Rewrite dumper in Go

Differences:
- All APIs are fully qualified in both the options (`--must-exist=certificates.cert-manager.io`, `--ignore=deployment.apps`) and the output files (`objects-Certificate.cert-manager.io.json`).
  This makes it possible to distinguish between objects with the same kind but different groups. See #47.
- Resources without a list endpoint are ignored and do not cause and error or need to be explicitly ignored.
- Ignore and must-exist options are now command line flags instead of files in `/usr/local/share`.

Fixes #47 and #42.

Author: bastjan

.dockerignore

@@ -0,0 +1,49 @@
+name: 🐛 Bug report
+description: Create a report to help us improve 🎉
+labels:
+  - bug
+
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+    validations:
+      required: false
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs
+      description: If applicable, add logs to help explain the bug.
+      render: shell
+    validations:
+      required: false
+  - type: textarea
+    id: expected_behavior
+    attributes:
+      label: Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: reproduction_steps
+    attributes:
+      label: Steps To Reproduce
+      description: Describe steps to reproduce the behavior
+    validations:
+      required: false
+  - type: textarea
+    id: version
+    attributes:
+      label: Versions
+      placeholder: v1.2.3 [, Kubernetes 1.21]
+    validations:
+      required: true

.editorconfig

@@ -1,5 +1 @@
 blank_issues_enabled: false
-contact_links:
-  - name: ❓ Help and Support RocketChat Channel
-    url: https://community.appuio.ch
-    about: Please ask and answer questions here. 🏥

.github/ISSUE_TEMPLATE/01_bug_report.md

@@ -0,0 +1,67 @@
+name: 🚀 Feature request
+description: Suggest an idea for this project 💡
+labels:
+  - enhancement
+
+body:
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      value: |
+        **As** role name\
+        **I want** a feature or functionality\
+        **So that** I get certain business value
+      description: This user story helps us to quickly understand what this idea is about.
+    validations:
+      required: true
+  - type: textarea
+    id: context
+    attributes:
+      label: Context
+      description: Add more information here. You are completely free regarding form and length.
+    validations:
+      required: true
+  - type: textarea
+    id: out_of_scope
+    attributes:
+      label: Out of Scope
+      description: List aspects that are explicitly not part of this feature
+      placeholder: |
+        - ...
+        - ...
+        - ...
+    validations:
+      required: false
+  - type: textarea
+    id: links
+    attributes:
+      label: Further links
+      description: URLs of relevant Git repositories, PRs, Issues, etc.
+      placeholder: |
+        - #567
+        - https://kubernetes.io/docs/reference/
+    validations:
+      required: false
+  - type: textarea
+    id: acceptance_criteria
+    attributes:
+      label: Acceptance Criteria
+      description: If you already have ideas what the detailed requirements are, please list them below in given-when-then expressions.
+      placeholder: |
+        - Given a precondition, when an action happens, then expect a result
+
+        ```gherkin
+        Given a precondition
+        When an action happens
+        Then expect a result
+        ```
+    validations:
+      required: false
+  - type: textarea
+    id: implementation_idea
+    attributes:
+      label: Implementation Ideas
+      description: If applicable, shortly list possible implementation ideas
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/02_feature_request.md

@@ -1,23 +1,19 @@
-<!--
-Thank you for your pull request. Please provide a description above and
-review the checklist below.
+## Summary
 
-Contributors guide: ./CONTRIBUTING.md
--->
+* Short summary of what's included in the PR
+* Give special note to breaking changes
 
 ## Checklist
-<!--
-Remove items that do not apply. For completed items, change [ ] to [x].
--->
 
-- [ ] Keep pull requests small so they can be easily reviewed.
-- [ ] Update the documentation.
 - [ ] Categorize the PR by setting a good title and adding one of the labels:
       `bug`, `enhancement`, `documentation`, `change`, `breaking`, `dependency`
       as they show up in the changelog
+- [ ] Update tests.
 - [ ] Link this PR to related issues.
 
 <!--
+Remove items that do not apply. For completed items, change [ ] to [x].
+
 NOTE: these things are not required to open a PR and can be done afterwards,
 while the PR is open.
 -->

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,30 +1,42 @@
 {
-    "pr_template": "- ${{TITLE}} (#${{NUMBER}})",
-    "categories": [
-        {
-            "title": "## 🚀 Features",
-            "labels": ["enhancement", "feature"]
-        },
-        {
-            "title": "## 🛠️ Minor Changes",
-            "labels": ["change"]
-        },
-        {
-            "title": "## 🔎 Breaking Changes",
-            "labels": ["breaking"]
-        },
-        {
-            "title": "## 🐛 Fixes",
-            "labels": ["bug", "fix"]
-        },
-        {
-            "title": "## 📄 Documentation",
-            "labels": ["documentation"]
-        },
-        {
-            "title": "## 🔗 Dependency Updates",
-            "labels": ["dependency"]
-        }
-    ],
-    "template": "${{CATEGORIZED_COUNT}} changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}"
+  "pr_template": "- ${{TITLE}} (#${{NUMBER}})",
+  "categories": [
+    {
+      "title": "## 🚀 Features",
+      "labels": [
+        "enhancement"
+      ]
+    },
+    {
+      "title": "## 🛠️ Minor Changes",
+      "labels": [
+        "change"
+      ]
+    },
+    {
+      "title": "## 🔎 Breaking Changes",
+      "labels": [
+        "breaking"
+      ]
+    },
+    {
+      "title": "## 🐛 Fixes",
+      "labels": [
+        "bug"
+      ]
+    },
+    {
+      "title": "## 📄 Documentation",
+      "labels": [
+        "documentation"
+      ]
+    },
+    {
+      "title": "## 🔗 Dependency Updates",
+      "labels": [
+        "dependency"
+      ]
+    }
+  ],
+  "template": "${{CATEGORIZED_COUNT}} changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}"
 }

.github/ISSUE_TEMPLATE/config.yml

@@ -1,105 +1,32 @@
-name: Docker image build
+name: Build
 
 on:
-  schedule:
-    - cron: '0 7 * * *' # everyday at 07:00
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*.*.*'
   pull_request:
     branches:
       - master
+  push:
+    branches:
+      - master
 
 jobs:
-  docker:
+  go:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=projectsyn/k8s-object-dumper
-          VERSION=noop
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            VERSION=nightly
-          elif [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=edge
-            fi
-          elif [[ $GITHUB_REF == refs/pull/* ]]; then
-            VERSION=pr-${{ github.event.number }}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            MINOR=${VERSION%.*}
-            MAJOR=${MINOR%.*}
-            TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
-          elif [ "${{ github.event_name }}" = "push" ]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
-          fi
-          echo "version=${VERSION}" >> ${GITHUB_ENV}
-          echo "tags=${TAGS}" >> ${GITHUB_ENV}
-          echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - uses: actions/checkout@v4
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Determine Go version from go.mod
+        run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
 
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
+      - uses: actions/setup-go@v5
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          go-version: ${{ env.GO_VERSION }}
 
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v6
+      - uses: actions/cache@v4
         with:
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ env.tags }}
-          labels: |
-            org.opencontainers.image.title=${{ github.event.repository.name }}
-            org.opencontainers.image.description=${{ github.event.repository.description }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ env.version }}
-            org.opencontainers.image.created=${{ env.created }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
 
-      - name: Build changelog from PRs with labels
-        if: startsWith(github.ref, 'refs/tags/v')
-        id: build_changelog
-        uses: mikepenz/release-changelog-builder-action@v5
-        with:
-          configuration: ".github/changelog-configuration.json"
-          # PreReleases still get a changelog, but the next full release gets a diff since the last full release,
-          # combining possible changelogs of all previous PreReleases in between.
-          # PreReleases show a partial changelog since last PreRelease.
-          ignorePreReleases: "${{ !contains(github.ref, '-rc') }}"
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Create Release
-        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/create-release@v1
-        with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
-          body: ${{steps.build_changelog.outputs.changelog}}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run build
+        run: make build

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,27 @@
+name: Lint
+
+on:
+  pull_request: {}
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Determine Go version from go.mod
+        run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Run linters
+        run: make lint

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,63 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Determine Go version from go.mod
+        run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build changelog from PRs with labels
+        id: build_changelog
+        uses: mikepenz/release-changelog-builder-action@v5
+        with:
+          configuration: ".github/changelog-configuration.json"
+          # PreReleases still get a changelog, but the next full release gets a diff since the last full release,
+          # combining possible changelogs of all previous PreReleases in between.
+          # PreReleases show a partial changelog since last PreRelease.
+          ignorePreReleases: "${{ !contains(github.ref, '-rc') }}"
+          outputFile: .github/release-notes.md
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish releases
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: release --release-notes .github/release-notes.md
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REGISTRY: ghcr.io
+          IMAGE_NAME: ${{ github.repository }}

.github/changelog-configuration.json

@@ -0,0 +1,32 @@
+name: Test
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Determine Go version from go.mod
+        run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Run tests
+        run: make test

.github/workflows/build.yml

@@ -1,6 +1,14 @@
-tmp/
-log/
-redhat/rpms
+# Goreleaser
+dist/
+.github/release-notes.md
 
-# Data directory used for local testing
-data/
+# Tools
+bin/
+
+# Build
+k8s-object-dumper
+*.out
+
+# Docs
+.cache/
+.public/

.github/workflows/lint.yml

@@ -0,0 +1,54 @@
+# This is an example goreleaser.yaml file with some sane defaults.
+# Make sure to check the documentation at http://goreleaser.com
+builds:
+- env:
+  - CGO_ENABLED=0 # this is needed otherwise the Docker image build is faulty
+  goarch:
+  - amd64
+  - arm64
+  goos:
+  - linux
+  goarm:
+  - 8
+
+archives:
+- format: binary
+  name_template: "{{ .Binary }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+
+checksum:
+  name_template: "checksums.txt"
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-snapshot"
+
+dockers:
+- goarch: amd64
+  use: buildx
+  build_flag_templates:
+  - "--platform=linux/amd64"
+  image_templates:
+  - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}-amd64"
+
+- goarch: arm64
+  use: buildx
+  build_flag_templates:
+    - "--platform=linux/arm64/v8"
+  image_templates:
+  - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}-arm64"
+
+docker_manifests:
+  ## ghcr.io
+  # For prereleases, updating `latest` does not make sense.
+  # Only the image for the exact version should be pushed.
+  - name_template: "{{ if not .Prerelease }}{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:latest{{ end }}"
+    image_templates:
+      - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}-amd64"
+      - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}-arm64"
+
+  - name_template: "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}"
+    image_templates:
+      - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}-amd64"
+      - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}:v{{ .Version }}-arm64"
+
+release:
+  prerelease: auto

.github/workflows/release.yml

@@ -2,5 +2,3 @@
 
 This code repository is part of Project Syn and the contribution guide at
 https://syn.tools/syn/contribution_guide.html does apply.
-
-Submit Pull Requests at https://github.com/projectsyn/component-k8s-object-dumper/pulls.

.github/workflows/test.yml

@@ -1,43 +1,13 @@
-FROM docker.io/debian:12.7-slim as base
+FROM docker.io/library/alpine:3.20 as runtime
 
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends \
-     bash \
-     jq \
-     less \
-     moreutils \
-     procps \
-  && rm -rf /var/lib/apt/lists/*
+RUN \
+  apk add --update --no-cache \
+    bash \
+    curl \
+    ca-certificates \
+    tzdata
 
-FROM base as downloader
+ENTRYPOINT ["k8s-object-dumper"]
+COPY k8s-object-dumper /usr/bin/
 
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends \
-     ca-certificates \
-     curl \
-  && rm -rf /var/lib/apt/lists/*
-
-ARG K8S_VERSION=v1.18.20
-
-RUN curl -sLo /tmp/kubectl "https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/kubectl" \
-  && chmod +x /tmp/kubectl
-
-RUN curl -sLo /tmp/krossa.tar.gz https://github.com/appuio/krossa/releases/download/v0.0.4/krossa_0.0.4_linux_amd64.tar.gz \
-  && mkdir /tmp/krossa \
-  && tar -xzf /tmp/krossa.tar.gz --directory /tmp/krossa \
-  && ls /tmp/krossa
-
-FROM base
-
-RUN mkdir /data \
-  && chown 1001:0 /data
-
-COPY --from=downloader /tmp/kubectl /usr/local/bin
-COPY --from=downloader /tmp/krossa/krossa /usr/local/bin
-COPY dump-objects /usr/local/bin
-COPY must-exist /usr/local/share/k8s-object-dumper/
-COPY known-to-fail /usr/local/share/k8s-object-dumper/
-
-USER 1001
-ENTRYPOINT ["/usr/local/bin/dump-objects"]
-CMD ["-d", "/data"]
+USER 65536:0

.gitignore

@@ -0,0 +1,66 @@
+# Set Shell to bash, otherwise some targets fail with dash/zsh etc.
+SHELL := /bin/bash
+
+# Disable built-in rules
+MAKEFLAGS += --no-builtin-rules
+MAKEFLAGS += --no-builtin-variables
+.SUFFIXES:
+.SECONDARY:
+.DEFAULT_GOAL := help
+
+# General variables
+include Makefile.vars.mk
+
+.PHONY: help
+help: ## Show this help
+	@grep -E -h '\s##\s' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: build
+build: build-bin build-docker ## All-in-one build
+
+.PHONY: build-bin
+build-bin: export CGO_ENABLED = 0
+build-bin: fmt vet ## Build binary
+	@go build -o $(BIN_FILENAME)
+
+.PHONY: build-docker
+build-docker: build-bin ## Build docker image
+	$(DOCKER_CMD) build -t $(CONTAINER_IMG) .
+
+.PHONY: run
+run:
+	go run .
+
+.PHONY: test
+test: envtest ## Test with envtest
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -race -coverprofile cover.out -covermode atomic ./...
+
+.PHONY: fmt
+fmt: ## Run 'go fmt' against code
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run 'go vet' against code
+	go vet ./...
+
+.PHONY: lint
+lint: fmt vet generate ## All-in-one linting
+	@echo 'Check for uncommitted changes ...'
+	git diff --exit-code
+
+.PHONY: generate
+generate: ## Generate additional code and artifacts
+	@go generate ./...
+
+.PHONY: clean
+clean: ## Cleans local build artifacts
+	rm -rf dist .cache
+
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

.goreleaser.yml

@@ -0,0 +1,19 @@
+## These are some common variables for Make
+
+PROJECT_ROOT_DIR = .
+PROJECT_NAME ?= k8s-object-dumper
+PROJECT_OWNER ?= projectsyn
+
+## BUILD:go
+BIN_FILENAME ?= $(PROJECT_NAME)
+
+## BUILD:docker
+DOCKER_CMD ?= docker
+
+IMG_TAG ?= latest
+# Image URL to use all building/pushing image targets
+CONTAINER_IMG ?= local.dev/$(PROJECT_OWNER)/$(PROJECT_NAME):$(IMG_TAG)
+
+LOCALBIN ?= $(shell pwd)/bin
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+ENVTEST_K8S_VERSION = 1.28.3

.yamllint.yml

@@ -1,92 +1,70 @@
 # K8s Object Dumper
 
-K8s Object Dumper allows to collect all objects from Kubernetes and write them into files.
-It is written to be used as a pre backup command for [K8up](https://k8up.io).
+Discover and dump all listable objects from a Kubernetes cluster into JSON files.
+Written to be used as a pre backup command for [K8up](https://k8up.io).
 
-This repository is part of Project Syn.
-For documentation on Project Syn, see https://syn.tools.
-
-K8s Object Dumper consists of a shell script.
-This script uses the Kubernetes API to list each and every API and Kind known to the targeted cluster.
-It then dumps all those kinds to Json files (one file per kind).
-For easier restore, those dumped objects then get split up by namespace and kind.
+## Usage
 
-The resulting structure looks like the following:
+The project uses controller-runtime's configuration discovery to find the Kubernetes API server.
 
-```
-├─ objects-<kind>.json
-├─ …
-└─ split/
-   ├─ <namespace>/
-   |  ├─ __all__.json
-   |  ├─ <kind>.json
-   |  └─ …
-   └─ …
-```
 
-## Usage
 
-Using Docker
+### Dump to STDOUT
 
 ```bash
-docker run --rm -v "/path/to/kubeconfig:/kubeconfig" -e KUBECONFIG=/kubeconfig -v "${PWD}/data:/data" projectsyn/k8s-object-dumper:latest -d /data > objects.tar.gz
+$ k8s-object-dumper
+{"apiVersion":"v1","kind":"List","items":[{"apiVersion":"v1", ...}]}
+{"apiVersion":"v1","kind":"List","items":[{"apiVersion":"apps/v1", ...}]}
 ```
 
-Using Kubernetes (with K8up)
-
-See [Commodore Component: cluster-backup](https://github.com/projectsyn/component-cluster-backup).
-
-## Configuration
-
-The `dump-objects` scripts reads configuration from two files.
+### Dump to a directory
 
-`/usr/local/share/k8s-object-dumper/must-exists` contains a list of types that must exist within the list of discovered types.
-This is a safeguard helping to detect failure of the discover mechanism.
-Types must be all lower case and plural.
-One type per line.
+```bash
+$ k8s-object-dumper -d dir
+```
 
-Example:
+Will result in the following directory structure:
 
 ```
-configmaps
-daemonsets
-deployments
-endpoints
-ingresses
-jobs
-namespaces
-nodes
-persistentvolumeclaims
-persistentvolumes
-replicasets
-roles
-secrets
-serviceaccounts
-services
-statefulsets
+└─ dir/
+   ├─ objects-<kind>[.<group>].json
+   ├─ …
+   └─ split/
+      ├─ <namespace>/
+      |  ├─ __all__.json
+      |  ├─ <kind>[.<group>].json
+      |  └─ …
+      └─ …
 ```
 
-Some types can not be exported and the script will return an error for them.
-Those errors can be suppressed by placing those types in `/usr/local/share/k8s-object-dumper/known-to-fail`.
-Like `must-exist` types are listed line by line but in addition Bash regular expressions can be used.
+### Advanced usage
+
+```bash
+# Fail if a Pods, Deployments or AlertingRules are not found
+$ k8s-object-dumper \
+  -must-exist=pods \
+  -must-exist=deployments.apps \
+  -must-exist=alertingrules.monitoring.openshift.io
+# Ignore all Secrets and all cert-manager objects
+$ k8s-object-dumper \
+  -ignore=secrets \
+  -ignore=.+cert-manager.io
+```
 
+## Development
 
-Example:
+The project uses [envtest](https://book.kubebuilder.io/reference/envtest) to run tests against a real Kubernetes API server.
 
+```bash
+$ make test
 ```
-.+mutators
-.+reviews
-.+validators
-bindings
-deploymentconfigrollbacks
-imagesignatures
-imagestream.+
-mutations
-useridentitymappings
-validations
-```
 
-To enable informative logging output for non-error cases, set the `-D` argument.
+## Differences to the original `bash` version `< 0.3.0`
+
+- All APIs are fully qualified in both the options (`--must-exist=certificates.cert-manager.io`, `--ignore=deployment.apps`) and the output files (`objects-Certificate.cert-manager.io.json`).
+  This makes it possible to distinguish between objects with the same kind but different groups. See https://github.com/projectsyn/k8s-object-dumper/issues/47.
+- Resources without a list endpoint are ignored, do not cause an error, and don't need to be explicitly ignored.
+- Ignore and must-exist options are now command line flags instead of files in `/usr/local/share`.
 
 ## Contributing and license
 

CODE_OF_CONDUCT.md

@@ -0,0 +1,67 @@
+module github.com/projectsyn/k8s-object-dumper
+
+go 1.23.2
+
+require (
+	github.com/stretchr/testify v1.9.0
+	go.uber.org/multierr v1.11.0
+	k8s.io/api v0.31.0
+	k8s.io/apimachinery v0.31.0
+	k8s.io/client-go v0.31.0
+	sigs.k8s.io/controller-runtime v0.19.0
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.31.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)

CONTRIBUTING.md

@@ -0,0 +1,149 @@
+package discovery
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"regexp"
+	"slices"
+	"strings"
+
+	"go.uber.org/multierr"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/client-go/discovery"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/rest"
+)
+
+type DiscoveryOptions struct {
+	BatchSize int64
+	LogWriter io.Writer
+
+	// MustExistResources is a list of resources that must exist in the cluster.
+	// This can be used as a sanity check to ensure that the discovery process is working as expected.
+	// If a resource does not exist, the discovery process will fail.
+	// If the list is empty, no resources are required to exist.
+	MustExistResources []string
+
+	// IgnoreResources is a list of resources to ignore during discovery.
+	IgnoreResources []*regexp.Regexp
+}
+
+// GetBatchSize returns the set batch size for listing objects or the default.
+func (opts DiscoveryOptions) GetBatchSize() int64 {
+	if opts.BatchSize == 0 {
+		return 500
+	}
+	return opts.BatchSize
+}
+
+// GetLogWriter returns the set batch size for listing objects or io.Discard as default.
+func (opts DiscoveryOptions) GetLogWriter() io.Writer {
+	if opts.LogWriter == nil {
+		return io.Discard
+	}
+	return opts.LogWriter
+}
+
+// DiscoverObjects discovers all objects in the cluster and calls the provided callback for each list of objects.
+// The callback can be called multiple times with the same object kind.
+// Objects are unique in general, but the callback should be able to handle duplicates.
+// Some API servers do not implement list batching correctly and thus might introduce duplicates.
+func DiscoverObjects(ctx context.Context, conf *rest.Config, cb func(*unstructured.UnstructuredList) error, opts DiscoveryOptions) error {
+	batchSize := opts.GetBatchSize()
+	logWriter := opts.GetLogWriter()
+
+	dc, err := discovery.NewDiscoveryClientForConfig(conf)
+	if err != nil {
+		return fmt.Errorf("failed to create discovery client: %w", err)
+	}
+	dynClient, err := dynamic.NewForConfig(conf)
+	if err != nil {
+		return fmt.Errorf("failed to create dynamic client: %w", err)
+	}
+
+	sprl, err := dc.ServerPreferredResources()
+	if err != nil {
+		return fmt.Errorf("failed to get server preferred resources: %w", err)
+	}
+
+	fmt.Fprintln(logWriter, "Discovered resources:")
+	for _, re := range sprl {
+		fmt.Fprintln(logWriter, re.GroupVersion)
+		for _, r := range re.APIResources {
+			fmt.Fprintln(logWriter, "  ", r.Kind)
+		}
+	}
+
+	if len(opts.MustExistResources) > 0 {
+		want := sets.New(opts.MustExistResources...)
+		have := sets.New[string]()
+		for _, re := range sprl {
+			for _, r := range re.APIResources {
+				res := formatGVRForComparison(groupVersionFromString(re.GroupVersion).WithResource(r.Name))
+				have.Insert(res)
+			}
+		}
+		missing := want.Difference(have)
+		if missing.Len() > 0 {
+			return fmt.Errorf("missing resources: %s", sets.List(missing))
+		}
+	}
+
+	var errors []error
+	for _, re := range sprl {
+		for _, r := range re.APIResources {
+			res := groupVersionFromString(re.GroupVersion).WithResource(r.Name)
+			if !slices.Contains(r.Verbs, "list") {
+				fmt.Fprintf(logWriter, "skipping %s: no list verb\n", res)
+				continue
+			}
+
+			if i := slices.IndexFunc(opts.IgnoreResources, func(re *regexp.Regexp) bool {
+				return re.MatchString(formatGVRForComparison(res))
+			}); i > -1 {
+				fmt.Fprintf(logWriter, "skipping %s: ignored by regex %q\n", res, opts.IgnoreResources[i].String())
+				continue
+			}
+
+			continueKey := ""
+			for {
+				l, err := dynClient.Resource(res).List(ctx, metav1.ListOptions{
+					Limit:    batchSize,
+					Continue: continueKey,
+				})
+				if err != nil {
+					errors = append(errors, fmt.Errorf("failed to list %s: %w", res, err))
+					break
+				}
+				if err := cb(l); err != nil {
+					errors = append(errors, fmt.Errorf("failed to dump %s: %w", res, err))
+				}
+				if l.GetContinue() == "" {
+					break
+				}
+				continueKey = l.GetContinue()
+			}
+		}
+	}
+
+	return multierr.Combine(errors...)
+}
+
+func groupVersionFromString(s string) schema.GroupVersion {
+	parts := strings.Split(s, "/")
+	if len(parts) == 1 {
+		return schema.GroupVersion{Version: parts[0]}
+	}
+	return schema.GroupVersion{Group: parts[0], Version: parts[1]}
+}
+
+func formatGVRForComparison(gvr schema.GroupVersionResource) string {
+	if gvr.Group == "" {
+		return gvr.Resource
+	}
+	return fmt.Sprintf("%s.%s", gvr.Resource, gvr.Group)
+}

Dockerfile

@@ -0,0 +1,116 @@
+package discovery_test
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/projectsyn/k8s-object-dumper/internal/pkg/discovery"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+)
+
+type objKey struct {
+	apiVersion, kind, name, namespace string
+}
+
+func Test_DiscoverObjects(t *testing.T) {
+	cfg, stop := setupEnvtestEnv(t)
+	defer stop()
+
+	objs := map[objKey]unstructured.Unstructured{}
+	objTracker := func(obj *unstructured.UnstructuredList) error {
+		for _, o := range obj.Items {
+			objs[objKey{apiVersion: o.GetAPIVersion(), kind: o.GetKind(), name: o.GetName(), namespace: o.GetNamespace()}] = o
+		}
+		return nil
+	}
+
+	c, err := client.New(cfg, client.Options{})
+	require.NoError(t, err)
+
+	ns := corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-ns",
+		},
+	}
+	sas := make([]client.Object, 0, 10)
+	for i := 1; i <= cap(sas); i++ {
+		sas = append(sas, &corev1.ServiceAccount{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      fmt.Sprintf("test-service-account-%d", i),
+				Namespace: "test-ns",
+			},
+		})
+	}
+	cr := rbacv1.ClusterRole{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-cluster-role",
+		},
+	}
+	r := rbacv1.Role{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-role",
+			Namespace: "test-ns",
+		},
+	}
+
+	for _, obj := range append([]client.Object{&ns, &cr, &r}, sas...) {
+		require.NoError(t, c.Create(context.Background(), obj))
+	}
+
+	require.NoError(t, discovery.DiscoverObjects(context.Background(), cfg, objTracker, discovery.DiscoveryOptions{
+		BatchSize: int64(cap(sas) / 2),
+		IgnoreResources: []*regexp.Regexp{
+			regexp.MustCompile(`^roles.rbac.authorization.k8s.io$`),
+		},
+		MustExistResources: []string{
+			"clusterroles.rbac.authorization.k8s.io",
+			"deployments.apps",
+			"namespaces",
+		},
+	}))
+
+	require.Contains(t, objs, objKey{apiVersion: "v1", kind: "Namespace", name: "test-ns", namespace: ""})
+	require.Contains(t, objs, objKey{apiVersion: "rbac.authorization.k8s.io/v1", kind: "ClusterRole", name: "test-cluster-role", namespace: ""})
+	for i := 1; i <= cap(sas); i++ {
+		require.Contains(t, objs, objKey{apiVersion: "v1", kind: "ServiceAccount", name: fmt.Sprintf("test-service-account-%d", i), namespace: "test-ns"})
+	}
+	require.NotContains(t, objs, objKey{apiVersion: "rbac.authorization.k8s.io/v1", kind: "Role", name: "test-role", namespace: "test-ns"}, "Roles are ignored by regex")
+}
+
+func Test_DiscoverObjects_MustExistResources_NotSatisfied(t *testing.T) {
+	cfg, stop := setupEnvtestEnv(t)
+	defer stop()
+
+	discard := func(obj *unstructured.UnstructuredList) error {
+		return nil
+	}
+
+	require.ErrorContains(t, discovery.DiscoverObjects(context.Background(), cfg, discard, discovery.DiscoveryOptions{
+		MustExistResources: []string{
+			"fluxcapacitors.spaceship.io",
+			"namespaces",
+		},
+	}), "missing resources: [fluxcapacitors.spaceship.io]")
+}
+
+func setupEnvtestEnv(t *testing.T) (cfg *rest.Config, stop func()) {
+	t.Helper()
+
+	testEnv := &envtest.Environment{}
+
+	cfg, err := testEnv.Start()
+	require.NoError(t, err)
+
+	return cfg, func() {
+		require.NoError(t, testEnv.Stop())
+	}
+}

Makefile

@@ -0,0 +1,115 @@
+package dumper
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"go.uber.org/multierr"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+// DirDumper writes objects to a directory.
+// Must be initialized with newDirDumper.
+// Must be closed after use.
+type DirDumper struct {
+	dir string
+
+	openFiles map[string]*os.File
+	sharedBuf *bytes.Buffer
+}
+
+// NewDirDumper creates a new dirDumper that writes objects to the given directory.
+// The directory will be created if it does not exist.
+// If the directory cannot be created, an error is returned.
+func NewDirDumper(dir string) (*DirDumper, error) {
+	if err := os.MkdirAll(dir, 0755); err != nil {
+		return nil, fmt.Errorf("failed to create directory %q: %w", dir, err)
+	}
+	return &DirDumper{
+		dir:       dir,
+		openFiles: make(map[string]*os.File),
+		sharedBuf: new(bytes.Buffer),
+	}, nil
+}
+
+// Close closes the dirDumper and all open files.
+// The dirDumper cannot be used after it is closed.
+func (d *DirDumper) Close() error {
+	var errs []error
+	for _, f := range d.openFiles {
+		if err := f.Close(); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	return multierr.Combine(errs...)
+}
+
+// Dump writes the objects in the list to the directory.
+// The objects are written to the directory in two ways:
+// - All objects are written to a file named objects-<kind>.json
+// - Objects with a namespace are written to a directory named split/<namespace> with two files:
+//   - __all__.json contains all objects in the namespace
+//   - <kind>.json contains all objects of the kind in the namespace
+//
+// If an object cannot be written, an error is returned.
+// This method is not safe for concurrent use.
+func (d *DirDumper) Dump(l *unstructured.UnstructuredList) error {
+	buf := d.sharedBuf
+	var errs []error
+	for _, o := range l.Items {
+		buf.Reset()
+		if err := json.NewEncoder(buf).Encode(o.Object); err != nil {
+			errs = append(errs, fmt.Errorf("failed to encode object: %w", err))
+			continue
+		}
+		p := buf.Bytes()
+		gk := o.GroupVersionKind().GroupKind()
+
+		if err := d.writeToFile(fmt.Sprintf("%s/objects-%s.json", d.dir, gk), p); err != nil {
+			errs = append(errs, err)
+		}
+
+		if o.GetNamespace() == "" {
+			continue
+		}
+
+		if err := d.writeToFile(fmt.Sprintf("%s/split/%s/__all__.json", d.dir, o.GetNamespace()), p); err != nil {
+			errs = append(errs, err)
+		}
+		if err := d.writeToFile(fmt.Sprintf("%s/split/%s/%s.json", d.dir, o.GetNamespace(), gk), p); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	return multierr.Combine(errs...)
+}
+
+func (d *DirDumper) writeToFile(path string, b []byte) error {
+	f, err := d.file(path)
+	if err != nil {
+		return fmt.Errorf("failed to open file for copying: %w", err)
+	}
+	if _, err := f.Write(b); err != nil {
+		return fmt.Errorf("failed to copy to file: %w", err)
+	}
+	return nil
+}
+
+func (d *DirDumper) file(path string) (*os.File, error) {
+	f, ok := d.openFiles[path]
+	if ok {
+		return f, nil
+	}
+	dir := filepath.Dir(path)
+	if err := os.MkdirAll(dir, 0755); err != nil {
+		return nil, fmt.Errorf("failed to create directory %q: %w", dir, err)
+	}
+	f, err := os.Create(path)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create file %q: %w", path, err)
+	}
+	d.openFiles[path] = f
+	return f, nil
+}

Makefile.vars.mk

@@ -0,0 +1,165 @@
+package dumper_test
+
+import (
+	"bytes"
+	"encoding/json"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
+	"github.com/projectsyn/k8s-object-dumper/internal/pkg/dumper"
+)
+
+func Test_DirDumper(t *testing.T) {
+	tdir, err := os.MkdirTemp(".", "test")
+	require.NoError(t, err)
+	defer os.RemoveAll(tdir)
+
+	subject, err := dumper.NewDirDumper(tdir)
+	require.NoError(t, err)
+
+	uls := []*unstructured.UnstructuredList{
+		{
+			Items: []unstructured.Unstructured{
+				{
+					Object: map[string]interface{}{
+						"kind":       "Pod",
+						"apiVersion": "v1",
+						"metadata": map[string]interface{}{
+							"name":      "test-pod",
+							"namespace": "test-ns",
+						},
+					},
+				},
+				{
+					Object: map[string]interface{}{
+						"kind":       "Pod",
+						"apiVersion": "v1",
+						"metadata": map[string]interface{}{
+							"name":      "test-pod",
+							"namespace": "test-ns-2",
+						},
+					},
+				},
+			},
+		},
+		{
+			Items: []unstructured.Unstructured{
+				{
+					Object: map[string]interface{}{
+						"kind":       "Pod",
+						"apiVersion": "v1",
+						"metadata": map[string]interface{}{
+							"name":      "test-pod-2",
+							"namespace": "test-ns",
+						},
+					},
+				},
+			},
+		},
+		{
+			Items: []unstructured.Unstructured{
+				{
+					Object: map[string]interface{}{
+						"kind":       "Service",
+						"apiVersion": "v1",
+						"metadata": map[string]interface{}{
+							"name":      "test-svc",
+							"namespace": "test-ns",
+						},
+					},
+				},
+			},
+		},
+		{
+			Items: []unstructured.Unstructured{
+				{
+					Object: map[string]interface{}{
+						"kind":       "ClusterRole",
+						"apiVersion": "rbac.authorization.k8s.io/v1",
+						"metadata": map[string]interface{}{
+							"name": "cluster-scoped",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for i, ul := range uls {
+		require.NoErrorf(t, subject.Dump(ul), "failed to dump list %d", i)
+	}
+	defer func() {
+		require.NoError(t, subject.Close())
+	}()
+
+	require.FileExists(t, tdir+"/objects-Pod.json")
+	requireFileContains(t, tdir+"/objects-Pod.json", []ExpectedObject{
+		{Kind: "Pod", Name: "test-pod", Namespace: "test-ns"},
+		{Kind: "Pod", Name: "test-pod", Namespace: "test-ns-2"},
+		{Kind: "Pod", Name: "test-pod-2", Namespace: "test-ns"},
+	})
+	require.FileExists(t, tdir+"/objects-Service.json")
+	requireFileContains(t, tdir+"/objects-Service.json", []ExpectedObject{
+		{Kind: "Service", Name: "test-svc", Namespace: "test-ns"},
+	})
+	require.FileExists(t, tdir+"/objects-ClusterRole.rbac.authorization.k8s.io.json")
+	requireFileContains(t, tdir+"/objects-ClusterRole.rbac.authorization.k8s.io.json", []ExpectedObject{
+		{Kind: "ClusterRole", Name: "cluster-scoped", Namespace: ""},
+	})
+	require.FileExists(t, tdir+"/split/test-ns/__all__.json")
+	requireFileContains(t, tdir+"/split/test-ns/__all__.json", []ExpectedObject{
+		{Kind: "Pod", Name: "test-pod", Namespace: "test-ns"},
+		{Kind: "Pod", Name: "test-pod-2", Namespace: "test-ns"},
+		{Kind: "Service", Name: "test-svc", Namespace: "test-ns"},
+	})
+	require.FileExists(t, tdir+"/split/test-ns/Pod.json")
+	requireFileContains(t, tdir+"/split/test-ns/Pod.json", []ExpectedObject{
+		{Kind: "Pod", Name: "test-pod", Namespace: "test-ns"},
+		{Kind: "Pod", Name: "test-pod-2", Namespace: "test-ns"},
+	})
+	require.FileExists(t, tdir+"/split/test-ns/Service.json")
+	requireFileContains(t, tdir+"/split/test-ns/Service.json", []ExpectedObject{
+		{Kind: "Service", Name: "test-svc", Namespace: "test-ns"},
+	})
+	require.FileExists(t, tdir+"/split/test-ns-2/__all__.json")
+	requireFileContains(t, tdir+"/split/test-ns-2/__all__.json", []ExpectedObject{
+		{Kind: "Pod", Name: "test-pod", Namespace: "test-ns-2"},
+	})
+	require.FileExists(t, tdir+"/split/test-ns-2/Pod.json")
+	requireFileContains(t, tdir+"/split/test-ns-2/Pod.json", []ExpectedObject{
+		{Kind: "Pod", Name: "test-pod", Namespace: "test-ns-2"},
+	})
+}
+
+type ExpectedObject struct {
+	Kind, Name, Namespace string
+}
+
+func requireFileContains(t *testing.T, path string, expected []ExpectedObject) {
+	t.Helper()
+	raw, err := os.ReadFile(path)
+	require.NoError(t, err)
+
+	var objs []unstructured.Unstructured
+	raw = bytes.TrimSuffix(raw, []byte("\n"))
+	rawObjs := bytes.Split(raw, []byte("\n"))
+	for _, rawObj := range rawObjs {
+		var obj unstructured.Unstructured
+		require.NoError(t, json.Unmarshal(rawObj, &obj))
+		objs = append(objs, obj)
+	}
+
+	actualObjects := make([]ExpectedObject, 0, len(objs))
+	for _, obj := range objs {
+		actualObjects = append(actualObjects, ExpectedObject{
+			Kind:      obj.GetKind(),
+			Name:      obj.GetName(),
+			Namespace: obj.GetNamespace(),
+		})
+	}
+
+	require.ElementsMatch(t, expected, actualObjects)
+}

README.md

@@ -0,0 +1,19 @@
+// Dumper provides means to dump a UnstructuredList returned by a dynamic client.
+package dumper
+
+import (
+	"encoding/json"
+	"io"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+// Dumper is an interface for dumping a list of unstructured objects
+type DumperFunc func(*unstructured.UnstructuredList) error
+
+// DumpToWriter dumps the list of unstructured objects to the provided writer as JSON
+func DumpToWriter(w io.Writer) DumperFunc {
+	return func(l *unstructured.UnstructuredList) error {
+		return json.NewEncoder(w).Encode(l)
+	}
+}

dump-objects

@@ -0,0 +1,43 @@
+package dumper_test
+
+import (
+	"bytes"
+	"encoding/json"
+	"testing"
+
+	"github.com/projectsyn/k8s-object-dumper/internal/pkg/dumper"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+func Test_DumpToWriter(t *testing.T) {
+	var b bytes.Buffer
+
+	subject := dumper.DumpToWriter(&b)
+
+	require.NoError(t,
+		subject(&unstructured.UnstructuredList{
+			Object: map[string]interface{}{
+				"kind": "List",
+			},
+			Items: []unstructured.Unstructured{
+				{
+					Object: map[string]interface{}{
+						"kind":       "Pod",
+						"apiVersion": "v1",
+						"metadata": map[string]interface{}{
+							"name":      "test-pod",
+							"namespace": "test-ns",
+						},
+					},
+				},
+			},
+		}),
+	)
+
+	var got unstructured.UnstructuredList
+	require.NoError(t, json.NewDecoder(&b).Decode(&got))
+
+	require.Len(t, got.Items, 1)
+	require.Equal(t, "Pod", got.Items[0].GetKind())
+}

go.mod

@@ -0,0 +1,85 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"regexp"
+
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	"github.com/projectsyn/k8s-object-dumper/internal/pkg/discovery"
+	"github.com/projectsyn/k8s-object-dumper/internal/pkg/dumper"
+)
+
+func main() {
+	var dir string
+	var batchSize int64
+	mustExistResources := new(repeatableStringFlag)
+	ignoreResources := new(repeatableRegexpFlag)
+
+	flag.StringVar(&dir, "dir", "", "Directory to dump objects into")
+	flag.Int64Var(&batchSize, "batch-size", 500, "Batch size for listing objects")
+	flag.Var(mustExistResources, "must-exist", "Resource that must exist in the cluster. Can be used multiple times.")
+	flag.Var(ignoreResources, "ignore", "Resource to ignore during discovery. Regexp, anchored by default. Can be used multiple times.")
+
+	flag.Parse()
+
+	df := dumper.DumpToWriter(os.Stdout)
+	if dir != "" {
+		if err := os.MkdirAll(dir, 0755); err != nil {
+			fmt.Fprintf(os.Stderr, "failed to create directory %s: %v\n", dir, err)
+			os.Exit(1)
+		}
+		d, err := dumper.NewDirDumper(dir)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to create directory dumper: %v\n", err)
+			os.Exit(1)
+		}
+		defer d.Close()
+		df = d.Dump
+	}
+
+	conf, err := ctrl.GetConfig()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed to get Kubernetes config: %v", err)
+	}
+
+	if err := discovery.DiscoverObjects(context.Background(), conf, df, discovery.DiscoveryOptions{
+		BatchSize:          batchSize,
+		LogWriter:          os.Stderr,
+		MustExistResources: *mustExistResources,
+		IgnoreResources:    *ignoreResources,
+	}); err != nil {
+		fmt.Fprintf(os.Stderr, "failed to dump some or all objects: %+v\n", err)
+		os.Exit(1)
+	}
+}
+
+type repeatableStringFlag []string
+
+func (i *repeatableStringFlag) String() string {
+	return fmt.Sprintf("%v", *i)
+}
+
+func (i *repeatableStringFlag) Set(value string) error {
+	*i = append(*i, value)
+	return nil
+}
+
+type repeatableRegexpFlag []*regexp.Regexp
+
+func (i *repeatableRegexpFlag) String() string {
+	return fmt.Sprintf("%v", *i)
+}
+
+func (i *repeatableRegexpFlag) Set(value string) error {
+	value = fmt.Sprintf("^%s$", value)
+	r, err := regexp.Compile(value)
+	if err != nil {
+		return fmt.Errorf("failed to compile regexp %q: %w", value, err)
+	}
+	*i = append(*i, r)
+	return nil
+}

go.sum

@@ -1,8 +1,6 @@
 {
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base"
-  ],
-  "labels": [
-    "dependency"
+    "config:recommended"
   ]
 }