Restoring from backup removes essential uid in ownerReferences, breaking Ingress-Certificate relationship #1692
Description
I encountered an issue while restoring cert-manager resources from a backup using the recommended method in the official documentation:
kubectl apply -f <(awk '!/^ *(resourceVersion|uid): [^ ]+$/' backup.yaml)
However, this command unintentionally removes the uid field under ownerReferences in Certificate resources.
This becomes a problem when certificates are generated via Ingress resources. The uid field in ownerReferences is essential for maintaining the relationship between the Ingress and the Certificate.
Proposed solution
To preserve the ownerReferences[].uid while still removing unnecessary metadata fields like metadata.uid and metadata.resourceVersion, I used the following jq-based workaround:
jq 'walk(if type == "object" and has("metadata") then .metadata |= (del(.uid) | del(.resourceVersion)) else . end)' \
backup.yaml | kubectl apply -f -
This ensures that:
metadata.uid and metadata.resourceVersion are removed (as expected)
ownerReferences[].uid is preserved to maintain resource relationships