npm - @highstate/cilium - Versions diffs - 0.9.14 → 0.9.16 - Mend

@highstate/cilium 0.9.14 → 0.9.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/chunk-M4DV2DAJ.js +2 -4
package/dist/chunk-M4DV2DAJ.js.map +1 -1
package/dist/highstate.manifest.json +2 -2
package/dist/index.js +11 -21
package/dist/index.js.map +1 -1
package/dist/unit/index.js +8 -11
package/dist/unit/index.js.map +1 -1
package/package.json +9 -9

package/dist/chunk-M4DV2DAJ.js CHANGED Viewed

@@ -11,8 +11,6 @@ function getCiliumClusterMetadata(cluster) {
   return cluster.metadata?.cilium ?? {};
 }
-export {
-  cilium,
-  getCiliumClusterMetadata
-};
+export { cilium, getCiliumClusterMetadata };
+//# sourceMappingURL=chunk-M4DV2DAJ.js.map
 //# sourceMappingURL=chunk-M4DV2DAJ.js.map

package/dist/chunk-M4DV2DAJ.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../assets/charts.json","../src/shared.ts"],"sourcesContent":["{\n \"cilium\": {\n \"repo\": \"https://helm.cilium.io\",\n \"name\": \"cilium\",\n \"version\": \"1.17.4\",\n \"sha256\": \"06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87\"\n }\n}\n","import type { k8s } from \"@highstate/library\"\n\nexport { cilium as chart } from \"../assets/charts.json\"\n\nexport type CiliumClusterMetadata = {\n /*\n If set to `true`, the generated network policy will allow\n * all DNS queries to be resolved, even if they are\n * for forbidden (non-allowed) FQDNs.\n \n By default, is not set.\n */\n allowForbiddenFqdnResolution?: boolean\n}\n\nexport function getCiliumClusterMetadata(cluster: k8s.Cluster): CiliumClusterMetadata {\n return cluster.metadata?.cilium ?? {}\n}\n\nexport function hasCiliumClusterMetadata(\n cluster: k8s.Cluster,\n): cluster is k8s.Cluster & { metadata: { cilium: CiliumClusterMetadata } } {\n return Boolean(cluster.metadata?.cilium)\n}\n"]~~,"mappings":";AACE,aAAU;AAAA,EACR,MAAQ;AAAA,EACR,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,QAAU;AACZ;;;ACSK,SAAS,yBAAyB,SAA6C;AACpF,SAAO,QAAQ,UAAU,UAAU,CAAC;AACtC;","names":[]~~}
1	+ {"version":3,"sources":["../assets/charts.json","../src/shared.ts"],"names":[],"mappings":";AACY,IAAA,MAAA,GAAA;AAAA,EACR,IAAQ,EAAA,wBAAA;AAAA,EACR,IAAQ,EAAA,QAAA;AAAA,EACR,OAAW,EAAA,QAAA;AAAA,EACX,MAAU,EAAA;AACZ;;;ACSK,SAAS,yBAAyB,OAA6C,EAAA;AACpF,EAAO,OAAA,OAAA,CAAQ,QAAU,EAAA,MAAA,IAAU,EAAC;AACtC","file":"chunk-M4DV2DAJ.js","sourcesContent":["{\n \"cilium\": {\n \"repo\": \"https://helm.cilium.io\",\n \"name\": \"cilium\",\n \"version\": \"1.17.4\",\n \"sha256\": \"06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87\"\n }\n}\n","import type { k8s } from \"@highstate/library\"\n\nexport { cilium as chart } from \"../assets/charts.json\"\n\nexport type CiliumClusterMetadata = {\n /*\n If set to `true`, the generated network policy will allow\n * all DNS queries to be resolved, even if they are\n * for forbidden (non-allowed) FQDNs.\n \n By default, is not set.\n */\n allowForbiddenFqdnResolution?: boolean\n}\n\nexport function getCiliumClusterMetadata(cluster: k8s.Cluster): CiliumClusterMetadata {\n return cluster.metadata?.cilium ?? {}\n}\n\nexport function hasCiliumClusterMetadata(\n cluster: k8s.Cluster,\n): cluster is k8s.Cluster & { metadata: { cilium: CiliumClusterMetadata } } {\n return Boolean(cluster.metadata?.cilium)\n}\n"]}

package/dist/highstate.manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "sourceHashes": {
-    "./dist/index.js": "31971908d666199e8b236272a197c2d194e1c25af8a33ea44d2a1f2cece39a67",
-    "./dist/unit/index.js": "37d2b8caa48cc61f1e07e99c04fc1ac99a037995410f44f35cc856b76db08acc"
+    "./dist/index.js": 936203783,
+    "./dist/unit/index.js": 3746206031
   }
 }

package/dist/index.js CHANGED Viewed

@@ -1,23 +1,14 @@
-import {
-  cilium,
-  getCiliumClusterMetadata
-} from "./chunk-M4DV2DAJ.js";
+import { getCiliumClusterMetadata } from './chunk-M4DV2DAJ.js';
+export { cilium as chart } from './chunk-M4DV2DAJ.js';
+import { output } from '@highstate/pulumi';
+import { NetworkPolicy, mapMetadata, mapServiceToLabelSelector, mapNamespaceLikeToNamespaceName, mapSelectorLikeToSelector } from '@highstate/k8s';
+import { cilium } from '@highstate/cilium-crds';
+import '@pulumi/kubernetes';
+import { uniqueBy, mapKeys, pipe, map } from 'remeda';
-// src/network-policy.ts
-import { output } from "@highstate/pulumi";
-import {
-  mapMetadata,
-  mapNamespaceLikeToNamespaceName,
-  mapSelectorLikeToSelector,
-  mapServiceToLabelSelector,
-  NetworkPolicy
-} from "@highstate/k8s";
-import { cilium as cilium2 } from "@highstate/cilium-crds";
-import "@pulumi/kubernetes";
-import { map, mapKeys, pipe, uniqueBy } from "remeda";
 var CiliumNetworkPolicy = class _CiliumNetworkPolicy extends NetworkPolicy {
   create(name, args, opts) {
-    return new cilium2.v2.CiliumNetworkPolicy(
+    return new cilium.v2.CiliumNetworkPolicy(
       name,
       {
         metadata: mapMetadata(args, name),
@@ -212,8 +203,7 @@ var CiliumNetworkPolicy = class _CiliumNetworkPolicy extends NetworkPolicy {
     };
   }
 };
-export {
-  CiliumNetworkPolicy,
-  cilium as chart
-};
+export { CiliumNetworkPolicy };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/network-policy.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { type ResourceOptions, type Resource, output } from \"@highstate/pulumi\"\nimport {\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapSelectorLikeToSelector,\n mapServiceToLabelSelector,\n NetworkPolicy,\n type NetworkPolicyPort,\n type NormalizedNetworkPolicyArgs,\n type NormalizedRuleArgs,\n} from \"@highstate/k8s\"\nimport { cilium, types } from \"@highstate/cilium-crds\"\nimport { types as k8sTypes } from \"@pulumi/kubernetes\"\nimport { map, mapKeys, pipe, uniqueBy } from \"remeda\"\nimport { getCiliumClusterMetadata } from \"./shared\"\n\ntype Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &\n types.input.cilium.v2.CiliumNetworkPolicySpecEgress\n\nexport class CiliumNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n return new cilium.v2.CiliumNetworkPolicy(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: {\n description: args.description,\n endpointSelector: args.podSelector,\n ingress: CiliumNetworkPolicy.createIngressRules(args),\n egress: CiliumNetworkPolicy.createEgressRules(args),\n },\n },\n opts,\n )\n }\n\n private static createIngressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateIngress) {\n return [{}]\n }\n\n return uniqueBy(\n args.ingressRules.flatMap(rule =>\n CiliumNetworkPolicy.createRules(\"from\", rule, args.cluster),\n ),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateEgress) {\n return [{}]\n }\n\n const extraRules: Rule[] = []\n\n if (args.allowKubeApiServer) {\n extraRules.push({ toEntities: [\"kube-apiserver\"] })\n }\n\n return uniqueBy(\n args.egressRules\n .flatMap(rule => CiliumNetworkPolicy.createRules(\"to\", rule, args.cluster))\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n cluster: k8s.Cluster,\n ): Rule[] {\n const port = CiliumNetworkPolicy.mapPorts(rule.ports)\n const ports = port ? [port] : undefined\n\n return [\n ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),\n ...(prefix === \"to\" ? CiliumNetworkPolicy.createFqdnRules(rule, ports, cluster) : []),\n ]\n }\n\n private static createAllRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): Rule[] {\n if (!rule.all) {\n return []\n }\n\n return [\n {\n [`${prefix}Entities`]: [\"all\"],\n toPorts: ports,\n },\n ]\n }\n\n private static createCidrRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): Rule[] {\n if (rule.cidrs.length === 0) {\n return []\n }\n\n return [\n {\n [`${prefix}CIDR`]: rule.cidrs,\n toPorts: ports,\n },\n ]\n }\n\n private static createFqdnRules(\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n cluster: k8s.Cluster,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgress[] {\n if (rule.fqdns.length === 0) {\n return []\n }\n\n const fqdnRules = rule.fqdns.map(fqdn => {\n return fqdn.includes(\"\") ? { matchPattern: fqdn } : { matchName: fqdn }\n })\n\n return [\n {\n toFQDNs: fqdnRules,\n toPorts: ports,\n },\n {\n toEndpoints: [\n {\n matchLabels: {\n \"k8s:io.kubernetes.pod.namespace\": \"kube-system\",\n \"k8s:k8s-app\": \"kube-dns\",\n },\n },\n ],\n toPorts: [\n {\n ports: [{ port: \"53\", protocol: \"UDP\" }],\n rules: {\n dns: getCiliumClusterMetadata(cluster).allowForbiddenFqdnResolution\n ? [{ matchPattern: \"\" }]\n : fqdnRules,\n },\n },\n ],\n },\n ]\n }\n\n private static createServiceRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): Rule[] {\n if (rule.services.length === 0) {\n return []\n }\n\n const selectors = rule.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return output(selector).apply(selector => ({\n matchLabels: {\n ...mapKeys(selector.matchLabels ?? {}, key => `k8s:${key}`),\n \"k8s:io.kubernetes.pod.namespace\": service.metadata.namespace,\n },\n }))\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static createNamespaceExpressions(\n rule: NormalizedRuleArgs,\n ): k8sTypes.input.meta.v1.LabelSelectorRequirement[] {\n if (rule.namespaces.length === 0) {\n return []\n }\n\n return pipe(\n //\n rule.namespaces,\n map(mapNamespaceLikeToNamespaceName),\n names => [\n {\n key: \"k8s:io.kubernetes.pod.namespace\",\n operator: \"In\",\n values: names,\n },\n ],\n )\n }\n\n private static createSelectorRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecIngress[] {\n const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule)\n\n if (rule.selectors.length === 0) {\n if (namespaceExpressions.length === 0) {\n // if no selectors and no namespaces are provided, we do not match\n return []\n }\n\n // if no selectors are provided, we only match on namespaces\n return [\n {\n [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],\n toPorts: ports,\n },\n ]\n }\n\n // otherwise, we match on selectors and namespaces\n const selectors = rule.selectors.map(selector => {\n const rawSelector = mapSelectorLikeToSelector(selector)\n\n return output(rawSelector).apply(rawSelector => {\n const expressions = map(rawSelector.matchExpressions ?? [], expression => ({\n key: `k8s:${expression.key}`,\n operator: expression.operator,\n values: expression.values,\n }))\n\n return {\n matchLabels: mapKeys(rawSelector.matchLabels ?? {}, key => `k8s:${key}`),\n matchExpressions: [...expressions, ...namespaceExpressions],\n }\n })\n })\n\n return [\n {\n [`${prefix}Endpoints`]: uniqueBy(selectors, rule => JSON.stringify(rule)),\n toPorts: ports,\n },\n ]\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts \| undefined {\n if (ports.length === 0) {\n return\n }\n\n return {\n ports: ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port.toString(),\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0].toString(),\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n }),\n }\n }\n}\n"],"mappings":";;;;;;AACA,SAA8C,cAAc;AAC5D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AACP,SAAS,UAAAA,eAAqB;AAC9B,OAAkC;AAClC,SAAS,KAAK,SAAS,MAAM,gBAAgB;AAMtC,IAAM,sBAAN,MAAM,6BAA4B,cAAc;AAAA,EAC3C,OACR,MACA,MACA,MACU;AACV,WAAO,IAAIC,QAAO,GAAG;AAAA,MACnB;AAAA,MACA;AAAA,QACE,UAAU,YAAY,MAAM,IAAI;AAAA,QAChC,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB,kBAAkB,KAAK;AAAA,UACvB,SAAS,qBAAoB,mBAAmB,IAAI;AAAA,UACpD,QAAQ,qBAAoB,kBAAkB,IAAI;AAAA,QACpD;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,mBAAmB,MAA2C;AAC3E,QAAI,KAAK,gBAAgB;AACvB,aAAO,CAAC,CAAC,CAAC;AAAA,IACZ;AAEA,WAAO;AAAA,MACL,KAAK,aAAa;AAAA,QAAQ,UACxB,qBAAoB,YAAY,QAAQ,MAAM,KAAK,OAAO;AAAA,MAC5D;AAAA,MACA,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBAAkB,MAA2C;AAC1E,QAAI,KAAK,eAAe;AACtB,aAAO,CAAC,CAAC,CAAC;AAAA,IACZ;AAEA,UAAM,aAAqB,CAAC;AAE5B,QAAI,KAAK,oBAAoB;AAC3B,iBAAW,KAAK,EAAE,YAAY,CAAC,gBAAgB,EAAE,CAAC;AAAA,IACpD;AAEA,WAAO;AAAA,MACL,KAAK,YACF,QAAQ,UAAQ,qBAAoB,YAAY,MAAM,MAAM,KAAK,OAAO,CAAC,EACzE,OAAO,UAAU;AAAA,MACpB,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,YACb,QACA,MACA,SACQ;AACR,UAAM,OAAO,qBAAoB,SAAS,KAAK,KAAK;AACpD,UAAM,QAAQ,OAAO,CAAC,IAAI,IAAI;AAE9B,WAAO;AAAA,MACL,GAAG,qBAAoB,eAAe,QAAQ,MAAM,KAAK;AAAA,MACzD,GAAG,qBAAoB,gBAAgB,QAAQ,MAAM,KAAK;AAAA,MAC1D,GAAG,qBAAoB,mBAAmB,QAAQ,MAAM,KAAK;AAAA,MAC7D,GAAG,qBAAoB,oBAAoB,QAAQ,MAAM,KAAK;AAAA,MAC9D,GAAI,WAAW,OAAO,qBAAoB,gBAAgB,MAAM,OAAO,OAAO,IAAI,CAAC;AAAA,IACrF;AAAA,EACF;AAAA,EAEA,OAAe,eACb,QACA,MACA,OACQ;AACR,QAAI,CAAC,KAAK,KAAK;AACb,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,UAAU,GAAG,CAAC,KAAK;AAAA,QAC7B,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,QACA,MACA,OACQ;AACR,QAAI,KAAK,MAAM,WAAW,GAAG;AAC3B,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,MAAM,GAAG,KAAK;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,MACA,OACA,SACuD;AACvD,QAAI,KAAK,MAAM,WAAW,GAAG;AAC3B,aAAO,CAAC;AAAA,IACV;AAEA,UAAM,YAAY,KAAK,MAAM,IAAI,UAAQ;AACvC,aAAO,KAAK,SAAS,GAAG,IAAI,EAAE,cAAc,KAAK,IAAI,EAAE,WAAW,KAAK;AAAA,IACzE,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,aAAa;AAAA,UACX;AAAA,YACE,aAAa;AAAA,cACX,mCAAmC;AAAA,cACnC,eAAe;AAAA,YACjB;AAAA,UACF;AAAA,QACF;AAAA,QACA,SAAS;AAAA,UACP;AAAA,YACE,OAAO,CAAC,EAAE,MAAM,MAAM,UAAU,MAAM,CAAC;AAAA,YACvC,OAAO;AAAA,cACL,KAAK,yBAAyB,OAAO,EAAE,+BACnC,CAAC,EAAE,cAAc,IAAI,CAAC,IACtB;AAAA,YACN;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,mBACb,QACA,MACA,OACQ;AACR,QAAI,KAAK,SAAS,WAAW,GAAG;AAC9B,aAAO,CAAC;AAAA,IACV;AAEA,UAAM,YAAY,KAAK,SAAS,IAAI,aAAW;AAC7C,YAAM,WAAW,0BAA0B,OAAO;AAElD,aAAO,OAAO,QAAQ,EAAE,MAAM,CAAAC,eAAa;AAAA,QACzC,aAAa;AAAA,UACX,GAAG,QAAQA,UAAS,eAAe,CAAC,GAAG,SAAO,OAAO,GAAG,EAAE;AAAA,UAC1D,mCAAmC,QAAQ,SAAS;AAAA,QACtD;AAAA,MACF,EAAE;AAAA,IACJ,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,WAAW,GAAG;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,2BACb,MACmD;AACnD,QAAI,KAAK,WAAW,WAAW,GAAG;AAChC,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA;AAAA,MAEL,KAAK;AAAA,MACL,IAAI,+BAA+B;AAAA,MACnC,WAAS;AAAA,QACP;AAAA,UACE,KAAK;AAAA,UACL,UAAU;AAAA,UACV,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,oBACb,QACA,MACA,OACwD;AACxD,UAAM,uBAAuB,qBAAoB,2BAA2B,IAAI;AAEhF,QAAI,KAAK,UAAU,WAAW,GAAG;AAC/B,UAAI,qBAAqB,WAAW,GAAG;AAErC,eAAO,CAAC;AAAA,MACV;AAGA,aAAO;AAAA,QACL;AAAA,UACE,CAAC,GAAG,MAAM,WAAW,GAAG,CAAC,EAAE,kBAAkB,qBAAqB,CAAC;AAAA,UACnE,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAGA,UAAM,YAAY,KAAK,UAAU,IAAI,cAAY;AAC/C,YAAM,cAAc,0BAA0B,QAAQ;AAEtD,aAAO,OAAO,WAAW,EAAE,MAAM,CAAAC,iBAAe;AAC9C,cAAM,cAAc,IAAIA,aAAY,oBAAoB,CAAC,GAAG,iBAAe;AAAA,UACzE,KAAK,OAAO,WAAW,GAAG;AAAA,UAC1B,UAAU,WAAW;AAAA,UACrB,QAAQ,WAAW;AAAA,QACrB,EAAE;AAEF,eAAO;AAAA,UACL,aAAa,QAAQA,aAAY,eAAe,CAAC,GAAG,SAAO,OAAO,GAAG,EAAE;AAAA,UACvE,kBAAkB,CAAC,GAAG,aAAa,GAAG,oBAAoB;AAAA,QAC5D;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,WAAW,GAAG,SAAS,WAAW,CAAAC,UAAQ,KAAK,UAAUA,KAAI,CAAC;AAAA,QACxE,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,SACb,OACwE;AACxE,QAAI,MAAM,WAAW,GAAG;AACtB;AAAA,IACF;AAEA,WAAO;AAAA,MACL,OAAO,MAAM,IAAI,UAAQ;AACvB,YAAI,UAAU,MAAM;AAClB,iBAAO;AAAA,YACL,MAAM,KAAK,KAAK,SAAS;AAAA,YACzB,UAAU,KAAK,YAAY;AAAA,UAC7B;AAAA,QACF;AAEA,eAAO;AAAA,UACL,MAAM,KAAK,MAAM,CAAC,EAAE,SAAS;AAAA,UAC7B,SAAS,KAAK,MAAM,CAAC;AAAA,UACrB,UAAU,KAAK,YAAY;AAAA,QAC7B;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":["cilium","cilium","selector","rawSelector","rule"]}
1	+ {"version":3,"sources":["../src/network-policy.ts"],"names":["cilium","selector","rawSelector","rule"],"mappings":";;;;;;;;AAoBa,IAAA,mBAAA,GAAN,MAAM,oBAAA,SAA4B,aAAc,CAAA;AAAA,EAC3C,MAAA,CACR,IACA,EAAA,IAAA,EACA,IACU,EAAA;AACV,IAAO,OAAA,IAAIA,OAAO,EAAG,CAAA,mBAAA;AAAA,MACnB,IAAA;AAAA,MACA;AAAA,QACE,QAAA,EAAU,WAAY,CAAA,IAAA,EAAM,IAAI,CAAA;AAAA,QAChC,IAAM,EAAA;AAAA,UACJ,aAAa,IAAK,CAAA,WAAA;AAAA,UAClB,kBAAkB,IAAK,CAAA,WAAA;AAAA,UACvB,OAAA,EAAS,oBAAoB,CAAA,kBAAA,CAAmB,IAAI,CAAA;AAAA,UACpD,MAAA,EAAQ,oBAAoB,CAAA,iBAAA,CAAkB,IAAI;AAAA;AACpD,OACF;AAAA,MACA;AAAA,KACF;AAAA;AACF,EAEA,OAAe,mBAAmB,IAA2C,EAAA;AAC3E,IAAA,IAAI,KAAK,cAAgB,EAAA;AACvB,MAAO,OAAA,CAAC,EAAE,CAAA;AAAA;AAGZ,IAAO,OAAA,QAAA;AAAA,MACL,KAAK,YAAa,CAAA,OAAA;AAAA,QAAQ,UACxB,oBAAoB,CAAA,WAAA,CAAY,MAAQ,EAAA,IAAA,EAAM,KAAK,OAAO;AAAA,OAC5D;AAAA,MACA,CAAA,IAAA,KAAQ,IAAK,CAAA,SAAA,CAAU,IAAI;AAAA,KAC7B;AAAA;AACF,EAEA,OAAe,kBAAkB,IAA2C,EAAA;AAC1E,IAAA,IAAI,KAAK,aAAe,EAAA;AACtB,MAAO,OAAA,CAAC,EAAE,CAAA;AAAA;AAGZ,IAAA,MAAM,aAAqB,EAAC;AAE5B,IAAA,IAAI,KAAK,kBAAoB,EAAA;AAC3B,MAAA,UAAA,CAAW,KAAK,EAAE,UAAA,EAAY,CAAC,gBAAgB,GAAG,CAAA;AAAA;AAGpD,IAAO,OAAA,QAAA;AAAA,MACL,IAAK,CAAA,WAAA,CACF,OAAQ,CAAA,CAAA,IAAA,KAAQ,oBAAoB,CAAA,WAAA,CAAY,IAAM,EAAA,IAAA,EAAM,IAAK,CAAA,OAAO,CAAC,CAAA,CACzE,OAAO,UAAU,CAAA;AAAA,MACpB,CAAA,IAAA,KAAQ,IAAK,CAAA,SAAA,CAAU,IAAI;AAAA,KAC7B;AAAA;AACF,EAEA,OAAe,WAAA,CACb,MACA,EAAA,IAAA,EACA,OACQ,EAAA;AACR,IAAA,MAAM,IAAO,GAAA,oBAAA,CAAoB,QAAS,CAAA,IAAA,CAAK,KAAK,CAAA;AACpD,IAAA,MAAM,KAAQ,GAAA,IAAA,GAAO,CAAC,IAAI,CAAI,GAAA,MAAA;AAE9B,IAAO,OAAA;AAAA,MACL,GAAG,oBAAA,CAAoB,cAAe,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MACzD,GAAG,oBAAA,CAAoB,eAAgB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC1D,GAAG,oBAAA,CAAoB,kBAAmB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC7D,GAAG,oBAAA,CAAoB,mBAAoB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC9D,GAAI,WAAW,IAAO,GAAA,oBAAA,CAAoB,gBAAgB,IAAM,EAAA,KAAA,EAAO,OAAO,CAAA,GAAI;AAAC,KACrF;AAAA;AACF,EAEA,OAAe,cAAA,CACb,MACA,EAAA,IAAA,EACA,KACQ,EAAA;AACR,IAAI,IAAA,CAAC,KAAK,GAAK,EAAA;AACb,MAAA,OAAO,EAAC;AAAA;AAGV,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAG,EAAA,MAAM,CAAU,QAAA,CAAA,GAAG,CAAC,KAAK,CAAA;AAAA,QAC7B,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,eAAA,CACb,MACA,EAAA,IAAA,EACA,KACQ,EAAA;AACR,IAAI,IAAA,IAAA,CAAK,KAAM,CAAA,MAAA,KAAW,CAAG,EAAA;AAC3B,MAAA,OAAO,EAAC;AAAA;AAGV,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,IAAA,CAAM,GAAG,IAAK,CAAA,KAAA;AAAA,QACxB,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,eAAA,CACb,IACA,EAAA,KAAA,EACA,OACuD,EAAA;AACvD,IAAI,IAAA,IAAA,CAAK,KAAM,CAAA,MAAA,KAAW,CAAG,EAAA;AAC3B,MAAA,OAAO,EAAC;AAAA;AAGV,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,GAAA,CAAI,CAAQ,IAAA,KAAA;AACvC,MAAO,OAAA,IAAA,CAAK,QAAS,CAAA,GAAG,CAAI,GAAA,EAAE,cAAc,IAAK,EAAA,GAAI,EAAE,SAAA,EAAW,IAAK,EAAA;AAAA,KACxE,CAAA;AAED,IAAO,OAAA;AAAA,MACL;AAAA,QACE,OAAS,EAAA,SAAA;AAAA,QACT,OAAS,EAAA;AAAA,OACX;AAAA,MACA;AAAA,QACE,WAAa,EAAA;AAAA,UACX;AAAA,YACE,WAAa,EAAA;AAAA,cACX,iCAAmC,EAAA,aAAA;AAAA,cACnC,aAAe,EAAA;AAAA;AACjB;AACF,SACF;AAAA,QACA,OAAS,EAAA;AAAA,UACP;AAAA,YACE,OAAO,CAAC,EAAE,MAAM,IAAM,EAAA,QAAA,EAAU,OAAO,CAAA;AAAA,YACvC,KAAO,EAAA;AAAA,cACL,GAAA,EAAK,wBAAyB,CAAA,OAAO,CAAE,CAAA,4BAAA,GACnC,CAAC,EAAE,YAAA,EAAc,GAAI,EAAC,CACtB,GAAA;AAAA;AACN;AACF;AACF;AACF,KACF;AAAA;AACF,EAEA,OAAe,kBAAA,CACb,MACA,EAAA,IAAA,EACA,KACQ,EAAA;AACR,IAAI,IAAA,IAAA,CAAK,QAAS,CAAA,MAAA,KAAW,CAAG,EAAA;AAC9B,MAAA,OAAO,EAAC;AAAA;AAGV,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,QAAS,CAAA,GAAA,CAAI,CAAW,OAAA,KAAA;AAC7C,MAAM,MAAA,QAAA,GAAW,0BAA0B,OAAO,CAAA;AAElD,MAAA,OAAO,MAAO,CAAA,QAAQ,CAAE,CAAA,KAAA,CAAM,CAAAC,SAAa,MAAA;AAAA,QACzC,WAAa,EAAA;AAAA,UACX,GAAG,QAAQA,SAAS,CAAA,WAAA,IAAe,EAAI,EAAA,CAAA,GAAA,KAAO,CAAO,IAAA,EAAA,GAAG,CAAE,CAAA,CAAA;AAAA,UAC1D,iCAAA,EAAmC,QAAQ,QAAS,CAAA;AAAA;AACtD,OACA,CAAA,CAAA;AAAA,KACH,CAAA;AAED,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,GAAG,SAAA;AAAA,QACxB,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,2BACb,IACmD,EAAA;AACnD,IAAI,IAAA,IAAA,CAAK,UAAW,CAAA,MAAA,KAAW,CAAG,EAAA;AAChC,MAAA,OAAO,EAAC;AAAA;AAGV,IAAO,OAAA,IAAA;AAAA;AAAA,MAEL,IAAK,CAAA,UAAA;AAAA,MACL,IAAI,+BAA+B,CAAA;AAAA,MACnC,CAAS,KAAA,KAAA;AAAA,QACP;AAAA,UACE,GAAK,EAAA,iCAAA;AAAA,UACL,QAAU,EAAA,IAAA;AAAA,UACV,MAAQ,EAAA;AAAA;AACV;AACF,KACF;AAAA;AACF,EAEA,OAAe,mBAAA,CACb,MACA,EAAA,IAAA,EACA,KACwD,EAAA;AACxD,IAAM,MAAA,oBAAA,GAAuB,oBAAoB,CAAA,0BAAA,CAA2B,IAAI,CAAA;AAEhF,IAAI,IAAA,IAAA,CAAK,SAAU,CAAA,MAAA,KAAW,CAAG,EAAA;AAC/B,MAAI,IAAA,oBAAA,CAAqB,WAAW,CAAG,EAAA;AAErC,QAAA,OAAO,EAAC;AAAA;AAIV,MAAO,OAAA;AAAA,QACL;AAAA,UACE,CAAC,GAAG,MAAM,CAAA,SAAA,CAAW,GAAG,CAAC,EAAE,gBAAkB,EAAA,oBAAA,EAAsB,CAAA;AAAA,UACnE,OAAS,EAAA;AAAA;AACX,OACF;AAAA;AAIF,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,SAAU,CAAA,GAAA,CAAI,CAAY,QAAA,KAAA;AAC/C,MAAM,MAAA,WAAA,GAAc,0BAA0B,QAAQ,CAAA;AAEtD,MAAA,OAAO,MAAO,CAAA,WAAW,CAAE,CAAA,KAAA,CAAM,CAAAC,YAAe,KAAA;AAC9C,QAAA,MAAM,cAAc,GAAIA,CAAAA,YAAAA,CAAY,gBAAoB,IAAA,IAAI,CAAe,UAAA,MAAA;AAAA,UACzE,GAAA,EAAK,CAAO,IAAA,EAAA,UAAA,CAAW,GAAG,CAAA,CAAA;AAAA,UAC1B,UAAU,UAAW,CAAA,QAAA;AAAA,UACrB,QAAQ,UAAW,CAAA;AAAA,SACnB,CAAA,CAAA;AAEF,QAAO,OAAA;AAAA,UACL,WAAA,EAAa,QAAQA,YAAY,CAAA,WAAA,IAAe,EAAI,EAAA,CAAA,GAAA,KAAO,CAAO,IAAA,EAAA,GAAG,CAAE,CAAA,CAAA;AAAA,UACvE,gBAAkB,EAAA,CAAC,GAAG,WAAA,EAAa,GAAG,oBAAoB;AAAA,SAC5D;AAAA,OACD,CAAA;AAAA,KACF,CAAA;AAED,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,GAAG,QAAA,CAAS,SAAW,EAAA,CAAAC,KAAQ,KAAA,IAAA,CAAK,SAAUA,CAAAA,KAAI,CAAC,CAAA;AAAA,QACxE,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,SACb,KACwE,EAAA;AACxE,IAAI,IAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AACtB,MAAA;AAAA;AAGF,IAAO,OAAA;AAAA,MACL,KAAA,EAAO,KAAM,CAAA,GAAA,CAAI,CAAQ,IAAA,KAAA;AACvB,QAAA,IAAI,UAAU,IAAM,EAAA;AAClB,UAAO,OAAA;AAAA,YACL,IAAA,EAAM,IAAK,CAAA,IAAA,CAAK,QAAS,EAAA;AAAA,YACzB,QAAA,EAAU,KAAK,QAAY,IAAA;AAAA,WAC7B;AAAA;AAGF,QAAO,OAAA;AAAA,UACL,IAAM,EAAA,IAAA,CAAK,KAAM,CAAA,CAAC,EAAE,QAAS,EAAA;AAAA,UAC7B,OAAA,EAAS,IAAK,CAAA,KAAA,CAAM,CAAC,CAAA;AAAA,UACrB,QAAA,EAAU,KAAK,QAAY,IAAA;AAAA,SAC7B;AAAA,OACD;AAAA,KACH;AAAA;AAEJ","file":"index.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { type ResourceOptions, type Resource, output } from \"@highstate/pulumi\"\nimport {\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapSelectorLikeToSelector,\n mapServiceToLabelSelector,\n NetworkPolicy,\n type NetworkPolicyPort,\n type NormalizedNetworkPolicyArgs,\n type NormalizedRuleArgs,\n} from \"@highstate/k8s\"\nimport { cilium, types } from \"@highstate/cilium-crds\"\nimport { types as k8sTypes } from \"@pulumi/kubernetes\"\nimport { map, mapKeys, pipe, uniqueBy } from \"remeda\"\nimport { getCiliumClusterMetadata } from \"./shared\"\n\ntype Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &\n types.input.cilium.v2.CiliumNetworkPolicySpecEgress\n\nexport class CiliumNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n return new cilium.v2.CiliumNetworkPolicy(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: {\n description: args.description,\n endpointSelector: args.podSelector,\n ingress: CiliumNetworkPolicy.createIngressRules(args),\n egress: CiliumNetworkPolicy.createEgressRules(args),\n },\n },\n opts,\n )\n }\n\n private static createIngressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateIngress) {\n return [{}]\n }\n\n return uniqueBy(\n args.ingressRules.flatMap(rule =>\n CiliumNetworkPolicy.createRules(\"from\", rule, args.cluster),\n ),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateEgress) {\n return [{}]\n }\n\n const extraRules: Rule[] = []\n\n if (args.allowKubeApiServer) {\n extraRules.push({ toEntities: [\"kube-apiserver\"] })\n }\n\n return uniqueBy(\n args.egressRules\n .flatMap(rule => CiliumNetworkPolicy.createRules(\"to\", rule, args.cluster))\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n cluster: k8s.Cluster,\n ): Rule[] {\n const port = CiliumNetworkPolicy.mapPorts(rule.ports)\n const ports = port ? [port] : undefined\n\n return [\n ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),\n ...(prefix === \"to\" ? CiliumNetworkPolicy.createFqdnRules(rule, ports, cluster) : []),\n ]\n }\n\n private static createAllRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): Rule[] {\n if (!rule.all) {\n return []\n }\n\n return [\n {\n [`${prefix}Entities`]: [\"all\"],\n toPorts: ports,\n },\n ]\n }\n\n private static createCidrRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): Rule[] {\n if (rule.cidrs.length === 0) {\n return []\n }\n\n return [\n {\n [`${prefix}CIDR`]: rule.cidrs,\n toPorts: ports,\n },\n ]\n }\n\n private static createFqdnRules(\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n cluster: k8s.Cluster,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgress[] {\n if (rule.fqdns.length === 0) {\n return []\n }\n\n const fqdnRules = rule.fqdns.map(fqdn => {\n return fqdn.includes(\"\") ? { matchPattern: fqdn } : { matchName: fqdn }\n })\n\n return [\n {\n toFQDNs: fqdnRules,\n toPorts: ports,\n },\n {\n toEndpoints: [\n {\n matchLabels: {\n \"k8s:io.kubernetes.pod.namespace\": \"kube-system\",\n \"k8s:k8s-app\": \"kube-dns\",\n },\n },\n ],\n toPorts: [\n {\n ports: [{ port: \"53\", protocol: \"UDP\" }],\n rules: {\n dns: getCiliumClusterMetadata(cluster).allowForbiddenFqdnResolution\n ? [{ matchPattern: \"\" }]\n : fqdnRules,\n },\n },\n ],\n },\n ]\n }\n\n private static createServiceRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): Rule[] {\n if (rule.services.length === 0) {\n return []\n }\n\n const selectors = rule.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return output(selector).apply(selector => ({\n matchLabels: {\n ...mapKeys(selector.matchLabels ?? {}, key => `k8s:${key}`),\n \"k8s:io.kubernetes.pod.namespace\": service.metadata.namespace,\n },\n }))\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static createNamespaceExpressions(\n rule: NormalizedRuleArgs,\n ): k8sTypes.input.meta.v1.LabelSelectorRequirement[] {\n if (rule.namespaces.length === 0) {\n return []\n }\n\n return pipe(\n //\n rule.namespaces,\n map(mapNamespaceLikeToNamespaceName),\n names => [\n {\n key: \"k8s:io.kubernetes.pod.namespace\",\n operator: \"In\",\n values: names,\n },\n ],\n )\n }\n\n private static createSelectorRules(\n prefix: \"from\" \| \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] \| undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecIngress[] {\n const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule)\n\n if (rule.selectors.length === 0) {\n if (namespaceExpressions.length === 0) {\n // if no selectors and no namespaces are provided, we do not match\n return []\n }\n\n // if no selectors are provided, we only match on namespaces\n return [\n {\n [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],\n toPorts: ports,\n },\n ]\n }\n\n // otherwise, we match on selectors and namespaces\n const selectors = rule.selectors.map(selector => {\n const rawSelector = mapSelectorLikeToSelector(selector)\n\n return output(rawSelector).apply(rawSelector => {\n const expressions = map(rawSelector.matchExpressions ?? [], expression => ({\n key: `k8s:${expression.key}`,\n operator: expression.operator,\n values: expression.values,\n }))\n\n return {\n matchLabels: mapKeys(rawSelector.matchLabels ?? {}, key => `k8s:${key}`),\n matchExpressions: [...expressions, ...namespaceExpressions],\n }\n })\n })\n\n return [\n {\n [`${prefix}Endpoints`]: uniqueBy(selectors, rule => JSON.stringify(rule)),\n toPorts: ports,\n },\n ]\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts \| undefined {\n if (ports.length === 0) {\n return\n }\n\n return {\n ports: ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port.toString(),\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0].toString(),\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n }),\n }\n }\n}\n"]}

package/dist/unit/index.js CHANGED Viewed

@@ -1,12 +1,9 @@
-import {
-  cilium
-} from "../chunk-M4DV2DAJ.js";
+import { cilium } from '../chunk-M4DV2DAJ.js';
+import { Chart } from '@highstate/k8s';
+import { k8s } from '@highstate/library';
+import { forUnit, toPromise, secret } from '@highstate/pulumi';
+import { l3EndpointToString } from '@highstate/common';
-// src/unit/index.ts
-import { Chart } from "@highstate/k8s";
-import { k8s } from "@highstate/library";
-import { forUnit, secret, toPromise } from "@highstate/pulumi";
-import { l3EndpointToString } from "@highstate/common";
 var { args, inputs, outputs } = forUnit(k8s.cilium);
 var cluster = await toPromise(inputs.k8sCluster);
 new Chart("cilium", {
@@ -48,7 +45,7 @@ var unit_default = outputs({
     }
   })
 });
-export {
-  unit_default as default
-};
+export { unit_default as default };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/unit/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/unit/index.ts"],"sourcesContent":["import { Chart } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, secret, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString } from \"@highstate/common\"\nimport { chart, type CiliumClusterMetadata } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.cilium)\n\nconst cluster = await toPromise(inputs.k8sCluster)\n\nnew Chart(\"cilium\", {\n cluster,\n namespace: \"kube-system\",\n\n chart,\n\n values: {\n ipam: {\n mode: \"kubernetes\",\n },\n\n kubeProxyReplacement: \"true\",\n\n operator: {\n replicas: 1,\n },\n\n hubble: {\n relay: {\n enabled: true,\n },\n ui: {\n enabled: true,\n },\n },\n\n dnsProxy: {\n dnsRejectResponseCode: \"nameError\",\n },\n\n k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),\n k8sServicePort: cluster.apiEndpoints[0].port.toString(),\n },\n})\n\nexport default outputs({\n k8sCluster: secret({\n ...cluster,\n cni: \"cilium\",\n metadata: {\n ...cluster.metadata,\n cilium: {\n allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution,\n } satisfies CiliumClusterMetadata,\n },\n }),\n})\n"],"mappings":";;;;;AAAA,SAAS,aAAa;AACtB,SAAS,WAAW;AACpB,SAAS,SAAS,QAAQ,iBAAiB;AAC3C,SAAS,0BAA0B;AAGnC,IAAM,EAAE,MAAM,QAAQ,QAAQ,IAAI,QAAQ,IAAI,MAAM;AAEpD,IAAM,UAAU,MAAM,UAAU,OAAO,UAAU;AAEjD,IAAI,MAAM,UAAU;AAAA,EAClB;AAAA,EACA,WAAW;AAAA,EAEX;AAAA,EAEA,QAAQ;AAAA,IACN,MAAM;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA,sBAAsB;AAAA,IAEtB,UAAU;AAAA,MACR,UAAU;AAAA,IACZ;AAAA,IAEA,QAAQ;AAAA,MACN,OAAO;AAAA,QACL,SAAS;AAAA,MACX;AAAA,MACA,IAAI;AAAA,QACF,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IAEA,UAAU;AAAA,MACR,uBAAuB;AAAA,IACzB;AAAA,IAEA,gBAAgB,mBAAmB,QAAQ,aAAa,CAAC,CAAC;AAAA,IAC1D,gBAAgB,QAAQ,aAAa,CAAC,EAAE,KAAK,SAAS;AAAA,EACxD;AACF,CAAC;AAED,IAAO,eAAQ,QAAQ;AAAA,EACrB,YAAY,OAAO;AAAA,IACjB,GAAG;AAAA,IACH,KAAK;AAAA,IACL,UAAU;AAAA,MACR,GAAG,QAAQ;AAAA,MACX,QAAQ;AAAA,QACN,8BAA8B,KAAK;AAAA,MACrC;AAAA,IACF;AAAA,EACF,CAAC;AACH,CAAC;","names":[]}
1	+ {"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;AAMA,IAAM,EAAE,IAAM,EAAA,MAAA,EAAQ,SAAY,GAAA,OAAA,CAAQ,IAAI,MAAM,CAAA;AAEpD,IAAM,OAAU,GAAA,MAAM,SAAU,CAAA,MAAA,CAAO,UAAU,CAAA;AAEjD,IAAI,MAAM,QAAU,EAAA;AAAA,EAClB,OAAA;AAAA,EACA,SAAW,EAAA,aAAA;AAAA,EAEX,KAAA,EAAA,MAAA;AAAA,EAEA,MAAQ,EAAA;AAAA,IACN,IAAM,EAAA;AAAA,MACJ,IAAM,EAAA;AAAA,KACR;AAAA,IAEA,oBAAsB,EAAA,MAAA;AAAA,IAEtB,QAAU,EAAA;AAAA,MACR,QAAU,EAAA;AAAA,KACZ;AAAA,IAEA,MAAQ,EAAA;AAAA,MACN,KAAO,EAAA;AAAA,QACL,OAAS,EAAA;AAAA,OACX;AAAA,MACA,EAAI,EAAA;AAAA,QACF,OAAS,EAAA;AAAA;AACX,KACF;AAAA,IAEA,QAAU,EAAA;AAAA,MACR,qBAAuB,EAAA;AAAA,KACzB;AAAA,IAEA,cAAgB,EAAA,kBAAA,CAAmB,OAAQ,CAAA,YAAA,CAAa,CAAC,CAAC,CAAA;AAAA,IAC1D,gBAAgB,OAAQ,CAAA,YAAA,CAAa,CAAC,CAAA,CAAE,KAAK,QAAS;AAAA;AAE1D,CAAC,CAAA;AAED,IAAO,eAAQ,OAAQ,CAAA;AAAA,EACrB,YAAY,MAAO,CAAA;AAAA,IACjB,GAAG,OAAA;AAAA,IACH,GAAK,EAAA,QAAA;AAAA,IACL,QAAU,EAAA;AAAA,MACR,GAAG,OAAQ,CAAA,QAAA;AAAA,MACX,MAAQ,EAAA;AAAA,QACN,8BAA8B,IAAK,CAAA;AAAA;AACrC;AACF,GACD;AACH,CAAC","file":"index.js","sourcesContent":["import { Chart } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, secret, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString } from \"@highstate/common\"\nimport { chart, type CiliumClusterMetadata } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.cilium)\n\nconst cluster = await toPromise(inputs.k8sCluster)\n\nnew Chart(\"cilium\", {\n cluster,\n namespace: \"kube-system\",\n\n chart,\n\n values: {\n ipam: {\n mode: \"kubernetes\",\n },\n\n kubeProxyReplacement: \"true\",\n\n operator: {\n replicas: 1,\n },\n\n hubble: {\n relay: {\n enabled: true,\n },\n ui: {\n enabled: true,\n },\n },\n\n dnsProxy: {\n dnsRejectResponseCode: \"nameError\",\n },\n\n k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),\n k8sServicePort: cluster.apiEndpoints[0].port.toString(),\n },\n})\n\nexport default outputs({\n k8sCluster: secret({\n ...cluster,\n cni: \"cilium\",\n metadata: {\n ...cluster.metadata,\n cilium: {\n allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution,\n } satisfies CiliumClusterMetadata,\n },\n }),\n})\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@highstate/cilium",
-  "version": "0.9.14",
+  "version": "0.9.16",
   "type": "module",
   "files": [
     "dist",
@@ -22,18 +22,18 @@
     "generate-crds": "./scripts/generate-crds.sh"
   },
   "dependencies": {
-    "@highstate/cilium-crds": "^0.9.14",
-    "@highstate/common": "^0.9.14",
-    "@highstate/k8s": "^0.9.14",
-    "@highstate/library": "^0.9.14",
-    "@highstate/pulumi": "^0.9.14",
+    "@highstate/cilium-crds": "^0.9.16",
+    "@highstate/common": "^0.9.16",
+    "@highstate/k8s": "^0.9.16",
+    "@highstate/library": "^0.9.16",
+    "@highstate/pulumi": "^0.9.16",
     "@pulumi/command": "^1.0.2",
     "@pulumi/kubernetes": "^4.18.0",
-    "@pulumi/pulumi": "^3.165.0",
+    "@pulumi/pulumi": "^3.181.0",
     "remeda": "^2.21.0"
   },
   "devDependencies": {
-    "@highstate/cli": "^0.9.14"
+    "@highstate/cli": "^0.9.16"
   },
-  "gitHead": "8b5d1079961cc5bf9cf8ea3c10f7313384e3a2ff"
+  "gitHead": "458d6f1f9f6d4aec0ba75a2b2c4c01408cb9c8df"
 }