@crossdelta/infrastructure 0.2.17 → 0.2.19

package/dist/runtimes/doks/cert-manager.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Cert-Manager deployment for DOKS
+ *
+ * Deploys cert-manager via Helm chart for automatic TLS certificate management
+ * with Let's Encrypt.
+ */
+import * as k8s from '@pulumi/kubernetes';
+export interface CertManagerConfig {
+    /** Email for Let's Encrypt notifications */
+    email: string;
+    /** Use Let's Encrypt staging (for testing) or production */
+    staging?: boolean;
+}
+export interface CertManagerResult {
+    /** The Helm release */
+    release: k8s.helm.v3.Release;
+    /** The namespace where cert-manager is deployed */
+    namespace: string;
+    /** The ClusterIssuer for Let's Encrypt */
+    clusterIssuer: k8s.apiextensions.CustomResource;
+    /** ClusterIssuer name to use in Ingress annotations */
+    issuerName: string;
+}
+/**
+ * Deploy cert-manager to the cluster with Let's Encrypt ClusterIssuer.
+ *
+ * This creates:
+ * - cert-manager deployment with CRDs
+ * - ClusterIssuer for Let's Encrypt (production or staging)
+ *
+ * After deployment, add these annotations to your Ingress:
+ * ```yaml
+ * annotations:
+ *   cert-manager.io/cluster-issuer: "letsencrypt-production"
+ * spec:
+ *   tls:
+ *     - hosts:
+ *         - example.com
+ *       secretName: example-com-tls
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const certManager = deployCertManager(provider, {
+ *   email: 'admin@example.com',
+ *   staging: false, // Use production Let's Encrypt
+ * })
+ * ```
+ */
+export declare function deployCertManager(provider: k8s.Provider, config: CertManagerConfig): CertManagerResult;

package/dist/runtimes/doks/cluster.d.ts

@@ -0,0 +1,61 @@
+import * as digitalocean from '@pulumi/digitalocean';
+import * as k8s from '@pulumi/kubernetes';
+import * as pulumi from '@pulumi/pulumi';
+import type { DOKSClusterConfig } from './types';
+/**
+ * Result of creating a DOKS cluster.
+ */
+export interface DOKSClusterResult {
+    /** The DigitalOcean Kubernetes cluster resource */
+    cluster: digitalocean.KubernetesCluster;
+    /** Kubernetes provider configured for this cluster */
+    provider: k8s.Provider;
+    /** Kubeconfig for the cluster (raw YAML) */
+    kubeconfig: pulumi.Output<string>;
+    /** Cluster API endpoint URL */
+    endpoint: pulumi.Output<string>;
+}
+/**
+ * Creates a DigitalOcean Kubernetes (DOKS) cluster with a configured K8s provider.
+ *
+ * This function:
+ * - Creates a DOKS cluster with the specified configuration
+ * - Automatically creates a @pulumi/kubernetes Provider connected to the cluster
+ * - Uses sensible defaults for maintenance, upgrades, and tagging
+ *
+ * @example
+ * ```typescript
+ * const { cluster, provider, kubeconfig } = createDOKSCluster({
+ *   name: 'orderboss-cluster',
+ *   region: 'fra1',
+ *   vpcUuid: vpc.id,
+ *   nodePool: {
+ *     name: 'default',
+ *     size: 's-2vcpu-4gb',
+ *     nodeCount: 3,
+ *   },
+ * })
+ *
+ * // Use the provider for K8s resources
+ * const namespace = new k8s.core.v1.Namespace('app', { ... }, { provider })
+ * ```
+ */
+export declare function createDOKSCluster(config: DOKSClusterConfig): DOKSClusterResult;
+/**
+ * Creates a Kubernetes provider from an existing kubeconfig string.
+ *
+ * Useful for:
+ * - Connecting to existing clusters
+ * - Using kubeconfig from CI/CD secrets
+ * - Testing against local/remote clusters
+ *
+ * @example
+ * ```typescript
+ * // From a secret
+ * const provider = createK8sProviderFromKubeconfig('my-cluster', kubeconfigSecret)
+ *
+ * // From environment
+ * const provider = createK8sProviderFromKubeconfig('local', process.env.KUBECONFIG_CONTENT!)
+ * ```
+ */
+export declare function createK8sProviderFromKubeconfig(name: string, kubeconfig: pulumi.Input<string>): k8s.Provider;

package/dist/runtimes/doks/index.d.ts

@@ -0,0 +1,54 @@
+/**
+ * DigitalOcean Kubernetes (DOKS) Runtime Module
+ *
+ * This module provides helpers for deploying workloads to DigitalOcean Kubernetes clusters.
+ *
+ * ## Features
+ *
+ * - VPC creation for private networking
+ * - DOKS cluster provisioning with auto-configured K8s provider
+ * - NATS + JetStream deployment via Helm
+ * - Generic K8s workload deployment (Deployment, Service, Ingress, Secrets, PVCs)
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * import { createVPC, createDOKSCluster, deployNats, deployK8sService, createNamespace } from '@crossdelta/infrastructure'
+ *
+ * // 1. Create VPC
+ * const vpc = createVPC({ name: 'my-vpc', region: 'fra1' })
+ *
+ * // 2. Create DOKS cluster
+ * const { provider } = createDOKSCluster({
+ *   name: 'my-cluster',
+ *   vpcUuid: vpc.id,
+ *   nodePool: { name: 'default', size: 's-2vcpu-4gb', nodeCount: 3 },
+ * })
+ *
+ * // 3. Create namespace
+ * const namespace = createNamespace(provider, 'my-app')
+ *
+ * // 4. Deploy NATS
+ * const nats = deployNats(provider, 'my-app', { jetstream: { enabled: true } })
+ *
+ * // 5. Deploy services
+ * deployK8sService(provider, 'my-app', {
+ *   name: 'api',
+ *   image: 'my-registry/api:latest',
+ *   containerPort: 3000,
+ *   ingress: { path: '/api' },
+ * })
+ * ```
+ *
+ * @module
+ */
+export type { CertManagerConfig, CertManagerResult } from './cert-manager';
+export { deployCertManager } from './cert-manager';
+export type { DOKSClusterResult } from './cluster';
+export { createDOKSCluster, createK8sProviderFromKubeconfig } from './cluster';
+export type { NginxIngressConfig, NginxIngressResult } from './ingress';
+export { deployNginxIngress } from './ingress';
+export { buildNatsUrl, deployNats } from './nats';
+export type { DeployK8sServicesOptions, DOKSClusterArgs, DOKSClusterConfig, K8sHealthCheck, K8sIngressConfig, K8sResourceConfig, K8sResources, K8sServiceConfig, K8sServiceDeploymentResult, K8sVolumeMount, NatsConfig, NatsDeploymentResult, Region, VPCConfig, VpcArgs, } from './types';
+export { createVPC } from './vpc';
+export { buildInternalUrl, createImagePullSecret, createNamespace, deployK8sService, deployK8sServices, } from './workloads';

package/dist/runtimes/doks/ingress.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Ingress Controller deployment for DOKS
+ *
+ * Deploys nginx-ingress-controller via Helm chart.
+ * Creates a single LoadBalancer that routes traffic to all services.
+ */
+import * as k8s from '@pulumi/kubernetes';
+import * as pulumi from '@pulumi/pulumi';
+export interface NginxIngressConfig {
+    /** Number of replicas for the ingress controller (default: 1) */
+    replicas?: number;
+    /** Resource requests/limits */
+    resources?: {
+        requests?: {
+            cpu?: string;
+            memory?: string;
+        };
+        limits?: {
+            cpu?: string;
+            memory?: string;
+        };
+    };
+    /** Enable proxy protocol for preserving client IPs (default: true for DO) */
+    useProxyProtocol?: boolean;
+}
+export interface NginxIngressResult {
+    /** The Helm release */
+    release: k8s.helm.v3.Release;
+    /** The LoadBalancer service name */
+    serviceName: string;
+    /** The namespace where ingress controller is deployed */
+    namespace: string;
+    /** The LoadBalancer external IP (available after deployment) */
+    loadBalancerIp: pulumi.Output<string>;
+}
+/**
+ * Deploy nginx-ingress-controller to the cluster.
+ *
+ * This creates:
+ * - Ingress controller deployment
+ * - LoadBalancer service (~$12/month on DigitalOcean)
+ * - Required RBAC resources
+ *
+ * After deployment, Ingress resources will automatically get an external IP.
+ *
+ * @example
+ * ```typescript
+ * const ingress = deployNginxIngress(provider, {
+ *   replicas: 1,
+ *   resources: {
+ *     requests: { cpu: '100m', memory: '128Mi' },
+ *     limits: { cpu: '200m', memory: '256Mi' },
+ *   },
+ * })
+ * ```
+ */
+export declare function deployNginxIngress(provider: k8s.Provider, config?: NginxIngressConfig): NginxIngressResult;

package/dist/runtimes/doks/nats.d.ts

@@ -0,0 +1,51 @@
+import * as k8s from '@pulumi/kubernetes';
+import * as pulumi from '@pulumi/pulumi';
+import type { NatsConfig, NatsDeploymentResult } from './types';
+/**
+ * Deploys NATS with JetStream to a Kubernetes cluster using the official Helm chart.
+ *
+ * Features:
+ * - NATS cluster with configurable replicas (default: 3 for HA)
+ * - JetStream enabled with persistent storage via PVC
+ * - Optional authentication
+ * - DigitalOcean block storage integration
+ *
+ * @example
+ * ```typescript
+ * const nats = deployNats(provider, 'orderboss', {
+ *   replicas: 3,
+ *   jetstream: {
+ *     enabled: true,
+ *     storageSize: '20Gi',
+ *   },
+ *   auth: {
+ *     enabled: true,
+ *     user: natsUser,
+ *     password: natsPassword,
+ *   },
+ * })
+ *
+ * // Connect from other services:
+ * // nats://nats.orderboss.svc.cluster.local:4222
+ * ```
+ */
+export declare function deployNats(provider: k8s.Provider, namespace: string, config?: NatsConfig): NatsDeploymentResult;
+/**
+ * Creates a NATS connection URL with optional authentication.
+ *
+ * Note: Username and password are URL-encoded to handle special characters.
+ *
+ * @example
+ * ```typescript
+ * // Without auth
+ * const url = buildNatsUrl('orderboss') // nats://nats.orderboss.svc.cluster.local:4222
+ *
+ * // With auth
+ * const url = buildNatsUrl('orderboss', { user: 'myuser', password: 'secret' })
+ * // nats://myuser:secret@nats.orderboss.svc.cluster.local:4222
+ * ```
+ */
+export declare function buildNatsUrl(namespace: string, auth?: {
+    user: pulumi.Input<string>;
+    password: pulumi.Input<string>;
+}): pulumi.Output<string>;

package/dist/runtimes/doks/types.d.ts

@@ -0,0 +1,313 @@
+import type * as digitalocean from '@pulumi/digitalocean';
+import type * as pulumi from '@pulumi/pulumi';
+/** DigitalOcean Kubernetes Cluster Args (from @pulumi/digitalocean) */
+export type DOKSClusterArgs = digitalocean.KubernetesClusterArgs;
+/** DigitalOcean VPC Args (from @pulumi/digitalocean) */
+export type VpcArgs = digitalocean.VpcArgs;
+/** DigitalOcean Region enum */
+export type Region = digitalocean.Region;
+/**
+ * Simplified DOKS cluster configuration.
+ *
+ * Wraps `digitalocean.KubernetesClusterArgs` with sensible defaults
+ * and a more ergonomic interface for common use cases.
+ *
+ * @example
+ * ```typescript
+ * const cluster = createDOKSCluster({
+ *   name: 'orderboss-cluster',
+ *   region: 'fra1',
+ *   vpcUuid: vpc.id,
+ *   nodePool: {
+ *     name: 'default',
+ *     size: 's-2vcpu-4gb',
+ *     nodeCount: 3,
+ *   },
+ * })
+ * ```
+ */
+export interface DOKSClusterConfig {
+    /** Cluster name (will be suffixed with stack name) */
+    name: string;
+    /** DigitalOcean region (defaults to 'fra1') */
+    region?: digitalocean.Region | string;
+    /** Kubernetes version - use `doctl kubernetes options versions` to list available */
+    version?: string;
+    /** Node pool configuration */
+    nodePool: {
+        /** Node pool name */
+        name: string;
+        /** Droplet size slug (e.g., 's-2vcpu-4gb') */
+        size: string;
+        /** Number of nodes (ignored if autoScale is set) */
+        nodeCount?: number;
+        /** Auto-scale configuration */
+        autoScale?: {
+            minNodes: number;
+            maxNodes: number;
+        };
+        /** Labels for nodes */
+        labels?: Record<string, string>;
+    };
+    /** VPC UUID for private networking */
+    vpcUuid?: pulumi.Input<string>;
+    /** Enable HA control plane (defaults to false) */
+    ha?: boolean;
+    /** Enable auto-upgrade (defaults to true) */
+    autoUpgrade?: boolean;
+    /** Enable surge upgrades (defaults to true) */
+    surgeUpgrade?: boolean;
+    /** Tags for the cluster */
+    tags?: string[];
+}
+/**
+ * Simplified VPC configuration with stack-aware naming.
+ */
+export interface VPCConfig {
+    /** VPC name (will be suffixed with stack name) */
+    name: string;
+    /** DigitalOcean region (defaults to 'fra1') */
+    region?: digitalocean.Region | string;
+    /** Optional description */
+    description?: string;
+    /** IP range for the VPC (e.g., '10.10.10.0/24') */
+    ipRange?: string;
+}
+/**
+ * Resource limits and requests for Kubernetes containers.
+ */
+export interface K8sResources {
+    /** CPU (e.g., '100m', '0.5', '2') */
+    cpu?: string;
+    /** Memory (e.g., '128Mi', '1Gi') */
+    memory?: string;
+}
+/**
+ * Resource configuration for Kubernetes pods.
+ */
+export interface K8sResourceConfig {
+    /** Resource requests (guaranteed resources) */
+    requests?: K8sResources;
+    /** Resource limits (maximum resources) */
+    limits?: K8sResources;
+}
+/**
+ * Health check configuration for Kubernetes probes.
+ */
+export interface K8sHealthCheck {
+    /** HTTP path for health check (e.g., '/health') */
+    httpPath?: string;
+    /** Port for health check (defaults to containerPort) */
+    port?: number;
+    /** Initial delay before starting probes in seconds (default: 10) */
+    initialDelaySeconds?: number;
+    /** Period between probes in seconds (default: 10) */
+    periodSeconds?: number;
+    /** Number of consecutive failures before unhealthy (default: 3) */
+    failureThreshold?: number;
+    /** Number of consecutive successes to be healthy (default: 1) */
+    successThreshold?: number;
+    /** Probe timeout in seconds (default: 5) */
+    timeoutSeconds?: number;
+}
+/**
+ * Ingress configuration for public services.
+ */
+export interface K8sIngressConfig {
+    /** Path prefix for routing (e.g., '/', '/api') */
+    path: string;
+    /** Path type: 'Prefix' (default) or 'Exact' */
+    pathType?: 'Prefix' | 'Exact';
+    /** Custom annotations for the ingress */
+    annotations?: Record<string, string>;
+    /** Hostname for the ingress (required for TLS) */
+    host?: string;
+    /** Additional hostnames (e.g., www subdomain) */
+    additionalHosts?: string[];
+    /** TLS configuration */
+    tls?: {
+        /** Enable TLS (requires cert-manager ClusterIssuer) */
+        enabled: boolean;
+        /** ClusterIssuer name (default: 'letsencrypt-production') */
+        issuerName?: string;
+        /** Secret name for the TLS certificate (auto-generated if not provided) */
+        secretName?: string;
+    };
+}
+/**
+ * Volume mount configuration for persistent storage.
+ */
+export interface K8sVolumeMount {
+    /** Name of the volume/PVC */
+    name: string;
+    /** Mount path inside the container */
+    mountPath: string;
+    /** Size of the volume (e.g., '10Gi') */
+    size?: string;
+    /** Storage class (defaults to 'do-block-storage') */
+    storageClass?: string;
+    /** Access mode (defaults to 'ReadWriteOnce') */
+    accessMode?: 'ReadWriteOnce' | 'ReadOnlyMany' | 'ReadWriteMany';
+    /** Whether the volume is read-only */
+    readOnly?: boolean;
+}
+/**
+ * Configuration for a Kubernetes service deployment.
+ *
+ * This is the main interface for defining services in `infra/services/*.ts`.
+ * Each service config is translated into Kubernetes Deployment, Service,
+ * and optionally Ingress resources.
+ *
+ * @example
+ * ```typescript
+ * // Internal service (not publicly accessible)
+ * const config: K8sServiceConfig = {
+ *   name: 'orders',
+ *   image: 'ghcr.io/orderboss/platform/orders:latest',
+ *   containerPort: 4001,
+ *   replicas: 2,
+ *   env: {
+ *     PUBLIC_SUPABASE_URL: supabaseUrl,
+ *   },
+ *   secrets: {
+ *     SUPABASE_SERVICE_ROLE_KEY: supabaseServiceRoleKey,
+ *   },
+ * }
+ *
+ * // Public service with ingress
+ * const config: K8sServiceConfig = {
+ *   name: 'storefront',
+ *   image: 'ghcr.io/orderboss/platform/storefront:latest',
+ *   containerPort: 3000,
+ *   ingress: { path: '/' },
+ *   healthCheck: { httpPath: '/health' },
+ * }
+ * ```
+ */
+export interface K8sServiceConfig {
+    /** Unique name of the service (used for deployment, service, and labels) */
+    name: string;
+    /** Container image (e.g., 'ghcr.io/orderboss/platform/storefront:latest') */
+    image: string;
+    /** Port the container listens on */
+    containerPort: number;
+    /** Number of replicas (defaults to 1) */
+    replicas?: number;
+    /** Environment variables (plain values) */
+    env?: Record<string, pulumi.Input<string>>;
+    /** Secret environment variables (stored in K8s Secret) */
+    secrets?: Record<string, pulumi.Input<string>>;
+    /** Ingress configuration (set to enable public access) */
+    ingress?: K8sIngressConfig;
+    /** Health check configuration for liveness/readiness probes */
+    healthCheck?: K8sHealthCheck;
+    /** Resource requests and limits */
+    resources?: K8sResourceConfig;
+    /** Volume mounts for persistent storage */
+    volumes?: K8sVolumeMount[];
+    /** Command to run (overrides container entrypoint) */
+    command?: string[];
+    /** Arguments to pass to the command */
+    args?: string[];
+    /** Additional labels to apply to all resources */
+    labels?: Record<string, string>;
+    /** Additional annotations to apply to pods */
+    annotations?: Record<string, string>;
+    /** Service type: 'ClusterIP' (default), 'NodePort', or 'LoadBalancer' */
+    serviceType?: 'ClusterIP' | 'NodePort' | 'LoadBalancer';
+    /** Skip deployment (useful for temporarily disabling a service) */
+    skip?: boolean;
+    /** Image pull policy (defaults to 'Always' for :latest, 'IfNotPresent' otherwise) */
+    imagePullPolicy?: 'Always' | 'Never' | 'IfNotPresent';
+    /** Additional ports to expose (for services with multiple ports) */
+    additionalPorts?: Array<{
+        name: string;
+        port: number;
+        targetPort?: number;
+        protocol?: 'TCP' | 'UDP';
+    }>;
+    /** Name of the imagePullSecret to use for private registries */
+    imagePullSecretName?: string;
+}
+/**
+ * Options for deploying multiple K8s services.
+ */
+export interface DeployK8sServicesOptions {
+    /** Image pull secret name (applied to all services) */
+    imagePullSecretName?: string;
+}
+/**
+ * Configuration for NATS deployment with JetStream via Helm.
+ *
+ * @example
+ * ```typescript
+ * const nats = deployNats(provider, 'orderboss', {
+ *   replicas: 3,
+ *   jetstream: {
+ *     enabled: true,
+ *     storageSize: '20Gi',
+ *   },
+ *   auth: {
+ *     enabled: true,
+ *     user: natsUser,
+ *     password: natsPassword,
+ *   },
+ * })
+ * ```
+ */
+export interface NatsConfig {
+    /** Number of NATS server replicas (defaults to 3 for HA) */
+    replicas?: number;
+    /** JetStream storage configuration */
+    jetstream?: {
+        /** Enable JetStream (defaults to true) */
+        enabled?: boolean;
+        /** Storage size for file storage (e.g., '20Gi') */
+        storageSize?: string;
+        /** Storage class (defaults to 'do-block-storage') */
+        storageClass?: string;
+        /** Memory storage size (e.g., '1Gi') */
+        memoryStorageSize?: string;
+    };
+    /** Authentication configuration */
+    auth?: {
+        /** Enable authentication (defaults to false) */
+        enabled?: boolean;
+        /** Username for client connections */
+        user?: pulumi.Input<string>;
+        /** Password for client connections */
+        password?: pulumi.Input<string>;
+    };
+    /** Resource configuration */
+    resources?: K8sResourceConfig;
+}
+/**
+ * Deployment result for a K8s service.
+ */
+export interface K8sServiceDeploymentResult {
+    /** The Kubernetes Deployment resource */
+    deployment: unknown;
+    /** The Kubernetes Service resource */
+    service: unknown;
+    /** The Kubernetes Ingress resource (if public) */
+    ingress?: unknown;
+    /** The Kubernetes Secret resource (if secrets are defined) */
+    secret?: unknown;
+    /** PVCs for persistent storage */
+    pvcs?: unknown[];
+    /** Internal service URL (e.g., 'http://orders.orderboss.svc.cluster.local:4001') */
+    internalUrl: pulumi.Output<string>;
+    /** Service DNS name within cluster */
+    serviceDns: string;
+}
+/**
+ * Result of deploying NATS.
+ */
+export interface NatsDeploymentResult {
+    /** Helm release */
+    release: unknown;
+    /** Internal NATS URL for service-to-service communication */
+    internalUrl: string;
+    /** Service DNS name */
+    serviceDns: string;
+}

package/dist/runtimes/doks/vpc.d.ts

@@ -0,0 +1,18 @@
+import * as digitalocean from '@pulumi/digitalocean';
+import type { VPCConfig } from './types';
+/**
+ * Creates a DigitalOcean VPC for private networking.
+ *
+ * All DOKS nodes and services will use this VPC for internal communication.
+ * The VPC name is automatically suffixed with the current stack name.
+ *
+ * @example
+ * ```typescript
+ * const vpc = createVPC({
+ *   name: 'orderboss-vpc',
+ *   region: 'fra1',
+ *   description: 'VPC for orderboss platform',
+ * })
+ * ```
+ */
+export declare function createVPC(config: VPCConfig): digitalocean.Vpc;

package/dist/runtimes/doks/workloads.d.ts

@@ -0,0 +1,79 @@
+import * as k8s from '@pulumi/kubernetes';
+import * as pulumi from '@pulumi/pulumi';
+import type { DeployK8sServicesOptions, K8sServiceConfig, K8sServiceDeploymentResult } from './types';
+/**
+ * Creates an ImagePullSecret for private container registries (e.g., GHCR, DockerHub).
+ *
+ * @example
+ * ```typescript
+ * const secret = createImagePullSecret(provider, 'orderboss', 'ghcr-secret', {
+ *   registry: 'ghcr.io',
+ *   username: 'my-org',
+ *   password: ghcrToken,
+ * })
+ * ```
+ */
+export declare function createImagePullSecret(provider: k8s.Provider, namespace: string, name: string, config: {
+    registry: string;
+    username: pulumi.Input<string>;
+    password: pulumi.Input<string>;
+}): k8s.core.v1.Secret;
+/**
+ * Deploys a service to Kubernetes.
+ *
+ * Creates:
+ * - Deployment with configurable replicas, resources, and health checks
+ * - Service (ClusterIP by default) for internal access
+ * - Secret (if `secrets` are defined)
+ * - PVCs (if `volumes` are defined)
+ * - Ingress (if `ingress` is defined) - Note: requires ingress controller
+ *
+ * @example
+ * ```typescript
+ * const result = deployK8sService(provider, 'orderboss', {
+ *   name: 'orders',
+ *   image: 'ghcr.io/orderboss/platform/orders:latest',
+ *   containerPort: 4001,
+ *   replicas: 2,
+ *   env: {
+ *     PUBLIC_SUPABASE_URL: supabaseUrl,
+ *   },
+ *   secrets: {
+ *     SUPABASE_SERVICE_ROLE_KEY: supabaseServiceRoleKey,
+ *   },
+ *   healthCheck: {
+ *     httpPath: '/health',
+ *   },
+ * })
+ *
+ * // Access the service internally:
+ * // http://orders.orderboss.svc.cluster.local:4001
+ * ```
+ */
+export declare function deployK8sService(provider: k8s.Provider, namespace: string, config: K8sServiceConfig): K8sServiceDeploymentResult;
+/**
+ * Deploys multiple services to Kubernetes.
+ *
+ * @example
+ * ```typescript
+ * const results = deployK8sServices(provider, 'orderboss', [
+ *   ordersConfig,
+ *   storefrontConfig,
+ *   apiGatewayConfig,
+ * ], { imagePullSecretName: 'ghcr-secret' })
+ * ```
+ */
+export declare function deployK8sServices(provider: k8s.Provider, namespace: string, configs: K8sServiceConfig[], options?: DeployK8sServicesOptions): Map<string, K8sServiceDeploymentResult>;
+/**
+ * Creates a Kubernetes namespace.
+ *
+ * @example
+ * ```typescript
+ * const ns = createNamespace(provider, 'orderboss')
+ * ```
+ */
+export declare function createNamespace(provider: k8s.Provider, name: string, labels?: Record<string, string>): k8s.core.v1.Namespace;
+/**
+ * Builds an internal service URL for cluster-internal communication.
+ */
+export declare function buildInternalUrl(serviceName: string, namespace: string, port: number): string;