feat: cross ns kubeconfig (#224)

* feat: add a namespace field to the secret ref

* feat: allow use of a kubeconfig in a different ns

* chore: cleanup

* chore(drive-by): dependency management

* chore(drive-by): update rand

* chore(drive-by): schemars version

* chore(drive-by): cleanup

Author: zach-robinson-dev

Cargo.lock

@@ -5,36 +5,35 @@ license = "MIT"
 edition = "2021"
 keywords = ["kubernetes"]
 repository = "https://github.com/influxdata/sinker"
-authors = ["Marko Mikulicic <mkm@influxdata.com>"]
+authors = ["InfluxData"]
 description = "Copy k8s resources (or parts thereof) across clusters"
 
 [dependencies]
-clap = { version = "4.5", features = ["derive", "help", "env", "std"] }
-futures = "0.3"
-kube = { version = "1.1.0", features = ["runtime", "derive", "unstable-runtime"] }
-kube-derive = "2.0.1"
-k8s-openapi = { version = "0.25.0", features = ["v1_33", "schemars"] }
-kubert = { version = "0.25.0", features = [
+clap = { version = "^4.5.53", features = ["derive", "help", "env", "std"] }
+futures = "^0.3.31"
+kube = { version = "^1.1.0", features = ["runtime", "derive", "unstable-runtime"] }
+k8s-openapi = { version = "^0.25.0", features = ["v1_33", "schemars"] }
+kubert = { version = "^0.25.0", features = [
     "clap",
     "runtime",
     "server",
     "rustls-tls",
     "prometheus-client",
 ] }
-tokio = { version = "1.44", features = ["full"] }
-anyhow = { version = "1", features = ["backtrace"] }
-tracing = "0.1"
-schemars = "0.8.21"
-serde = { version = "1", features = ["derive"] }
-serde_json = "1"
-serde_yaml = "0.9.34"
-thiserror = "2"
-serde_json_path = "0.7.2"
-tokio-context = "0.1.*"
-tokio-stream = "0.1.*"
+tokio = { version = "^1.48.0", features = ["full"] }
+anyhow = { version = "^1.0.100", features = ["backtrace"] }
+tracing = "^0.1.41"
+schemars = "^0.8.22"
+serde = { version = "^1.0.228", features = ["derive"] }
+serde_json = "^1.0.145"
+serde_yaml = "^0.9.34"
+thiserror = "^2.0.17"
+serde_json_path = "^0.7.2"
+tokio-context = "^0.1.3"
+tokio-stream = "^0.1.17"
 
 [dev-dependencies]
-rstest = "0.26.1"
-once_cell = "1.21.*"
-chrono = "0.4.*"
-rand = "0.8.5"
+rstest = "^0.26.1"
+once_cell = "^1.21.3"
+chrono = "^0.4.42"
+rand = "^0.9.2"

Cargo.toml

@@ -50,6 +50,9 @@ spec:
                                 type: string
                               name:
                                 type: string
+                              namespace:
+                                nullable: true
+                                type: string
                             required:
                             - key
                             - name
@@ -98,6 +101,9 @@ spec:
                                 type: string
                               name:
                                 type: string
+                              namespace:
+                                nullable: true
+                                type: string
                             required:
                             - key
                             - name

manifests/crd.yml

@@ -29,7 +29,7 @@ mod tests {
     use chrono::TimeZone;
     use k8s_openapi::apimachinery::pkg::apis::meta::v1::{ManagedFieldsEntry, ObjectMeta, Time};
     use once_cell::sync::Lazy;
-    use rand::distributions::Alphanumeric;
+    use rand::distr::Alphanumeric;
     use rand::Rng;
     use rstest::*;
 
@@ -39,7 +39,7 @@ mod tests {
         ($len:expr) => {
             Lazy::new(|| {
                 iter::repeat(())
-                    .map(|()| rand::thread_rng().sample(Alphanumeric))
+                    .map(|()| rand::rng().sample::<u8, _>(Alphanumeric))
                     .filter(|c| c.is_ascii_alphabetic())
                     .take($len)
                     .map(char::from)

src/filters.rs

@@ -16,8 +16,8 @@ pub enum Error {
     #[error("error parsing kubeconfig from secret")]
     KubeconfigUtf8Error(#[source] std::str::Utf8Error),
 
-    #[error("referenced key '{0}' does not exist in secret '{0}'")]
-    MissingKeyError(String, String),
+    #[error("referenced key '{0}' does not exist in secret '{0}' in namespace '{0}'")]
+    MissingKeyError(String, String, String),
 
     #[error("SerializationError: {0}")]
     SerializationError(#[from] serde_json::Error),

src/lib.rs

@@ -46,8 +46,10 @@ async fn main() -> anyhow::Result<()> {
         Some(Commands::Manifests) => {
             println!(
                 "{}---\n{}",
-                serde_yaml::to_string(&sinker::resources::ResourceSync::crd()).unwrap(),
-                serde_yaml::to_string(&sinker::resources::SinkerContainer::crd_with_manual_schema()).unwrap()
+                serde_yaml::to_string(&sinker::resources::ResourceSync::crd())?,
+                serde_yaml::to_string(
+                    &sinker::resources::SinkerContainer::crd_with_manual_schema()
+                )?
             );
         }
         None => {

src/main.rs

@@ -31,7 +31,7 @@ impl ResourceSync {
         self.metadata
             .finalizers
             .as_ref()
-            .map_or(false, |f| f.contains(&FINALIZER.to_string()))
+            .is_some_and(|f| f.contains(&FINALIZER.to_string()))
     }
 
     pub fn api(&self, client: Client) -> Api<Self> {
@@ -101,7 +101,13 @@ async fn cluster_client(
     let client = match cluster_ref {
         None => client,
         Some(cluster_ref) => {
-            let secrets: Api<Secret> = Api::namespaced(client, local_ns);
+            let secret_ns = cluster_ref
+                .kube_config
+                .secret_ref
+                .namespace
+                .as_deref()
+                .unwrap_or(local_ns);
+            let secrets: Api<Secret> = Api::namespaced(client, secret_ns);
             let secret_ref = &cluster_ref.kube_config.secret_ref;
             let sec = secrets.get(&secret_ref.name).await?;
 
@@ -111,7 +117,11 @@ async fn cluster_client(
                         .unwrap()
                         .get(&secret_ref.key)
                         .ok_or_else(|| {
-                            Error::MissingKeyError(secret_ref.key.clone(), secret_ref.name.clone())
+                            Error::MissingKeyError(
+                                secret_ref.key.clone(),
+                                secret_ref.name.clone(),
+                                secret_ns.to_string(),
+                            )
                         })?
                         .0,
                 )

src/resource_extensions.rs

@@ -125,6 +125,7 @@ pub struct KubeConfig {
 #[serde(rename_all = "camelCase")]
 pub struct SecretRef {
     pub name: String,
+    pub namespace: Option<String>,
     pub key: String,
 }