@highstate/cilium 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +18 -0
  2. package/dist/index.js +168 -0
  3. package/package.json +41 -0
package/dist/index.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ import { ResourceOptions, Resource } from '@highstate/pulumi';
2
+ import { NetworkPolicy, NormalizedNetworkPolicyArgs } from '@highstate/k8s';
3
+
4
+ declare class CiliumNetworkPolicy extends NetworkPolicy {
5
+ protected create(name: string, args: NormalizedNetworkPolicyArgs, opts?: ResourceOptions): Resource;
6
+ private static createIngressRules;
7
+ private static createEgressRules;
8
+ private static createRules;
9
+ private static createAllRules;
10
+ private static createCidrRules;
11
+ private static createFqdnRules;
12
+ private static createServiceRules;
13
+ private static createNamespaceExpressions;
14
+ private static createSelectorRules;
15
+ private static mapPorts;
16
+ }
17
+
18
+ export { CiliumNetworkPolicy };
package/dist/index.js ADDED
@@ -0,0 +1,168 @@
1
+ import { output } from '@highstate/pulumi';
2
+ import { NetworkPolicy, mapMetadata, mapServiceToLabelSelector, mapNamespaceLikeToNamespaceName, mapSelectorLikeToSelector } from '@highstate/k8s';
3
+ import { cilium } from '@highstate/cilium-crds';
4
+ import '@pulumi/kubernetes';
5
+ import { mapKeys, pipe, map } from 'remeda';
6
+
7
+ class CiliumNetworkPolicy extends NetworkPolicy {
8
+ create(name, args, opts) {
9
+ return new cilium.v2.CiliumNetworkPolicy(
10
+ name,
11
+ {
12
+ metadata: mapMetadata(args, name),
13
+ spec: {
14
+ description: args.description,
15
+ endpointSelector: args.podSelector,
16
+ ingress: CiliumNetworkPolicy.createIngressRules(args),
17
+ egress: CiliumNetworkPolicy.createEgressRules(args)
18
+ }
19
+ },
20
+ opts
21
+ );
22
+ }
23
+ static createIngressRules(args) {
24
+ return args.ingressRules.flatMap((rule) => CiliumNetworkPolicy.createRules("from", rule));
25
+ }
26
+ static createEgressRules(args) {
27
+ return args.egressRules.flatMap((rule) => CiliumNetworkPolicy.createRules("to", rule));
28
+ }
29
+ static createRules(prefix, rule) {
30
+ const port = CiliumNetworkPolicy.mapPorts(rule.ports);
31
+ const ports = port ? [port] : void 0;
32
+ return [
33
+ ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),
34
+ ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),
35
+ ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),
36
+ ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),
37
+ ...prefix === "to" ? CiliumNetworkPolicy.createFqdnRules(rule, ports) : []
38
+ ];
39
+ }
40
+ static createAllRules(prefix, rule, ports) {
41
+ if (!rule.all) {
42
+ return [];
43
+ }
44
+ return [
45
+ {
46
+ [`${prefix}Entities`]: ["all"],
47
+ toPorts: ports
48
+ }
49
+ ];
50
+ }
51
+ static createCidrRules(prefix, rule, ports) {
52
+ if (rule.cidrs.length === 0) {
53
+ return [];
54
+ }
55
+ return [
56
+ {
57
+ [`${prefix}CIDR`]: rule.cidrs,
58
+ toPorts: ports
59
+ }
60
+ ];
61
+ }
62
+ static createFqdnRules(rule, ports) {
63
+ if (rule.fqdns.length === 0) {
64
+ return [];
65
+ }
66
+ return [
67
+ {
68
+ toFQDNs: rule.fqdns.map((fqdn) => {
69
+ return fqdn.includes("*") ? { matchName: fqdn } : { matchPattern: fqdn };
70
+ }),
71
+ toPorts: ports
72
+ }
73
+ ];
74
+ }
75
+ static createServiceRules(prefix, rule, ports) {
76
+ if (rule.services.length === 0) {
77
+ return [];
78
+ }
79
+ const selectors = rule.services.map((service) => {
80
+ const selector = mapServiceToLabelSelector(service);
81
+ return output(selector).apply((selector2) => ({
82
+ matchLabels: {
83
+ ...mapKeys(selector2.matchLabels ?? {}, (key) => `k8s:${key}`),
84
+ "k8s:io.kubernetes.pod.namespace": service.metadata.namespace
85
+ }
86
+ }));
87
+ });
88
+ return [
89
+ {
90
+ [`${prefix}Endpoints`]: selectors,
91
+ toPorts: ports
92
+ }
93
+ ];
94
+ }
95
+ static createNamespaceExpressions(rule) {
96
+ if (rule.namespaces.length === 0) {
97
+ return [];
98
+ }
99
+ return pipe(
100
+ //
101
+ rule.namespaces,
102
+ map(mapNamespaceLikeToNamespaceName),
103
+ (names) => [
104
+ {
105
+ key: "k8s:io.kubernetes.pod.namespace",
106
+ operator: "In",
107
+ values: names
108
+ }
109
+ ]
110
+ );
111
+ }
112
+ static createSelectorRules(prefix, rule, ports) {
113
+ const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule);
114
+ if (rule.selectors.length === 0) {
115
+ if (namespaceExpressions.length === 0) {
116
+ return [];
117
+ }
118
+ return [
119
+ {
120
+ [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],
121
+ toPorts: ports
122
+ }
123
+ ];
124
+ }
125
+ const selectors = rule.selectors.map((selector) => {
126
+ const rawSelector = mapSelectorLikeToSelector(selector);
127
+ return output(rawSelector).apply((rawSelector2) => {
128
+ const expressions = map(rawSelector2.matchExpressions ?? [], (expression) => ({
129
+ key: `k8s:${expression.key}`,
130
+ operator: expression.operator,
131
+ values: expression.values
132
+ }));
133
+ return {
134
+ matchLabels: mapKeys(rawSelector2.matchLabels ?? {}, (key) => `k8s:${key}`),
135
+ matchExpressions: [...expressions, ...namespaceExpressions]
136
+ };
137
+ });
138
+ });
139
+ return [
140
+ {
141
+ [`${prefix}Endpoints`]: selectors,
142
+ toPorts: ports
143
+ }
144
+ ];
145
+ }
146
+ static mapPorts(ports) {
147
+ if (ports.length === 0) {
148
+ return;
149
+ }
150
+ return {
151
+ ports: ports.map((port) => {
152
+ if ("port" in port) {
153
+ return {
154
+ port: port.port.toString(),
155
+ protocol: port.protocol ?? "TCP"
156
+ };
157
+ }
158
+ return {
159
+ port: port.range[0].toString(),
160
+ endPort: port.range[1],
161
+ protocol: port.protocol ?? "TCP"
162
+ };
163
+ })
164
+ };
165
+ }
166
+ }
167
+
168
+ export { CiliumNetworkPolicy };
package/package.json ADDED
@@ -0,0 +1,41 @@
1
+ {
2
+ "name": "@highstate/cilium",
3
+ "version": "0.4.5",
4
+ "type": "module",
5
+ "files": [
6
+ "dist",
7
+ "assets/charts"
8
+ ],
9
+ "module": "dist/index.js",
10
+ "types": "dist/index.d.ts",
11
+ "exports": {
12
+ ".": {
13
+ "default": "./dist/index.js",
14
+ "types": "./dist/index.d.ts"
15
+ }
16
+ },
17
+ "publishConfig": {
18
+ "access": "public"
19
+ },
20
+ "scripts": {
21
+ "build": "pkgroll --tsconfig=tsconfig.build.json",
22
+ "update-assets": "./scripts/update-assets.sh",
23
+ "generate-crds": "./scripts/generate-crds.sh"
24
+ },
25
+ "dependencies": {
26
+ "@highstate/cilium-crds": "^0.4.5",
27
+ "@highstate/k8s": "^0.4.5",
28
+ "@highstate/pulumi": "^0.4.5",
29
+ "@pulumi/command": "^1.0.2",
30
+ "@pulumi/kubernetes": "^4.18.0",
31
+ "@pulumi/pulumi": "^3.152.0",
32
+ "remeda": "^2.21.0"
33
+ },
34
+ "peerDependencies": {
35
+ "@highstate/library": "workspace:^0.4.4"
36
+ },
37
+ "devDependencies": {
38
+ "pkgroll": "^2.5.1"
39
+ },
40
+ "gitHead": "afd601fdade1bcf31af58072eea3c08ee26349b8"
41
+ }