@drunk-pulumi/azure 0.0.19

package/KubeX/Tools/Gitea/GiteaRepo.js

@@ -0,0 +1,184 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const k8s = require("@pulumi/kubernetes");
+const pulumi_1 = require("@pulumi/pulumi");
+const Random_1 = require("../../../Core/Random");
+const Identity_1 = require("../../../AzAd/Identity");
+const Role_1 = require("../../../AzAd/Role");
+const AzureEnv_1 = require("../../../Common/AzureEnv");
+const getCaptchaPrefixKey = (captcha) => captcha.type === 'cfturnstile' ? 'CF_TURNSTILE' : captcha.type.toUpperCase();
+const createAzureADIdentity = ({ name, host, vaultInfo, groupMap, }) => {
+    //Create 2 Groups for Admin and Users
+    const adminGroup = (0, Role_1.default)({
+        env: AzureEnv_1.Environments.Dev,
+        appName: name,
+        roleName: 'Admins',
+        includeOrganization: true,
+    });
+    const devGroup = (0, Role_1.default)({
+        env: AzureEnv_1.Environments.Dev,
+        appName: name,
+        roleName: 'Developers',
+        includeOrganization: true,
+        members: groupMap
+            ? [adminGroup.objectId, ...groupMap.map((g) => g.azureGroupId)]
+            : [adminGroup.objectId],
+    });
+    const identity = (0, Identity_1.default)({
+        name,
+        appRoleAssignmentRequired: false,
+        createPrincipal: false,
+        createClientSecret: true,
+        appType: 'web',
+        replyUrls: [`https://${host}/user/oauth2/AzureAD/callback`],
+        vaultInfo,
+        optionalClaims: {
+            idTokens: [{ name: 'groups', essential: false }],
+            accessTokens: [{ name: 'groups', essential: false }],
+        },
+    });
+    const groupTeamMap = groupMap
+        ? (0, pulumi_1.output)(groupMap).apply((gs) => {
+            const rs = {};
+            gs.forEach((g) => {
+                rs[g.azureGroupId] = { [g.giteaOrganization]: [g.giteaTeam] };
+            });
+            return JSON.stringify(rs);
+        })
+        : undefined;
+    return { adminGroup, devGroup, groupTeamMap, identity };
+};
+// https://github.com/go-gitea/gitea
+// https://gitea.com/gitea/helm-chart
+exports.default = ({ name = 'gitea', namespace, host, auth = { disableRegistration: true }, captcha, storageClass, postgres, enabledActions, vaultInfo, provider, dependsOn, }) => {
+    const randomPassOptions = {
+        length: 16,
+        options: { special: false },
+        policy: false,
+        vaultInfo,
+    };
+    const captchaConfig = captcha
+        ? {
+            CAPTCHA_TYPE: captcha.type,
+            [`${getCaptchaPrefixKey(captcha)}_SITEKEY`]: captcha.siteKey,
+            [`${getCaptchaPrefixKey(captcha)}_SECRET`]: captcha.secret,
+            [`${getCaptchaPrefixKey(captcha)}_URL`]: captcha.url ?? '',
+        }
+        : {};
+    const identityInfo = auth?.enableAzureAD
+        ? createAzureADIdentity({
+            name,
+            host,
+            vaultInfo,
+            groupMap: auth.enableAzureAD.groupMap,
+        })
+        : undefined;
+    const gitea = new k8s.helm.v3.Chart(name, {
+        namespace,
+        chart: 'gitea',
+        fetchOpts: { repo: 'https://dl.gitea.com/charts' },
+        values: {
+            gitea: {
+                admin: auth?.localAdmin
+                    ? {
+                        username: auth.localAdmin.username,
+                        email: auth.localAdmin.email,
+                        password: (0, Random_1.randomPassword)({
+                            name: `${name}-admin`,
+                            ...randomPassOptions,
+                        }).result,
+                    }
+                    : undefined,
+                oauth: identityInfo
+                    ? [
+                        {
+                            name: 'AzureAD',
+                            iconUrl: 'https://code.benco.io/icon-collection/azure-icons/Azure-AD-B2C.svg',
+                            provider: 'openidConnect',
+                            key: identityInfo.identity.clientId,
+                            secret: identityInfo.identity.clientSecret,
+                            autoDiscoverUrl: (0, pulumi_1.interpolate) `https://login.microsoftonline.com/${AzureEnv_1.tenantId}/v2.0/.well-known/openid-configuration`,
+                            requiredClaimName: 'groups',
+                            requiredClaimValue: identityInfo.devGroup.objectId,
+                            scopes: 'openid email',
+                            groupClaimName: 'groups',
+                            adminGroup: identityInfo.adminGroup.objectId,
+                            groupTeamMap: identityInfo.groupTeamMap,
+                        },
+                    ]
+                    : auth?.oauth
+                        ? [{ provider: 'openidConnect', ...auth.oauth }]
+                        : undefined,
+                ldap: auth?.ldap,
+                config: {
+                    actions: { ENABLED: `${Boolean(enabledActions)}` },
+                    admin: {
+                        DISABLE_REGULAR_ORG_CREATION: 'true', //Only Admin able to create new Organization
+                    },
+                    oauth2_client: {
+                        ENABLE_AUTO_REGISTRATION: 'true',
+                        ACCOUNT_LINKING: 'auto',
+                        UPDATE_AVATAR: 'true',
+                        OPENID_CONNECT_SCOPES: 'openid email',
+                        USERNAME: 'email',
+                    },
+                    openid: {
+                        ENABLE_OPENID_SIGNIN: 'false',
+                        ENABLE_OPENID_SIGNUP: 'true',
+                        WHITELISTED_URIS: 'login.microsoftonline.com google.com',
+                    },
+                    database: {
+                        DB_TYPE: 'postgres',
+                        HOST: (0, pulumi_1.interpolate) `${postgres.host}:${postgres.port}`,
+                        NAME: postgres.database,
+                        USER: postgres.username,
+                        PASSWD: postgres.password,
+                        SCHEMA: 'public',
+                    },
+                    service: {
+                        ENABLE_CAPTCHA: `${Boolean(captchaConfig)}`,
+                        REQUIRE_CAPTCHA_FOR_LOGIN: `${Boolean(captchaConfig)}`,
+                        ...captchaConfig,
+                        DISABLE_REGISTRATION: auth?.disableRegistration
+                            ? 'true'
+                            : 'false',
+                        ENABLE_BASIC_AUTHENTICATION: 'false', // `${Boolean(auth?.localAdmin)}`,
+                        ALLOW_ONLY_EXTERNAL_REGISTRATION: 'true',
+                        DEFAULT_ALLOW_CREATE_ORGANIZATION: 'true', //only Admin able to create Organization
+                        SHOW_REGISTRATION_BUTTON: 'false',
+                    },
+                    server: {
+                        DISABLE_SSH: 'true',
+                        START_SSH_SERVER: 'false',
+                        //APP_DATA_PATH = /data
+                        DOMAIN: host,
+                        HTTP_PORT: '3000',
+                        PROTOCOL: 'http',
+                        ROOT_URL: `https://${host}`,
+                        SSH_DOMAIN: host,
+                        SSH_LISTEN_PORT: '22',
+                        SSH_PORT: '22',
+                        ENABLE_PPROF: 'false',
+                        DISABLE_REGISTRATION: auth?.disableRegistration
+                            ? 'true'
+                            : 'false',
+                    },
+                    session: {
+                        SAME_SITE: 'lax',
+                        COOKIE_SECURE: 'true',
+                        COOKIE_NAME: 'gitea_session',
+                        DOMAIN: host,
+                    },
+                    repository: { DEFAULT_PRIVATE: 'true', FORCE_PRIVATE: 'true' },
+                },
+            },
+            'redis-cluster': { enabled: false },
+            postgresql: { enabled: false },
+            'postgresql-ha': { enabled: false },
+            persistence: { enabled: true, storageClass },
+            strategy: { type: 'Recreate' },
+        },
+    }, { provider, dependsOn });
+    return gitea;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiR2l0ZWFSZXBvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL0t1YmVYL1Rvb2xzL0dpdGVhL0dpdGVhUmVwby50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLDBDQUEwQztBQUMxQywyQ0FBNEQ7QUFDNUQsaURBQXNEO0FBRXRELHFEQUFxRDtBQUNyRCw2Q0FBNkM7QUFDN0MsdURBQWtFO0FBaUJsRSxNQUFNLG1CQUFtQixHQUFHLENBQUMsT0FBb0IsRUFBRSxFQUFFLENBQ25ELE9BQU8sQ0FBQyxJQUFJLEtBQUssYUFBYSxDQUFDLENBQUMsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7QUFFL0UsTUFBTSxxQkFBcUIsR0FBRyxDQUFDLEVBQzdCLElBQUksRUFDSixJQUFJLEVBQ0osU0FBUyxFQUNULFFBQVEsR0FNVCxFQUFFLEVBQUU7SUFDSCxxQ0FBcUM7SUFDckMsTUFBTSxVQUFVLEdBQUcsSUFBQSxjQUFXLEVBQUM7UUFDN0IsR0FBRyxFQUFFLHVCQUFZLENBQUMsR0FBRztRQUNyQixPQUFPLEVBQUUsSUFBSTtRQUNiLFFBQVEsRUFBRSxRQUFRO1FBQ2xCLG1CQUFtQixFQUFFLElBQUk7S0FDMUIsQ0FBQyxDQUFDO0lBRUgsTUFBTSxRQUFRLEdBQUcsSUFBQSxjQUFXLEVBQUM7UUFDM0IsR0FBRyxFQUFFLHVCQUFZLENBQUMsR0FBRztRQUNyQixPQUFPLEVBQUUsSUFBSTtRQUNiLFFBQVEsRUFBRSxZQUFZO1FBQ3RCLG1CQUFtQixFQUFFLElBQUk7UUFDekIsT0FBTyxFQUFFLFFBQVE7WUFDZixDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsUUFBUSxFQUFFLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQy9ELENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUM7S0FDMUIsQ0FBQyxDQUFDO0lBRUgsTUFBTSxRQUFRLEdBQUcsSUFBQSxrQkFBZSxFQUFDO1FBQy9CLElBQUk7UUFDSix5QkFBeUIsRUFBRSxLQUFLO1FBQ2hDLGVBQWUsRUFBRSxLQUFLO1FBQ3RCLGtCQUFrQixFQUFFLElBQUk7UUFDeEIsT0FBTyxFQUFFLEtBQUs7UUFDZCxTQUFTLEVBQUUsQ0FBQyxXQUFXLElBQUksK0JBQStCLENBQUM7UUFDM0QsU0FBUztRQUVULGNBQWMsRUFBRTtZQUNkLFFBQVEsRUFBRSxDQUFDLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLENBQUM7WUFDaEQsWUFBWSxFQUFFLENBQUMsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsQ0FBQztTQUNyRDtLQUNGLENBQUMsQ0FBQztJQUVILE1BQU0sWUFBWSxHQUFHLFFBQVE7UUFDM0IsQ0FBQyxDQUFDLElBQUEsZUFBTSxFQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFO1lBQzVCLE1BQU0sRUFBRSxHQUFRLEVBQUUsQ0FBQztZQUNuQixFQUFFLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUU7Z0JBQ2YsRUFBRSxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUNoRSxDQUFDLENBQUMsQ0FBQztZQUVILE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUM1QixDQUFDLENBQUM7UUFDSixDQUFDLENBQUMsU0FBUyxDQUFDO0lBRWQsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsWUFBWSxFQUFFLFFBQVEsRUFBRSxDQUFDO0FBQzFELENBQUMsQ0FBQztBQTBERixvQ0FBb0M7QUFDcEMscUNBQXFDO0FBQ3JDLGtCQUFlLENBQUMsRUFDZCxJQUFJLEdBQUcsT0FBTyxFQUNkLFNBQVMsRUFDVCxJQUFJLEVBQ0osSUFBSSxHQUFHLEVBQUUsbUJBQW1CLEVBQUUsSUFBSSxFQUFFLEVBQ3BDLE9BQU8sRUFDUCxZQUFZLEVBQ1osUUFBUSxFQUNSLGNBQWMsRUFDZCxTQUFTLEVBQ1QsUUFBUSxFQUNSLFNBQVMsR0FDTyxFQUFFLEVBQUU7SUFDcEIsTUFBTSxpQkFBaUIsR0FBRztRQUN4QixNQUFNLEVBQUUsRUFBRTtRQUNWLE9BQU8sRUFBRSxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUU7UUFDM0IsTUFBTSxFQUFFLEtBQUs7UUFDYixTQUFTO0tBQ1YsQ0FBQztJQUVGLE1BQU0sYUFBYSxHQUFHLE9BQU87UUFDM0IsQ0FBQyxDQUFDO1lBQ0UsWUFBWSxFQUFFLE9BQU8sQ0FBQyxJQUFJO1lBQzFCLENBQUMsR0FBRyxtQkFBbUIsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLEVBQUUsT0FBTyxDQUFDLE9BQU87WUFDNUQsQ0FBQyxHQUFHLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxPQUFPLENBQUMsTUFBTTtZQUMxRCxDQUFDLEdBQUcsbUJBQW1CLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxFQUFFLE9BQU8sQ0FBQyxHQUFHLElBQUksRUFBRTtTQUMzRDtRQUNILENBQUMsQ0FBQyxFQUFFLENBQUM7SUFFUCxNQUFNLFlBQVksR0FBRyxJQUFJLEVBQUUsYUFBYTtRQUN0QyxDQUFDLENBQUMscUJBQXFCLENBQUM7WUFDcEIsSUFBSTtZQUNKLElBQUk7WUFDSixTQUFTO1lBQ1QsUUFBUSxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsUUFBUTtTQUN0QyxDQUFDO1FBQ0osQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUVkLE1BQU0sS0FBSyxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUNqQyxJQUFJLEVBQ0o7UUFDRSxTQUFTO1FBQ1QsS0FBSyxFQUFFLE9BQU87UUFDZCxTQUFTLEVBQUUsRUFBRSxJQUFJLEVBQUUsNkJBQTZCLEVBQUU7UUFFbEQsTUFBTSxFQUFFO1lBQ04sS0FBSyxFQUFFO2dCQUNMLEtBQUssRUFBRSxJQUFJLEVBQUUsVUFBVTtvQkFDckIsQ0FBQyxDQUFDO3dCQUNFLFFBQVEsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVE7d0JBQ2xDLEtBQUssRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUs7d0JBQzVCLFFBQVEsRUFBRSxJQUFBLHVCQUFjLEVBQUM7NEJBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksUUFBUTs0QkFDckIsR0FBRyxpQkFBaUI7eUJBQ3JCLENBQUMsQ0FBQyxNQUFNO3FCQUNWO29CQUNILENBQUMsQ0FBQyxTQUFTO2dCQUViLEtBQUssRUFBRSxZQUFZO29CQUNqQixDQUFDLENBQUM7d0JBQ0U7NEJBQ0UsSUFBSSxFQUFFLFNBQVM7NEJBQ2YsT0FBTyxFQUNMLG9FQUFvRTs0QkFDdEUsUUFBUSxFQUFFLGVBQWU7NEJBQ3pCLEdBQUcsRUFBRSxZQUFZLENBQUMsUUFBUSxDQUFDLFFBQVE7NEJBQ25DLE1BQU0sRUFBRSxZQUFZLENBQUMsUUFBUSxDQUFDLFlBQVk7NEJBQzFDLGVBQWUsRUFBRSxJQUFBLG9CQUFXLEVBQUEscUNBQXFDLG1CQUFRLHdDQUF3Qzs0QkFDakgsaUJBQWlCLEVBQUUsUUFBUTs0QkFDM0Isa0JBQWtCLEVBQUUsWUFBWSxDQUFDLFFBQVEsQ0FBQyxRQUFROzRCQUNsRCxNQUFNLEVBQUUsY0FBYzs0QkFDdEIsY0FBYyxFQUFFLFFBQVE7NEJBQ3hCLFVBQVUsRUFBRSxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVE7NEJBQzVDLFlBQVksRUFBRSxZQUFZLENBQUMsWUFBWTt5QkFDeEM7cUJBQ0Y7b0JBQ0gsQ0FBQyxDQUFDLElBQUksRUFBRSxLQUFLO3dCQUNiLENBQUMsQ0FBQyxDQUFDLEVBQUUsUUFBUSxFQUFFLGVBQWUsRUFBRSxHQUFHLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQzt3QkFDaEQsQ0FBQyxDQUFDLFNBQVM7Z0JBRWIsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJO2dCQUVoQixNQUFNLEVBQUU7b0JBQ04sT0FBTyxFQUFFLEVBQUUsT0FBTyxFQUFFLEdBQUcsT0FBTyxDQUFDLGNBQWMsQ0FBQyxFQUFFLEVBQUU7b0JBRWxELEtBQUssRUFBRTt3QkFDTCw0QkFBNEIsRUFBRSxNQUFNLEVBQUUsNENBQTRDO3FCQUNuRjtvQkFDRCxhQUFhLEVBQUU7d0JBQ2Isd0JBQXdCLEVBQUUsTUFBTTt3QkFDaEMsZUFBZSxFQUFFLE1BQU07d0JBQ3ZCLGFBQWEsRUFBRSxNQUFNO3dCQUNyQixxQkFBcUIsRUFBRSxjQUFjO3dCQUNyQyxRQUFRLEVBQUUsT0FBTztxQkFDbEI7b0JBQ0QsTUFBTSxFQUFFO3dCQUNOLG9CQUFvQixFQUFFLE9BQU87d0JBQzdCLG9CQUFvQixFQUFFLE1BQU07d0JBQzVCLGdCQUFnQixFQUFFLHNDQUFzQztxQkFDekQ7b0JBQ0QsUUFBUSxFQUFFO3dCQUNSLE9BQU8sRUFBRSxVQUFVO3dCQUNuQixJQUFJLEVBQUUsSUFBQSxvQkFBVyxFQUFBLEdBQUcsUUFBUSxDQUFDLElBQUksSUFBSSxRQUFRLENBQUMsSUFBSSxFQUFFO3dCQUNwRCxJQUFJLEVBQUUsUUFBUSxDQUFDLFFBQVE7d0JBQ3ZCLElBQUksRUFBRSxRQUFRLENBQUMsUUFBUTt3QkFDdkIsTUFBTSxFQUFFLFFBQVEsQ0FBQyxRQUFRO3dCQUN6QixNQUFNLEVBQUUsUUFBUTtxQkFDakI7b0JBQ0QsT0FBTyxFQUFFO3dCQUNQLGNBQWMsRUFBRSxHQUFHLE9BQU8sQ0FBQyxhQUFhLENBQUMsRUFBRTt3QkFDM0MseUJBQXlCLEVBQUUsR0FBRyxPQUFPLENBQUMsYUFBYSxDQUFDLEVBQUU7d0JBQ3RELEdBQUcsYUFBYTt3QkFFaEIsb0JBQW9CLEVBQUUsSUFBSSxFQUFFLG1CQUFtQjs0QkFDN0MsQ0FBQyxDQUFDLE1BQU07NEJBQ1IsQ0FBQyxDQUFDLE9BQU87d0JBQ1gsMkJBQTJCLEVBQUUsT0FBTyxFQUFFLGtDQUFrQzt3QkFDeEUsZ0NBQWdDLEVBQUUsTUFBTTt3QkFDeEMsaUNBQWlDLEVBQUUsTUFBTSxFQUFFLHdDQUF3Qzt3QkFDbkYsd0JBQXdCLEVBQUUsT0FBTztxQkFDbEM7b0JBQ0QsTUFBTSxFQUFFO3dCQUNOLFdBQVcsRUFBRSxNQUFNO3dCQUNuQixnQkFBZ0IsRUFBRSxPQUFPO3dCQUN6Qix1QkFBdUI7d0JBQ3ZCLE1BQU0sRUFBRSxJQUFJO3dCQUNaLFNBQVMsRUFBRSxNQUFNO3dCQUNqQixRQUFRLEVBQUUsTUFBTTt3QkFDaEIsUUFBUSxFQUFFLFdBQVcsSUFBSSxFQUFFO3dCQUMzQixVQUFVLEVBQUUsSUFBSTt3QkFDaEIsZUFBZSxFQUFFLElBQUk7d0JBQ3JCLFFBQVEsRUFBRSxJQUFJO3dCQUNkLFlBQVksRUFBRSxPQUFPO3dCQUVyQixvQkFBb0IsRUFBRSxJQUFJLEVBQUUsbUJBQW1COzRCQUM3QyxDQUFDLENBQUMsTUFBTTs0QkFDUixDQUFDLENBQUMsT0FBTztxQkFDWjtvQkFDRCxPQUFPLEVBQUU7d0JBQ1AsU0FBUyxFQUFFLEtBQUs7d0JBQ2hCLGFBQWEsRUFBRSxNQUFNO3dCQUNyQixXQUFXLEVBQUUsZUFBZTt3QkFDNUIsTUFBTSxFQUFFLElBQUk7cUJBQ2I7b0JBQ0QsVUFBVSxFQUFFLEVBQUUsZUFBZSxFQUFFLE1BQU0sRUFBRSxhQUFhLEVBQUUsTUFBTSxFQUFFO2lCQUMvRDthQUNGO1lBRUQsZUFBZSxFQUFFLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRTtZQUNuQyxVQUFVLEVBQUUsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFO1lBQzlCLGVBQWUsRUFBRSxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUU7WUFFbkMsV0FBVyxFQUFFLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxZQUFZLEVBQUU7WUFFNUMsUUFBUSxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRTtTQUMvQjtLQUNGLEVBQ0QsRUFBRSxRQUFRLEVBQUUsU0FBUyxFQUFFLENBQ3hCLENBQUM7SUFFRixPQUFPLEtBQUssQ0FBQztBQUNmLENBQUMsQ0FBQyJ9

package/KubeX/Tools/Gitea/GiteaRunner.d.ts

@@ -0,0 +1,11 @@
+import { DefaultK8sArgs } from '../../types';
+import { Input } from '@pulumi/pulumi';
+import * as k8s from '@pulumi/kubernetes';
+interface GiteaRunnerProps extends DefaultK8sArgs {
+    storageClassName: Input<string>;
+    giteaUrl?: Input<string>;
+    giteaToken: Input<string>;
+    labels?: Input<string>;
+}
+declare const _default: ({ name, namespace, storageClassName, labels, giteaUrl, giteaToken, resources, ...others }: GiteaRunnerProps) => k8s.helm.v3.Chart;
+export default _default;

package/KubeX/Tools/Gitea/GiteaRunner.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const k8s = require("@pulumi/kubernetes");
+//https://github.com/kha7iq/charts/tree/main/charts/act-runner
+exports.default = ({ name = 'gitea-runner', namespace, storageClassName, labels, giteaUrl, giteaToken, 
+//enabledDind = true,
+resources, ...others }) => {
+    const env = [
+        { name: 'DOCKER_HOST', value: 'tcp://localhost:2376' },
+        { name: 'DOCKER_CERT_PATH', value: '/certs/client' },
+        { name: 'DOCKER_TLS_VERIFY', value: '1' },
+        { name: 'GITEA_RUNNER_NAME', value: name },
+        { name: 'VALID_VOLUMES', value: '**' },
+        { name: 'NETWORK', value: 'bridge' },
+    ];
+    if (labels) {
+        env.push({
+            name: 'GITEA_RUNNER_LABELS',
+            value: `${labels},ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster`,
+        });
+    }
+    return new k8s.helm.v3.Chart(name, {
+        namespace,
+        chart: 'act-runner',
+        fetchOpts: { repo: 'https://charts.lmno.pk' },
+        values: {
+            env,
+            runner: {
+                instanceURL: giteaUrl,
+                runnerToken: { value: giteaToken },
+                dockerDind: { enabled: true },
+            },
+            persistence: { storageClassName },
+        },
+    }, others);
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiR2l0ZWFSdW5uZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvS3ViZVgvVG9vbHMvR2l0ZWEvR2l0ZWFSdW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFFQSwwQ0FBMEM7QUFXMUMsOERBQThEO0FBQzlELGtCQUFlLENBQUMsRUFDZCxJQUFJLEdBQUcsY0FBYyxFQUNyQixTQUFTLEVBQ1QsZ0JBQWdCLEVBQ2hCLE1BQU0sRUFDTixRQUFRLEVBQ1IsVUFBVTtBQUNWLHFCQUFxQjtBQUNyQixTQUFTLEVBQ1QsR0FBRyxNQUFNLEVBQ1EsRUFBRSxFQUFFO0lBQ3JCLE1BQU0sR0FBRyxHQUFHO1FBQ1YsRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLEtBQUssRUFBRSxzQkFBc0IsRUFBRTtRQUN0RCxFQUFFLElBQUksRUFBRSxrQkFBa0IsRUFBRSxLQUFLLEVBQUUsZUFBZSxFQUFFO1FBQ3BELEVBQUUsSUFBSSxFQUFFLG1CQUFtQixFQUFFLEtBQUssRUFBRSxHQUFHLEVBQUU7UUFDekMsRUFBRSxJQUFJLEVBQUUsbUJBQW1CLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRTtRQUMxQyxFQUFFLElBQUksRUFBRSxlQUFlLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRTtRQUN0QyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRTtLQUNyQyxDQUFDO0lBRUYsSUFBSSxNQUFNLEVBQUUsQ0FBQztRQUNYLEdBQUcsQ0FBQyxJQUFJLENBQUM7WUFDUCxJQUFJLEVBQUUscUJBQXFCO1lBQzNCLEtBQUssRUFBRSxHQUFHLE1BQU0sNkpBQTZKO1NBQzlLLENBQUMsQ0FBQztJQUNMLENBQUM7SUFDRCxPQUFPLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUMxQixJQUFJLEVBQ0o7UUFDRSxTQUFTO1FBQ1QsS0FBSyxFQUFFLFlBQVk7UUFDbkIsU0FBUyxFQUFFLEVBQUUsSUFBSSxFQUFFLHdCQUF3QixFQUFFO1FBRTdDLE1BQU0sRUFBRTtZQUNOLEdBQUc7WUFDSCxNQUFNLEVBQUU7Z0JBQ04sV0FBVyxFQUFFLFFBQVE7Z0JBQ3JCLFdBQVcsRUFBRSxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUU7Z0JBQ2xDLFVBQVUsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUU7YUFDOUI7WUFDRCxXQUFXLEVBQUUsRUFBRSxnQkFBZ0IsRUFBRTtTQUNsQztLQUNGLEVBQ0QsTUFBTSxDQUNQLENBQUM7QUFDSixDQUFDLENBQUMifQ==

package/KubeX/Tools/Gitea/GiteaRunner.v1.d.ts

@@ -0,0 +1,11 @@
+import { DefaultK8sArgs } from '../../types';
+import { Input } from '@pulumi/pulumi';
+interface GiteaRunnerProps extends DefaultK8sArgs {
+    storageClassName: Input<string>;
+    giteaUrl?: Input<string>;
+    giteaToken: Input<string>;
+    labels?: Input<string>;
+    storageGb?: number;
+}
+declare const _default: ({ name, namespace, storageClassName, labels, storageGb, giteaUrl, giteaToken, resources, ...others }: GiteaRunnerProps) => import("@pulumi/kubernetes/apps/v1/deployment").Deployment;
+export default _default;

package/KubeX/Tools/Gitea/GiteaRunner.v1.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const kubernetes_1 = require("@pulumi/kubernetes");
+const Storage_1 = require("../../Storage");
+const KsSecret_1 = require("../../Core/KsSecret");
+exports.default = ({ name = 'gitea-runner', namespace, storageClassName, labels, storageGb = 10, giteaUrl, giteaToken, resources, ...others }) => {
+    const userId = 1000;
+    const dockerSock = `/run/user/${userId}/docker.sock`;
+    const persisVolume = (0, Storage_1.createPVCForStorageClass)({
+        name,
+        namespace,
+        accessMode: 'ReadWriteOnce',
+        storageGb: `${storageGb}Gi`,
+        storageClassName,
+        ...others,
+    });
+    const env = [
+        {
+            name: 'DOCKER_HOST',
+            value: `unix://${dockerSock}`,
+        },
+        // {
+        //   name: 'DOCKER_CERT_PATH',
+        //   value: '/certs/client',
+        // },
+        // {
+        //   name: 'DOCKER_TLS_VERIFY',
+        //   value: '0',
+        // },
+        {
+            name: 'GITEA_RUNNER_NAME',
+            value: name,
+        },
+        {
+            name: 'GITEA_INSTANCE_URL',
+            value: giteaUrl,
+        },
+    ];
+    if (labels) {
+        env.push({
+            name: 'GITEA_RUNNER_LABELS',
+            value: `${labels},ubuntu-latest:docker://catthehacker/ubuntu:runner-22.04,ubuntu-22.04:docker://catthehacker/ubuntu:runner-22.04,ubuntu-20.04:docker://catthehacker/ubuntu:runner-20.04`,
+        });
+    }
+    else
+        env.push({
+            name: 'GITEA_RUNNER_LABELS',
+            value: 'ubuntu-latest:docker://catthehacker/ubuntu:runner-22.04,ubuntu-22.04:docker://catthehacker/ubuntu:runner-22.04,ubuntu-20.04:docker://catthehacker/ubuntu:runner-20.04',
+        });
+    const secret = (0, KsSecret_1.default)({
+        name,
+        namespace,
+        stringData: {
+            GITEA_RUNNER_REGISTRATION_TOKEN: giteaToken,
+        },
+        ...others,
+    });
+    return new kubernetes_1.apps.v1.Deployment(name, {
+        metadata: {
+            name,
+            namespace,
+            labels: { app: name },
+        },
+        spec: {
+            replicas: 1,
+            selector: { matchLabels: { app: name } },
+            strategy: {},
+            template: {
+                metadata: { labels: { app: name } },
+                spec: {
+                    securityContext: {
+                        runAsUser: userId,
+                        runAsGroup: userId,
+                        fsGroup: userId,
+                    },
+                    containers: [
+                        {
+                            command: [
+                                'sh',
+                                '-c',
+                                `(sleep 10 && chmod a+rwx ${dockerSock}) & /usr/bin/supervisord -c /etc/supervisord.conf`,
+                            ],
+                            image: 'gitea/act_runner:nightly-dind-rootless',
+                            name: 'runner',
+                            env,
+                            envFrom: [
+                                {
+                                    secretRef: {
+                                        name: secret.metadata.name,
+                                    },
+                                },
+                            ],
+                            securityContext: {
+                                privileged: true,
+                            },
+                            volumeMounts: [
+                                {
+                                    mountPath: '/data',
+                                    name: 'runner-data',
+                                },
+                            ],
+                            resources: {
+                                requests: {
+                                    'ephemeral-storage': '10Gi',
+                                },
+                            },
+                        },
+                    ],
+                    restartPolicy: 'Always',
+                    volumes: [
+                        {
+                            name: 'runner-data',
+                            persistentVolumeClaim: {
+                                claimName: persisVolume.metadata.name,
+                            },
+                        },
+                    ],
+                },
+            },
+        },
+    }, others);
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiR2l0ZWFSdW5uZXIudjEuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvS3ViZVgvVG9vbHMvR2l0ZWEvR2l0ZWFSdW5uZXIudjEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSxtREFBMEM7QUFFMUMsMkNBQXlEO0FBRXpELGtEQUEyQztBQVczQyxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxHQUFHLGNBQWMsRUFDckIsU0FBUyxFQUNULGdCQUFnQixFQUNoQixNQUFNLEVBQ04sU0FBUyxHQUFHLEVBQUUsRUFDZCxRQUFRLEVBQ1IsVUFBVSxFQUNWLFNBQVMsRUFDVCxHQUFHLE1BQU0sRUFDUSxFQUFFLEVBQUU7SUFDckIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDO0lBQ3BCLE1BQU0sVUFBVSxHQUFHLGFBQWEsTUFBTSxjQUFjLENBQUM7SUFFckQsTUFBTSxZQUFZLEdBQUcsSUFBQSxrQ0FBd0IsRUFBQztRQUM1QyxJQUFJO1FBQ0osU0FBUztRQUNULFVBQVUsRUFBRSxlQUFlO1FBQzNCLFNBQVMsRUFBRSxHQUFHLFNBQVMsSUFBSTtRQUMzQixnQkFBZ0I7UUFDaEIsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0lBRUgsTUFBTSxHQUFHLEdBQUc7UUFDVjtZQUNFLElBQUksRUFBRSxhQUFhO1lBQ25CLEtBQUssRUFBRSxVQUFVLFVBQVUsRUFBRTtTQUM5QjtRQUNELElBQUk7UUFDSiw4QkFBOEI7UUFDOUIsNEJBQTRCO1FBQzVCLEtBQUs7UUFDTCxJQUFJO1FBQ0osK0JBQStCO1FBQy9CLGdCQUFnQjtRQUNoQixLQUFLO1FBQ0w7WUFDRSxJQUFJLEVBQUUsbUJBQW1CO1lBQ3pCLEtBQUssRUFBRSxJQUFJO1NBQ1o7UUFDRDtZQUNFLElBQUksRUFBRSxvQkFBb0I7WUFDMUIsS0FBSyxFQUFFLFFBQVE7U0FDaEI7S0FDRixDQUFDO0lBRUYsSUFBSSxNQUFNLEVBQUUsQ0FBQztRQUNYLEdBQUcsQ0FBQyxJQUFJLENBQUM7WUFDUCxJQUFJLEVBQUUscUJBQXFCO1lBQzNCLEtBQUssRUFBRSxHQUFHLE1BQU0sd0tBQXdLO1NBQ3pMLENBQUMsQ0FBQztJQUNMLENBQUM7O1FBQ0MsR0FBRyxDQUFDLElBQUksQ0FBQztZQUNQLElBQUksRUFBRSxxQkFBcUI7WUFDM0IsS0FBSyxFQUNILHVLQUF1SztTQUMxSyxDQUFDLENBQUM7SUFFTCxNQUFNLE1BQU0sR0FBRyxJQUFBLGtCQUFRLEVBQUM7UUFDdEIsSUFBSTtRQUNKLFNBQVM7UUFDVCxVQUFVLEVBQUU7WUFDViwrQkFBK0IsRUFBRSxVQUFVO1NBQzVDO1FBQ0QsR0FBRyxNQUFNO0tBQ1YsQ0FBQyxDQUFDO0lBRUgsT0FBTyxJQUFJLGlCQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FDM0IsSUFBSSxFQUNKO1FBQ0UsUUFBUSxFQUFFO1lBQ1IsSUFBSTtZQUNKLFNBQVM7WUFDVCxNQUFNLEVBQUUsRUFBRSxHQUFHLEVBQUUsSUFBSSxFQUFFO1NBQ3RCO1FBQ0QsSUFBSSxFQUFFO1lBQ0osUUFBUSxFQUFFLENBQUM7WUFDWCxRQUFRLEVBQUUsRUFBRSxXQUFXLEVBQUUsRUFBRSxHQUFHLEVBQUUsSUFBSSxFQUFFLEVBQUU7WUFDeEMsUUFBUSxFQUFFLEVBQUU7WUFDWixRQUFRLEVBQUU7Z0JBQ1IsUUFBUSxFQUFFLEVBQUUsTUFBTSxFQUFFLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxFQUFFO2dCQUNuQyxJQUFJLEVBQUU7b0JBQ0osZUFBZSxFQUFFO3dCQUNmLFNBQVMsRUFBRSxNQUFNO3dCQUNqQixVQUFVLEVBQUUsTUFBTTt3QkFDbEIsT0FBTyxFQUFFLE1BQU07cUJBQ2hCO29CQUNELFVBQVUsRUFBRTt3QkFDVjs0QkFDRSxPQUFPLEVBQUU7Z0NBQ1AsSUFBSTtnQ0FDSixJQUFJO2dDQUNKLDRCQUE0QixVQUFVLG1EQUFtRDs2QkFDMUY7NEJBQ0QsS0FBSyxFQUFFLHdDQUF3Qzs0QkFDL0MsSUFBSSxFQUFFLFFBQVE7NEJBRWQsR0FBRzs0QkFDSCxPQUFPLEVBQUU7Z0NBQ1A7b0NBQ0UsU0FBUyxFQUFFO3dDQUNULElBQUksRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUk7cUNBQzNCO2lDQUNGOzZCQUNGOzRCQUNELGVBQWUsRUFBRTtnQ0FDZixVQUFVLEVBQUUsSUFBSTs2QkFDakI7NEJBQ0QsWUFBWSxFQUFFO2dDQUNaO29DQUNFLFNBQVMsRUFBRSxPQUFPO29DQUNsQixJQUFJLEVBQUUsYUFBYTtpQ0FDcEI7NkJBQ0Y7NEJBRUQsU0FBUyxFQUFFO2dDQUNULFFBQVEsRUFBRTtvQ0FDUixtQkFBbUIsRUFBRSxNQUFNO2lDQUM1Qjs2QkFDRjt5QkFDRjtxQkFDRjtvQkFDRCxhQUFhLEVBQUUsUUFBUTtvQkFDdkIsT0FBTyxFQUFFO3dCQUNQOzRCQUNFLElBQUksRUFBRSxhQUFhOzRCQUNuQixxQkFBcUIsRUFBRTtnQ0FDckIsU0FBUyxFQUFFLFlBQVksQ0FBQyxRQUFRLENBQUMsSUFBSTs2QkFDdEM7eUJBQ0Y7cUJBQ0Y7aUJBQ0Y7YUFDRjtTQUNGO0tBQ0YsRUFDRCxNQUFNLENBQ1AsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/KubeX/Tools/HarborRepo.d.ts

@@ -0,0 +1,29 @@
+import { DefaultK8sArgs } from '../types';
+import * as k8s from '@pulumi/kubernetes';
+import { Input } from '@pulumi/pulumi';
+import { KeyVaultInfo } from '../../types';
+interface HarborRepoProps extends DefaultK8sArgs {
+    vaultInfo?: KeyVaultInfo;
+    externalURL: string;
+    coreURL: string;
+    notaryURL: string;
+    tlsSecretName: string;
+    storageClass: Input<string>;
+    accessMode?: 'ReadWriteMany' | 'ReadWriteOnce';
+    postgres: {
+        host: Input<string>;
+        port: Input<number>;
+        coreDatabase: Input<string>;
+        username: Input<string>;
+        password: Input<string>;
+        sslmode?: boolean;
+    };
+    redis?: {
+        addr: Input<string>;
+        port: Input<number>;
+        username: Input<string>;
+        password: Input<string>;
+    };
+}
+declare const _default: ({ name, namespace, externalURL, coreURL, notaryURL, tlsSecretName, storageClass, accessMode, postgres, redis, vaultInfo, provider, dependsOn, }: HarborRepoProps) => k8s.helm.v3.Chart;
+export default _default;

package/KubeX/Tools/HarborRepo.js

@@ -0,0 +1,78 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const k8s = require("@pulumi/kubernetes");
+const Random_1 = require("../../Core/Random");
+//https://github.com/goharbor/harbor-helm
+exports.default = ({ name = 'harbor', namespace, externalURL, coreURL, notaryURL, tlsSecretName, storageClass, accessMode = 'ReadWriteOnce', postgres, redis, vaultInfo, provider, dependsOn, }) => {
+    const redisType = redis ? 'external' : 'internal';
+    const randomPassOptions = {
+        length: 16,
+        options: { special: false },
+        policy: false,
+        vaultInfo,
+    };
+    const harbor = new k8s.helm.v3.Chart(name, {
+        namespace,
+        chart: 'harbor',
+        fetchOpts: { repo: 'https://helm.goharbor.io' },
+        values: {
+            expose: {
+                type: 'clusterIP', // ingress, clusterIP, nodePort, loadBalancer
+                tls: { auto: { commonName: externalURL.replace('https://', '') } },
+                ingress: {
+                    hosts: {
+                        core: coreURL,
+                        notary: notaryURL,
+                        secretName: tlsSecretName,
+                    },
+                },
+            },
+            externalURL,
+            //Admin Password
+            harborAdminPassword: (0, Random_1.randomPassword)({
+                name: `${name}-admin`,
+                ...randomPassOptions,
+            }).result,
+            // secret: randomPassword({
+            //   name: `${name}-secret`,
+            //   ...randomPassOptions,
+            // }).result,
+            //Secret key for encryption mus be 16 characters
+            secretKey: (0, Random_1.randomPassword)({
+                name: `${name}-secretKey`,
+                ...randomPassOptions,
+            }).result,
+            trivy: { enabled: true },
+            database: { type: 'external', external: postgres },
+            redis: {
+                type: redisType,
+                external: redis,
+                internal: redisType === 'internal' ? {} : undefined,
+            },
+            persistence: {
+                persistentVolumeClaim: {
+                    registry: {
+                        storageClass,
+                        accessMode,
+                    },
+                    chartmuseum: {
+                        storageClass,
+                        accessMode,
+                    },
+                    jobservice: {
+                        storageClass,
+                        accessMode,
+                    },
+                    redis: redisType === 'internal'
+                        ? {
+                            storageClass,
+                            accessMode,
+                        }
+                        : undefined,
+                },
+            },
+        },
+    }, { provider, dependsOn });
+    return harbor;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGFyYm9yUmVwby5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9LdWJlWC9Ub29scy9IYXJib3JSZXBvLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQ0EsMENBQTBDO0FBRTFDLDhDQUFtRDtBQTZCbkQseUNBQXlDO0FBQ3pDLGtCQUFlLENBQUMsRUFDZCxJQUFJLEdBQUcsUUFBUSxFQUNmLFNBQVMsRUFFVCxXQUFXLEVBQ1gsT0FBTyxFQUNQLFNBQVMsRUFDVCxhQUFhLEVBRWIsWUFBWSxFQUNaLFVBQVUsR0FBRyxlQUFlLEVBQzVCLFFBQVEsRUFDUixLQUFLLEVBQ0wsU0FBUyxFQUNULFFBQVEsRUFDUixTQUFTLEdBQ08sRUFBRSxFQUFFO0lBQ3BCLE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUM7SUFDbEQsTUFBTSxpQkFBaUIsR0FBRztRQUN4QixNQUFNLEVBQUUsRUFBRTtRQUNWLE9BQU8sRUFBRSxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUU7UUFDM0IsTUFBTSxFQUFFLEtBQUs7UUFDYixTQUFTO0tBQ1YsQ0FBQztJQUVGLE1BQU0sTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUNsQyxJQUFJLEVBQ0o7UUFDRSxTQUFTO1FBQ1QsS0FBSyxFQUFFLFFBQVE7UUFDZixTQUFTLEVBQUUsRUFBRSxJQUFJLEVBQUUsMEJBQTBCLEVBQUU7UUFFL0MsTUFBTSxFQUFFO1lBQ04sTUFBTSxFQUFFO2dCQUNOLElBQUksRUFBRSxXQUFXLEVBQUUsNkNBQTZDO2dCQUNoRSxHQUFHLEVBQUUsRUFBRSxJQUFJLEVBQUUsRUFBRSxVQUFVLEVBQUUsV0FBVyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDLEVBQUUsRUFBRTtnQkFDbEUsT0FBTyxFQUFFO29CQUNQLEtBQUssRUFBRTt3QkFDTCxJQUFJLEVBQUUsT0FBTzt3QkFDYixNQUFNLEVBQUUsU0FBUzt3QkFDakIsVUFBVSxFQUFFLGFBQWE7cUJBQzFCO2lCQUNGO2FBQ0Y7WUFDRCxXQUFXO1lBRVgsZ0JBQWdCO1lBQ2hCLG1CQUFtQixFQUFFLElBQUEsdUJBQWMsRUFBQztnQkFDbEMsSUFBSSxFQUFFLEdBQUcsSUFBSSxRQUFRO2dCQUNyQixHQUFHLGlCQUFpQjthQUNyQixDQUFDLENBQUMsTUFBTTtZQUVULDJCQUEyQjtZQUMzQiw0QkFBNEI7WUFDNUIsMEJBQTBCO1lBQzFCLGFBQWE7WUFFYixnREFBZ0Q7WUFDaEQsU0FBUyxFQUFFLElBQUEsdUJBQWMsRUFBQztnQkFDeEIsSUFBSSxFQUFFLEdBQUcsSUFBSSxZQUFZO2dCQUN6QixHQUFHLGlCQUFpQjthQUNyQixDQUFDLENBQUMsTUFBTTtZQUVULEtBQUssRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUU7WUFDeEIsUUFBUSxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFO1lBQ2xELEtBQUssRUFBRTtnQkFDTCxJQUFJLEVBQUUsU0FBUztnQkFDZixRQUFRLEVBQUUsS0FBSztnQkFDZixRQUFRLEVBQUUsU0FBUyxLQUFLLFVBQVUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQ3BEO1lBQ0QsV0FBVyxFQUFFO2dCQUNYLHFCQUFxQixFQUFFO29CQUNyQixRQUFRLEVBQUU7d0JBQ1IsWUFBWTt3QkFDWixVQUFVO3FCQUNYO29CQUNELFdBQVcsRUFBRTt3QkFDWCxZQUFZO3dCQUNaLFVBQVU7cUJBQ1g7b0JBQ0QsVUFBVSxFQUFFO3dCQUNWLFlBQVk7d0JBQ1osVUFBVTtxQkFDWDtvQkFDRCxLQUFLLEVBQ0gsU0FBUyxLQUFLLFVBQVU7d0JBQ3RCLENBQUMsQ0FBQzs0QkFDRSxZQUFZOzRCQUNaLFVBQVU7eUJBQ1g7d0JBQ0gsQ0FBQyxDQUFDLFNBQVM7aUJBQ2hCO2FBQ0Y7U0FDRjtLQUNGLEVBQ0QsRUFBRSxRQUFRLEVBQUUsU0FBUyxFQUFFLENBQ3hCLENBQUM7SUFFRixPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDLENBQUMifQ==

package/KubeX/Tools/HelloWorld.d.ts

@@ -0,0 +1,3 @@
+import { DefaultKsAppArgs } from '../types';
+declare const _default: ({ namespace, ingress, ...others }: DefaultKsAppArgs) => void;
+export default _default;

package/KubeX/Tools/HelloWorld.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Deployment_1 = require("../Deployment");
+exports.default = ({ namespace, ingress, ...others }) => {
+    const name = 'hello-world';
+    const image = 'strm/helloworld-http';
+    const port = 80;
+    (0, Deployment_1.default)({
+        name,
+        namespace,
+        podConfig: {
+            image,
+            ports: { http: port },
+            resources: { requests: { memory: '1Mi', cpu: '1m' } },
+        },
+        deploymentConfig: { replicas: 1 },
+        ingressConfig: ingress,
+        ...others,
+    });
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVsbG9Xb3JsZC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9LdWJlWC9Ub29scy9IZWxsb1dvcmxkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsOENBQXVDO0FBR3ZDLGtCQUFlLENBQUMsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLEdBQUcsTUFBTSxFQUFvQixFQUFFLEVBQUU7SUFDckUsTUFBTSxJQUFJLEdBQUcsYUFBYSxDQUFDO0lBQzNCLE1BQU0sS0FBSyxHQUFHLHNCQUFzQixDQUFDO0lBQ3JDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUVoQixJQUFBLG9CQUFVLEVBQUM7UUFDVCxJQUFJO1FBQ0osU0FBUztRQUVULFNBQVMsRUFBRTtZQUNULEtBQUs7WUFDTCxLQUFLLEVBQUUsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFO1lBQ3JCLFNBQVMsRUFBRSxFQUFFLFFBQVEsRUFBRSxFQUFFLE1BQU0sRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxFQUFFO1NBQ3REO1FBQ0QsZ0JBQWdCLEVBQUUsRUFBRSxRQUFRLEVBQUUsQ0FBQyxFQUFFO1FBQ2pDLGFBQWEsRUFBRSxPQUFPO1FBRXRCLEdBQUcsTUFBTTtLQUNWLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQyJ9

package/KubeX/Tools/KubeCleanup.d.ts

@@ -0,0 +1,9 @@
+import * as k8s from '@pulumi/kubernetes';
+import { Input, Resource } from '@pulumi/pulumi';
+interface Props {
+    namespace: Input<string>;
+    provider: k8s.Provider;
+    dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
+}
+declare const _default: ({ namespace, provider, dependsOn }: Props) => void;
+export default _default;

package/KubeX/Tools/KubeCleanup.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const k8s = require("@pulumi/kubernetes");
+const SecurityRules_1 = require("../Core/SecurityRules");
+exports.default = ({ namespace, provider, dependsOn }) => {
+    const name = 'kube-cleanup-operator';
+    new k8s.helm.v3.Chart(name, {
+        namespace,
+        chart: 'kube-cleanup-operator',
+        fetchOpts: {
+            repo: 'http://charts.lwolf.org',
+        },
+        values: {
+            rbac: {
+                global: true,
+            },
+            args: [
+                //'--namespace=default',
+                '--delete-successful-after=24h0m0s',
+                '--delete-failed-after=0',
+                '--delete-pending-pods-after=0',
+                '--delete-evicted-pods-after=0',
+                '--delete-orphaned-pods-after=0',
+                //'--ignore-owned-by-cronjobs=false',
+                //'--dry-run=false',
+                '--legacy-mode=false',
+            ],
+        },
+        transformations: [
+            (obj) => (0, SecurityRules_1.applyDeploymentRules)(obj, { disableServiceAccount: false }),
+        ],
+    }, { provider, dependsOn });
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiS3ViZUNsZWFudXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvS3ViZVgvVG9vbHMvS3ViZUNsZWFudXAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSwwQ0FBMEM7QUFFMUMseURBQTZEO0FBUTdELGtCQUFlLENBQUMsRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLFNBQVMsRUFBUyxFQUFFLEVBQUU7SUFDM0QsTUFBTSxJQUFJLEdBQUcsdUJBQXVCLENBQUM7SUFFckMsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQ25CLElBQUksRUFDSjtRQUNFLFNBQVM7UUFDVCxLQUFLLEVBQUUsdUJBQXVCO1FBQzlCLFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSx5QkFBeUI7U0FDaEM7UUFFRCxNQUFNLEVBQUU7WUFDTixJQUFJLEVBQUU7Z0JBQ0osTUFBTSxFQUFFLElBQUk7YUFDYjtZQUNELElBQUksRUFBRTtnQkFDSix3QkFBd0I7Z0JBQ3hCLG1DQUFtQztnQkFDbkMseUJBQXlCO2dCQUN6QiwrQkFBK0I7Z0JBQy9CLCtCQUErQjtnQkFDL0IsZ0NBQWdDO2dCQUNoQyxxQ0FBcUM7Z0JBQ3JDLG9CQUFvQjtnQkFDcEIscUJBQXFCO2FBQ3RCO1NBQ0Y7UUFFRCxlQUFlLEVBQUU7WUFDZixDQUFDLEdBQVEsRUFBRSxFQUFFLENBQ1gsSUFBQSxvQ0FBb0IsRUFBQyxHQUFHLEVBQUUsRUFBRSxxQkFBcUIsRUFBRSxLQUFLLEVBQUUsQ0FBQztTQUM5RDtLQUNGLEVBQ0QsRUFBRSxRQUFRLEVBQUUsU0FBUyxFQUFFLENBQ3hCLENBQUM7QUFDSixDQUFDLENBQUMifQ==

package/KubeX/Tools/NoIp.d.ts

@@ -0,0 +1,13 @@
+import * as k8s from '@pulumi/kubernetes';
+import { Input, Resource } from '@pulumi/pulumi';
+export interface NoIpProps {
+    namespace: Input<string>;
+    username: Input<string>;
+    password: Input<string>;
+    domain: Input<string>;
+    interval?: number;
+    provider: k8s.Provider;
+    dependsOn?: Input<Input<Resource>[]> | Input<Resource>;
+}
+declare const _default: ({ namespace, username, password, domain, interval, ...others }: NoIpProps) => void;
+export default _default;

package/KubeX/Tools/NoIp.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Deployment_1 = require("../Deployment");
+exports.default = ({ namespace, username, password, domain, interval = 5, ...others }) => {
+    const name = 'no-ip';
+    const image = 'aanousakis/no-ip:v1';
+    (0, Deployment_1.default)({
+        name,
+        namespace,
+        configMap: {
+            INTERVAL: interval.toString(),
+            DOMAINS: domain,
+        },
+        secrets: { USERNAME: username, PASSWORD: password },
+        podConfig: {
+            ports: { http: 8080 },
+            image,
+            resources: { requests: { memory: '1Mi', cpu: '1m' } },
+        },
+        deploymentConfig: { replicas: 1 },
+        ...others,
+    });
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTm9JcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9LdWJlWC9Ub29scy9Ob0lwLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBR0EsOENBQXVDO0FBWXZDLGtCQUFlLENBQUMsRUFDZCxTQUFTLEVBQ1QsUUFBUSxFQUNSLFFBQVEsRUFDUixNQUFNLEVBQ04sUUFBUSxHQUFHLENBQUMsRUFDWixHQUFHLE1BQU0sRUFDQyxFQUFFLEVBQUU7SUFDZCxNQUFNLElBQUksR0FBRyxPQUFPLENBQUM7SUFDckIsTUFBTSxLQUFLLEdBQUcscUJBQXFCLENBQUM7SUFFcEMsSUFBQSxvQkFBVSxFQUFDO1FBQ1QsSUFBSTtRQUNKLFNBQVM7UUFFVCxTQUFTLEVBQUU7WUFDVCxRQUFRLEVBQUUsUUFBUSxDQUFDLFFBQVEsRUFBRTtZQUM3QixPQUFPLEVBQUUsTUFBTTtTQUNoQjtRQUNELE9BQU8sRUFBRSxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRTtRQUVuRCxTQUFTLEVBQUU7WUFDVCxLQUFLLEVBQUUsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFO1lBQ3JCLEtBQUs7WUFDTCxTQUFTLEVBQUUsRUFBRSxRQUFRLEVBQUUsRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxJQUFJLEVBQUUsRUFBRTtTQUN0RDtRQUNELGdCQUFnQixFQUFFLEVBQUUsUUFBUSxFQUFFLENBQUMsRUFBRTtRQUVqQyxHQUFHLE1BQU07S0FDVixDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMifQ==

package/KubeX/Tools/OpenLDAP/index.d.ts

@@ -0,0 +1,12 @@
+import * as k8s from '@pulumi/kubernetes';
+import { DefaultK8sArgs } from '../../types';
+import { KeyVaultInfo } from '../../../types';
+export interface OpenLDAPProps extends Omit<DefaultK8sArgs, 'namespace'> {
+    vaultInfo?: KeyVaultInfo;
+    namespace?: string;
+    replicas?: number;
+    storageClassName: string;
+    ldapDomain: string;
+}
+declare const _default: ({ name, namespace, vaultInfo, resources, replicas, ldapDomain, storageClassName, ...others }: OpenLDAPProps) => k8s.helm.v3.Chart;
+export default _default;