@crossdelta/infrastructure 0.10.1 → 0.11.1

package/README.md

@@ -3,23 +3,52 @@
 [![npm version](https://img.shields.io/npm/v/@crossdelta/infrastructure.svg)](https://www.npmjs.com/package/@crossdelta/infrastructure)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
-Pulumi abstractions that turn per-service config objects into complete Kubernetes deployments. You describe **what** each service needs (ports, env, secrets, health checks), the package handles **how** (Deployments, Services, Ingress, TLS, probes, pull secrets).
+Opinionated Pulumi library for deploying microservices to **DigitalOcean Kubernetes (DOKS)**. You describe each service as a typed config object, the package generates Deployments, Services, Ingress, Secrets, health probes, and rolling update strategies.
 
-**What you skip writing:**
-- Boilerplate K8s YAML / Pulumi resource declarations per service
-- NATS JetStream + cert-manager + NGINX Ingress setup
-- Docker registry secrets, health probes, rolling update strategies
-- Multi-environment concerns (shared cluster, per-stack namespaces)
+Built for teams running TypeScript microservices on DOKS with NATS JetStream, GHCR, and Pulumi. If that's your stack, this saves real boilerplate. If not, you're probably better off with plain Pulumi or Helm.
+
+## When to use this
+
+- You deploy multiple TypeScript services to a **DigitalOcean** Kubernetes cluster
+- You use **Pulumi** (not Terraform, not Helm-only) for infrastructure
+- You want one config object per service instead of ~150 lines of K8s resource declarations
+- You need NATS JetStream, NGINX Ingress, cert-manager, or Caddy as a reverse proxy
+
+## When NOT to use this
+
+- **AWS/GCP/Azure**: Only DOKS is implemented. EKS/AKS/GKE are not supported.
+- **Terraform or plain Helm**: This is Pulumi-only.
+- **Non-opinionated setups**: The package makes choices for you (Helm chart versions, deployment strategies, DO-specific annotations). If you need full control, use Pulumi directly.
+- **Single-service projects**: The overhead isn't worth it for one service.
 
 ## Install
 
 ```bash
 npm install @crossdelta/infrastructure @pulumi/pulumi @pulumi/kubernetes
+# For DOKS cluster creation:
+npm install @pulumi/digitalocean
+# For NATS stream deployment (optional):
+npm install @crossdelta/cloudevents
 ```
 
-## End-to-End Example
+## What's included
+
+| Module | What it does |
+|--------|-------------|
+| **Cluster** | `createDOKSCluster()`, `createVPC()`, `createK8sProviderFromKubeconfig()` |
+| **Workloads** | `deployK8sService()`, `deployK8sServices()`, `createNamespace()`, `createImagePullSecret()` |
+| **NGINX Ingress** | `deployNginxIngress()` via Helm (chart v4.11.3) |
+| **cert-manager** | `deployCertManager()` via Helm (chart v1.16.2) |
+| **NATS** | `deployNats()` via Helm (chart v1.2.6), `buildNatsUrl()` |
+| **Caddy** | `deployCaddy()`, `generateCaddyfile()` for reverse proxy with on-demand TLS |
+| **Streams** | `collectStreamDefinitions()`, `deployStreams()`, `materializeStreams()` (NATS JetStream) |
+| **Service Discovery** | `discoverServiceConfigs()` auto-discovers configs from `infra/services/*.ts` |
+| **Local Dev** | `generateComposeYaml()`, k3d cluster scripts |
+| **CLI** | `generate-env` generates `.env.local` from Pulumi config + service discovery |
+
+## Quick Start
 
-One `index.ts` that provisions a cluster, runtime, and all services:
+One `index.ts` that provisions a cluster, runtime components, and all services:
 
 ```typescript
 import {
@@ -31,7 +60,6 @@ import {
   discoverServiceConfigs,
 } from '@crossdelta/infrastructure'
 
-// 1. Cluster
 const vpc = createVPC({ name: 'my-vpc', region: 'fra1' })
 const { provider } = createDOKSCluster({
   name: 'my-cluster',
@@ -40,21 +68,19 @@ const { provider } = createDOKSCluster({
 })
 createNamespace(provider, 'my-namespace')
 
-// 2. Runtime (toggle what you need)
 const runtime = deployRuntime(provider, 'my-namespace', {
   nats: { enabled: true, config: { replicas: 1, jetstream: { enabled: true } } },
   ingress: { enabled: true },
   certManager: { enabled: true, config: { email: 'ops@example.com' } },
 })
 
-// 3. Services (auto-discovered from infra/services/*.ts)
 const configs = discoverServiceConfigs('services')
 deployK8sServices(provider, 'my-namespace', configs)
 ```
 
 ## Service Config
 
-Each file in `infra/services/` exports one config. The package derives Deployment, Service, Ingress, Secret, and probes from it:
+Each file in `infra/services/` exports one config object. The package derives all K8s resources from it:
 
 ```typescript
 import { ports, type K8sServiceConfig } from '@crossdelta/infrastructure'
@@ -75,14 +101,14 @@ const config: K8sServiceConfig = {
 export default config
 ```
 
-See `K8sServiceConfig` type for all available fields (replicas, volumes, strategy, containerEnv, etc.).
+See `K8sServiceConfig` for all fields: replicas, volumes, strategy, containerEnv, labels, annotations, serviceType, etc.
 
 ## Shared Cluster (Multi-Stack)
 
-When multiple Pulumi stacks share one cluster, use `clusterName`/`vpcName` to pin the DigitalOcean resource name (default appends the stack name):
+Pin DigitalOcean resource names with `clusterName`/`vpcName` to share a cluster across Pulumi stacks:
 
 ```typescript
-// Stack A (stage) — owns the cluster
+// Stage stack owns the cluster
 const { provider, kubeconfig } = createDOKSCluster({
   name: 'my-cluster',
   clusterName: 'my-cluster',
@@ -91,7 +117,7 @@ const { provider, kubeconfig } = createDOKSCluster({
 })
 export const clusterKubeconfig = kubeconfig
 
-// Stack B (production) — references the shared cluster
+// Production stack references stage
 const stageStack = new StackReference('org/project/stage')
 const provider = createK8sProviderFromKubeconfig(
   'production',
@@ -99,9 +125,24 @@ const provider = createK8sProviderFromKubeconfig(
 )
 ```
 
-## generate-env
+## generate-env CLI
+
+Generates `.env.local` from Pulumi secrets and discovered service configs:
+
+```bash
+npx generate-env              # defaults to stage stack
+npx generate-env --stack=production
+npx generate-env --no-pulumi  # skip Pulumi, only service discovery
+```
+
+## Limitations
+
+- **DOKS only.** No other cloud provider is implemented.
+- **Helm chart versions are pinned.** NGINX v4.11.3, cert-manager v1.16.2, NATS v1.2.6. No override option yet.
+- **Service discovery assumes a convention:** `infra/services/*.ts` files with `export default config`.
+- **`@crossdelta/cloudevents` is a hard dependency** even if you don't use NATS streams https://github.com/orderboss/platform/issues/TBD.
+- **Caddy deployment uses Recreate strategy** (RWO PVC incompatible with rolling updates).
 
-Generates `.env.local` from Pulumi secrets (default: `stage` stack) and discovered services. Override with `--stack=production` or `--no-pulumi`.
 
 ## License
 

package/dist/index.cjs

@@ -64,6 +64,7 @@ __export(exports_lib, {
   generateComposeYaml: () => generateComposeYaml,
   generateComposeSetupScript: () => generateComposeSetupScript,
   generateComposeProject: () => generateComposeProject,
+  generateCaddyfile: () => generateCaddyfile,
   fromK8sPorts: () => fromK8sPorts,
   fromAppPlatformPorts: () => fromAppPlatformPorts,
   dockerHubImage: () => dockerHubImage,
@@ -77,6 +78,7 @@ __export(exports_lib, {
   deployK8sServices: () => deployK8sServices,
   deployK8sService: () => deployK8sService,
   deployCertManager: () => deployCertManager,
+  deployCaddy: () => deployCaddy,
   createVPC: () => createVPC,
   createPorts: () => createPorts,
   createPort: () => createPort,
@@ -1131,9 +1133,206 @@ var materializeStreams = (provider, namespace, config) => {
   });
   return job;
 };
+// lib/runtimes/doks/caddy.ts
+var k8s5 = __toESM(require("@pulumi/kubernetes"));
+var CADDY_DEFAULTS = {
+  resources: {
+    requests: { cpu: "50m", memory: "64Mi" },
+    limits: { cpu: "200m", memory: "256Mi" }
+  },
+  storage: { size: "1Gi", storageClass: "do-block-storage" },
+  healthCheck: { port: 80, path: "/healthz" }
+};
+var indent = (text, level) => {
+  const prefix = "  ".repeat(level);
+  return text.split(`
+`).map((line) => line.trim() === "" ? "" : `${prefix}${line}`).join(`
+`);
+};
+var basicAuthLines = (basicAuth) => basicAuth ? ["basicauth {", `  ${basicAuth.user} ${basicAuth.hash}`, "}"] : [];
+var generateHandleBlock = (handle, level, basicAuth) => {
+  const hasPath = handle.path != null;
+  const header = hasPath ? `handle ${handle.path}* {` : "handle {";
+  const body = [
+    ...basicAuthLines(basicAuth)
+  ];
+  if (handle.redirect) {
+    body.push(`redir ${handle.redirect} permanent`);
+  } else if (handle.upstream) {
+    if ((handle.stripPrefix ?? hasPath) && hasPath) {
+      body.push(`uri strip_prefix ${handle.path}`);
+    }
+    body.push(`reverse_proxy ${handle.upstream}`);
+  }
+  const inner = body.map((line) => `  ${line}`).join(`
+`);
+  return indent(`${header}
+${inner}
+}`, level);
+};
+var generateRouteBlock = (route) => {
+  const body = [];
+  if (route.handles && route.handles.length > 0) {
+    for (const handle of route.handles) {
+      body.push(generateHandleBlock(handle, 1, route.basicAuth));
+    }
+  } else {
+    body.push(...basicAuthLines(route.basicAuth).map((line) => `  ${line}`));
+    if (route.redirect) {
+      body.push(`  redir ${route.redirect} permanent`);
+    } else if (route.upstream) {
+      body.push(`  reverse_proxy ${route.upstream}`);
+    }
+  }
+  return `${route.hosts} {
+${body.join(`
+`)}
+}`;
+};
+var generateGlobalBlock = (config) => {
+  const lines = ["{"];
+  if (config.acmeEmail) {
+    lines.push(`  email ${config.acmeEmail}`);
+  }
+  lines.push("  admin off");
+  if (config.onDemandTls) {
+    lines.push("  on_demand_tls {");
+    lines.push(`    ask ${config.onDemandTls.askEndpoint}`);
+    lines.push("  }");
+  }
+  lines.push("  servers {");
+  lines.push("    trusted_proxies static private_ranges");
+  lines.push("  }");
+  lines.push("}");
+  return lines.join(`
+`);
+};
+var generateCatchAllBlock = (upstream) => ["https:// {", "  tls {", "    on_demand", "  }", `  reverse_proxy ${upstream}`, "}"].join(`
+`);
+var buildResourceSpec = (config, defaults) => {
+  const resources = config ?? defaults ?? CADDY_DEFAULTS.resources;
+  return {
+    requests: resources.requests,
+    limits: resources.limits
+  };
+};
+var generateCaddyfile = (config) => {
+  const healthCheck = config.healthCheck ?? CADDY_DEFAULTS.healthCheck;
+  const healthCheckBlock = `:${healthCheck.port} {
+  respond ${healthCheck.path} 200
+}`;
+  const blocks = [
+    generateGlobalBlock(config),
+    ...config.routes.map(generateRouteBlock),
+    healthCheckBlock,
+    ...config.catchAllUpstream && config.onDemandTls ? [generateCatchAllBlock(config.catchAllUpstream)] : []
+  ];
+  return blocks.join(`
+
+`) + `
+`;
+};
+var deployCaddy = (provider, namespace, config) => {
+  const name = "caddy";
+  const labels = { app: name, "app.kubernetes.io/name": name, "app.kubernetes.io/managed-by": "pulumi" };
+  const healthCheck = config.healthCheck ?? CADDY_DEFAULTS.healthCheck;
+  const storage = config.storage ?? CADDY_DEFAULTS.storage;
+  const caddyfile = generateCaddyfile(config);
+  const configMap = new k8s5.core.v1.ConfigMap(name, {
+    metadata: { name, namespace, labels },
+    data: { Caddyfile: caddyfile }
+  }, { provider });
+  const persistentVolumeClaim = new k8s5.core.v1.PersistentVolumeClaim(`${name}-data`, {
+    metadata: { name: `${name}-data`, namespace, labels },
+    spec: {
+      accessModes: ["ReadWriteOnce"],
+      storageClassName: storage.storageClass ?? CADDY_DEFAULTS.storage.storageClass,
+      resources: { requests: { storage: storage.size } }
+    }
+  }, { provider });
+  const caddyContainer = {
+    name: "caddy",
+    image: "caddy:2-alpine",
+    ports: [
+      { name: "https", containerPort: 443, protocol: "TCP" },
+      { name: "http", containerPort: 80, protocol: "TCP" }
+    ],
+    resources: buildResourceSpec(config.resources),
+    volumeMounts: [
+      { name: "caddy-data", mountPath: "/data" },
+      { name: "caddyfile", mountPath: "/etc/caddy/Caddyfile", subPath: "Caddyfile" }
+    ],
+    readinessProbe: {
+      httpGet: { path: healthCheck.path, port: healthCheck.port },
+      initialDelaySeconds: 5,
+      periodSeconds: 10
+    },
+    livenessProbe: {
+      httpGet: { path: healthCheck.path, port: healthCheck.port },
+      initialDelaySeconds: 10,
+      periodSeconds: 30
+    }
+  };
+  const containers = [caddyContainer, ...config.sidecars ?? []];
+  const deployment = new k8s5.apps.v1.Deployment(name, {
+    metadata: { name, namespace, labels },
+    spec: {
+      replicas: 1,
+      strategy: { type: "Recreate" },
+      selector: { matchLabels: { app: name } },
+      template: {
+        metadata: { labels },
+        spec: {
+          containers,
+          volumes: [
+            {
+              name: "caddy-data",
+              persistentVolumeClaim: { claimName: `${name}-data` }
+            },
+            {
+              name: "caddyfile",
+              configMap: { name }
+            }
+          ]
+        }
+      }
+    }
+  }, { provider, dependsOn: [configMap, persistentVolumeClaim] });
+  const service = new k8s5.core.v1.Service(name, {
+    metadata: {
+      name,
+      namespace,
+      labels,
+      annotations: {
+        "service.beta.kubernetes.io/do-loadbalancer-healthcheck-path": healthCheck.path,
+        "service.beta.kubernetes.io/do-loadbalancer-healthcheck-protocol": "http",
+        "service.beta.kubernetes.io/do-loadbalancer-healthcheck-port": String(healthCheck.port)
+      }
+    },
+    spec: {
+      type: "LoadBalancer",
+      selector: { app: name },
+      ports: [
+        { name: "https", port: 443, targetPort: 443, protocol: "TCP" },
+        { name: "http", port: 80, targetPort: 80, protocol: "TCP" }
+      ]
+    }
+  }, { provider, dependsOn: [deployment] });
+  const loadBalancerIp = service.status.apply((status) => {
+    const ingress = status?.loadBalancer?.ingress?.[0];
+    return ingress?.ip ?? ingress?.hostname ?? "";
+  });
+  return {
+    deployment,
+    service,
+    persistentVolumeClaim,
+    configMap,
+    loadBalancerIp
+  };
+};
 // lib/runtimes/doks/cluster.ts
 var digitalocean = __toESM(require("@pulumi/digitalocean"));
-var k8s5 = __toESM(require("@pulumi/kubernetes"));
+var k8s6 = __toESM(require("@pulumi/kubernetes"));
 var pulumi4 = __toESM(require("@pulumi/pulumi"));
 function createDOKSCluster(config) {
   const stack = pulumi4.getStack();
@@ -1150,7 +1349,7 @@ function createDOKSCluster(config) {
       day: "sunday",
       startTime: "04:00"
     },
-    tags: config.tags ?? ["orderboss", `env:${stack}`],
+    tags: config.tags ?? [`env:${stack}`],
     nodePool: {
       name: config.nodePool.name,
       size: config.nodePool.size,
@@ -1170,7 +1369,7 @@ function createDOKSCluster(config) {
     }
     return firstConfig.rawConfig;
   }));
-  const provider = new k8s5.Provider(`${config.name}-k8s-provider`, {
+  const provider = new k8s6.Provider(`${config.name}-k8s-provider`, {
     kubeconfig
   });
   return {
@@ -1181,7 +1380,7 @@ function createDOKSCluster(config) {
   };
 }
 function createK8sProviderFromKubeconfig(name, kubeconfig) {
-  return new k8s5.Provider(name, { kubeconfig });
+  return new k8s6.Provider(name, { kubeconfig });
 }
 // lib/runtimes/doks/vpc.ts
 var digitalocean2 = __toESM(require("@pulumi/digitalocean"));
@@ -1197,7 +1396,7 @@ function createVPC(config) {
   });
 }
 // lib/runtimes/doks/workloads.ts
-var k8s6 = __toESM(require("@pulumi/kubernetes"));
+var k8s7 = __toESM(require("@pulumi/kubernetes"));
 var pulumi6 = __toESM(require("@pulumi/pulumi"));
 
 // lib/runtimes/doks/probes.ts
@@ -1226,7 +1425,7 @@ var normalizeK8sConfig = (config) => {
   if (config.containerPort) {
     console.warn(`⚠️  Service "${config.name}": containerPort is deprecated. Use ports instead.
 ` + `   Example: ports: ports().http(${config.containerPort}).build()
-` + `   See: https://github.com/orderboss/platform/blob/main/packages/infrastructure/README.md#port-configuration`);
+` + `   See: https://www.npmjs.com/package/@crossdelta/infrastructure`);
     const ports2 = fromK8sPorts({
       containerPort: config.containerPort,
       additionalPorts: config.additionalPorts
@@ -1268,7 +1467,7 @@ var createImagePullSecret = (provider, namespace, name, config) => {
       }
     });
   });
-  return new k8s6.core.v1.Secret(name, {
+  return new k8s7.core.v1.Secret(name, {
     metadata: {
       name,
       namespace,
@@ -1298,7 +1497,7 @@ var buildEnvVars = (config) => {
   })) : [];
   return [portEnv, ...plainEnvVars, ...secretEnvVars];
 };
-var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s6.core.v1.Secret(`${config.name}-secret`, {
+var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s7.core.v1.Secret(`${config.name}-secret`, {
   metadata: {
     name: `${config.name}-secret`,
     namespace,
@@ -1311,7 +1510,7 @@ var createServiceVolumes = (provider, namespace, config, labels) => {
   if (!config.volumes) {
     return { pvcs: [], volumeMounts: [], volumes: [] };
   }
-  const pvcs = config.volumes.map((vol) => new k8s6.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
+  const pvcs = config.volumes.map((vol) => new k8s7.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
     metadata: {
       name: `${config.name}-${vol.name}`,
       namespace,
@@ -1414,7 +1613,7 @@ var createServiceIngress = (provider, namespace, config, labels, service) => {
   const allHosts = [...primaryHosts, ...additionalHosts];
   const ingressRules = allHosts.length > 0 ? allHosts.map(createRule) : [createRule()];
   const tlsSecretName = config.ingress.tls?.secretName ?? `${config.name}-tls`;
-  return new k8s6.networking.v1.Ingress(`${config.name}-ingress`, {
+  return new k8s7.networking.v1.Ingress(`${config.name}-ingress`, {
     metadata: {
       name: config.name,
       namespace,
@@ -1444,7 +1643,7 @@ var deployK8sService = (provider, namespace, config) => {
   const { livenessProbe, readinessProbe } = buildHealthProbes2(normalizedConfig);
   const containerPorts = buildContainerPorts(normalizedConfig);
   const servicePorts = buildServicePorts(normalizedConfig);
-  const deployment = new k8s6.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
+  const deployment = new k8s7.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1493,7 +1692,7 @@ var deployK8sService = (provider, namespace, config) => {
       }
     }
   }, { provider, dependsOn: pvcs.length > 0 ? pvcs : undefined });
-  const service = new k8s6.core.v1.Service(`${normalizedConfig.name}-service`, {
+  const service = new k8s7.core.v1.Service(`${normalizedConfig.name}-service`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1526,7 +1725,7 @@ var deployK8sServices = (provider, namespace, configs, options) => configs.filte
   results.set(config.name, deployK8sService(provider, namespace, configWithSecret));
   return results;
 }, new Map);
-var createNamespace = (provider, name, labels) => new k8s6.core.v1.Namespace(name, {
+var createNamespace = (provider, name, labels) => new k8s7.core.v1.Namespace(name, {
   metadata: {
     name,
     labels: {
@@ -1702,7 +1901,7 @@ var generateComposeSetupScript = (services, projectName = "orderboss-local") =>
 };
 // lib/runtimes/local/k3d.ts
 var DEFAULT_K3D_CONFIG = {
-  name: "orderboss-local",
+  name: "local",
   servers: 1,
   agents: 1,
   ports: [
@@ -1747,7 +1946,7 @@ var generateK3dCreateCommand = (config = {}) => {
   }
   return parts.join(" ");
 };
-var generateK3dDeleteCommand = (clusterName = "orderboss-local") => `k3d cluster delete ${clusterName}`;
+var generateK3dDeleteCommand = (clusterName = "local") => `k3d cluster delete ${clusterName}`;
 var getAllPorts2 = (config) => {
   if (!config.ports)
     return [];
@@ -1893,7 +2092,7 @@ var generateLocalSetupScript = (services, options = {}) => {
   for (const service of services) {
     lines.push(`echo -e "\${GREEN}Deploying ${service.name}...\${NC}"`, generateKubectlApplyCommand(service, namespace), "");
   }
-  lines.push('echo -e "${GREEN}Local development environment ready!${NC}"', 'echo -e "${YELLOW}Access services at: http://localhost:8080${NC}"', `echo -e "\${YELLOW}Namespace: ${namespace}\${NC}"`, "", "# Useful commands:", `# kubectl get pods -n ${namespace}`, `# kubectl logs -f <pod-name> -n ${namespace}`, `# k3d cluster delete ${k3dConfig.name || "orderboss-local"}`);
+  lines.push('echo -e "${GREEN}Local development environment ready!${NC}"', 'echo -e "${YELLOW}Access services at: http://localhost:8080${NC}"', `echo -e "\${YELLOW}Namespace: ${namespace}\${NC}"`, "", "# Useful commands:", `# kubectl get pods -n ${namespace}`, `# kubectl logs -f <pod-name> -n ${namespace}`, `# k3d cluster delete ${k3dConfig.name || "local"}`);
   return lines.join(`
 `);
 };

package/dist/index.d.ts

@@ -19,7 +19,7 @@
  * })
  * ```
  *
- * @see https://github.com/orderboss/platform/tree/main/packages/infrastructure
+ * @see https://www.npmjs.com/package/@crossdelta/infrastructure
  */
 export * from './core';
 export type { RuntimeDeploymentConfig, RuntimeDeploymentResult } from './core/runtime';

package/dist/index.js

@@ -1037,9 +1037,206 @@ var materializeStreams = (provider, namespace, config) => {
   });
   return job;
 };
+// lib/runtimes/doks/caddy.ts
+import * as k8s5 from "@pulumi/kubernetes";
+var CADDY_DEFAULTS = {
+  resources: {
+    requests: { cpu: "50m", memory: "64Mi" },
+    limits: { cpu: "200m", memory: "256Mi" }
+  },
+  storage: { size: "1Gi", storageClass: "do-block-storage" },
+  healthCheck: { port: 80, path: "/healthz" }
+};
+var indent = (text, level) => {
+  const prefix = "  ".repeat(level);
+  return text.split(`
+`).map((line) => line.trim() === "" ? "" : `${prefix}${line}`).join(`
+`);
+};
+var basicAuthLines = (basicAuth) => basicAuth ? ["basicauth {", `  ${basicAuth.user} ${basicAuth.hash}`, "}"] : [];
+var generateHandleBlock = (handle, level, basicAuth) => {
+  const hasPath = handle.path != null;
+  const header = hasPath ? `handle ${handle.path}* {` : "handle {";
+  const body = [
+    ...basicAuthLines(basicAuth)
+  ];
+  if (handle.redirect) {
+    body.push(`redir ${handle.redirect} permanent`);
+  } else if (handle.upstream) {
+    if ((handle.stripPrefix ?? hasPath) && hasPath) {
+      body.push(`uri strip_prefix ${handle.path}`);
+    }
+    body.push(`reverse_proxy ${handle.upstream}`);
+  }
+  const inner = body.map((line) => `  ${line}`).join(`
+`);
+  return indent(`${header}
+${inner}
+}`, level);
+};
+var generateRouteBlock = (route) => {
+  const body = [];
+  if (route.handles && route.handles.length > 0) {
+    for (const handle of route.handles) {
+      body.push(generateHandleBlock(handle, 1, route.basicAuth));
+    }
+  } else {
+    body.push(...basicAuthLines(route.basicAuth).map((line) => `  ${line}`));
+    if (route.redirect) {
+      body.push(`  redir ${route.redirect} permanent`);
+    } else if (route.upstream) {
+      body.push(`  reverse_proxy ${route.upstream}`);
+    }
+  }
+  return `${route.hosts} {
+${body.join(`
+`)}
+}`;
+};
+var generateGlobalBlock = (config) => {
+  const lines = ["{"];
+  if (config.acmeEmail) {
+    lines.push(`  email ${config.acmeEmail}`);
+  }
+  lines.push("  admin off");
+  if (config.onDemandTls) {
+    lines.push("  on_demand_tls {");
+    lines.push(`    ask ${config.onDemandTls.askEndpoint}`);
+    lines.push("  }");
+  }
+  lines.push("  servers {");
+  lines.push("    trusted_proxies static private_ranges");
+  lines.push("  }");
+  lines.push("}");
+  return lines.join(`
+`);
+};
+var generateCatchAllBlock = (upstream) => ["https:// {", "  tls {", "    on_demand", "  }", `  reverse_proxy ${upstream}`, "}"].join(`
+`);
+var buildResourceSpec = (config, defaults) => {
+  const resources = config ?? defaults ?? CADDY_DEFAULTS.resources;
+  return {
+    requests: resources.requests,
+    limits: resources.limits
+  };
+};
+var generateCaddyfile = (config) => {
+  const healthCheck = config.healthCheck ?? CADDY_DEFAULTS.healthCheck;
+  const healthCheckBlock = `:${healthCheck.port} {
+  respond ${healthCheck.path} 200
+}`;
+  const blocks = [
+    generateGlobalBlock(config),
+    ...config.routes.map(generateRouteBlock),
+    healthCheckBlock,
+    ...config.catchAllUpstream && config.onDemandTls ? [generateCatchAllBlock(config.catchAllUpstream)] : []
+  ];
+  return blocks.join(`
+
+`) + `
+`;
+};
+var deployCaddy = (provider, namespace, config) => {
+  const name = "caddy";
+  const labels = { app: name, "app.kubernetes.io/name": name, "app.kubernetes.io/managed-by": "pulumi" };
+  const healthCheck = config.healthCheck ?? CADDY_DEFAULTS.healthCheck;
+  const storage = config.storage ?? CADDY_DEFAULTS.storage;
+  const caddyfile = generateCaddyfile(config);
+  const configMap = new k8s5.core.v1.ConfigMap(name, {
+    metadata: { name, namespace, labels },
+    data: { Caddyfile: caddyfile }
+  }, { provider });
+  const persistentVolumeClaim = new k8s5.core.v1.PersistentVolumeClaim(`${name}-data`, {
+    metadata: { name: `${name}-data`, namespace, labels },
+    spec: {
+      accessModes: ["ReadWriteOnce"],
+      storageClassName: storage.storageClass ?? CADDY_DEFAULTS.storage.storageClass,
+      resources: { requests: { storage: storage.size } }
+    }
+  }, { provider });
+  const caddyContainer = {
+    name: "caddy",
+    image: "caddy:2-alpine",
+    ports: [
+      { name: "https", containerPort: 443, protocol: "TCP" },
+      { name: "http", containerPort: 80, protocol: "TCP" }
+    ],
+    resources: buildResourceSpec(config.resources),
+    volumeMounts: [
+      { name: "caddy-data", mountPath: "/data" },
+      { name: "caddyfile", mountPath: "/etc/caddy/Caddyfile", subPath: "Caddyfile" }
+    ],
+    readinessProbe: {
+      httpGet: { path: healthCheck.path, port: healthCheck.port },
+      initialDelaySeconds: 5,
+      periodSeconds: 10
+    },
+    livenessProbe: {
+      httpGet: { path: healthCheck.path, port: healthCheck.port },
+      initialDelaySeconds: 10,
+      periodSeconds: 30
+    }
+  };
+  const containers = [caddyContainer, ...config.sidecars ?? []];
+  const deployment = new k8s5.apps.v1.Deployment(name, {
+    metadata: { name, namespace, labels },
+    spec: {
+      replicas: 1,
+      strategy: { type: "Recreate" },
+      selector: { matchLabels: { app: name } },
+      template: {
+        metadata: { labels },
+        spec: {
+          containers,
+          volumes: [
+            {
+              name: "caddy-data",
+              persistentVolumeClaim: { claimName: `${name}-data` }
+            },
+            {
+              name: "caddyfile",
+              configMap: { name }
+            }
+          ]
+        }
+      }
+    }
+  }, { provider, dependsOn: [configMap, persistentVolumeClaim] });
+  const service = new k8s5.core.v1.Service(name, {
+    metadata: {
+      name,
+      namespace,
+      labels,
+      annotations: {
+        "service.beta.kubernetes.io/do-loadbalancer-healthcheck-path": healthCheck.path,
+        "service.beta.kubernetes.io/do-loadbalancer-healthcheck-protocol": "http",
+        "service.beta.kubernetes.io/do-loadbalancer-healthcheck-port": String(healthCheck.port)
+      }
+    },
+    spec: {
+      type: "LoadBalancer",
+      selector: { app: name },
+      ports: [
+        { name: "https", port: 443, targetPort: 443, protocol: "TCP" },
+        { name: "http", port: 80, targetPort: 80, protocol: "TCP" }
+      ]
+    }
+  }, { provider, dependsOn: [deployment] });
+  const loadBalancerIp = service.status.apply((status) => {
+    const ingress = status?.loadBalancer?.ingress?.[0];
+    return ingress?.ip ?? ingress?.hostname ?? "";
+  });
+  return {
+    deployment,
+    service,
+    persistentVolumeClaim,
+    configMap,
+    loadBalancerIp
+  };
+};
 // lib/runtimes/doks/cluster.ts
 import * as digitalocean from "@pulumi/digitalocean";
-import * as k8s5 from "@pulumi/kubernetes";
+import * as k8s6 from "@pulumi/kubernetes";
 import * as pulumi4 from "@pulumi/pulumi";
 function createDOKSCluster(config) {
   const stack = pulumi4.getStack();
@@ -1056,7 +1253,7 @@ function createDOKSCluster(config) {
       day: "sunday",
       startTime: "04:00"
     },
-    tags: config.tags ?? ["orderboss", `env:${stack}`],
+    tags: config.tags ?? [`env:${stack}`],
     nodePool: {
       name: config.nodePool.name,
       size: config.nodePool.size,
@@ -1076,7 +1273,7 @@ function createDOKSCluster(config) {
     }
     return firstConfig.rawConfig;
   }));
-  const provider = new k8s5.Provider(`${config.name}-k8s-provider`, {
+  const provider = new k8s6.Provider(`${config.name}-k8s-provider`, {
     kubeconfig
   });
   return {
@@ -1087,7 +1284,7 @@ function createDOKSCluster(config) {
   };
 }
 function createK8sProviderFromKubeconfig(name, kubeconfig) {
-  return new k8s5.Provider(name, { kubeconfig });
+  return new k8s6.Provider(name, { kubeconfig });
 }
 // lib/runtimes/doks/vpc.ts
 import * as digitalocean2 from "@pulumi/digitalocean";
@@ -1103,7 +1300,7 @@ function createVPC(config) {
   });
 }
 // lib/runtimes/doks/workloads.ts
-import * as k8s6 from "@pulumi/kubernetes";
+import * as k8s7 from "@pulumi/kubernetes";
 import * as pulumi6 from "@pulumi/pulumi";
 
 // lib/runtimes/doks/probes.ts
@@ -1132,7 +1329,7 @@ var normalizeK8sConfig = (config) => {
   if (config.containerPort) {
     console.warn(`⚠️  Service "${config.name}": containerPort is deprecated. Use ports instead.
 ` + `   Example: ports: ports().http(${config.containerPort}).build()
-` + `   See: https://github.com/orderboss/platform/blob/main/packages/infrastructure/README.md#port-configuration`);
+` + `   See: https://www.npmjs.com/package/@crossdelta/infrastructure`);
     const ports2 = fromK8sPorts({
       containerPort: config.containerPort,
       additionalPorts: config.additionalPorts
@@ -1174,7 +1371,7 @@ var createImagePullSecret = (provider, namespace, name, config) => {
       }
     });
   });
-  return new k8s6.core.v1.Secret(name, {
+  return new k8s7.core.v1.Secret(name, {
     metadata: {
       name,
       namespace,
@@ -1204,7 +1401,7 @@ var buildEnvVars = (config) => {
   })) : [];
   return [portEnv, ...plainEnvVars, ...secretEnvVars];
 };
-var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s6.core.v1.Secret(`${config.name}-secret`, {
+var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s7.core.v1.Secret(`${config.name}-secret`, {
   metadata: {
     name: `${config.name}-secret`,
     namespace,
@@ -1217,7 +1414,7 @@ var createServiceVolumes = (provider, namespace, config, labels) => {
   if (!config.volumes) {
     return { pvcs: [], volumeMounts: [], volumes: [] };
   }
-  const pvcs = config.volumes.map((vol) => new k8s6.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
+  const pvcs = config.volumes.map((vol) => new k8s7.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
     metadata: {
       name: `${config.name}-${vol.name}`,
       namespace,
@@ -1320,7 +1517,7 @@ var createServiceIngress = (provider, namespace, config, labels, service) => {
   const allHosts = [...primaryHosts, ...additionalHosts];
   const ingressRules = allHosts.length > 0 ? allHosts.map(createRule) : [createRule()];
   const tlsSecretName = config.ingress.tls?.secretName ?? `${config.name}-tls`;
-  return new k8s6.networking.v1.Ingress(`${config.name}-ingress`, {
+  return new k8s7.networking.v1.Ingress(`${config.name}-ingress`, {
     metadata: {
       name: config.name,
       namespace,
@@ -1350,7 +1547,7 @@ var deployK8sService = (provider, namespace, config) => {
   const { livenessProbe, readinessProbe } = buildHealthProbes2(normalizedConfig);
   const containerPorts = buildContainerPorts(normalizedConfig);
   const servicePorts = buildServicePorts(normalizedConfig);
-  const deployment = new k8s6.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
+  const deployment = new k8s7.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1399,7 +1596,7 @@ var deployK8sService = (provider, namespace, config) => {
       }
     }
   }, { provider, dependsOn: pvcs.length > 0 ? pvcs : undefined });
-  const service = new k8s6.core.v1.Service(`${normalizedConfig.name}-service`, {
+  const service = new k8s7.core.v1.Service(`${normalizedConfig.name}-service`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1432,7 +1629,7 @@ var deployK8sServices = (provider, namespace, configs, options) => configs.filte
   results.set(config.name, deployK8sService(provider, namespace, configWithSecret));
   return results;
 }, new Map);
-var createNamespace = (provider, name, labels) => new k8s6.core.v1.Namespace(name, {
+var createNamespace = (provider, name, labels) => new k8s7.core.v1.Namespace(name, {
   metadata: {
     name,
     labels: {
@@ -1608,7 +1805,7 @@ var generateComposeSetupScript = (services, projectName = "orderboss-local") =>
 };
 // lib/runtimes/local/k3d.ts
 var DEFAULT_K3D_CONFIG = {
-  name: "orderboss-local",
+  name: "local",
   servers: 1,
   agents: 1,
   ports: [
@@ -1653,7 +1850,7 @@ var generateK3dCreateCommand = (config = {}) => {
   }
   return parts.join(" ");
 };
-var generateK3dDeleteCommand = (clusterName = "orderboss-local") => `k3d cluster delete ${clusterName}`;
+var generateK3dDeleteCommand = (clusterName = "local") => `k3d cluster delete ${clusterName}`;
 var getAllPorts2 = (config) => {
   if (!config.ports)
     return [];
@@ -1799,7 +1996,7 @@ var generateLocalSetupScript = (services, options = {}) => {
   for (const service of services) {
     lines.push(`echo -e "\${GREEN}Deploying ${service.name}...\${NC}"`, generateKubectlApplyCommand(service, namespace), "");
   }
-  lines.push('echo -e "${GREEN}Local development environment ready!${NC}"', 'echo -e "${YELLOW}Access services at: http://localhost:8080${NC}"', `echo -e "\${YELLOW}Namespace: ${namespace}\${NC}"`, "", "# Useful commands:", `# kubectl get pods -n ${namespace}`, `# kubectl logs -f <pod-name> -n ${namespace}`, `# k3d cluster delete ${k3dConfig.name || "orderboss-local"}`);
+  lines.push('echo -e "${GREEN}Local development environment ready!${NC}"', 'echo -e "${YELLOW}Access services at: http://localhost:8080${NC}"', `echo -e "\${YELLOW}Namespace: ${namespace}\${NC}"`, "", "# Useful commands:", `# kubectl get pods -n ${namespace}`, `# kubectl logs -f <pod-name> -n ${namespace}`, `# k3d cluster delete ${k3dConfig.name || "local"}`);
   return lines.join(`
 `);
 };
@@ -1826,6 +2023,7 @@ export {
   generateComposeYaml,
   generateComposeSetupScript,
   generateComposeProject,
+  generateCaddyfile,
   fromK8sPorts,
   fromAppPlatformPorts,
   dockerHubImage,
@@ -1839,6 +2037,7 @@ export {
   deployK8sServices,
   deployK8sService,
   deployCertManager,
+  deployCaddy,
   createVPC,
   createPorts,
   createPort,

package/dist/runtimes/doks/caddy.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Caddy reverse proxy deployment for DOKS.
+ *
+ * Replaces nginx-ingress + cert-manager with a single Caddy deployment
+ * that handles routing, TLS (ACME + on-demand), and basic auth.
+ */
+import * as k8s from '@pulumi/kubernetes';
+import type { CaddyConfig, CaddyHandle, CaddyResult, CaddyRoute } from './types';
+export type { CaddyConfig, CaddyHandle, CaddyResult, CaddyRoute };
+/**
+ * Generate a Caddyfile from a typed configuration.
+ *
+ * Pure function with no side effects. All route types, basic auth,
+ * on-demand TLS, and health checks are supported.
+ *
+ * @example
+ * ```typescript
+ * const caddyfile = generateCaddyfile({
+ *   acmeEmail: 'admin@example.com',
+ *   routes: [
+ *     { hosts: 'example.com', upstream: 'website.my-app.svc.cluster.local:3200' },
+ *     { hosts: 'www.example.com', redirect: 'https://example.com{uri}' },
+ *   ],
+ *   onDemandTls: { askEndpoint: 'http://localhost:8080/ask' },
+ *   catchAllUpstream: 'storefront.my-app.svc.cluster.local:3000',
+ *   healthCheck: { port: 80, path: '/healthz' },
+ * })
+ * ```
+ */
+export declare const generateCaddyfile: (config: CaddyConfig) => string;
+/**
+ * Deploy Caddy as a reverse proxy to the cluster.
+ *
+ * Creates:
+ * - Deployment with `caddy:2-alpine` (Strategy: Recreate for RWO PVC)
+ * - LoadBalancer Service with DigitalOcean health check annotations
+ * - PVC for cert persistence (`/data`)
+ * - ConfigMap with the generated Caddyfile
+ * - Optional sidecar containers (e.g., /ask endpoint)
+ *
+ * @example
+ * ```typescript
+ * const caddy = deployCaddy(provider, 'my-app', {
+ *   acmeEmail: 'admin@example.com',
+ *   routes: [
+ *     { hosts: 'example.com', upstream: 'website.my-app.svc.cluster.local:3200' },
+ *   ],
+ *   onDemandTls: { askEndpoint: 'http://localhost:8080/ask' },
+ *   catchAllUpstream: 'storefront.my-app.svc.cluster.local:3000',
+ * })
+ * ```
+ */
+export declare const deployCaddy: (provider: k8s.Provider, namespace: string, config: CaddyConfig) => CaddyResult;

package/dist/runtimes/doks/cluster.d.ts

@@ -26,7 +26,7 @@ export interface DOKSClusterResult {
  * @example
  * ```typescript
  * const { cluster, provider, kubeconfig } = createDOKSCluster({
- *   name: 'orderboss-cluster',
+ *   name: 'my-cluster',
  *   region: 'fra1',
  *   vpcUuid: vpc.id,
  *   nodePool: {

package/dist/runtimes/doks/index.d.ts

@@ -42,6 +42,8 @@
  *
  * @module
  */
+export type { CaddyConfig, CaddyHandle, CaddyResult, CaddyRoute } from './caddy';
+export { deployCaddy, generateCaddyfile } from './caddy';
 export type { CertManagerConfig, CertManagerResult } from './cert-manager';
 export { deployCertManager } from './cert-manager';
 export type { DOKSClusterResult } from './cluster';

package/dist/runtimes/doks/nats.d.ts

@@ -12,7 +12,7 @@ import type { NatsConfig, NatsDeploymentResult } from './types';
  *
  * @example
  * ```typescript
- * const nats = deployNats(provider, 'orderboss', {
+ * const nats = deployNats(provider, 'my-app', {
  *   replicas: 3,
  *   jetstream: {
  *     enabled: true,
@@ -26,7 +26,7 @@ import type { NatsConfig, NatsDeploymentResult } from './types';
  * })
  *
  * // Connect from other services:
- * // nats://nats.orderboss.svc.cluster.local:4222
+ * // nats://nats.my-app.svc.cluster.local:4222
  * ```
  */
 export declare function deployNats(provider: k8s.Provider, namespace: string, config?: NatsConfig): NatsDeploymentResult;
@@ -38,11 +38,11 @@ export declare function deployNats(provider: k8s.Provider, namespace: string, co
  * @example
  * ```typescript
  * // Without auth
- * const url = buildNatsUrl('orderboss') // nats://nats.orderboss.svc.cluster.local:4222
+ * const url = buildNatsUrl('my-app') // nats://nats.my-app.svc.cluster.local:4222
  *
  * // With auth
- * const url = buildNatsUrl('orderboss', { user: 'myuser', password: 'secret' })
- * // nats://myuser:secret@nats.orderboss.svc.cluster.local:4222
+ * const url = buildNatsUrl('my-app', { user: 'myuser', password: 'secret' })
+ * // nats://myuser:secret@nats.my-app.svc.cluster.local:4222
  * ```
  */
 export declare function buildNatsUrl(namespace: string, auth?: {

package/dist/runtimes/doks/types.d.ts

@@ -1,4 +1,5 @@
 import type * as digitalocean from '@pulumi/digitalocean';
+import type * as k8s from '@pulumi/kubernetes';
 import type * as pulumi from '@pulumi/pulumi';
 import type { ServicePorts } from '../../core/types';
 /** DigitalOcean Kubernetes Cluster Args (from @pulumi/digitalocean) */
@@ -16,7 +17,7 @@ export type Region = digitalocean.Region;
  * @example
  * ```typescript
  * const cluster = createDOKSCluster({
- *   name: 'orderboss-cluster',
+ *   name: 'my-cluster',
  *   region: 'fra1',
  *   vpcUuid: vpc.id,
  *   nodePool: {
@@ -180,7 +181,7 @@ export interface K8sVolumeMount {
  * // Internal service (not publicly accessible)
  * const config: K8sServiceConfig = {
  *   name: 'orders',
- *   image: 'ghcr.io/orderboss/platform/orders:latest',
+ *   image: 'ghcr.io/my-org/my-app/orders:latest',
  *   containerPort: 4001,
  *   replicas: 2,
  *   env: {
@@ -194,7 +195,7 @@ export interface K8sVolumeMount {
  * // Public service with ingress
  * const config: K8sServiceConfig = {
  *   name: 'storefront',
- *   image: 'ghcr.io/orderboss/platform/storefront:latest',
+ *   image: 'ghcr.io/my-org/my-app/storefront:latest',
  *   containerPort: 3000,
  *   ingress: { path: '/' },
  *   healthCheck: { httpPath: '/health' },
@@ -205,7 +206,7 @@ export interface K8sServiceConfig {
     /** Unique name of the service (used for deployment, service, and labels) */
     name: string;
     /**
-     * Container image (e.g., 'ghcr.io/orderboss/platform/storefront:latest').
+     * Container image (e.g., 'ghcr.io/my-org/my-app/storefront:latest').
      * If not specified, auto-generated from pf.registry config + service name.
      */
     image?: string;
@@ -321,7 +322,7 @@ export interface DeployK8sServicesOptions {
  *
  * @example
  * ```typescript
- * const nats = deployNats(provider, 'orderboss', {
+ * const nats = deployNats(provider, 'my-app', {
  *   replicas: 3,
  *   jetstream: {
  *     enabled: true,
@@ -389,7 +390,7 @@ export interface K8sServiceDeploymentResult {
     secret?: unknown;
     /** PVCs for persistent storage */
     pvcs?: unknown[];
-    /** Internal service URL (e.g., 'http://orders.orderboss.svc.cluster.local:4001') */
+    /** Internal service URL (e.g., 'http://orders.my-app.svc.cluster.local:4001') */
     internalUrl: pulumi.Output<string>;
     /** Service DNS name within cluster */
     serviceDns: string;
@@ -405,3 +406,67 @@ export interface NatsDeploymentResult {
     /** Service DNS name */
     serviceDns: string;
 }
+export interface CaddyHandle {
+    /** Path prefix to match (e.g., '/api'). Omit for default/catch-all handle. */
+    path?: string;
+    /** Strip the path prefix before forwarding (default: true when path is set) */
+    stripPrefix?: boolean;
+    /** Upstream address (e.g., 'api-gateway.my-app.svc.cluster.local:4000') */
+    upstream?: string;
+    /** Redirect target instead of proxying (e.g., 'https://studio.example.com') */
+    redirect?: string;
+}
+export interface CaddyRoute {
+    /** Hostname(s) for this route (e.g., 'example.com' or 'www.example.com, www.example.de') */
+    hosts: string;
+    /** Request handlers. Multiple handles create nested handle blocks. Single upstream can use shorthand. */
+    handles?: CaddyHandle[];
+    /** Shorthand: single upstream for the entire host (use instead of handles for simple routes) */
+    upstream?: string;
+    /** Shorthand: redirect target for the entire host (use instead of handles for redirect-only routes) */
+    redirect?: string;
+    /** Basic auth credentials for this route */
+    basicAuth?: {
+        user: string;
+        hash: string;
+    };
+}
+export interface CaddyConfig {
+    /** Named routes with explicit ACME certs */
+    routes: CaddyRoute[];
+    /** On-demand TLS configuration for dynamic domains */
+    onDemandTls?: {
+        /** URL of the /ask endpoint that validates hostnames */
+        askEndpoint: string;
+    };
+    /** Upstream for the catch-all on-demand TLS block (e.g., storefront) */
+    catchAllUpstream?: string;
+    /** ACME account email for Let's Encrypt */
+    acmeEmail?: string;
+    /** Additional containers in the Caddy pod (e.g., /ask sidecar) */
+    sidecars?: k8s.types.input.core.v1.Container[];
+    /** Resource limits for the Caddy container */
+    resources?: K8sResourceConfig;
+    /** Persistent storage for certs and OCSP cache */
+    storage?: {
+        size: string;
+        storageClass?: string;
+    };
+    /** Health check endpoint for the LoadBalancer */
+    healthCheck?: {
+        port: number;
+        path: string;
+    };
+}
+export interface CaddyResult {
+    /** The Kubernetes Deployment */
+    deployment: k8s.apps.v1.Deployment;
+    /** The LoadBalancer Service */
+    service: k8s.core.v1.Service;
+    /** PVC for cert persistence */
+    persistentVolumeClaim: k8s.core.v1.PersistentVolumeClaim;
+    /** ConfigMap containing the Caddyfile */
+    configMap: k8s.core.v1.ConfigMap;
+    /** The LoadBalancer external IP */
+    loadBalancerIp: pulumi.Output<string>;
+}

package/dist/runtimes/doks/vpc.d.ts

@@ -9,9 +9,9 @@ import type { VPCConfig } from './types';
  * @example
  * ```typescript
  * const vpc = createVPC({
- *   name: 'orderboss-vpc',
+ *   name: 'my-vpc',
  *   region: 'fra1',
- *   description: 'VPC for orderboss platform',
+ *   description: 'VPC for my platform',
  * })
  * ```
  */

package/dist/runtimes/doks/workloads.d.ts

@@ -6,7 +6,7 @@ import type { DeployK8sServicesOptions, K8sServiceConfig, K8sServiceDeploymentRe
  *
  * @example
  * ```typescript
- * const secret = createImagePullSecret(provider, 'orderboss', 'ghcr-secret', {
+ * const secret = createImagePullSecret(provider, 'my-app', 'ghcr-secret', {
  *   registry: 'ghcr.io',
  *   username: 'my-org',
  *   password: ghcrToken,
@@ -30,9 +30,9 @@ export declare const createImagePullSecret: (provider: k8s.Provider, namespace:
  *
  * @example
  * ```typescript
- * const result = deployK8sService(provider, 'orderboss', {
+ * const result = deployK8sService(provider, 'my-app', {
  *   name: 'orders',
- *   image: 'ghcr.io/orderboss/platform/orders:latest',
+ *   image: 'ghcr.io/my-org/orders:latest',
  *   containerPort: 4001,
  *   replicas: 2,
  *   env: {
@@ -47,7 +47,7 @@ export declare const createImagePullSecret: (provider: k8s.Provider, namespace:
  * })
  *
  * // Access the service internally:
- * // http://orders.orderboss.svc.cluster.local:4001
+ * // http://orders.my-app.svc.cluster.local:4001
  * ```
  */
 export declare const deployK8sService: (provider: k8s.Provider, namespace: string, config: K8sServiceConfig) => K8sServiceDeploymentResult;
@@ -56,7 +56,7 @@ export declare const deployK8sService: (provider: k8s.Provider, namespace: strin
  *
  * @example
  * ```typescript
- * const results = deployK8sServices(provider, 'orderboss', [
+ * const results = deployK8sServices(provider, 'my-app', [
  *   ordersConfig,
  *   storefrontConfig,
  *   apiGatewayConfig,
@@ -69,7 +69,7 @@ export declare const deployK8sServices: (provider: k8s.Provider, namespace: stri
  *
  * @example
  * ```typescript
- * const ns = createNamespace(provider, 'orderboss')
+ * const ns = createNamespace(provider, 'my-app')
  * ```
  */
 export declare const createNamespace: (provider: k8s.Provider, name: string, labels?: Record<string, string>) => k8s.core.v1.Namespace;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crossdelta/infrastructure",
-  "version": "0.10.1",
+  "version": "0.11.1",
   "type": "module",
   "license": "MIT",
   "publishConfig": {