@crossdelta/infrastructure 0.2.23 → 0.2.24

package/dist/index.cjs

@@ -337855,13 +337855,7 @@ function getImagePullPolicy(image2, explicit) {
     return explicit;
   return image2.endsWith(":latest") ? "Always" : "IfNotPresent";
 }
-function deployK8sService(provider, namespace, config2) {
-  if (!config2.image) {
-    throw new Error(`Missing "image" for service "${config2.name}". Either specify image explicitly or use discoverServiceConfigs() which auto-generates it from pf.registry.`);
-  }
-  const labels = buildLabels(config2.name, config2.labels);
-  const replicas = config2.replicas ?? DEFAULTS.replicas;
-  const imagePullPolicy = getImagePullPolicy(config2.image, config2.imagePullPolicy);
+function buildEnvVars(config2) {
   const envVars = [];
   envVars.push({ name: "PORT", value: String(config2.containerPort) });
   if (config2.env) {
@@ -337869,17 +337863,7 @@ function deployK8sService(provider, namespace, config2) {
       envVars.push({ name: key, value: pulumi6.output(value) });
     }
   }
-  let secret;
-  if (config2.secrets && Object.keys(config2.secrets).length > 0) {
-    secret = new k8s5.core.v1.Secret(`${config2.name}-secret`, {
-      metadata: {
-        name: `${config2.name}-secret`,
-        namespace,
-        labels
-      },
-      type: "Opaque",
-      stringData: config2.secrets
-    }, { provider });
+  if (config2.secrets) {
     for (const key of Object.keys(config2.secrets)) {
       envVars.push({
         name: key,
@@ -337892,80 +337876,205 @@ function deployK8sService(provider, namespace, config2) {
       });
     }
   }
+  return envVars;
+}
+function createServiceSecret(provider, namespace, config2, labels) {
+  if (!config2.secrets || Object.keys(config2.secrets).length === 0) {
+    return;
+  }
+  return new k8s5.core.v1.Secret(`${config2.name}-secret`, {
+    metadata: {
+      name: `${config2.name}-secret`,
+      namespace,
+      labels
+    },
+    type: "Opaque",
+    stringData: config2.secrets
+  }, { provider });
+}
+function createServiceVolumes(provider, namespace, config2, labels) {
   const pvcs = [];
   const volumeMounts = [];
   const volumes = [];
-  if (config2.volumes) {
-    for (const vol of config2.volumes) {
-      const pvc = new k8s5.core.v1.PersistentVolumeClaim(`${config2.name}-${vol.name}`, {
-        metadata: {
-          name: `${config2.name}-${vol.name}`,
-          namespace,
-          labels
-        },
-        spec: {
-          accessModes: [vol.accessMode ?? "ReadWriteOnce"],
-          storageClassName: vol.storageClass ?? "do-block-storage",
-          resources: {
-            requests: {
-              storage: vol.size ?? "10Gi"
-            }
-          }
-        }
-      }, { provider });
-      pvcs.push(pvc);
-      volumeMounts.push({
-        name: vol.name,
-        mountPath: vol.mountPath,
-        readOnly: vol.readOnly
-      });
-      volumes.push({
-        name: vol.name,
-        persistentVolumeClaim: {
-          claimName: `${config2.name}-${vol.name}`
+  if (!config2.volumes) {
+    return { pvcs, volumeMounts, volumes };
+  }
+  for (const vol of config2.volumes) {
+    const pvc = new k8s5.core.v1.PersistentVolumeClaim(`${config2.name}-${vol.name}`, {
+      metadata: {
+        name: `${config2.name}-${vol.name}`,
+        namespace,
+        labels
+      },
+      spec: {
+        accessModes: [vol.accessMode ?? "ReadWriteOnce"],
+        storageClassName: vol.storageClass ?? "do-block-storage",
+        resources: {
+          requests: { storage: vol.size ?? "10Gi" }
         }
-      });
-    }
+      }
+    }, { provider });
+    pvcs.push(pvc);
+    volumeMounts.push({
+      name: vol.name,
+      mountPath: vol.mountPath,
+      readOnly: vol.readOnly
+    });
+    volumes.push({
+      name: vol.name,
+      persistentVolumeClaim: {
+        claimName: `${config2.name}-${vol.name}`
+      }
+    });
   }
+  return { pvcs, volumeMounts, volumes };
+}
+function buildHealthProbes(config2) {
   const healthCheck = config2.healthCheck;
-  let livenessProbe;
-  let readinessProbe;
-  if (healthCheck) {
-    const probeConfig = {
-      initialDelaySeconds: healthCheck.initialDelaySeconds ?? DEFAULTS.healthCheck.initialDelaySeconds,
-      periodSeconds: healthCheck.periodSeconds ?? DEFAULTS.healthCheck.periodSeconds,
-      failureThreshold: healthCheck.failureThreshold ?? DEFAULTS.healthCheck.failureThreshold,
-      successThreshold: healthCheck.successThreshold ?? DEFAULTS.healthCheck.successThreshold,
-      timeoutSeconds: healthCheck.timeoutSeconds ?? DEFAULTS.healthCheck.timeoutSeconds
-    };
-    if (healthCheck.httpPath) {
-      const httpGet = {
-        path: healthCheck.httpPath,
-        port: healthCheck.port ?? config2.containerPort
-      };
-      livenessProbe = { ...probeConfig, httpGet };
-      readinessProbe = { ...probeConfig, httpGet };
-    } else {
-      const tcpSocket = {
-        port: healthCheck.port ?? config2.containerPort
-      };
-      livenessProbe = { ...probeConfig, tcpSocket };
-      readinessProbe = { ...probeConfig, tcpSocket };
-    }
+  if (!healthCheck) {
+    return {};
   }
-  const resources = config2.resources ?? DEFAULTS.resources;
-  const containerPorts = [
+  const probeConfig = {
+    initialDelaySeconds: healthCheck.initialDelaySeconds ?? DEFAULTS.healthCheck.initialDelaySeconds,
+    periodSeconds: healthCheck.periodSeconds ?? DEFAULTS.healthCheck.periodSeconds,
+    failureThreshold: healthCheck.failureThreshold ?? DEFAULTS.healthCheck.failureThreshold,
+    successThreshold: healthCheck.successThreshold ?? DEFAULTS.healthCheck.successThreshold,
+    timeoutSeconds: healthCheck.timeoutSeconds ?? DEFAULTS.healthCheck.timeoutSeconds
+  };
+  if (healthCheck.httpPath) {
+    const httpGet = {
+      path: healthCheck.httpPath,
+      port: healthCheck.port ?? config2.containerPort
+    };
+    return {
+      livenessProbe: { ...probeConfig, httpGet },
+      readinessProbe: { ...probeConfig, httpGet }
+    };
+  }
+  const tcpSocket = { port: healthCheck.port ?? config2.containerPort };
+  return {
+    livenessProbe: { ...probeConfig, tcpSocket },
+    readinessProbe: { ...probeConfig, tcpSocket }
+  };
+}
+function buildContainerPorts(config2) {
+  const ports = [
     { containerPort: config2.containerPort, name: "http" }
   ];
   if (config2.additionalPorts) {
     for (const port of config2.additionalPorts) {
-      containerPorts.push({
+      ports.push({
         containerPort: port.targetPort ?? port.port,
         name: port.name,
         protocol: port.protocol ?? "TCP"
       });
     }
   }
+  return ports;
+}
+function buildServicePorts(config2) {
+  const ports = [
+    {
+      name: "http",
+      port: config2.containerPort,
+      targetPort: config2.containerPort,
+      protocol: "TCP"
+    }
+  ];
+  if (config2.additionalPorts) {
+    for (const port of config2.additionalPorts) {
+      ports.push({
+        name: port.name,
+        port: port.port,
+        targetPort: port.targetPort ?? port.port,
+        protocol: port.protocol ?? "TCP"
+      });
+    }
+  }
+  return ports;
+}
+function createServiceIngress(provider, namespace, config2, labels, service) {
+  if (!config2.ingress) {
+    return;
+  }
+  const ingressAnnotations = {
+    "kubernetes.io/ingress.class": "nginx",
+    ...config2.ingress.annotations
+  };
+  if (config2.ingress.tls?.enabled) {
+    ingressAnnotations["cert-manager.io/cluster-issuer"] = config2.ingress.tls.issuerName ?? "letsencrypt-production";
+  }
+  let ingressPath = config2.ingress.path;
+  let ingressPathType = config2.ingress.pathType ?? "Prefix";
+  const shouldStripPrefix = config2.ingress.path !== "/" && !config2.ingress.keepPrefix;
+  if (shouldStripPrefix) {
+    ingressPath = `${config2.ingress.path}(/|$)(.*)`;
+    ingressPathType = "ImplementationSpecific";
+    ingressAnnotations["nginx.ingress.kubernetes.io/use-regex"] = "true";
+    ingressAnnotations["nginx.ingress.kubernetes.io/rewrite-target"] = "/$2";
+  }
+  const createRule = (host) => ({
+    ...host && { host },
+    http: {
+      paths: [
+        {
+          path: ingressPath,
+          pathType: ingressPathType,
+          backend: {
+            service: {
+              name: config2.name,
+              port: { number: config2.containerPort }
+            }
+          }
+        }
+      ]
+    }
+  });
+  const ingressRules = [];
+  if (config2.ingress.host) {
+    ingressRules.push(createRule(config2.ingress.host));
+  } else {
+    ingressRules.push(createRule());
+  }
+  if (config2.ingress.additionalHosts) {
+    for (const additionalHost of config2.ingress.additionalHosts) {
+      ingressRules.push(createRule(additionalHost));
+    }
+  }
+  const allHosts = [
+    ...config2.ingress.host ? [config2.ingress.host] : [],
+    ...config2.ingress.additionalHosts ?? []
+  ];
+  const tlsSecretName = config2.ingress.tls?.secretName ?? `${config2.name}-tls`;
+  return new k8s5.networking.v1.Ingress(`${config2.name}-ingress`, {
+    metadata: {
+      name: config2.name,
+      namespace,
+      labels,
+      annotations: ingressAnnotations
+    },
+    spec: {
+      ...config2.ingress.tls?.enabled && allHosts.length > 0 && {
+        tls: [{ hosts: allHosts, secretName: tlsSecretName }]
+      },
+      rules: ingressRules
+    }
+  }, { provider, dependsOn: [service] });
+}
+function deployK8sService(provider, namespace, config2) {
+  if (!config2.image) {
+    throw new Error(`Missing "image" for service "${config2.name}". Either specify image explicitly or use discoverServiceConfigs() which auto-generates it from pf.registry.`);
+  }
+  const labels = buildLabels(config2.name, config2.labels);
+  const replicas = config2.replicas ?? DEFAULTS.replicas;
+  const imagePullPolicy = getImagePullPolicy(config2.image, config2.imagePullPolicy);
+  const resources = config2.resources ?? DEFAULTS.resources;
+  const secret = createServiceSecret(provider, namespace, config2, labels);
+  const envVars = buildEnvVars(config2);
+  const { pvcs, volumeMounts, volumes } = createServiceVolumes(provider, namespace, config2, labels);
+  const { livenessProbe, readinessProbe } = buildHealthProbes(config2);
+  const containerPorts = buildContainerPorts(config2);
+  const servicePorts = buildServicePorts(config2);
   const deployment = new k8s5.apps.v1.Deployment(`${config2.name}-deployment`, {
     metadata: {
       name: config2.name,
@@ -338007,24 +338116,6 @@ function deployK8sService(provider, namespace, config2) {
       }
     }
   }, { provider, dependsOn: pvcs.length > 0 ? pvcs : undefined });
-  const servicePorts = [
-    {
-      name: "http",
-      port: config2.containerPort,
-      targetPort: config2.containerPort,
-      protocol: "TCP"
-    }
-  ];
-  if (config2.additionalPorts) {
-    for (const port of config2.additionalPorts) {
-      servicePorts.push({
-        name: port.name,
-        port: port.port,
-        targetPort: port.targetPort ?? port.port,
-        protocol: port.protocol ?? "TCP"
-      });
-    }
-  }
   const service = new k8s5.core.v1.Service(`${config2.name}-service`, {
     metadata: {
       name: config2.name,
@@ -338037,77 +338128,7 @@ function deployK8sService(provider, namespace, config2) {
       ports: servicePorts
     }
   }, { provider, dependsOn: [deployment] });
-  let ingress;
-  if (config2.ingress) {
-    const ingressAnnotations = {
-      "kubernetes.io/ingress.class": "nginx",
-      ...config2.ingress.annotations
-    };
-    if (config2.ingress.tls?.enabled) {
-      ingressAnnotations["cert-manager.io/cluster-issuer"] = config2.ingress.tls.issuerName ?? "letsencrypt-production";
-    }
-    let ingressPath = config2.ingress.path;
-    let ingressPathType = config2.ingress.pathType ?? "Prefix";
-    const shouldStripPrefix = config2.ingress.path !== "/" && !config2.ingress.keepPrefix;
-    if (shouldStripPrefix) {
-      ingressPath = `${config2.ingress.path}(/|$)(.*)`;
-      ingressPathType = "ImplementationSpecific";
-      ingressAnnotations["nginx.ingress.kubernetes.io/use-regex"] = "true";
-      ingressAnnotations["nginx.ingress.kubernetes.io/rewrite-target"] = "/$2";
-    }
-    const tlsSecretName = config2.ingress.tls?.secretName ?? `${config2.name}-tls`;
-    const ingressRules = [];
-    const createRule = (host) => ({
-      ...host && { host },
-      http: {
-        paths: [
-          {
-            path: ingressPath,
-            pathType: ingressPathType,
-            backend: {
-              service: {
-                name: config2.name,
-                port: { number: config2.containerPort }
-              }
-            }
-          }
-        ]
-      }
-    });
-    if (config2.ingress.host) {
-      ingressRules.push(createRule(config2.ingress.host));
-    } else {
-      ingressRules.push(createRule());
-    }
-    if (config2.ingress.additionalHosts) {
-      for (const additionalHost of config2.ingress.additionalHosts) {
-        ingressRules.push(createRule(additionalHost));
-      }
-    }
-    const allHosts = [
-      ...config2.ingress.host ? [config2.ingress.host] : [],
-      ...config2.ingress.additionalHosts ?? []
-    ];
-    ingress = new k8s5.networking.v1.Ingress(`${config2.name}-ingress`, {
-      metadata: {
-        name: config2.name,
-        namespace,
-        labels,
-        annotations: ingressAnnotations
-      },
-      spec: {
-        ...config2.ingress.tls?.enabled && allHosts.length > 0 && {
-          tls: [
-            {
-              hosts: allHosts,
-              secretName: tlsSecretName
-            }
-          ]
-        },
-        rules: ingressRules
-      }
-    }, { provider, dependsOn: [service] });
-  }
+  const ingress = createServiceIngress(provider, namespace, config2, labels, service);
   const serviceDns = `${config2.name}.${namespace}.svc.cluster.local`;
   const internalUrl = pulumi6.output(`http://${serviceDns}:${config2.containerPort}`);
   return {

package/dist/index.js

@@ -337779,13 +337779,7 @@ function getImagePullPolicy(image2, explicit) {
     return explicit;
   return image2.endsWith(":latest") ? "Always" : "IfNotPresent";
 }
-function deployK8sService(provider, namespace, config2) {
-  if (!config2.image) {
-    throw new Error(`Missing "image" for service "${config2.name}". Either specify image explicitly or use discoverServiceConfigs() which auto-generates it from pf.registry.`);
-  }
-  const labels = buildLabels(config2.name, config2.labels);
-  const replicas = config2.replicas ?? DEFAULTS.replicas;
-  const imagePullPolicy = getImagePullPolicy(config2.image, config2.imagePullPolicy);
+function buildEnvVars(config2) {
   const envVars = [];
   envVars.push({ name: "PORT", value: String(config2.containerPort) });
   if (config2.env) {
@@ -337793,17 +337787,7 @@ function deployK8sService(provider, namespace, config2) {
       envVars.push({ name: key, value: pulumi6.output(value) });
     }
   }
-  let secret;
-  if (config2.secrets && Object.keys(config2.secrets).length > 0) {
-    secret = new k8s5.core.v1.Secret(`${config2.name}-secret`, {
-      metadata: {
-        name: `${config2.name}-secret`,
-        namespace,
-        labels
-      },
-      type: "Opaque",
-      stringData: config2.secrets
-    }, { provider });
+  if (config2.secrets) {
     for (const key of Object.keys(config2.secrets)) {
       envVars.push({
         name: key,
@@ -337816,80 +337800,205 @@ function deployK8sService(provider, namespace, config2) {
       });
     }
   }
+  return envVars;
+}
+function createServiceSecret(provider, namespace, config2, labels) {
+  if (!config2.secrets || Object.keys(config2.secrets).length === 0) {
+    return;
+  }
+  return new k8s5.core.v1.Secret(`${config2.name}-secret`, {
+    metadata: {
+      name: `${config2.name}-secret`,
+      namespace,
+      labels
+    },
+    type: "Opaque",
+    stringData: config2.secrets
+  }, { provider });
+}
+function createServiceVolumes(provider, namespace, config2, labels) {
   const pvcs = [];
   const volumeMounts = [];
   const volumes = [];
-  if (config2.volumes) {
-    for (const vol of config2.volumes) {
-      const pvc = new k8s5.core.v1.PersistentVolumeClaim(`${config2.name}-${vol.name}`, {
-        metadata: {
-          name: `${config2.name}-${vol.name}`,
-          namespace,
-          labels
-        },
-        spec: {
-          accessModes: [vol.accessMode ?? "ReadWriteOnce"],
-          storageClassName: vol.storageClass ?? "do-block-storage",
-          resources: {
-            requests: {
-              storage: vol.size ?? "10Gi"
-            }
-          }
-        }
-      }, { provider });
-      pvcs.push(pvc);
-      volumeMounts.push({
-        name: vol.name,
-        mountPath: vol.mountPath,
-        readOnly: vol.readOnly
-      });
-      volumes.push({
-        name: vol.name,
-        persistentVolumeClaim: {
-          claimName: `${config2.name}-${vol.name}`
+  if (!config2.volumes) {
+    return { pvcs, volumeMounts, volumes };
+  }
+  for (const vol of config2.volumes) {
+    const pvc = new k8s5.core.v1.PersistentVolumeClaim(`${config2.name}-${vol.name}`, {
+      metadata: {
+        name: `${config2.name}-${vol.name}`,
+        namespace,
+        labels
+      },
+      spec: {
+        accessModes: [vol.accessMode ?? "ReadWriteOnce"],
+        storageClassName: vol.storageClass ?? "do-block-storage",
+        resources: {
+          requests: { storage: vol.size ?? "10Gi" }
         }
-      });
-    }
+      }
+    }, { provider });
+    pvcs.push(pvc);
+    volumeMounts.push({
+      name: vol.name,
+      mountPath: vol.mountPath,
+      readOnly: vol.readOnly
+    });
+    volumes.push({
+      name: vol.name,
+      persistentVolumeClaim: {
+        claimName: `${config2.name}-${vol.name}`
+      }
+    });
   }
+  return { pvcs, volumeMounts, volumes };
+}
+function buildHealthProbes(config2) {
   const healthCheck = config2.healthCheck;
-  let livenessProbe;
-  let readinessProbe;
-  if (healthCheck) {
-    const probeConfig = {
-      initialDelaySeconds: healthCheck.initialDelaySeconds ?? DEFAULTS.healthCheck.initialDelaySeconds,
-      periodSeconds: healthCheck.periodSeconds ?? DEFAULTS.healthCheck.periodSeconds,
-      failureThreshold: healthCheck.failureThreshold ?? DEFAULTS.healthCheck.failureThreshold,
-      successThreshold: healthCheck.successThreshold ?? DEFAULTS.healthCheck.successThreshold,
-      timeoutSeconds: healthCheck.timeoutSeconds ?? DEFAULTS.healthCheck.timeoutSeconds
-    };
-    if (healthCheck.httpPath) {
-      const httpGet = {
-        path: healthCheck.httpPath,
-        port: healthCheck.port ?? config2.containerPort
-      };
-      livenessProbe = { ...probeConfig, httpGet };
-      readinessProbe = { ...probeConfig, httpGet };
-    } else {
-      const tcpSocket = {
-        port: healthCheck.port ?? config2.containerPort
-      };
-      livenessProbe = { ...probeConfig, tcpSocket };
-      readinessProbe = { ...probeConfig, tcpSocket };
-    }
+  if (!healthCheck) {
+    return {};
   }
-  const resources = config2.resources ?? DEFAULTS.resources;
-  const containerPorts = [
+  const probeConfig = {
+    initialDelaySeconds: healthCheck.initialDelaySeconds ?? DEFAULTS.healthCheck.initialDelaySeconds,
+    periodSeconds: healthCheck.periodSeconds ?? DEFAULTS.healthCheck.periodSeconds,
+    failureThreshold: healthCheck.failureThreshold ?? DEFAULTS.healthCheck.failureThreshold,
+    successThreshold: healthCheck.successThreshold ?? DEFAULTS.healthCheck.successThreshold,
+    timeoutSeconds: healthCheck.timeoutSeconds ?? DEFAULTS.healthCheck.timeoutSeconds
+  };
+  if (healthCheck.httpPath) {
+    const httpGet = {
+      path: healthCheck.httpPath,
+      port: healthCheck.port ?? config2.containerPort
+    };
+    return {
+      livenessProbe: { ...probeConfig, httpGet },
+      readinessProbe: { ...probeConfig, httpGet }
+    };
+  }
+  const tcpSocket = { port: healthCheck.port ?? config2.containerPort };
+  return {
+    livenessProbe: { ...probeConfig, tcpSocket },
+    readinessProbe: { ...probeConfig, tcpSocket }
+  };
+}
+function buildContainerPorts(config2) {
+  const ports = [
     { containerPort: config2.containerPort, name: "http" }
   ];
   if (config2.additionalPorts) {
     for (const port of config2.additionalPorts) {
-      containerPorts.push({
+      ports.push({
         containerPort: port.targetPort ?? port.port,
         name: port.name,
         protocol: port.protocol ?? "TCP"
       });
     }
   }
+  return ports;
+}
+function buildServicePorts(config2) {
+  const ports = [
+    {
+      name: "http",
+      port: config2.containerPort,
+      targetPort: config2.containerPort,
+      protocol: "TCP"
+    }
+  ];
+  if (config2.additionalPorts) {
+    for (const port of config2.additionalPorts) {
+      ports.push({
+        name: port.name,
+        port: port.port,
+        targetPort: port.targetPort ?? port.port,
+        protocol: port.protocol ?? "TCP"
+      });
+    }
+  }
+  return ports;
+}
+function createServiceIngress(provider, namespace, config2, labels, service) {
+  if (!config2.ingress) {
+    return;
+  }
+  const ingressAnnotations = {
+    "kubernetes.io/ingress.class": "nginx",
+    ...config2.ingress.annotations
+  };
+  if (config2.ingress.tls?.enabled) {
+    ingressAnnotations["cert-manager.io/cluster-issuer"] = config2.ingress.tls.issuerName ?? "letsencrypt-production";
+  }
+  let ingressPath = config2.ingress.path;
+  let ingressPathType = config2.ingress.pathType ?? "Prefix";
+  const shouldStripPrefix = config2.ingress.path !== "/" && !config2.ingress.keepPrefix;
+  if (shouldStripPrefix) {
+    ingressPath = `${config2.ingress.path}(/|$)(.*)`;
+    ingressPathType = "ImplementationSpecific";
+    ingressAnnotations["nginx.ingress.kubernetes.io/use-regex"] = "true";
+    ingressAnnotations["nginx.ingress.kubernetes.io/rewrite-target"] = "/$2";
+  }
+  const createRule = (host) => ({
+    ...host && { host },
+    http: {
+      paths: [
+        {
+          path: ingressPath,
+          pathType: ingressPathType,
+          backend: {
+            service: {
+              name: config2.name,
+              port: { number: config2.containerPort }
+            }
+          }
+        }
+      ]
+    }
+  });
+  const ingressRules = [];
+  if (config2.ingress.host) {
+    ingressRules.push(createRule(config2.ingress.host));
+  } else {
+    ingressRules.push(createRule());
+  }
+  if (config2.ingress.additionalHosts) {
+    for (const additionalHost of config2.ingress.additionalHosts) {
+      ingressRules.push(createRule(additionalHost));
+    }
+  }
+  const allHosts = [
+    ...config2.ingress.host ? [config2.ingress.host] : [],
+    ...config2.ingress.additionalHosts ?? []
+  ];
+  const tlsSecretName = config2.ingress.tls?.secretName ?? `${config2.name}-tls`;
+  return new k8s5.networking.v1.Ingress(`${config2.name}-ingress`, {
+    metadata: {
+      name: config2.name,
+      namespace,
+      labels,
+      annotations: ingressAnnotations
+    },
+    spec: {
+      ...config2.ingress.tls?.enabled && allHosts.length > 0 && {
+        tls: [{ hosts: allHosts, secretName: tlsSecretName }]
+      },
+      rules: ingressRules
+    }
+  }, { provider, dependsOn: [service] });
+}
+function deployK8sService(provider, namespace, config2) {
+  if (!config2.image) {
+    throw new Error(`Missing "image" for service "${config2.name}". Either specify image explicitly or use discoverServiceConfigs() which auto-generates it from pf.registry.`);
+  }
+  const labels = buildLabels(config2.name, config2.labels);
+  const replicas = config2.replicas ?? DEFAULTS.replicas;
+  const imagePullPolicy = getImagePullPolicy(config2.image, config2.imagePullPolicy);
+  const resources = config2.resources ?? DEFAULTS.resources;
+  const secret = createServiceSecret(provider, namespace, config2, labels);
+  const envVars = buildEnvVars(config2);
+  const { pvcs, volumeMounts, volumes } = createServiceVolumes(provider, namespace, config2, labels);
+  const { livenessProbe, readinessProbe } = buildHealthProbes(config2);
+  const containerPorts = buildContainerPorts(config2);
+  const servicePorts = buildServicePorts(config2);
   const deployment = new k8s5.apps.v1.Deployment(`${config2.name}-deployment`, {
     metadata: {
       name: config2.name,
@@ -337931,24 +338040,6 @@ function deployK8sService(provider, namespace, config2) {
       }
     }
   }, { provider, dependsOn: pvcs.length > 0 ? pvcs : undefined });
-  const servicePorts = [
-    {
-      name: "http",
-      port: config2.containerPort,
-      targetPort: config2.containerPort,
-      protocol: "TCP"
-    }
-  ];
-  if (config2.additionalPorts) {
-    for (const port of config2.additionalPorts) {
-      servicePorts.push({
-        name: port.name,
-        port: port.port,
-        targetPort: port.targetPort ?? port.port,
-        protocol: port.protocol ?? "TCP"
-      });
-    }
-  }
   const service = new k8s5.core.v1.Service(`${config2.name}-service`, {
     metadata: {
       name: config2.name,
@@ -337961,77 +338052,7 @@ function deployK8sService(provider, namespace, config2) {
       ports: servicePorts
     }
   }, { provider, dependsOn: [deployment] });
-  let ingress;
-  if (config2.ingress) {
-    const ingressAnnotations = {
-      "kubernetes.io/ingress.class": "nginx",
-      ...config2.ingress.annotations
-    };
-    if (config2.ingress.tls?.enabled) {
-      ingressAnnotations["cert-manager.io/cluster-issuer"] = config2.ingress.tls.issuerName ?? "letsencrypt-production";
-    }
-    let ingressPath = config2.ingress.path;
-    let ingressPathType = config2.ingress.pathType ?? "Prefix";
-    const shouldStripPrefix = config2.ingress.path !== "/" && !config2.ingress.keepPrefix;
-    if (shouldStripPrefix) {
-      ingressPath = `${config2.ingress.path}(/|$)(.*)`;
-      ingressPathType = "ImplementationSpecific";
-      ingressAnnotations["nginx.ingress.kubernetes.io/use-regex"] = "true";
-      ingressAnnotations["nginx.ingress.kubernetes.io/rewrite-target"] = "/$2";
-    }
-    const tlsSecretName = config2.ingress.tls?.secretName ?? `${config2.name}-tls`;
-    const ingressRules = [];
-    const createRule = (host) => ({
-      ...host && { host },
-      http: {
-        paths: [
-          {
-            path: ingressPath,
-            pathType: ingressPathType,
-            backend: {
-              service: {
-                name: config2.name,
-                port: { number: config2.containerPort }
-              }
-            }
-          }
-        ]
-      }
-    });
-    if (config2.ingress.host) {
-      ingressRules.push(createRule(config2.ingress.host));
-    } else {
-      ingressRules.push(createRule());
-    }
-    if (config2.ingress.additionalHosts) {
-      for (const additionalHost of config2.ingress.additionalHosts) {
-        ingressRules.push(createRule(additionalHost));
-      }
-    }
-    const allHosts = [
-      ...config2.ingress.host ? [config2.ingress.host] : [],
-      ...config2.ingress.additionalHosts ?? []
-    ];
-    ingress = new k8s5.networking.v1.Ingress(`${config2.name}-ingress`, {
-      metadata: {
-        name: config2.name,
-        namespace,
-        labels,
-        annotations: ingressAnnotations
-      },
-      spec: {
-        ...config2.ingress.tls?.enabled && allHosts.length > 0 && {
-          tls: [
-            {
-              hosts: allHosts,
-              secretName: tlsSecretName
-            }
-          ]
-        },
-        rules: ingressRules
-      }
-    }, { provider, dependsOn: [service] });
-  }
+  const ingress = createServiceIngress(provider, namespace, config2, labels, service);
   const serviceDns = `${config2.name}.${namespace}.svc.cluster.local`;
   const internalUrl = pulumi6.output(`http://${serviceDns}:${config2.containerPort}`);
   return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crossdelta/infrastructure",
-  "version": "0.2.23",
+  "version": "0.2.24",
   "type": "module",
   "license": "MIT",
   "publishConfig": {