ha-sync: add internal/kube package with CronJob/Lease management

- internal/kube/client.go: NewClient() with in-cluster + kubeconfig fallback
- internal/kube/cronjob.go: JobSpec, ApplyCronJob, DeleteCronJob, TriggerJob,
  GetLockStatus, SuspendCronJob, ListCronJobs, ImportFromCronJob
- Makefile/Dockerfile: add ha-sync-ctl build target
- rbac.yaml: add batch/cronjobs+jobs permissions and watch verb on leases

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

deployment/ha-sync/rbac.yaml

@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ha-sync-lease-manager
+  namespace: infrastructure
+rules:
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create", "get", "update", "delete", "list", "watch"]
+  - apiGroups: ["batch"]
+    resources: ["cronjobs", "jobs"]
+    verbs: ["create", "get", "update", "patch", "delete", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ha-sync-lease-manager
+  namespace: infrastructure
+subjects:
+  - kind: ServiceAccount
+    name: ha-sync
+    namespace: infrastructure
+roleRef:
+  kind: Role
+  name: ha-sync-lease-manager
+  apiGroup: rbac.authorization.k8s.io

services/ha-sync/Dockerfile

@@ -0,0 +1,23 @@
+FROM golang:1.22-alpine AS build
+WORKDIR /src
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux go build -o /out/ha-sync ./cmd/ha-sync && \
+    CGO_ENABLED=0 GOOS=linux go build -o /out/ha-sync-ui ./cmd/ha-sync-ui && \
+    CGO_ENABLED=0 GOOS=linux go build -o /out/ha-sync-ctl ./cmd/ha-sync-ctl
+
+FROM alpine:3.20 AS ha-sync
+RUN apk add --no-cache ca-certificates tzdata
+COPY --from=build /out/ha-sync /usr/local/bin/ha-sync
+ENTRYPOINT ["/usr/local/bin/ha-sync"]
+
+FROM alpine:3.20 AS ha-sync-ui
+RUN apk add --no-cache ca-certificates tzdata
+COPY --from=build /out/ha-sync-ui /usr/local/bin/ha-sync-ui
+ENTRYPOINT ["/usr/local/bin/ha-sync-ui"]
+
+FROM alpine:3.20 AS ha-sync-ctl
+RUN apk add --no-cache ca-certificates tzdata
+COPY --from=build /out/ha-sync-ctl /usr/local/bin/ha-sync-ctl
+ENTRYPOINT ["/usr/local/bin/ha-sync-ctl"]

services/ha-sync/Makefile

@@ -0,0 +1,25 @@
+BIN_DIR = bin
+
+.PHONY: build build-sync build-ui build-ctl docker-build load clean
+
+build: build-sync build-ui build-ctl
+
+build-sync:
+	go build -o $(BIN_DIR)/ha-sync ./cmd/ha-sync
+
+build-ui:
+	go build -o $(BIN_DIR)/ha-sync-ui ./cmd/ha-sync-ui
+
+build-ctl:
+	go build -o $(BIN_DIR)/ha-sync-ctl ./cmd/ha-sync-ctl
+
+docker-build:
+	docker build -t ha-sync:latest -f Dockerfile --target ha-sync .
+	docker build -t ha-sync-ui:latest -f Dockerfile --target ha-sync-ui .
+	docker build -t ha-sync-ctl:latest -f Dockerfile --target ha-sync-ctl .
+
+load: docker-build
+	./build-and-load.sh
+
+clean:
+	rm -rf $(BIN_DIR)

services/ha-sync/go.mod

@@ -0,0 +1,51 @@
+module github.com/vandachevici/ha-sync
+
+go 1.22
+
+require (
+	github.com/go-sql-driver/mysql v1.7.1
+	github.com/spf13/cobra v1.8.0
+	k8s.io/api v0.29.3
+	k8s.io/apimachinery v0.29.3
+	k8s.io/client-go v0.29.3
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/oauth2 v0.10.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)

services/ha-sync/go.sum

@@ -0,0 +1,160 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
+github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
+github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
+golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
+k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
+k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
+k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
+k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
+k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
+k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

services/ha-sync/internal/kube/client.go

@@ -0,0 +1,33 @@
+package kube
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+)
+
+// NewClient builds a Kubernetes clientset. It tries in-cluster config first
+// (running inside a pod), then falls back to ~/.kube/config for local use.
+func NewClient() (*kubernetes.Clientset, error) {
+	cfg, err := rest.InClusterConfig()
+	if err != nil {
+		home, _ := os.UserHomeDir()
+		kubeconfig := filepath.Join(home, ".kube", "config")
+		if kc := os.Getenv("KUBECONFIG"); kc != "" {
+			kubeconfig = kc
+		}
+		cfg, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
+		if err != nil {
+			return nil, fmt.Errorf("kube: build config: %w", err)
+		}
+	}
+	client, err := kubernetes.NewForConfig(cfg)
+	if err != nil {
+		return nil, fmt.Errorf("kube: new client: %w", err)
+	}
+	return client, nil
+}

services/ha-sync/internal/kube/cronjob.go

@@ -0,0 +1,357 @@
+package kube
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	batchv1 "k8s.io/api/batch/v1"
+	coordinationv1 "k8s.io/api/coordination/v1"
+	corev1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	apiresource "k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
+)
+
+// JobSpec is a self-contained description of a sync job, mirroring db.Job.
+type JobSpec struct {
+	ID             int64
+	Name           string
+	Pair           string
+	Direction      string
+	Src            string
+	Dest           string
+	SrcHost        string
+	DestHost       string
+	CronSchedule   string
+	LockTTLSeconds int
+	DryRun         bool
+	DeleteMissing  bool
+	Workers        int
+	MtimeThreshold string
+	Excludes       []string
+	Enabled        bool
+}
+
+// LockStatus describes the current lock state for a job.
+type LockStatus struct {
+	Locked    bool      `json:"locked"`
+	Holder    string    `json:"holder,omitempty"`
+	ExpiresAt time.Time `json:"expires_at,omitempty"`
+}
+
+// CronJobName returns the K8s CronJob name for a job name.
+func CronJobName(jobName string) string {
+	name := strings.ToLower(strings.ReplaceAll(jobName, "_", "-"))
+	if len(name) > 52 {
+		name = name[:52]
+	}
+	return "ha-sync-" + name
+}
+
+// LeaseName returns the Lease name for a job name.
+func LeaseName(jobName string) string {
+	name := strings.ToLower(strings.ReplaceAll(jobName, "_", "-"))
+	if len(name) > 55 {
+		name = name[:55]
+	}
+	return "ha-sync-" + name
+}
+
+func pvcName(host, pair string) string {
+	return fmt.Sprintf("pvc-%s-%s", strings.ToLower(host), strings.ToLower(pair))
+}
+
+func buildArgs(spec JobSpec) []string {
+	args := []string{
+		"--src=" + spec.Src,
+		"--dest=" + spec.Dest,
+		"--pair=" + spec.Pair,
+		"--direction=" + spec.Direction,
+		"--log-dir=/var/log/ha-sync",
+		"--src-host=" + spec.SrcHost,
+		"--dest-host=" + spec.DestHost,
+		fmt.Sprintf("--workers=%d", spec.Workers),
+		fmt.Sprintf("--lock-ttl=%d", spec.LockTTLSeconds),
+	}
+	if spec.MtimeThreshold != "" {
+		args = append(args, "--mtime-threshold="+spec.MtimeThreshold)
+	}
+	if spec.DryRun {
+		args = append(args, "--dry-run")
+	}
+	if spec.DeleteMissing {
+		args = append(args, "--delete-missing")
+	}
+	for _, ex := range spec.Excludes {
+		args = append(args, "--exclude="+ex)
+	}
+	return args
+}
+
+func qty(s string) apiresource.Quantity {
+	q, _ := apiresource.ParseQuantity(s)
+	return q
+}
+
+func volumeFromPVC(name, claimName string) corev1.Volume {
+	return corev1.Volume{
+		Name: name,
+		VolumeSource: corev1.VolumeSource{
+			PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ClaimName: claimName},
+		},
+	}
+}
+
+func buildCronJob(namespace string, spec JobSpec) *batchv1.CronJob {
+	cronName := CronJobName(spec.Name)
+	successLimit := int32(3)
+	failureLimit := int32(3)
+	suspended := !spec.Enabled
+
+	return &batchv1.CronJob{
+		TypeMeta: metav1.TypeMeta{APIVersion: "batch/v1", Kind: "CronJob"},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      cronName,
+			Namespace: namespace,
+			Labels: map[string]string{
+				"app":          "ha-sync",
+				"ha-sync/job":  spec.Name,
+				"ha-sync/pair": spec.Pair,
+			},
+			Annotations: map[string]string{
+				"ha-sync/job-id": fmt.Sprintf("%d", spec.ID),
+			},
+		},
+		Spec: batchv1.CronJobSpec{
+			Schedule:                   spec.CronSchedule,
+			ConcurrencyPolicy:          batchv1.ForbidConcurrent,
+			SuccessfulJobsHistoryLimit: &successLimit,
+			FailedJobsHistoryLimit:     &failureLimit,
+			Suspend:                    &suspended,
+			JobTemplate: batchv1.JobTemplateSpec{
+				Spec: batchv1.JobSpec{
+					Template: corev1.PodTemplateSpec{
+						Spec: corev1.PodSpec{
+							ServiceAccountName: "ha-sync",
+							RestartPolicy:      corev1.RestartPolicyOnFailure,
+							Containers: []corev1.Container{{
+								Name:            "ha-sync",
+								Image:           "ha-sync:latest",
+								ImagePullPolicy: corev1.PullNever,
+								Command:         []string{"/usr/local/bin/ha-sync"},
+								Args:            buildArgs(spec),
+								Env: []corev1.EnvVar{
+									{
+										Name: "HA_SYNC_DB_DSN",
+										ValueFrom: &corev1.EnvVarSource{
+											SecretKeyRef: &corev1.SecretKeySelector{
+												LocalObjectReference: corev1.LocalObjectReference{Name: "ha-sync-db-secret"},
+												Key:                  "HA_SYNC_DB_DSN",
+											},
+										},
+									},
+									{
+										Name: "POD_NAME",
+										ValueFrom: &corev1.EnvVarSource{
+											FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.name"},
+										},
+									},
+								},
+								VolumeMounts: []corev1.VolumeMount{
+									{Name: "src-data", MountPath: spec.Src},
+									{Name: "dest-data", MountPath: spec.Dest},
+									{Name: "logs", MountPath: "/var/log/ha-sync"},
+								},
+								Resources: corev1.ResourceRequirements{
+									Requests: corev1.ResourceList{
+										corev1.ResourceCPU:    qty("50m"),
+										corev1.ResourceMemory: qty("64Mi"),
+									},
+									Limits: corev1.ResourceList{
+										corev1.ResourceCPU:    qty("500m"),
+										corev1.ResourceMemory: qty("256Mi"),
+									},
+								},
+							}},
+							Volumes: []corev1.Volume{
+								volumeFromPVC("src-data", pvcName(spec.SrcHost, spec.Pair)),
+								volumeFromPVC("dest-data", pvcName(spec.DestHost, spec.Pair)),
+								volumeFromPVC("logs", "pvc-ha-sync-logs"),
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+// ApplyCronJob creates or server-side-applies the K8s CronJob for a job spec.
+func ApplyCronJob(ctx context.Context, client kubernetes.Interface, namespace string, spec JobSpec) error {
+	desired := buildCronJob(namespace, spec)
+	data, err := json.Marshal(desired)
+	if err != nil {
+		return fmt.Errorf("kube: marshal cronjob: %w", err)
+	}
+	_, err = client.BatchV1().CronJobs(namespace).Patch(ctx, desired.Name,
+		types.ApplyPatchType, data,
+		metav1.PatchOptions{FieldManager: "ha-sync-ctl", Force: boolPtr(true)})
+	if err != nil {
+		return fmt.Errorf("kube: apply cronjob %s: %w", desired.Name, err)
+	}
+	return nil
+}
+
+// DeleteCronJob removes the K8s CronJob for a job (ignores not-found).
+func DeleteCronJob(ctx context.Context, client kubernetes.Interface, namespace, jobName string) error {
+	cronName := CronJobName(jobName)
+	err := client.BatchV1().CronJobs(namespace).Delete(ctx, cronName, metav1.DeleteOptions{})
+	if err != nil && !k8serrors.IsNotFound(err) {
+		return fmt.Errorf("kube: delete cronjob %s: %w", cronName, err)
+	}
+	return nil
+}
+
+// TriggerJob creates a one-off Job from the CronJob.
+func TriggerJob(ctx context.Context, client kubernetes.Interface, namespace, jobName string) (string, error) {
+	cronName := CronJobName(jobName)
+	cj, err := client.BatchV1().CronJobs(namespace).Get(ctx, cronName, metav1.GetOptions{})
+	if err != nil {
+		return "", fmt.Errorf("kube: get cronjob %s: %w", cronName, err)
+	}
+
+	ts := time.Now().UTC().Format("150405")
+	manualName := fmt.Sprintf("%s-manual-%s", cronName, ts)
+	if len(manualName) > 63 {
+		manualName = manualName[:63]
+	}
+
+	job := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      manualName,
+			Namespace: namespace,
+			Labels:    cj.Labels,
+			Annotations: map[string]string{
+				"ha-sync/triggered": "manual",
+			},
+		},
+		Spec: cj.Spec.JobTemplate.Spec,
+	}
+	created, err := client.BatchV1().Jobs(namespace).Create(ctx, job, metav1.CreateOptions{})
+	if err != nil {
+		return "", fmt.Errorf("kube: create manual job: %w", err)
+	}
+	return created.Name, nil
+}
+
+// GetLockStatus checks the K8s Lease to determine if a job is actively running.
+func GetLockStatus(ctx context.Context, client kubernetes.Interface, namespace, jobName string) (LockStatus, error) {
+	leaseName := LeaseName(jobName)
+	lease, err := client.CoordinationV1().Leases(namespace).Get(ctx, leaseName, metav1.GetOptions{})
+	if err != nil {
+		if k8serrors.IsNotFound(err) {
+			return LockStatus{Locked: false}, nil
+		}
+		return LockStatus{}, fmt.Errorf("kube: get lease %s: %w", leaseName, err)
+	}
+	return leaseStatus(lease), nil
+}
+
+func leaseStatus(lease *coordinationv1.Lease) LockStatus {
+	if lease.Spec.RenewTime == nil || lease.Spec.LeaseDurationSeconds == nil || lease.Spec.HolderIdentity == nil {
+		return LockStatus{Locked: false}
+	}
+	ttl := time.Duration(*lease.Spec.LeaseDurationSeconds) * time.Second
+	expiresAt := lease.Spec.RenewTime.Time.Add(ttl)
+	if time.Now().After(expiresAt) {
+		return LockStatus{Locked: false}
+	}
+	return LockStatus{
+		Locked:    true,
+		Holder:    *lease.Spec.HolderIdentity,
+		ExpiresAt: expiresAt,
+	}
+}
+
+// SuspendCronJob sets the suspend flag on a CronJob without changing other config.
+func SuspendCronJob(ctx context.Context, client kubernetes.Interface, namespace, jobName string, suspend bool) error {
+	cronName := CronJobName(jobName)
+	patch := fmt.Sprintf(`{"spec":{"suspend":%v}}`, suspend)
+	_, err := client.BatchV1().CronJobs(namespace).Patch(ctx, cronName,
+		types.MergePatchType, []byte(patch), metav1.PatchOptions{})
+	if err != nil && !k8serrors.IsNotFound(err) {
+		return fmt.Errorf("kube: suspend %s=%v: %w", cronName, suspend, err)
+	}
+	return nil
+}
+
+// ListCronJobs returns all CronJobs with the ha-sync app label.
+func ListCronJobs(ctx context.Context, client kubernetes.Interface, namespace string) ([]batchv1.CronJob, error) {
+	list, err := client.BatchV1().CronJobs(namespace).List(ctx, metav1.ListOptions{
+		LabelSelector: "app=ha-sync",
+	})
+	if err != nil {
+		return nil, fmt.Errorf("kube: list cronjobs: %w", err)
+	}
+	return list.Items, nil
+}
+
+// ImportFromCronJob extracts a JobSpec from an existing K8s CronJob.
+func ImportFromCronJob(cj batchv1.CronJob) *JobSpec {
+	jobName := cj.Labels["ha-sync/job"]
+	pair := cj.Labels["ha-sync/pair"]
+	if jobName == "" {
+		name := strings.TrimPrefix(cj.Name, "ha-sync-")
+		if name == cj.Name {
+			return nil
+		}
+		jobName = name
+	}
+
+	spec := &JobSpec{
+		Name:           jobName,
+		Pair:           pair,
+		CronSchedule:   cj.Spec.Schedule,
+		Enabled:        cj.Spec.Suspend == nil || !*cj.Spec.Suspend,
+		LockTTLSeconds: 3600,
+		Workers:        4,
+		MtimeThreshold: "2s",
+		SrcHost:        "dell",
+		DestHost:       "hp",
+	}
+
+	containers := cj.Spec.JobTemplate.Spec.Template.Spec.Containers
+	if len(containers) == 0 {
+		return spec
+	}
+	for _, arg := range containers[0].Args {
+		switch {
+		case strings.HasPrefix(arg, "--src="):
+			spec.Src = strings.TrimPrefix(arg, "--src=")
+		case strings.HasPrefix(arg, "--dest="):
+			spec.Dest = strings.TrimPrefix(arg, "--dest=")
+		case strings.HasPrefix(arg, "--pair="):
+			spec.Pair = strings.TrimPrefix(arg, "--pair=")
+		case strings.HasPrefix(arg, "--direction="):
+			spec.Direction = strings.TrimPrefix(arg, "--direction=")
+		case strings.HasPrefix(arg, "--src-host="):
+			spec.SrcHost = strings.TrimPrefix(arg, "--src-host=")
+		case strings.HasPrefix(arg, "--dest-host="):
+			spec.DestHost = strings.TrimPrefix(arg, "--dest-host=")
+		case arg == "--dry-run":
+			spec.DryRun = true
+		case arg == "--delete-missing":
+			spec.DeleteMissing = true
+		case strings.HasPrefix(arg, "--exclude="):
+			spec.Excludes = append(spec.Excludes, strings.TrimPrefix(arg, "--exclude="))
+		}
+	}
+	return spec
+}
+
+func boolPtr(b bool) *bool { return &b }