@drunk-pulumi/azure 0.0.19

package/KubeX/Apps/YarpProxy/index.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Deployment_1 = require("../../Deployment");
+const dotnetConfig_1 = require("../../../Common/AppConfigs/dotnetConfig");
+const VairableResolvers_1 = require("../../VairableResolvers");
+const createReverseProxyConfig = async (reverseProxy, vaultInfo) => {
+    const clusterConfig = {};
+    const routeConfig = {};
+    let routeIndex = 0;
+    reverseProxy.clusters.forEach((c, i) => {
+        const clusterIndex = i + 1;
+        const clusterName = `cluster${clusterIndex}`;
+        const urls = Array.isArray(c.destinationUrl)
+            ? c.destinationUrl
+            : [c.destinationUrl];
+        if (c.loadBalancingPolicy) {
+            clusterConfig[`ReverseProxy__Clusters__${clusterName}__LoadBalancingPolicy`] = c.loadBalancingPolicy;
+        }
+        urls.forEach((url, i) => {
+            clusterConfig[`ReverseProxy__Clusters__${clusterName}__Destinations__destination${i}__Address`] = url;
+        });
+        c.routes.forEach((r) => {
+            routeIndex += 1;
+            const routeName = `ReverseProxy__Routes__route${routeIndex}`;
+            routeConfig[`${routeName}__ClusterId`] = clusterName;
+            routeConfig[`${routeName}__Match__Path`] = r.path;
+            if (r.headers) {
+                r.headers.forEach((h, headerIndex) => {
+                    routeConfig[`${routeName}__Match__Headers__${headerIndex}__Name`] =
+                        h.name;
+                    routeConfig[`${routeName}__Match__Headers__${headerIndex}__Mode`] =
+                        h.mode;
+                    h.values.forEach((v, valueIndex) => {
+                        routeConfig[`${routeName}__Match__Headers__${headerIndex}__Values__${valueIndex}`] = v;
+                    });
+                });
+            }
+            if (r.transforms) {
+                r.transforms.forEach((ts, i) => Object.keys(ts).forEach((k) => (routeConfig[`${routeName}__Transforms__${i}__${k}`] =
+                    ts[k].toString())));
+            }
+        });
+    });
+    if (vaultInfo)
+        return await (0, VairableResolvers_1.default)({
+            config: { ...routeConfig, ...clusterConfig },
+            vaultInfo,
+        });
+    return { configMap: { ...routeConfig, ...clusterConfig }, secrets: {} };
+};
+const createForwardedProxyConfig = async (forwarderProxy, vaultInfo) => {
+    const config = {};
+    forwarderProxy.forEach((c, i) => {
+        config[`ForwarderProxy__${i}__Route`] = c.route;
+        c.destinationUrls.forEach((d, di) => (config[`ForwarderProxy__${i}__Destinations__${di}`] = d));
+        if (c.headers) {
+            Object.keys(c.headers).forEach((k) => {
+                config[`ForwarderProxy__${i}__Headers__${k}`] = c.headers[k];
+            });
+        }
+        if (c.sslProtocols) {
+            config[`ForwarderProxy__${i}__SslProtocols`] = c.sslProtocols;
+        }
+        if (c.clientCertificate) {
+            config[`ForwarderProxy__${i}__ClientCertificate`] = c.clientCertificate;
+            if (c.clientCertificatePassword)
+                config[`ForwarderProxy__${i}__ClientCertificatePassword`] =
+                    c.clientCertificatePassword;
+        }
+    });
+    if (vaultInfo)
+        return await (0, VairableResolvers_1.default)({ config, vaultInfo });
+    return { configMap: config, secrets: {} };
+};
+/** YARP Reverse Proxy https://microsoft.github.io/reverse-proxy */
+exports.default = async ({ reverseProxy, forwardedProxy, namespace, ingress, name = 'proxy', enableDebug, enableHA, vaultInfo, ...others }) => {
+    const proxyConfig = reverseProxy
+        ? await createReverseProxyConfig(reverseProxy, vaultInfo)
+        : { configMap: {}, secrets: {} };
+    const forwarderConfig = forwardedProxy
+        ? await createForwardedProxyConfig(forwardedProxy, vaultInfo)
+        : { configMap: {}, secrets: {} };
+    const proxy = (0, Deployment_1.default)({
+        ...others,
+        name,
+        namespace,
+        configMap: {
+            ...dotnetConfig_1.defaultDotNetConfig,
+            Logging__LogLevel__Yarp: enableDebug ? 'Debug' : 'Warning',
+            FeatureManagement__EnableForwarder: reverseProxy ? 'true' : 'false',
+            FeatureManagement__EnableReverseProxy: forwarderConfig ? 'true' : 'false',
+            FeatureManagement__EnableHttpLog: enableDebug ? 'true' : 'false',
+            ...proxyConfig.configMap,
+            ...forwarderConfig.configMap,
+        },
+        secrets: { ...proxyConfig.secrets, ...forwarderConfig.secrets },
+        ingressConfig: ingress,
+        podConfig: {
+            ports: { http: 8080 },
+            image: 'baoduy2412/hbd.yarp-proxy:latest',
+        },
+        deploymentConfig: { replicas: 1 },
+        enableHA: enableHA ? { name, maxReplicas: 3, minReplicas: 1 } : undefined,
+    });
+    return proxy;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvS3ViZVgvQXBwcy9ZYXJwUHJveHkvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFFQSxpREFBMEM7QUFDMUMsMEVBQThFO0FBRTlFLCtEQUF1RDtBQVd2RCxNQUFNLHdCQUF3QixHQUFHLEtBQUssRUFDcEMsWUFBMEIsRUFDMUIsU0FBd0IsRUFDeEIsRUFBRTtJQUNGLE1BQU0sYUFBYSxHQUFrQyxFQUFFLENBQUM7SUFDeEQsTUFBTSxXQUFXLEdBQWtDLEVBQUUsQ0FBQztJQUN0RCxJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7SUFFbkIsWUFBWSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUU7UUFDckMsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUMzQixNQUFNLFdBQVcsR0FBRyxVQUFVLFlBQVksRUFBRSxDQUFDO1FBQzdDLE1BQU0sSUFBSSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGNBQWMsQ0FBQztZQUMxQyxDQUFDLENBQUMsQ0FBQyxDQUFDLGNBQWM7WUFDbEIsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXZCLElBQUksQ0FBQyxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDMUIsYUFBYSxDQUNYLDJCQUEyQixXQUFXLHVCQUF1QixDQUM5RCxHQUFHLENBQUMsQ0FBQyxtQkFBbUIsQ0FBQztRQUM1QixDQUFDO1FBRUQsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxDQUFDLEVBQUUsRUFBRTtZQUN0QixhQUFhLENBQ1gsMkJBQTJCLFdBQVcsOEJBQThCLENBQUMsV0FBVyxDQUNqRixHQUFHLEdBQUcsQ0FBQztRQUNWLENBQUMsQ0FBQyxDQUFDO1FBQ0gsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtZQUNyQixVQUFVLElBQUksQ0FBQyxDQUFDO1lBQ2hCLE1BQU0sU0FBUyxHQUFHLDhCQUE4QixVQUFVLEVBQUUsQ0FBQztZQUU3RCxXQUFXLENBQUMsR0FBRyxTQUFTLGFBQWEsQ0FBQyxHQUFHLFdBQVcsQ0FBQztZQUNyRCxXQUFXLENBQUMsR0FBRyxTQUFTLGVBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUM7WUFFbEQsSUFBSSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2QsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsV0FBVyxFQUFFLEVBQUU7b0JBQ25DLFdBQVcsQ0FBQyxHQUFHLFNBQVMscUJBQXFCLFdBQVcsUUFBUSxDQUFDO3dCQUMvRCxDQUFDLENBQUMsSUFBSSxDQUFDO29CQUNULFdBQVcsQ0FBQyxHQUFHLFNBQVMscUJBQXFCLFdBQVcsUUFBUSxDQUFDO3dCQUMvRCxDQUFDLENBQUMsSUFBSSxDQUFDO29CQUNULENBQUMsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxFQUFFO3dCQUNqQyxXQUFXLENBQ1QsR0FBRyxTQUFTLHFCQUFxQixXQUFXLGFBQWEsVUFBVSxFQUFFLENBQ3RFLEdBQUcsQ0FBQyxDQUFDO29CQUNSLENBQUMsQ0FBQyxDQUFDO2dCQUNMLENBQUMsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztZQUVELElBQUksQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDO2dCQUNqQixDQUFDLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQU8sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUNsQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLE9BQU8sQ0FDckIsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUNKLENBQUMsV0FBVyxDQUFDLEdBQUcsU0FBUyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUNsRCxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FDdEIsQ0FDRixDQUFDO1lBQ0osQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7SUFFSCxJQUFJLFNBQVM7UUFDWCxPQUFPLE1BQU0sSUFBQSwyQkFBZ0IsRUFBQztZQUM1QixNQUFNLEVBQUUsRUFBRSxHQUFHLFdBQVcsRUFBRSxHQUFHLGFBQWEsRUFBRTtZQUM1QyxTQUFTO1NBQ1YsQ0FBQyxDQUFDO0lBQ0wsT0FBTyxFQUFFLFNBQVMsRUFBRSxFQUFFLEdBQUcsV0FBVyxFQUFFLEdBQUcsYUFBYSxFQUFFLEVBQUUsT0FBTyxFQUFFLEVBQUUsRUFBRSxDQUFDO0FBQzFFLENBQUMsQ0FBQztBQUVGLE1BQU0sMEJBQTBCLEdBQUcsS0FBSyxFQUN0QyxjQUFnQyxFQUNoQyxTQUF3QixFQUN4QixFQUFFO0lBQ0YsTUFBTSxNQUFNLEdBQWtDLEVBQUUsQ0FBQztJQUVqRCxjQUFjLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFO1FBQzlCLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDO1FBRWhELENBQUMsQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUN2QixDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUFDLG1CQUFtQixFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUNyRSxDQUFDO1FBRUYsSUFBSSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDZCxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtnQkFDbkMsTUFBTSxDQUFDLG1CQUFtQixDQUFDLGNBQWMsQ0FBQyxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBUSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2hFLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUNELElBQUksQ0FBQyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ25CLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxZQUFZLENBQUM7UUFDaEUsQ0FBQztRQUVELElBQUksQ0FBQyxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLG1CQUFtQixDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDLGlCQUFpQixDQUFDO1lBQ3hFLElBQUksQ0FBQyxDQUFDLHlCQUF5QjtnQkFDN0IsTUFBTSxDQUFDLG1CQUFtQixDQUFDLDZCQUE2QixDQUFDO29CQUN2RCxDQUFDLENBQUMseUJBQXlCLENBQUM7UUFDbEMsQ0FBQztJQUNILENBQUMsQ0FBQyxDQUFDO0lBRUgsSUFBSSxTQUFTO1FBQUUsT0FBTyxNQUFNLElBQUEsMkJBQWdCLEVBQUMsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztJQUNwRSxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLENBQUM7QUFDNUMsQ0FBQyxDQUFDO0FBRUYsbUVBQW1FO0FBQ25FLGtCQUFlLEtBQUssRUFBRSxFQUNwQixZQUFZLEVBQ1osY0FBYyxFQUNkLFNBQVMsRUFDVCxPQUFPLEVBQ1AsSUFBSSxHQUFHLE9BQU8sRUFDZCxXQUFXLEVBQ1gsUUFBUSxFQUNSLFNBQVMsRUFDVCxHQUFHLE1BQU0sRUFDSCxFQUFFLEVBQUU7SUFDVixNQUFNLFdBQVcsR0FBRyxZQUFZO1FBQzlCLENBQUMsQ0FBQyxNQUFNLHdCQUF3QixDQUFDLFlBQVksRUFBRSxTQUFTLENBQUM7UUFDekQsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLEVBQUUsRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFDbkMsTUFBTSxlQUFlLEdBQUcsY0FBYztRQUNwQyxDQUFDLENBQUMsTUFBTSwwQkFBMEIsQ0FBQyxjQUFjLEVBQUUsU0FBUyxDQUFDO1FBQzdELENBQUMsQ0FBQyxFQUFFLFNBQVMsRUFBRSxFQUFFLEVBQUUsT0FBTyxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBRW5DLE1BQU0sS0FBSyxHQUFHLElBQUEsb0JBQVUsRUFBQztRQUN2QixHQUFHLE1BQU07UUFDVCxJQUFJO1FBQ0osU0FBUztRQUNULFNBQVMsRUFBRTtZQUNULEdBQUcsa0NBQW1CO1lBQ3RCLHVCQUF1QixFQUFFLFdBQVcsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQzFELGtDQUFrQyxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxPQUFPO1lBQ25FLHFDQUFxQyxFQUFFLGVBQWUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxPQUFPO1lBQ3pFLGdDQUFnQyxFQUFFLFdBQVcsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxPQUFPO1lBRWhFLEdBQUcsV0FBVyxDQUFDLFNBQVM7WUFDeEIsR0FBRyxlQUFlLENBQUMsU0FBUztTQUM3QjtRQUNELE9BQU8sRUFBRSxFQUFFLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxHQUFHLGVBQWUsQ0FBQyxPQUFPLEVBQUU7UUFFL0QsYUFBYSxFQUFFLE9BQU87UUFFdEIsU0FBUyxFQUFFO1lBQ1QsS0FBSyxFQUFFLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRTtZQUNyQixLQUFLLEVBQUUsa0NBQWtDO1NBQzFDO1FBQ0QsZ0JBQWdCLEVBQUUsRUFBRSxRQUFRLEVBQUUsQ0FBQyxFQUFFO1FBQ2pDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxDQUFDLEVBQUUsV0FBVyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO0tBQzFFLENBQUMsQ0FBQztJQUVILE9BQU8sS0FBSyxDQUFDO0FBQ2YsQ0FBQyxDQUFDIn0=

package/KubeX/Apps/YarpProxy/type.d.ts

@@ -0,0 +1,55 @@
+import { DeploymentIngress } from '../../Deployment';
+import { Input } from '@pulumi/pulumi';
+export type Transform = {
+    PathPrefix: string;
+} | {
+    PathRemovePrefix: string;
+} | {
+    PathPattern: string;
+} | {
+    RequestHeader: string;
+    Append: string;
+} | {
+    ResponseHeader: string;
+    Append: string;
+    When?: 'Always';
+} | {
+    ClientCert: 'X-Client-Cert' | string;
+} | {
+    RequestHeadersCopy: boolean;
+} | {
+    RequestHeaderOriginalHost: boolean;
+} | {
+    'X-Forwarded': 'proto' | 'host' | 'for' | 'prefix' | string;
+    Append: boolean;
+    Prefix: 'X-Forwarded-';
+};
+export interface Route {
+    path: string | '{**catch-all}' | '{**remainder}';
+    /**Header matching*/
+    headers?: Array<{
+        name: string;
+        values: string[];
+        mode: 'ExactHeader' | 'HeaderPrefix' | 'Contains' | 'NotContains' | 'Exists';
+    }>;
+    transforms?: Transform[];
+}
+export interface Cluster {
+    loadBalancingPolicy?: 'FirstAlphabetical' | 'Random' | 'PowerOfTwoChoices' | 'RoundRobin' | 'LeastRequests';
+    destinationUrl: string | Array<string>;
+    routes: Route[];
+}
+export interface ReverseProxy {
+    clusters: Cluster[];
+    ingressConfig?: DeploymentIngress;
+}
+export interface ForwardedProxy {
+    route: string;
+    destinationUrls: Array<string>;
+    clientCertificate?: Input<string>;
+    clientCertificatePassword?: Input<string>;
+    sslProtocols?: 'Ssl2' | 'Ssl3' | 'Tls' | 'Tls11' | 'Tls12' | 'Tls13';
+    headers?: {
+        [key: string]: string;
+    };
+}

package/KubeX/Apps/YarpProxy/type.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9LdWJlWC9BcHBzL1lhcnBQcm94eS90eXBlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIifQ==

package/KubeX/CertHelper.d.ts

@@ -0,0 +1 @@
+export declare const getTlsName: (domain: string, enableCertIssuer: boolean) => string;

package/KubeX/CertHelper.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTlsName = void 0;
+const Helpers_1 = require("../Common/Helpers");
+const getTlsName = (domain, enableCertIssuer) => enableCertIssuer
+    ? `tls-${(0, Helpers_1.replaceAll)(domain, '.', '-')}-lets`
+    : `tls-${(0, Helpers_1.replaceAll)(domain, '.', '-')}-imported`;
+exports.getTlsName = getTlsName;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2VydEhlbHBlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9LdWJlWC9DZXJ0SGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtDQUErQztBQUV4QyxNQUFNLFVBQVUsR0FBRyxDQUFDLE1BQWMsRUFBRSxnQkFBeUIsRUFBRSxFQUFFLENBQ3RFLGdCQUFnQjtJQUNkLENBQUMsQ0FBQyxPQUFPLElBQUEsb0JBQVUsRUFBQyxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxPQUFPO0lBQzVDLENBQUMsQ0FBQyxPQUFPLElBQUEsb0JBQVUsRUFBQyxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxXQUFXLENBQUM7QUFIeEMsUUFBQSxVQUFVLGNBRzhCIn0=

package/KubeX/CertImports.d.ts

@@ -0,0 +1,19 @@
+import { KeyVaultInfo } from '../types';
+import { K8sArgs } from './types';
+export interface FromCertOrderProps extends K8sArgs {
+    namespaces: string[];
+    /** The cert name or domain name */
+    certName: string;
+}
+/** Import Cert to K8s from Azure Cert Order*/
+export declare const certImportFromCertOrder: ({ namespaces, certName, ...others }: FromCertOrderProps) => Promise<void>;
+export declare const certImportFromFolder: ({ certName, namespaces, certFolder, ...others }: FromCertOrderProps & {
+    certFolder: string;
+}) => string | undefined;
+interface ImportCertFromVaultProps extends K8sArgs {
+    certNames: string[];
+    namespace: string;
+    vaultInfo: KeyVaultInfo;
+}
+export declare const certImportFromVault: ({ certNames, namespace, vaultInfo, ...others }: ImportCertFromVaultProps) => Promise<void>;
+export {};

package/KubeX/CertImports.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.certImportFromVault = exports.certImportFromFolder = exports.certImportFromCertOrder = void 0;
+const Helpers_1 = require("./Helpers");
+const CertHelper_1 = require("./CertHelper");
+const fs = require("fs");
+const Helper_1 = require("../KeyVault/Helper");
+const KsCertSecret_1 = require("./Core/KsCertSecret");
+const Certificate_1 = require("../Certificate");
+/** Import Cert to K8s from Azure Cert Order*/
+const certImportFromCertOrder = async ({ namespaces, certName, ...others }) => {
+    const cert = await (0, Helpers_1.getKubeDomainCert)(certName);
+    if (!cert)
+        return;
+    const name = (0, CertHelper_1.getTlsName)(certName, false);
+    namespaces.map((n, i) => (0, KsCertSecret_1.default)({
+        name: `${name}-${i}`,
+        namespace: n,
+        certInfo: cert,
+        ...others,
+    }));
+};
+exports.certImportFromCertOrder = certImportFromCertOrder;
+const getCertFromFolder = (folder) => {
+    const cert = fs.readFileSync(`./${folder}/cert.crt`, { encoding: 'utf8' });
+    const ca = fs.readFileSync(`./${folder}/ca.crt`, { encoding: 'utf8' });
+    const privateKey = fs.readFileSync(`./${folder}/private.key`, {
+        encoding: 'utf8',
+    });
+    return { cert, ca, privateKey };
+};
+const certImportFromFolder = ({ certName, namespaces, certFolder, ...others }) => {
+    const cert = getCertFromFolder(certFolder);
+    if (!cert)
+        return;
+    const name = (0, CertHelper_1.getTlsName)(certName, false);
+    namespaces.map((n, i) => (0, KsCertSecret_1.default)({
+        name: `${name}-${i}`,
+        namespace: n,
+        certInfo: cert,
+        ...others,
+    }));
+    return name;
+};
+exports.certImportFromFolder = certImportFromFolder;
+const certImportFromVault = async ({ certNames, namespace, vaultInfo, ...others }) => {
+    await Promise.all(certNames.map(async (c, i) => {
+        const cert = await (0, Helper_1.getSecret)({
+            name: c,
+            nameFormatted: false,
+            vaultInfo,
+        });
+        const pems = cert?.value
+            ? (0, Certificate_1.convertPfxToPem)({
+                base64Cert: cert.value,
+                password: '',
+            })
+            : undefined;
+        if (pems) {
+            (0, KsCertSecret_1.default)({
+                name: `${c}-${i}`,
+                namespace,
+                certInfo: pems,
+                ...others,
+            });
+        }
+    }));
+};
+exports.certImportFromVault = certImportFromVault;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2VydEltcG9ydHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvS3ViZVgvQ2VydEltcG9ydHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsdUNBQThDO0FBQzlDLDZDQUEwQztBQUMxQyx5QkFBeUI7QUFFekIsK0NBQStDO0FBRS9DLHNEQUErQztBQUMvQyxnREFBaUQ7QUFRakQsOENBQThDO0FBQ3ZDLE1BQU0sdUJBQXVCLEdBQUcsS0FBSyxFQUFFLEVBQzVDLFVBQVUsRUFDVixRQUFRLEVBQ1IsR0FBRyxNQUFNLEVBQ1UsRUFBRSxFQUFFO0lBQ3ZCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBQSwyQkFBaUIsRUFBQyxRQUFRLENBQUMsQ0FBQztJQUMvQyxJQUFJLENBQUMsSUFBSTtRQUFFLE9BQU87SUFFbEIsTUFBTSxJQUFJLEdBQUcsSUFBQSx1QkFBVSxFQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUN6QyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQ3RCLElBQUEsc0JBQVksRUFBQztRQUNYLElBQUksRUFBRSxHQUFHLElBQUksSUFBSSxDQUFDLEVBQUU7UUFDcEIsU0FBUyxFQUFFLENBQUM7UUFDWixRQUFRLEVBQUUsSUFBSTtRQUNkLEdBQUcsTUFBTTtLQUNWLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBakJXLFFBQUEsdUJBQXVCLDJCQWlCbEM7QUFFRixNQUFNLGlCQUFpQixHQUFHLENBQUMsTUFBYyxFQUFFLEVBQUU7SUFDM0MsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDLFlBQVksQ0FBQyxLQUFLLE1BQU0sV0FBVyxFQUFFLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDM0UsTUFBTSxFQUFFLEdBQUcsRUFBRSxDQUFDLFlBQVksQ0FBQyxLQUFLLE1BQU0sU0FBUyxFQUFFLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDdkUsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLFlBQVksQ0FBQyxLQUFLLE1BQU0sY0FBYyxFQUFFO1FBQzVELFFBQVEsRUFBRSxNQUFNO0tBQ2pCLENBQUMsQ0FBQztJQUVILE9BQU8sRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFLFVBQVUsRUFBRSxDQUFDO0FBQ2xDLENBQUMsQ0FBQztBQUVLLE1BQU0sb0JBQW9CLEdBQUcsQ0FBQyxFQUNuQyxRQUFRLEVBQ1IsVUFBVSxFQUNWLFVBQVUsRUFDVixHQUFHLE1BQU0sRUFDbUMsRUFBRSxFQUFFO0lBQ2hELE1BQU0sSUFBSSxHQUFHLGlCQUFpQixDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzNDLElBQUksQ0FBQyxJQUFJO1FBQUUsT0FBTztJQUVsQixNQUFNLElBQUksR0FBRyxJQUFBLHVCQUFVLEVBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3pDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FDdEIsSUFBQSxzQkFBWSxFQUFDO1FBQ1gsSUFBSSxFQUFFLEdBQUcsSUFBSSxJQUFJLENBQUMsRUFBRTtRQUNwQixTQUFTLEVBQUUsQ0FBQztRQUNaLFFBQVEsRUFBRSxJQUFJO1FBQ2QsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUNILENBQUM7SUFFRixPQUFPLElBQUksQ0FBQztBQUNkLENBQUMsQ0FBQztBQXBCVyxRQUFBLG9CQUFvQix3QkFvQi9CO0FBUUssTUFBTSxtQkFBbUIsR0FBRyxLQUFLLEVBQUUsRUFDeEMsU0FBUyxFQUNULFNBQVMsRUFDVCxTQUFTLEVBQ1QsR0FBRyxNQUFNLEVBQ2dCLEVBQUUsRUFBRTtJQUM3QixNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQ2YsU0FBUyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFO1FBQzNCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBQSxrQkFBUyxFQUFDO1lBQzNCLElBQUksRUFBRSxDQUFDO1lBQ1AsYUFBYSxFQUFFLEtBQUs7WUFDcEIsU0FBUztTQUNWLENBQUMsQ0FBQztRQUVILE1BQU0sSUFBSSxHQUFHLElBQUksRUFBRSxLQUFLO1lBQ3RCLENBQUMsQ0FBQyxJQUFBLDZCQUFlLEVBQUM7Z0JBQ2QsVUFBVSxFQUFFLElBQUksQ0FBQyxLQUFLO2dCQUN0QixRQUFRLEVBQUUsRUFBRTthQUNiLENBQUM7WUFDSixDQUFDLENBQUMsU0FBUyxDQUFDO1FBRWQsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUNULElBQUEsc0JBQVksRUFBQztnQkFDWCxJQUFJLEVBQUUsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFO2dCQUNqQixTQUFTO2dCQUNULFFBQVEsRUFBRSxJQUFJO2dCQUNkLEdBQUcsTUFBTTthQUNWLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBL0JXLFFBQUEsbUJBQW1CLHVCQStCOUIifQ==

package/KubeX/CloudFlare/CertCreator.d.ts

@@ -0,0 +1,19 @@
+import * as cf from '@pulumi/cloudflare';
+import { KeyVaultInfo } from '../../types';
+export interface CloudFlareCertCreatorProps {
+    domainName: string;
+    vaultInfo?: KeyVaultInfo;
+    provider: cf.Provider;
+    lock?: boolean;
+}
+export declare const getCloudflareOriginCert: ({ domainName, vaultInfo, }: Pick<Required<CloudFlareCertCreatorProps>, 'domainName' | 'vaultInfo'>) => Promise<{
+    privateKey: string;
+    cert: string;
+    ca: string;
+}>;
+declare const _default: ({ domainName, provider, vaultInfo, lock, }: CloudFlareCertCreatorProps) => Promise<{
+    privateKey: import("@pulumi/pulumi").Output<string>;
+    cert: import("@pulumi/pulumi").Output<string>;
+    ca: string;
+}>;
+export default _default;

package/KubeX/CloudFlare/CertCreator.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCloudflareOriginCert = void 0;
+const tls = require("@pulumi/tls");
+const StackEnv_1 = require("../../Common/StackEnv");
+const cf = require("@pulumi/cloudflare");
+const CustomHelper_1 = require("../../KeyVault/CustomHelper");
+const Helper_1 = require("../../KeyVault/Helper");
+const getVaultNames = (domainName) => ({
+    privateKeyName: `cloudflare-${domainName}-privateKey`,
+    certName: `cloudflare-${domainName}-cert`,
+    caName: `cloudflare-${domainName}-ca`,
+});
+const getCloudflareOriginCert = async ({ domainName, vaultInfo, }) => {
+    const vaultNames = getVaultNames(domainName);
+    const cert = await (0, Helper_1.getSecret)({
+        name: vaultNames.certName,
+        vaultInfo,
+    });
+    const ca = await (0, Helper_1.getSecret)({
+        name: vaultNames.caName,
+        vaultInfo,
+    });
+    const pk = await (0, Helper_1.getSecret)({
+        name: vaultNames.privateKeyName,
+        vaultInfo,
+    });
+    return {
+        privateKey: pk.value,
+        cert: cert.value,
+        ca: ca.value,
+    };
+};
+exports.getCloudflareOriginCert = getCloudflareOriginCert;
+exports.default = async ({ domainName, provider, vaultInfo, lock = true, }) => {
+    const vaultNames = getVaultNames(domainName);
+    const algorithm = 'RSA';
+    //create new private key
+    const privateKey = new tls.PrivateKey(`${domainName}_private_key`, {
+        algorithm,
+    });
+    //create new CSR
+    const csr = new tls.CertRequest(`${domainName}_csr`, {
+        privateKeyPem: privateKey.privateKeyPem,
+        subject: {
+            commonName: domainName,
+            organization: StackEnv_1.organization,
+        },
+        dnsNames: [domainName],
+    });
+    //Create a new Cert
+    const cert = new cf.OriginCaCertificate(`${domainName}_original_cert`, {
+        csr: csr.certRequestPem,
+        hostnames: [domainName, `*.${domainName}`, `www.${domainName}`],
+        requestType: 'origin-rsa',
+        requestedValidity: 5475,
+    }, { provider, protect: lock });
+    //Get CA cert
+    const ca = await cf.getOriginCaRootCertificate({
+        algorithm,
+    }, { provider });
+    //Store to vault
+    if (vaultInfo) {
+        (0, CustomHelper_1.addCustomSecret)({
+            name: vaultNames.privateKeyName,
+            value: privateKey.privateKeyPem,
+            contentType: `cloudflare ${domainName} privateKey`,
+            vaultInfo,
+        });
+        (0, CustomHelper_1.addCustomSecret)({
+            name: vaultNames.certName,
+            value: cert.certificate,
+            contentType: `cloudflare ${domainName} certificate`,
+            vaultInfo,
+        });
+        (0, CustomHelper_1.addCustomSecret)({
+            name: vaultNames.caName,
+            value: ca.certPem,
+            contentType: `cloudflare ${domainName} CA`,
+            vaultInfo,
+        });
+    }
+    //return results
+    return {
+        privateKey: privateKey.privateKeyPem,
+        cert: cert.certificate,
+        ca: ca.certPem,
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2VydENyZWF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvS3ViZVgvQ2xvdWRGbGFyZS9DZXJ0Q3JlYXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtQ0FBbUM7QUFDbkMsb0RBQXFEO0FBQ3JELHlDQUF5QztBQUV6Qyw4REFBOEQ7QUFDOUQsa0RBQWtEO0FBU2xELE1BQU0sYUFBYSxHQUFHLENBQUMsVUFBa0IsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM3QyxjQUFjLEVBQUUsY0FBYyxVQUFVLGFBQWE7SUFDckQsUUFBUSxFQUFFLGNBQWMsVUFBVSxPQUFPO0lBQ3pDLE1BQU0sRUFBRSxjQUFjLFVBQVUsS0FBSztDQUN0QyxDQUFDLENBQUM7QUFFSSxNQUFNLHVCQUF1QixHQUFHLEtBQUssRUFBRSxFQUM1QyxVQUFVLEVBQ1YsU0FBUyxHQUM4RCxFQUFFLEVBQUU7SUFDM0UsTUFBTSxVQUFVLEdBQUcsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBRTdDLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBQSxrQkFBUyxFQUFDO1FBQzNCLElBQUksRUFBRSxVQUFVLENBQUMsUUFBUTtRQUN6QixTQUFTO0tBQ1YsQ0FBQyxDQUFDO0lBQ0gsTUFBTSxFQUFFLEdBQUcsTUFBTSxJQUFBLGtCQUFTLEVBQUM7UUFDekIsSUFBSSxFQUFFLFVBQVUsQ0FBQyxNQUFNO1FBQ3ZCLFNBQVM7S0FDVixDQUFDLENBQUM7SUFDSCxNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUEsa0JBQVMsRUFBQztRQUN6QixJQUFJLEVBQUUsVUFBVSxDQUFDLGNBQWM7UUFDL0IsU0FBUztLQUNWLENBQUMsQ0FBQztJQUVILE9BQU87UUFDTCxVQUFVLEVBQUUsRUFBRyxDQUFDLEtBQU07UUFDdEIsSUFBSSxFQUFFLElBQUssQ0FBQyxLQUFNO1FBQ2xCLEVBQUUsRUFBRSxFQUFHLENBQUMsS0FBTTtLQUNmLENBQUM7QUFDSixDQUFDLENBQUM7QUF4QlcsUUFBQSx1QkFBdUIsMkJBd0JsQztBQUVGLGtCQUFlLEtBQUssRUFBRSxFQUNwQixVQUFVLEVBQ1YsUUFBUSxFQUNSLFNBQVMsRUFDVCxJQUFJLEdBQUcsSUFBSSxHQUNnQixFQUFFLEVBQUU7SUFDL0IsTUFBTSxVQUFVLEdBQUcsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdDLE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQztJQUV4Qix3QkFBd0I7SUFDeEIsTUFBTSxVQUFVLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxDQUFDLEdBQUcsVUFBVSxjQUFjLEVBQUU7UUFDakUsU0FBUztLQUNWLENBQUMsQ0FBQztJQUVILGdCQUFnQjtJQUNoQixNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxXQUFXLENBQUMsR0FBRyxVQUFVLE1BQU0sRUFBRTtRQUNuRCxhQUFhLEVBQUUsVUFBVSxDQUFDLGFBQWE7UUFDdkMsT0FBTyxFQUFFO1lBQ1AsVUFBVSxFQUFFLFVBQVU7WUFDdEIsWUFBWSxFQUFaLHVCQUFZO1NBQ2I7UUFDRCxRQUFRLEVBQUUsQ0FBQyxVQUFVLENBQUM7S0FDdkIsQ0FBQyxDQUFDO0lBRUgsbUJBQW1CO0lBQ25CLE1BQU0sSUFBSSxHQUFHLElBQUksRUFBRSxDQUFDLG1CQUFtQixDQUNyQyxHQUFHLFVBQVUsZ0JBQWdCLEVBQzdCO1FBQ0UsR0FBRyxFQUFFLEdBQUcsQ0FBQyxjQUFjO1FBQ3ZCLFNBQVMsRUFBRSxDQUFDLFVBQVUsRUFBRSxLQUFLLFVBQVUsRUFBRSxFQUFFLE9BQU8sVUFBVSxFQUFFLENBQUM7UUFDL0QsV0FBVyxFQUFFLFlBQVk7UUFDekIsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QixFQUNELEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FDNUIsQ0FBQztJQUVGLGFBQWE7SUFDYixNQUFNLEVBQUUsR0FBRyxNQUFNLEVBQUUsQ0FBQywwQkFBMEIsQ0FDNUM7UUFDRSxTQUFTO0tBQ1YsRUFDRCxFQUFFLFFBQVEsRUFBRSxDQUNiLENBQUM7SUFFRixnQkFBZ0I7SUFDaEIsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLElBQUEsOEJBQWUsRUFBQztZQUNkLElBQUksRUFBRSxVQUFVLENBQUMsY0FBYztZQUMvQixLQUFLLEVBQUUsVUFBVSxDQUFDLGFBQWE7WUFDL0IsV0FBVyxFQUFFLGNBQWMsVUFBVSxhQUFhO1lBQ2xELFNBQVM7U0FDVixDQUFDLENBQUM7UUFDSCxJQUFBLDhCQUFlLEVBQUM7WUFDZCxJQUFJLEVBQUUsVUFBVSxDQUFDLFFBQVE7WUFDekIsS0FBSyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQ3ZCLFdBQVcsRUFBRSxjQUFjLFVBQVUsY0FBYztZQUNuRCxTQUFTO1NBQ1YsQ0FBQyxDQUFDO1FBQ0gsSUFBQSw4QkFBZSxFQUFDO1lBQ2QsSUFBSSxFQUFFLFVBQVUsQ0FBQyxNQUFNO1lBQ3ZCLEtBQUssRUFBRSxFQUFFLENBQUMsT0FBTztZQUNqQixXQUFXLEVBQUUsY0FBYyxVQUFVLEtBQUs7WUFDMUMsU0FBUztTQUNWLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxnQkFBZ0I7SUFDaEIsT0FBTztRQUNMLFVBQVUsRUFBRSxVQUFVLENBQUMsYUFBYTtRQUNwQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFdBQVc7UUFDdEIsRUFBRSxFQUFFLEVBQUUsQ0FBQyxPQUFPO0tBQ2YsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/KubeX/CloudFlare/CertImports.d.ts

@@ -0,0 +1,17 @@
+import { K8sArgs } from '../types';
+import * as pulumi from '@pulumi/pulumi';
+import * as cf from '@pulumi/cloudflare';
+import { KeyVaultInfo } from '../../types';
+export interface CloudFlareCertImportProps extends K8sArgs {
+    namespaces: pulumi.Input<string>[];
+    cloudflare: Array<{
+        apiKey?: pulumi.Input<string>;
+        provider?: cf.Provider;
+        zones: string[];
+    }>;
+    /**Load existing cert from Key Vault*/
+    certExisted?: boolean;
+    vaultInfo?: KeyVaultInfo;
+}
+declare const _default: ({ namespaces, cloudflare, certExisted, vaultInfo, ...others }: CloudFlareCertImportProps) => Promise<Promise<pulumi.Output<pulumi.Output<import("@pulumi/kubernetes/core/v1/secret").Secret>[]>>[][]>;
+export default _default;

package/KubeX/CloudFlare/CertImports.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const pulumi = require("@pulumi/pulumi");
+const cf = require("@pulumi/cloudflare");
+const CertCreator_1 = require("./CertCreator");
+const KsCertSecret_1 = require("../Core/KsCertSecret");
+const CertHelper_1 = require("../CertHelper");
+exports.default = async ({ namespaces, cloudflare, certExisted, vaultInfo, ...others }) => await Promise.all(cloudflare.map((c, i) => {
+    if (!c.apiKey && !c.provider)
+        throw new Error('Either CloudFlare API Key or Provider must be provided.');
+    const cfProvider = c.provider ??
+        new cf.Provider(`cloudflare_${i}`, {
+            apiToken: c.apiKey,
+        });
+    return c.zones.map(async (z) => {
+        const cert = certExisted && vaultInfo
+            ? await (0, CertCreator_1.getCloudflareOriginCert)({ domainName: z, vaultInfo })
+            : await (0, CertCreator_1.default)({
+                domainName: z,
+                vaultInfo,
+                provider: cfProvider,
+            });
+        // const ns = c.namespaces ?? namespaces;
+        // if (!ns || !Array.isArray(ns))
+        //   throw new Error(`The namespaces of ${z} is invalid.`);
+        return pulumi.all([namespaces]).apply(([ns]) => ns.map((n) => (0, KsCertSecret_1.default)({
+            name: (0, CertHelper_1.getTlsName)(z, false),
+            namespace: n,
+            certInfo: cert,
+            ...others,
+        })));
+    });
+}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2VydEltcG9ydHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvS3ViZVgvQ2xvdWRGbGFyZS9DZXJ0SW1wb3J0cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLHlDQUF5QztBQUN6Qyx5Q0FBeUM7QUFDekMsK0NBQXFFO0FBQ3JFLHVEQUFnRDtBQUNoRCw4Q0FBMkM7QUFnQjNDLGtCQUFlLEtBQUssRUFBRSxFQUNwQixVQUFVLEVBQ1YsVUFBVSxFQUNWLFdBQVcsRUFDWCxTQUFTLEVBQ1QsR0FBRyxNQUFNLEVBQ2lCLEVBQUUsRUFBRSxDQUM5QixNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQ2YsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRTtJQUN0QixJQUFJLENBQUMsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLENBQUMsQ0FBQyxRQUFRO1FBQzFCLE1BQU0sSUFBSSxLQUFLLENBQ2IseURBQXlELENBQzFELENBQUM7SUFFSixNQUFNLFVBQVUsR0FDZCxDQUFDLENBQUMsUUFBUTtRQUNWLElBQUksRUFBRSxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUMsRUFBRSxFQUFFO1lBQ2pDLFFBQVEsRUFBRSxDQUFDLENBQUMsTUFBTTtTQUNuQixDQUFDLENBQUM7SUFFTCxPQUFPLENBQUMsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRTtRQUM3QixNQUFNLElBQUksR0FDUixXQUFXLElBQUksU0FBUztZQUN0QixDQUFDLENBQUMsTUFBTSxJQUFBLHFDQUF1QixFQUFDLEVBQUUsVUFBVSxFQUFFLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQztZQUM3RCxDQUFDLENBQUMsTUFBTSxJQUFBLHFCQUFXLEVBQUM7Z0JBQ2hCLFVBQVUsRUFBRSxDQUFDO2dCQUNiLFNBQVM7Z0JBQ1QsUUFBUSxFQUFFLFVBQVU7YUFDckIsQ0FBQyxDQUFDO1FBRVQseUNBQXlDO1FBQ3pDLGlDQUFpQztRQUNqQywyREFBMkQ7UUFFM0QsT0FBTyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FDN0MsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ1gsSUFBQSxzQkFBWSxFQUFDO1lBQ1gsSUFBSSxFQUFFLElBQUEsdUJBQVUsRUFBQyxDQUFDLEVBQUUsS0FBSyxDQUFDO1lBQzFCLFNBQVMsRUFBRSxDQUFDO1lBQ1osUUFBUSxFQUFFLElBQUk7WUFDZCxHQUFHLE1BQU07U0FDVixDQUFDLENBQ0gsQ0FDRixDQUFDO0lBQ0osQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMsQ0FDSCxDQUFDIn0=

package/KubeX/CloudFlare/DynamicDns.d.ts

@@ -0,0 +1,21 @@
+import * as k8s from '@pulumi/kubernetes';
+import { Input, Resource } from '@pulumi/pulumi';
+type CloudFlareProps = {
+    apiKey: Input<string>;
+    zones: Array<{
+        id: Input<string>;
+        proxied?: boolean;
+        aRecords: Array<{
+            name: string;
+            proxied?: boolean;
+        }>;
+    }>;
+};
+export interface DynamicDnsProps {
+    namespace: Input<string>;
+    cloudFlare: Array<CloudFlareProps>;
+    provider: k8s.Provider;
+    dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
+}
+declare const _default: ({ namespace, cloudFlare, ...others }: DynamicDnsProps) => void;
+export default _default;

package/KubeX/CloudFlare/DynamicDns.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Deployment_1 = require("../Deployment");
+exports.default = ({ namespace, cloudFlare = [], ...others }) => {
+    const name = 'cloudflare-ddns';
+    const image = 'baoduy2412/cloudflare-ddns:latest';
+    const configMap = {};
+    const secrets = {};
+    cloudFlare.forEach((c, ci) => {
+        secrets[`Cloudflare__${ci}__ApiKey`] = c.apiKey;
+        c.zones.forEach((z, zi) => {
+            configMap[`Cloudflare__${ci}__Zones__${zi}__Id`] = z.id;
+            if (z.proxied)
+                configMap[`Cloudflare__${ci}__Zones__${zi}__Proxied`] = z.proxied
+                    ? 'true'
+                    : 'false';
+            z.aRecords.forEach((r, rI) => {
+                configMap[`Cloudflare__${ci}__Zones__${zi}__ARecords__${rI}__Name`] =
+                    r.name;
+                if (r.proxied)
+                    configMap[`Cloudflare__${ci}__Zones__${zi}__ARecords__${rI}__Proxied`] = r.proxied ? 'true' : 'false';
+            });
+        });
+    });
+    (0, Deployment_1.default)({
+        name,
+        namespace,
+        configMap,
+        secrets,
+        podConfig: {
+            ports: { http: 8080 },
+            image,
+            resources: { requests: { memory: '1Mi', cpu: '1m' } },
+        },
+        deploymentConfig: { replicas: 1 },
+        ...others,
+    });
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRHluYW1pY0Rucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9LdWJlWC9DbG91ZEZsYXJlL0R5bmFtaWNEbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFFQSw4Q0FBdUM7QUFtQnZDLGtCQUFlLENBQUMsRUFDZCxTQUFTLEVBQ1QsVUFBVSxHQUFHLEVBQUUsRUFFZixHQUFHLE1BQU0sRUFDTyxFQUFFLEVBQUU7SUFDcEIsTUFBTSxJQUFJLEdBQUcsaUJBQWlCLENBQUM7SUFDL0IsTUFBTSxLQUFLLEdBQUcsbUNBQW1DLENBQUM7SUFFbEQsTUFBTSxTQUFTLEdBQWtDLEVBQUUsQ0FBQztJQUNwRCxNQUFNLE9BQU8sR0FBa0MsRUFBRSxDQUFDO0lBRWxELFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUU7UUFDM0IsT0FBTyxDQUFDLGVBQWUsRUFBRSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxDQUFDO1FBRWhELENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxFQUFFO1lBQ3hCLFNBQVMsQ0FBQyxlQUFlLEVBQUUsWUFBWSxFQUFFLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFFeEQsSUFBSSxDQUFDLENBQUMsT0FBTztnQkFDWCxTQUFTLENBQUMsZUFBZSxFQUFFLFlBQVksRUFBRSxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTztvQkFDL0QsQ0FBQyxDQUFDLE1BQU07b0JBQ1IsQ0FBQyxDQUFDLE9BQU8sQ0FBQztZQUVkLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxFQUFFO2dCQUMzQixTQUFTLENBQUMsZUFBZSxFQUFFLFlBQVksRUFBRSxlQUFlLEVBQUUsUUFBUSxDQUFDO29CQUNqRSxDQUFDLENBQUMsSUFBSSxDQUFDO2dCQUVULElBQUksQ0FBQyxDQUFDLE9BQU87b0JBQ1gsU0FBUyxDQUNQLGVBQWUsRUFBRSxZQUFZLEVBQUUsZUFBZSxFQUFFLFdBQVcsQ0FDNUQsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQztZQUNyQyxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7SUFFSCxJQUFBLG9CQUFVLEVBQUM7UUFDVCxJQUFJO1FBQ0osU0FBUztRQUVULFNBQVM7UUFDVCxPQUFPO1FBRVAsU0FBUyxFQUFFO1lBQ1QsS0FBSyxFQUFFLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRTtZQUNyQixLQUFLO1lBQ0wsU0FBUyxFQUFFLEVBQUUsUUFBUSxFQUFFLEVBQUUsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLEVBQUUsSUFBSSxFQUFFLEVBQUU7U0FDdEQ7UUFDRCxnQkFBZ0IsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLEVBQUU7UUFFakMsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDIn0=

package/KubeX/CloudFlare/Tunnel-Helm.d.ts

@@ -0,0 +1,17 @@
+import { DefaultK8sArgs } from '../types';
+import { Input } from '@pulumi/pulumi';
+import * as k8s from '@pulumi/kubernetes';
+export type TunnelHelmParameters = {
+    account: Input<string>;
+    tunnelName: Input<string>;
+    tunnelId: Input<string>;
+    secret: Input<string>;
+    enableWarp?: Input<boolean>;
+};
+export interface TunnelHelmProps extends Omit<DefaultK8sArgs, 'name'> {
+    name?: string;
+    replicas?: number;
+    parameters: TunnelHelmParameters;
+}
+declare const _default: ({ name, namespace, parameters, replicas, ...others }: TunnelHelmProps) => k8s.helm.v3.Chart;
+export default _default;

package/KubeX/CloudFlare/Tunnel-Helm.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const k8s = require("@pulumi/kubernetes");
+exports.default = ({ name = 'tunnel', namespace, parameters, replicas = 2, ...others }) => new k8s.helm.v3.Chart(name, {
+    namespace,
+    chart: 'cloudflare-tunnel',
+    fetchOpts: { repo: 'https://cloudflare.github.io/helm-charts' },
+    values: {
+        cloudflare: parameters,
+    },
+}, others);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVHVubmVsLUhlbG0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvS3ViZVgvQ2xvdWRGbGFyZS9UdW5uZWwtSGVsbS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUVBLDBDQUEwQztBQWdCMUMsa0JBQWUsQ0FBQyxFQUNkLElBQUksR0FBRyxRQUFRLEVBQ2YsU0FBUyxFQUVULFVBQVUsRUFDVixRQUFRLEdBQUcsQ0FBQyxFQUNaLEdBQUcsTUFBTSxFQUNPLEVBQUUsRUFBRSxDQUNwQixJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FDbkIsSUFBSSxFQUNKO0lBQ0UsU0FBUztJQUNULEtBQUssRUFBRSxtQkFBbUI7SUFDMUIsU0FBUyxFQUFFLEVBQUUsSUFBSSxFQUFFLDBDQUEwQyxFQUFFO0lBRS9ELE1BQU0sRUFBRTtRQUNOLFVBQVUsRUFBRSxVQUFVO0tBQ3ZCO0NBQ0YsRUFDRCxNQUFNLENBQ1AsQ0FBQyJ9

package/KubeX/CloudFlare/Tunnel.d.ts

@@ -0,0 +1,23 @@
+import { DefaultK8sArgs } from '../types';
+import { Input } from '@pulumi/pulumi';
+export type TunnelParameters = {
+    token: Input<string>;
+    enableLiveness?: boolean;
+    enableMetrics?: boolean;
+    tcp?: Array<{
+        host: string;
+        service: string;
+        port: number;
+    }>;
+};
+export interface TunnelProps extends Omit<DefaultK8sArgs, 'name'> {
+    name?: string;
+    replicas?: number;
+    parameters: TunnelParameters;
+}
+declare const _default: ({ name, namespace, parameters, replicas, ...others }: TunnelProps) => {
+    deployment: import("../kx").Deployment | undefined;
+    service: import("../kx").Service | undefined;
+    jobs: (import("@pulumi/kubernetes/batch/v1/cronJob").CronJob | import("../kx").Job)[] | undefined;
+};
+export default _default;

package/KubeX/CloudFlare/Tunnel.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Deployment_1 = require("../Deployment");
+exports.default = ({ name = 'tunnel', namespace, parameters, replicas = 2, ...others }) => {
+    const tcpArgs = parameters.tcp
+        ? parameters.tcp.flatMap((t) => [
+            '--hostname',
+            t.host,
+            '--url',
+            `tcp://${t.service}:${t.port}`,
+        ])
+        : [];
+    const args = [
+        'tunnel',
+        ...tcpArgs,
+        '--no-autoupdate',
+        'run',
+        '--token',
+        '$(token)',
+        // '--config',
+        // '/etc/cloudflared/config/config.yaml',
+    ];
+    if (parameters.enableMetrics) {
+        args.push('--metrics', '0.0.0.0:8081');
+    }
+    const tunnel = (0, Deployment_1.default)({
+        name,
+        namespace,
+        secrets: { token: parameters.token },
+        podConfig: {
+            ports: { http: 3000 },
+            image: 'cloudflare/cloudflared:latest',
+            podSecurityContext: { readOnlyRootFilesystem: true },
+            probes: {
+                liveness: parameters.enableLiveness
+                    ? {
+                        httpGet: '/ready',
+                        port: 8081,
+                        initialDelaySeconds: 10,
+                        periodSeconds: 10,
+                        failureThreshold: 3,
+                    }
+                    : undefined,
+            },
+        },
+        deploymentConfig: {
+            replicas,
+            args,
+        },
+        ...others,
+    });
+    return tunnel;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVHVubmVsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL0t1YmVYL0Nsb3VkRmxhcmUvVHVubmVsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQ0EsOENBQXVDO0FBaUJ2QyxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxHQUFHLFFBQVEsRUFDZixTQUFTLEVBQ1QsVUFBVSxFQUNWLFFBQVEsR0FBRyxDQUFDLEVBRVosR0FBRyxNQUFNLEVBQ0csRUFBRSxFQUFFO0lBQ2hCLE1BQU0sT0FBTyxHQUFHLFVBQVUsQ0FBQyxHQUFHO1FBQzVCLENBQUMsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDNUIsWUFBWTtZQUNaLENBQUMsQ0FBQyxJQUFJO1lBQ04sT0FBTztZQUNQLFNBQVMsQ0FBQyxDQUFDLE9BQU8sSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFO1NBQy9CLENBQUM7UUFDSixDQUFDLENBQUMsRUFBRSxDQUFDO0lBRVAsTUFBTSxJQUFJLEdBQUc7UUFDWCxRQUFRO1FBQ1IsR0FBRyxPQUFPO1FBQ1YsaUJBQWlCO1FBQ2pCLEtBQUs7UUFDTCxTQUFTO1FBQ1QsVUFBVTtRQUNWLGNBQWM7UUFDZCx5Q0FBeUM7S0FDMUMsQ0FBQztJQUVGLElBQUksVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRCxNQUFNLE1BQU0sR0FBRyxJQUFBLG9CQUFVLEVBQUM7UUFDeEIsSUFBSTtRQUNKLFNBQVM7UUFFVCxPQUFPLEVBQUUsRUFBRSxLQUFLLEVBQUUsVUFBVSxDQUFDLEtBQUssRUFBRTtRQUVwQyxTQUFTLEVBQUU7WUFDVCxLQUFLLEVBQUUsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFO1lBQ3JCLEtBQUssRUFBRSwrQkFBK0I7WUFDdEMsa0JBQWtCLEVBQUUsRUFBRSxzQkFBc0IsRUFBRSxJQUFJLEVBQUU7WUFDcEQsTUFBTSxFQUFFO2dCQUNOLFFBQVEsRUFBRSxVQUFVLENBQUMsY0FBYztvQkFDakMsQ0FBQyxDQUFDO3dCQUNFLE9BQU8sRUFBRSxRQUFRO3dCQUNqQixJQUFJLEVBQUUsSUFBSTt3QkFDVixtQkFBbUIsRUFBRSxFQUFFO3dCQUN2QixhQUFhLEVBQUUsRUFBRTt3QkFDakIsZ0JBQWdCLEVBQUUsQ0FBQztxQkFDcEI7b0JBQ0gsQ0FBQyxDQUFDLFNBQVM7YUFDZDtTQUNGO1FBRUQsZ0JBQWdCLEVBQUU7WUFDaEIsUUFBUTtZQUNSLElBQUk7U0FDTDtRQUVELEdBQUcsTUFBTTtLQUNWLENBQUMsQ0FBQztJQUVILE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUMsQ0FBQyJ9

package/KubeX/CloudFlare/index.d.ts

@@ -0,0 +1,13 @@
+import { K8sArgs } from '../types';
+import { DynamicDnsProps } from './DynamicDns';
+import { TunnelProps } from './Tunnel';
+import { TunnelHelmProps } from './Tunnel-Helm';
+import { CloudFlareCertImportProps } from './CertImports';
+interface Props extends K8sArgs {
+    namespace?: string;
+    certImports?: Omit<CloudFlareCertImportProps, 'namespace' | 'provider' | 'dependsOn'>;
+    dynamicDns?: Omit<DynamicDnsProps, 'namespace' | 'provider' | 'dependsOn'>;
+    tunnel?: Omit<TunnelProps | TunnelHelmProps, 'namespace' | 'provider' | 'dependsOn'>;
+}
+declare const _default: ({ namespace, dynamicDns, tunnel, certImports, ...others }: Props) => void;
+export default _default;