kubectl get deploy $app -o yaml导出来的yaml里面存在部分无效信息，例如

- [ status ]
    - [ metadata, uid ]
    - [ metadata, selfLink ]
    - [ metadata, resourceVersion ]
    - [ metadata, creationTimestamp ]
    - [ metadata, generation ]
    - [ metadata, annotations, "kubectl.kubernetes.io/last-applied-configuration" ]
    - [ metadata, annotations, "deployment.kubernetes.io/revision" ]
    - [ metadata, annotations, "analysis.crane.io/resource-recommendation" ]
    - [ spec, template, metadata, creationTimestamp ]
    - [ spec, template, metadata, annotations, "kubectl.kubernetes.io/restartedAt" ]

https://github.com/bakito/kubexporter
自定义控制哪些kind需要被导出，导出的内容中，哪些字段是不需要的

#!/bin/bash
# 定时备份
k8s_clusters="dev prod"
path="/opt/backup/k8s"
date=$(date "+%Y%m%d")
mkdir -p ${path}
for k8s_cluster in ${k8s_clusters}
do
    /usr/local/bin/kubexporter --config /etc/kubexporter/config.yaml --kubeconfig /root/.kube/${k8s_cluster} --target ${path}/${k8s_cluster}/${date}
done

/etc/kubexporter/config.yaml

# print a summary
summary: true
# print progress (bar|simple|none)
progress: bar
# create an archive
archive: true
# define a single namespace (default all)
namespace:
# define the number of parallel worker
worker: 1
# export as lists
asLists: false
# enable pagination on queries (only supported when asLists = false)
#queryPageSize: 1000
# clear the target directory before exporting
clearTarget: true
excluded:
#  # list all kinds to be excluded
  kinds:
    - ComponentStatus
#    - ConfigMap
    - Endpoints
    - Event
    - LimitRange
    - Namespace
    - Node
#    - PersistentVolume
#    - PersistentVolumeClaim
    - Pod
    - PodTemplate
    - ReplicationController
    - ResourceQuota
#    - Secret
#    - Service
    - ServiceAccount
    - acme.cert-manager.io.Challenge
    - acme.cert-manager.io.Order
    - admissionregistration.k8s.io.MutatingWebhookConfiguration
    - admissionregistration.k8s.io.ValidatingWebhookConfiguration
    - analysis.crane.io.Analytics
    - analysis.crane.io.Recommendation
    - apiextensions.k8s.io.CustomResourceDefinition
    - apiregistration.k8s.io.APIService
    - apisix.apache.org.ApisixClusterConfig
    - apisix.apache.org.ApisixConsumer
    - apisix.apache.org.ApisixPluginConfig
    - apisix.apache.org.ApisixRoute
    - apisix.apache.org.ApisixTls
    - apisix.apache.org.ApisixUpstream
    - apps.ControllerRevision
#    - apps.DaemonSet
#    - apps.Deployment
    - apps.ReplicaSet
#    - apps.StatefulSet
    - autoscaling.HorizontalPodAutoscaler
    - autoscaling.cloud.tencent.com.HorizontalPodCronscaler
    - autoscaling.crane.io.EffectiveHorizontalPodAutoscaler
    - autoscaling.crane.io.EffectiveVerticalPodAutoscaler
    - autoscaling.crane.io.Substitute
    - backup.tke.cloud.tencent.com.Backup
    - backup.tke.cloud.tencent.com.BackupStorageLocation
    - backup.tke.cloud.tencent.com.DeleteBackupRequest
    - backup.tke.cloud.tencent.com.Restore
    - backup.tke.cloud.tencent.com.Schedule
#    - batch.CronJob
    - batch.Job
    - cdi.kubevirt.io.CDI
    - cert-manager.io.Certificate
    - cert-manager.io.CertificateRequest
    - cert-manager.io.ClusterIssuer
    - cert-manager.io.Issuer
    - certificates.k8s.io.CertificateSigningRequest
    - chaos-mesh.org.AWSChaos
    - chaos-mesh.org.AzureChaos
    - chaos-mesh.org.BlockChaos
    - chaos-mesh.org.DNSChaos
    - chaos-mesh.org.GCPChaos
    - chaos-mesh.org.HTTPChaos
    - chaos-mesh.org.IOChaos
    - chaos-mesh.org.JVMChaos
    - chaos-mesh.org.KernelChaos
    - chaos-mesh.org.NetworkChaos
    - chaos-mesh.org.PhysicalMachine
    - chaos-mesh.org.PhysicalMachineChaos
    - chaos-mesh.org.PodChaos
    - chaos-mesh.org.PodHttpChaos
    - chaos-mesh.org.PodIOChaos
    - chaos-mesh.org.PodNetworkChaos
    - chaos-mesh.org.RemoteCluster
    - chaos-mesh.org.Schedule
    - chaos-mesh.org.StatusCheck
    - chaos-mesh.org.StressChaos
    - chaos-mesh.org.TimeChaos
    - chaos-mesh.org.Workflow
    - chaos-mesh.org.WorkflowNode
    - cloud.tencent.com.NginxIngress
    - cloud.tencent.com.TkeServiceConfig
    - cls.cloud.tencent.com.LogConfig
    - configuration.konghq.com.IngressClassParameters
    - configuration.konghq.com.KongClusterPlugin
    - configuration.konghq.com.KongConsumer
    - configuration.konghq.com.KongIngress
    - configuration.konghq.com.KongPlugin
    - coordination.k8s.io.Lease
    - discovery.k8s.io.EndpointSlice
    - ensurance.crane.io.AvoidanceAction
    - ensurance.crane.io.NodeQOSEnsurancePolicy
    - ensurance.crane.io.PodQOSEnsurancePolicy
    - enterprise.gloo.solo.io.AuthConfig
    - events.k8s.io.Event
    - flowcontrol.apiserver.k8s.io.FlowSchema
    - flowcontrol.apiserver.k8s.io.PriorityLevelConfiguration
    - gateway.solo.io.Gateway
    - gateway.solo.io.RouteOption
    - gateway.solo.io.RouteTable
    - gateway.solo.io.VirtualHostOption
    - gateway.solo.io.VirtualService
    - gloo.solo.io.Proxy
    - gloo.solo.io.Settings
    - gloo.solo.io.Upstream
    - gloo.solo.io.UpstreamGroup
    - metrics.k8s.io.NodeMetrics
    - metrics.k8s.io.PodMetrics
    - monitor.tencent.io.CustomMetrics
    - monitoring.coreos.com.Alertmanager
    - monitoring.coreos.com.AlertmanagerConfig
    - monitoring.coreos.com.PodMonitor
    - monitoring.coreos.com.Probe
    - monitoring.coreos.com.Prometheus
    - monitoring.coreos.com.PrometheusRule
    - monitoring.coreos.com.ServiceMonitor
    - monitoring.coreos.com.ThanosRuler
    - networking.k8s.io.Ingress
    - networking.k8s.io.IngressClass
    - networking.k8s.io.NetworkPolicy
    - networking.tke.cloud.tencent.com.EIPClaim
    - networking.tke.cloud.tencent.com.LoadBalancerResource
    - networking.tke.cloud.tencent.com.NodeENIConfig
    - networking.tke.cloud.tencent.com.VpcENI
    - networking.tke.cloud.tencent.com.VpcIP
    - networking.tke.cloud.tencent.com.VpcIPClaim
    - node.k8s.io.RuntimeClass
    - policy.PodDisruptionBudget
    - policy.PodSecurityPolicy
    - prediction.crane.io.ClusterNodePrediction
    - prediction.crane.io.TimeSeriesPrediction
    - ratelimit.solo.io.RateLimitConfig
    - rbac.authorization.k8s.io.ClusterRole
    - rbac.authorization.k8s.io.ClusterRoleBinding
    - rbac.authorization.k8s.io.Role
    - rbac.authorization.k8s.io.RoleBinding
    - scheduling.k8s.io.PriorityClass
    - snapshot.storage.k8s.io.VolumeSnapshot
    - snapshot.storage.k8s.io.VolumeSnapshotClass
    - snapshot.storage.k8s.io.VolumeSnapshotContent
    - storage.k8s.io.CSIDriver
    - storage.k8s.io.CSINode
    - storage.k8s.io.CSIStorageCapacity
    - storage.k8s.io.StorageClass
    - storage.k8s.io.VolumeAttachment
    - tcfsoperator.k8s.io.Tcfs
    - tcr.tencentcloudcr.com.ImagePullSecret
    - velero.io.Backup
    - velero.io.BackupStorageLocation
    - velero.io.DeleteBackupRequest
    - velero.io.DownloadRequest
    - velero.io.PodVolumeBackup
    - velero.io.PodVolumeRestore
    - velero.io.ResticRepository
    - velero.io.Restore
    - velero.io.Schedule
    - velero.io.ServerStatusRequest
    - velero.io.VolumeSnapshotLocation
  # list fields that should be removed for all resources before exported; slices are also traversed
  fields:
    - [ status ]
    - [ metadata, uid ]
    - [ metadata, selfLink ]
    - [ metadata, resourceVersion ]
    - [ metadata, creationTimestamp ]
    - [ metadata, generation ]
#    - [ metadata, namespace ]
    - [ metadata, annotations, "kubectl.kubernetes.io/last-applied-configuration" ]
    - [ metadata, annotations, "deployment.kubernetes.io/revision" ]
    - [ metadata, annotations, "analysis.crane.io/resource-recommendation" ]
    - [ spec, template, metadata, creationTimestamp ]
    - [ spec, template, metadata, annotations, "kubectl.kubernetes.io/restartedAt" ]
    - [ spec, template, spec, containers, terminationMessagePath ]
    - [ spec, template, spec, containers, terminationMessagePolicy ]
    - [ spec, template, spec, securityContext ]
    - [ spec, template, spec, schedulerName ]
    - [ spec, template, spec, dnsPolicy ]
    - [ spec, template, spec, restartPolicy]
  # kind specific excluded fields
  kindFields:
    Service:
      - [ spec, clusterIP ]
  # allows to exclude single instances with certain field values
  kindByField:
    Service:
      - field: [ metadata, name ]
        # the value is compared to the string representation of the actual kind value
        values: [ exclude-me-1, exclude-me-2 ]
    Secret:
      - field: [ type ]
        # exclude helm secrets
        values: [ 'helm.sh/release', 'helm.sh/release.v1' ]
# excludes resources if the owner reference kind is excluded
considerOwnerReferences: false
# mask certain fields
masked:
  # the replacement string to be used for masked fields (default '***')
  replacement: '***'
  # generate a checksum from the value to be masked value instead of the replacement. (supported 'md5', 'sha1', 'sha256')
  checksum: ''
  # kind specific fields that should be masked
  kindFields:
    Secret:
      - [ dataxx ]
# encrypt certain fields
#encrypted:
#  # the aes key to use to encrypt the field values. The key can also be provided via env variable 'KUBEXPORTER_AES_KEY'
#  aesKey: '***'
#  # kind specific fields that should be encrypted. NOTE: if the same fields or a parent branch is also masked, masking wins over encryption.
#  kindFields:
#    Secret:
#      - [ data ]

# sort the slice field value before exporting
sortSlices:
  User:
    - [ roles ]