the resources: |
| 108 | + |
| 109 | +```bash |
| 110 | +crane transform --export-dir export |
| 111 | +``` |
| 112 | + |
| 113 | +See [crane transform](./transform.md) for details. |
0 commit comments