@highstate/cilium 0.9.16 → 0.9.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../assets/charts.json","../src/shared.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"sources":["../assets/charts.json","../src/shared.ts"],"names":[],"mappings":";AACE,IAAA,MAAA,GAAU;AAAA,EACR,IAAA,EAAQ,wBAAA;AAAA,EACR,IAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAW,QAAA;AAAA,EACX,MAAA,EAAU;AACZ;;;ACSK,SAAS,yBAAyB,OAAA,EAA6C;AACpF,EAAA,OAAO,OAAA,CAAQ,QAAA,EAAU,MAAA,IAAU,EAAC;AACtC","file":"chunk-M4DV2DAJ.js","sourcesContent":["{\n \"cilium\": {\n \"repo\": \"https://helm.cilium.io\",\n \"name\": \"cilium\",\n \"version\": \"1.17.4\",\n \"sha256\": \"06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87\"\n }\n}\n","import type { k8s } from \"@highstate/library\"\n\nexport { cilium as chart } from \"../assets/charts.json\"\n\nexport type CiliumClusterMetadata = {\n /**\n * If set to `true`, the generated network policy will allow\n * all DNS queries to be resolved, even if they are\n * for forbidden (non-allowed) FQDNs.\n *\n * By default, is not set.\n */\n allowForbiddenFqdnResolution?: boolean\n}\n\nexport function getCiliumClusterMetadata(cluster: k8s.Cluster): CiliumClusterMetadata {\n return cluster.metadata?.cilium ?? {}\n}\n\nexport function hasCiliumClusterMetadata(\n cluster: k8s.Cluster,\n): cluster is k8s.Cluster & { metadata: { cilium: CiliumClusterMetadata } } {\n return Boolean(cluster.metadata?.cilium)\n}\n"]}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/network-policy.ts"],"names":["cilium","selector","rawSelector","rule"],"mappings":";;;;;;;;AAoBa,IAAA,mBAAA,GAAN,MAAM,oBAAA,SAA4B,aAAc,CAAA;AAAA,EAC3C,MAAA,CACR,IACA,EAAA,IAAA,EACA,IACU,EAAA;AACV,IAAO,OAAA,IAAIA,OAAO,EAAG,CAAA,mBAAA;AAAA,MACnB,IAAA;AAAA,MACA;AAAA,QACE,QAAA,EAAU,WAAY,CAAA,IAAA,EAAM,IAAI,CAAA;AAAA,QAChC,IAAM,EAAA;AAAA,UACJ,aAAa,IAAK,CAAA,WAAA;AAAA,UAClB,kBAAkB,IAAK,CAAA,WAAA;AAAA,UACvB,OAAA,EAAS,oBAAoB,CAAA,kBAAA,CAAmB,IAAI,CAAA;AAAA,UACpD,MAAA,EAAQ,oBAAoB,CAAA,iBAAA,CAAkB,IAAI;AAAA;AACpD,OACF;AAAA,MACA;AAAA,KACF;AAAA;AACF,EAEA,OAAe,mBAAmB,IAA2C,EAAA;AAC3E,IAAA,IAAI,KAAK,cAAgB,EAAA;AACvB,MAAO,OAAA,CAAC,EAAE,CAAA;AAAA;AAGZ,IAAO,OAAA,QAAA;AAAA,MACL,KAAK,YAAa,CAAA,OAAA;AAAA,QAAQ,UACxB,oBAAoB,CAAA,WAAA,CAAY,MAAQ,EAAA,IAAA,EAAM,KAAK,OAAO;AAAA,OAC5D;AAAA,MACA,CAAA,IAAA,KAAQ,IAAK,CAAA,SAAA,CAAU,IAAI;AAAA,KAC7B;AAAA;AACF,EAEA,OAAe,kBAAkB,IAA2C,EAAA;AAC1E,IAAA,IAAI,KAAK,aAAe,EAAA;AACtB,MAAO,OAAA,CAAC,EAAE,CAAA;AAAA;AAGZ,IAAA,MAAM,aAAqB,EAAC;AAE5B,IAAA,IAAI,KAAK,kBAAoB,EAAA;AAC3B,MAAA,UAAA,CAAW,KAAK,EAAE,UAAA,EAAY,CAAC,gBAAgB,GAAG,CAAA;AAAA;AAGpD,IAAO,OAAA,QAAA;AAAA,MACL,IAAK,CAAA,WAAA,CACF,OAAQ,CAAA,CAAA,IAAA,KAAQ,oBAAoB,CAAA,WAAA,CAAY,IAAM,EAAA,IAAA,EAAM,IAAK,CAAA,OAAO,CAAC,CAAA,CACzE,OAAO,UAAU,CAAA;AAAA,MACpB,CAAA,IAAA,KAAQ,IAAK,CAAA,SAAA,CAAU,IAAI;AAAA,KAC7B;AAAA;AACF,EAEA,OAAe,WAAA,CACb,MACA,EAAA,IAAA,EACA,OACQ,EAAA;AACR,IAAA,MAAM,IAAO,GAAA,oBAAA,CAAoB,QAAS,CAAA,IAAA,CAAK,KAAK,CAAA;AACpD,IAAA,MAAM,KAAQ,GAAA,IAAA,GAAO,CAAC,IAAI,CAAI,GAAA,MAAA;AAE9B,IAAO,OAAA;AAAA,MACL,GAAG,oBAAA,CAAoB,cAAe,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MACzD,GAAG,oBAAA,CAAoB,eAAgB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC1D,GAAG,oBAAA,CAAoB,kBAAmB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC7D,GAAG,oBAAA,CAAoB,mBAAoB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC9D,GAAI,WAAW,IAAO,GAAA,oBAAA,CAAoB,gBAAgB,IAAM,EAAA,KAAA,EAAO,OAAO,CAAA,GAAI;AAAC,KACrF;AAAA;AACF,EAEA,OAAe,cAAA,CACb,MACA,EAAA,IAAA,EACA,KACQ,EAAA;AACR,IAAI,IAAA,CAAC,KAAK,GAAK,EAAA;AACb,MAAA,OAAO,EAAC;AAAA;AAGV,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAG,EAAA,MAAM,CAAU,QAAA,CAAA,GAAG,CAAC,KAAK,CAAA;AAAA,QAC7B,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,eAAA,CACb,MACA,EAAA,IAAA,EACA,KACQ,EAAA;AACR,IAAI,IAAA,IAAA,CAAK,KAAM,CAAA,MAAA,KAAW,CAAG,EAAA;AAC3B,MAAA,OAAO,EAAC;AAAA;AAGV,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,IAAA,CAAM,GAAG,IAAK,CAAA,KAAA;AAAA,QACxB,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,eAAA,CACb,IACA,EAAA,KAAA,EACA,OACuD,EAAA;AACvD,IAAI,IAAA,IAAA,CAAK,KAAM,CAAA,MAAA,KAAW,CAAG,EAAA;AAC3B,MAAA,OAAO,EAAC;AAAA;AAGV,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,KAAM,CAAA,GAAA,CAAI,CAAQ,IAAA,KAAA;AACvC,MAAO,OAAA,IAAA,CAAK,QAAS,CAAA,GAAG,CAAI,GAAA,EAAE,cAAc,IAAK,EAAA,GAAI,EAAE,SAAA,EAAW,IAAK,EAAA;AAAA,KACxE,CAAA;AAED,IAAO,OAAA;AAAA,MACL;AAAA,QACE,OAAS,EAAA,SAAA;AAAA,QACT,OAAS,EAAA;AAAA,OACX;AAAA,MACA;AAAA,QACE,WAAa,EAAA;AAAA,UACX;AAAA,YACE,WAAa,EAAA;AAAA,cACX,iCAAmC,EAAA,aAAA;AAAA,cACnC,aAAe,EAAA;AAAA;AACjB;AACF,SACF;AAAA,QACA,OAAS,EAAA;AAAA,UACP;AAAA,YACE,OAAO,CAAC,EAAE,MAAM,IAAM,EAAA,QAAA,EAAU,OAAO,CAAA;AAAA,YACvC,KAAO,EAAA;AAAA,cACL,GAAA,EAAK,wBAAyB,CAAA,OAAO,CAAE,CAAA,4BAAA,GACnC,CAAC,EAAE,YAAA,EAAc,GAAI,EAAC,CACtB,GAAA;AAAA;AACN;AACF;AACF;AACF,KACF;AAAA;AACF,EAEA,OAAe,kBAAA,CACb,MACA,EAAA,IAAA,EACA,KACQ,EAAA;AACR,IAAI,IAAA,IAAA,CAAK,QAAS,CAAA,MAAA,KAAW,CAAG,EAAA;AAC9B,MAAA,OAAO,EAAC;AAAA;AAGV,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,QAAS,CAAA,GAAA,CAAI,CAAW,OAAA,KAAA;AAC7C,MAAM,MAAA,QAAA,GAAW,0BAA0B,OAAO,CAAA;AAElD,MAAA,OAAO,MAAO,CAAA,QAAQ,CAAE,CAAA,KAAA,CAAM,CAAAC,SAAa,MAAA;AAAA,QACzC,WAAa,EAAA;AAAA,UACX,GAAG,QAAQA,SAAS,CAAA,WAAA,IAAe,EAAI,EAAA,CAAA,GAAA,KAAO,CAAO,IAAA,EAAA,GAAG,CAAE,CAAA,CAAA;AAAA,UAC1D,iCAAA,EAAmC,QAAQ,QAAS,CAAA;AAAA;AACtD,OACA,CAAA,CAAA;AAAA,KACH,CAAA;AAED,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,GAAG,SAAA;AAAA,QACxB,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,2BACb,IACmD,EAAA;AACnD,IAAI,IAAA,IAAA,CAAK,UAAW,CAAA,MAAA,KAAW,CAAG,EAAA;AAChC,MAAA,OAAO,EAAC;AAAA;AAGV,IAAO,OAAA,IAAA;AAAA;AAAA,MAEL,IAAK,CAAA,UAAA;AAAA,MACL,IAAI,+BAA+B,CAAA;AAAA,MACnC,CAAS,KAAA,KAAA;AAAA,QACP;AAAA,UACE,GAAK,EAAA,iCAAA;AAAA,UACL,QAAU,EAAA,IAAA;AAAA,UACV,MAAQ,EAAA;AAAA;AACV;AACF,KACF;AAAA;AACF,EAEA,OAAe,mBAAA,CACb,MACA,EAAA,IAAA,EACA,KACwD,EAAA;AACxD,IAAM,MAAA,oBAAA,GAAuB,oBAAoB,CAAA,0BAAA,CAA2B,IAAI,CAAA;AAEhF,IAAI,IAAA,IAAA,CAAK,SAAU,CAAA,MAAA,KAAW,CAAG,EAAA;AAC/B,MAAI,IAAA,oBAAA,CAAqB,WAAW,CAAG,EAAA;AAErC,QAAA,OAAO,EAAC;AAAA;AAIV,MAAO,OAAA;AAAA,QACL;AAAA,UACE,CAAC,GAAG,MAAM,CAAA,SAAA,CAAW,GAAG,CAAC,EAAE,gBAAkB,EAAA,oBAAA,EAAsB,CAAA;AAAA,UACnE,OAAS,EAAA;AAAA;AACX,OACF;AAAA;AAIF,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,SAAU,CAAA,GAAA,CAAI,CAAY,QAAA,KAAA;AAC/C,MAAM,MAAA,WAAA,GAAc,0BAA0B,QAAQ,CAAA;AAEtD,MAAA,OAAO,MAAO,CAAA,WAAW,CAAE,CAAA,KAAA,CAAM,CAAAC,YAAe,KAAA;AAC9C,QAAA,MAAM,cAAc,GAAIA,CAAAA,YAAAA,CAAY,gBAAoB,IAAA,IAAI,CAAe,UAAA,MAAA;AAAA,UACzE,GAAA,EAAK,CAAO,IAAA,EAAA,UAAA,CAAW,GAAG,CAAA,CAAA;AAAA,UAC1B,UAAU,UAAW,CAAA,QAAA;AAAA,UACrB,QAAQ,UAAW,CAAA;AAAA,SACnB,CAAA,CAAA;AAEF,QAAO,OAAA;AAAA,UACL,WAAA,EAAa,QAAQA,YAAY,CAAA,WAAA,IAAe,EAAI,EAAA,CAAA,GAAA,KAAO,CAAO,IAAA,EAAA,GAAG,CAAE,CAAA,CAAA;AAAA,UACvE,gBAAkB,EAAA,CAAC,GAAG,WAAA,EAAa,GAAG,oBAAoB;AAAA,SAC5D;AAAA,OACD,CAAA;AAAA,KACF,CAAA;AAED,IAAO,OAAA;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,GAAG,QAAA,CAAS,SAAW,EAAA,CAAAC,KAAQ,KAAA,IAAA,CAAK,SAAUA,CAAAA,KAAI,CAAC,CAAA;AAAA,QACxE,OAAS,EAAA;AAAA;AACX,KACF;AAAA;AACF,EAEA,OAAe,SACb,KACwE,EAAA;AACxE,IAAI,IAAA,KAAA,CAAM,WAAW,CAAG,EAAA;AACtB,MAAA;AAAA;AAGF,IAAO,OAAA;AAAA,MACL,KAAA,EAAO,KAAM,CAAA,GAAA,CAAI,CAAQ,IAAA,KAAA;AACvB,QAAA,IAAI,UAAU,IAAM,EAAA;AAClB,UAAO,OAAA;AAAA,YACL,IAAA,EAAM,IAAK,CAAA,IAAA,CAAK,QAAS,EAAA;AAAA,YACzB,QAAA,EAAU,KAAK,QAAY,IAAA;AAAA,WAC7B;AAAA;AAGF,QAAO,OAAA;AAAA,UACL,IAAM,EAAA,IAAA,CAAK,KAAM,CAAA,CAAC,EAAE,QAAS,EAAA;AAAA,UAC7B,OAAA,EAAS,IAAK,CAAA,KAAA,CAAM,CAAC,CAAA;AAAA,UACrB,QAAA,EAAU,KAAK,QAAY,IAAA;AAAA,SAC7B;AAAA,OACD;AAAA,KACH;AAAA;AAEJ","file":"index.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { type ResourceOptions, type Resource, output } from \"@highstate/pulumi\"\nimport {\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapSelectorLikeToSelector,\n mapServiceToLabelSelector,\n NetworkPolicy,\n type NetworkPolicyPort,\n type NormalizedNetworkPolicyArgs,\n type NormalizedRuleArgs,\n} from \"@highstate/k8s\"\nimport { cilium, types } from \"@highstate/cilium-crds\"\nimport { types as k8sTypes } from \"@pulumi/kubernetes\"\nimport { map, mapKeys, pipe, uniqueBy } from \"remeda\"\nimport { getCiliumClusterMetadata } from \"./shared\"\n\ntype Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &\n types.input.cilium.v2.CiliumNetworkPolicySpecEgress\n\nexport class CiliumNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n return new cilium.v2.CiliumNetworkPolicy(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: {\n description: args.description,\n endpointSelector: args.podSelector,\n ingress: CiliumNetworkPolicy.createIngressRules(args),\n egress: CiliumNetworkPolicy.createEgressRules(args),\n },\n },\n opts,\n )\n }\n\n private static createIngressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateIngress) {\n return [{}]\n }\n\n return uniqueBy(\n args.ingressRules.flatMap(rule =>\n CiliumNetworkPolicy.createRules(\"from\", rule, args.cluster),\n ),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateEgress) {\n return [{}]\n }\n\n const extraRules: Rule[] = []\n\n if (args.allowKubeApiServer) {\n extraRules.push({ toEntities: [\"kube-apiserver\"] })\n }\n\n return uniqueBy(\n args.egressRules\n .flatMap(rule => CiliumNetworkPolicy.createRules(\"to\", rule, args.cluster))\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n cluster: k8s.Cluster,\n ): Rule[] {\n const port = CiliumNetworkPolicy.mapPorts(rule.ports)\n const ports = port ? [port] : undefined\n\n return [\n ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),\n ...(prefix === \"to\" ? CiliumNetworkPolicy.createFqdnRules(rule, ports, cluster) : []),\n ]\n }\n\n private static createAllRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (!rule.all) {\n return []\n }\n\n return [\n {\n [`${prefix}Entities`]: [\"all\"],\n toPorts: ports,\n },\n ]\n }\n\n private static createCidrRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.cidrs.length === 0) {\n return []\n }\n\n return [\n {\n [`${prefix}CIDR`]: rule.cidrs,\n toPorts: ports,\n },\n ]\n }\n\n private static createFqdnRules(\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n cluster: k8s.Cluster,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgress[] {\n if (rule.fqdns.length === 0) {\n return []\n }\n\n const fqdnRules = rule.fqdns.map(fqdn => {\n return fqdn.includes(\"*\") ? { matchPattern: fqdn } : { matchName: fqdn }\n })\n\n return [\n {\n toFQDNs: fqdnRules,\n toPorts: ports,\n },\n {\n toEndpoints: [\n {\n matchLabels: {\n \"k8s:io.kubernetes.pod.namespace\": \"kube-system\",\n \"k8s:k8s-app\": \"kube-dns\",\n },\n },\n ],\n toPorts: [\n {\n ports: [{ port: \"53\", protocol: \"UDP\" }],\n rules: {\n dns: getCiliumClusterMetadata(cluster).allowForbiddenFqdnResolution\n ? [{ matchPattern: \"*\" }]\n : fqdnRules,\n },\n },\n ],\n },\n ]\n }\n\n private static createServiceRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.services.length === 0) {\n return []\n }\n\n const selectors = rule.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return output(selector).apply(selector => ({\n matchLabels: {\n ...mapKeys(selector.matchLabels ?? {}, key => `k8s:${key}`),\n \"k8s:io.kubernetes.pod.namespace\": service.metadata.namespace,\n },\n }))\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static createNamespaceExpressions(\n rule: NormalizedRuleArgs,\n ): k8sTypes.input.meta.v1.LabelSelectorRequirement[] {\n if (rule.namespaces.length === 0) {\n return []\n }\n\n return pipe(\n //\n rule.namespaces,\n map(mapNamespaceLikeToNamespaceName),\n names => [\n {\n key: \"k8s:io.kubernetes.pod.namespace\",\n operator: \"In\",\n values: names,\n },\n ],\n )\n }\n\n private static createSelectorRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecIngress[] {\n const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule)\n\n if (rule.selectors.length === 0) {\n if (namespaceExpressions.length === 0) {\n // if no selectors and no namespaces are provided, we do not match\n return []\n }\n\n // if no selectors are provided, we only match on namespaces\n return [\n {\n [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],\n toPorts: ports,\n },\n ]\n }\n\n // otherwise, we match on selectors and namespaces\n const selectors = rule.selectors.map(selector => {\n const rawSelector = mapSelectorLikeToSelector(selector)\n\n return output(rawSelector).apply(rawSelector => {\n const expressions = map(rawSelector.matchExpressions ?? [], expression => ({\n key: `k8s:${expression.key}`,\n operator: expression.operator,\n values: expression.values,\n }))\n\n return {\n matchLabels: mapKeys(rawSelector.matchLabels ?? {}, key => `k8s:${key}`),\n matchExpressions: [...expressions, ...namespaceExpressions],\n }\n })\n })\n\n return [\n {\n [`${prefix}Endpoints`]: uniqueBy(selectors, rule => JSON.stringify(rule)),\n toPorts: ports,\n },\n ]\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts | undefined {\n if (ports.length === 0) {\n return\n }\n\n return {\n ports: ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port.toString(),\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0].toString(),\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n }),\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/network-policy.ts"],"names":["cilium","selector","rawSelector","rule"],"mappings":";;;;;;;;AAoBO,IAAM,mBAAA,GAAN,MAAM,oBAAA,SAA4B,aAAA,CAAc;AAAA,EAC3C,MAAA,CACR,IAAA,EACA,IAAA,EACA,IAAA,EACU;AACV,IAAA,OAAO,IAAIA,OAAO,EAAA,CAAG,mBAAA;AAAA,MACnB,IAAA;AAAA,MACA;AAAA,QACE,QAAA,EAAU,WAAA,CAAY,IAAA,EAAM,IAAI,CAAA;AAAA,QAChC,IAAA,EAAM;AAAA,UACJ,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,kBAAkB,IAAA,CAAK,WAAA;AAAA,UACvB,OAAA,EAAS,oBAAA,CAAoB,kBAAA,CAAmB,IAAI,CAAA;AAAA,UACpD,MAAA,EAAQ,oBAAA,CAAoB,iBAAA,CAAkB,IAAI;AAAA;AACpD,OACF;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,OAAe,mBAAmB,IAAA,EAA2C;AAC3E,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAO,CAAC,EAAE,CAAA;AAAA,IACZ;AAEA,IAAA,OAAO,QAAA;AAAA,MACL,KAAK,YAAA,CAAa,OAAA;AAAA,QAAQ,UACxB,oBAAA,CAAoB,WAAA,CAAY,MAAA,EAAQ,IAAA,EAAM,KAAK,OAAO;AAAA,OAC5D;AAAA,MACA,CAAA,IAAA,KAAQ,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBAAkB,IAAA,EAA2C;AAC1E,IAAA,IAAI,KAAK,aAAA,EAAe;AACtB,MAAA,OAAO,CAAC,EAAE,CAAA;AAAA,IACZ;AAEA,IAAA,MAAM,aAAqB,EAAC;AAE5B,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,UAAA,CAAW,KAAK,EAAE,UAAA,EAAY,CAAC,gBAAgB,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,QAAA;AAAA,MACL,IAAA,CAAK,WAAA,CACF,OAAA,CAAQ,CAAA,IAAA,KAAQ,oBAAA,CAAoB,WAAA,CAAY,IAAA,EAAM,IAAA,EAAM,IAAA,CAAK,OAAO,CAAC,CAAA,CACzE,OAAO,UAAU,CAAA;AAAA,MACpB,CAAA,IAAA,KAAQ,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC7B;AAAA,EACF;AAAA,EAEA,OAAe,WAAA,CACb,MAAA,EACA,IAAA,EACA,OAAA,EACQ;AACR,IAAA,MAAM,IAAA,GAAO,oBAAA,CAAoB,QAAA,CAAS,IAAA,CAAK,KAAK,CAAA;AACpD,IAAA,MAAM,KAAA,GAAQ,IAAA,GAAO,CAAC,IAAI,CAAA,GAAI,MAAA;AAE9B,IAAA,OAAO;AAAA,MACL,GAAG,oBAAA,CAAoB,cAAA,CAAe,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MACzD,GAAG,oBAAA,CAAoB,eAAA,CAAgB,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC1D,GAAG,oBAAA,CAAoB,kBAAA,CAAmB,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC7D,GAAG,oBAAA,CAAoB,mBAAA,CAAoB,MAAA,EAAQ,MAAM,KAAK,CAAA;AAAA,MAC9D,GAAI,WAAW,IAAA,GAAO,oBAAA,CAAoB,gBAAgB,IAAA,EAAM,KAAA,EAAO,OAAO,CAAA,GAAI;AAAC,KACrF;AAAA,EACF;AAAA,EAEA,OAAe,cAAA,CACb,MAAA,EACA,IAAA,EACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,KAAK,GAAA,EAAK;AACb,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,OAAO;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,QAAA,CAAU,GAAG,CAAC,KAAK,CAAA;AAAA,QAC7B,OAAA,EAAS;AAAA;AACX,KACF;AAAA,EACF;AAAA,EAEA,OAAe,eAAA,CACb,MAAA,EACA,IAAA,EACA,KAAA,EACQ;AACR,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG;AAC3B,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,OAAO;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,IAAA,CAAM,GAAG,IAAA,CAAK,KAAA;AAAA,QACxB,OAAA,EAAS;AAAA;AACX,KACF;AAAA,EACF;AAAA,EAEA,OAAe,eAAA,CACb,IAAA,EACA,KAAA,EACA,OAAA,EACuD;AACvD,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG;AAC3B,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,CAAA,IAAA,KAAQ;AACvC,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,GAAI,EAAE,cAAc,IAAA,EAAK,GAAI,EAAE,SAAA,EAAW,IAAA,EAAK;AAAA,IACzE,CAAC,CAAA;AAED,IAAA,OAAO;AAAA,MACL;AAAA,QACE,OAAA,EAAS,SAAA;AAAA,QACT,OAAA,EAAS;AAAA,OACX;AAAA,MACA;AAAA,QACE,WAAA,EAAa;AAAA,UACX;AAAA,YACE,WAAA,EAAa;AAAA,cACX,iCAAA,EAAmC,aAAA;AAAA,cACnC,aAAA,EAAe;AAAA;AACjB;AACF,SACF;AAAA,QACA,OAAA,EAAS;AAAA,UACP;AAAA,YACE,OAAO,CAAC,EAAE,MAAM,IAAA,EAAM,QAAA,EAAU,OAAO,CAAA;AAAA,YACvC,KAAA,EAAO;AAAA,cACL,GAAA,EAAK,wBAAA,CAAyB,OAAO,CAAA,CAAE,4BAAA,GACnC,CAAC,EAAE,YAAA,EAAc,GAAA,EAAK,CAAA,GACtB;AAAA;AACN;AACF;AACF;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAe,kBAAA,CACb,MAAA,EACA,IAAA,EACA,KAAA,EACQ;AACR,IAAA,IAAI,IAAA,CAAK,QAAA,CAAS,MAAA,KAAW,CAAA,EAAG;AAC9B,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,CAAA,OAAA,KAAW;AAC7C,MAAA,MAAM,QAAA,GAAW,0BAA0B,OAAO,CAAA;AAElD,MAAA,OAAO,MAAA,CAAO,QAAQ,CAAA,CAAE,KAAA,CAAM,CAAAC,SAAAA,MAAa;AAAA,QACzC,WAAA,EAAa;AAAA,UACX,GAAG,QAAQA,SAAAA,CAAS,WAAA,IAAe,EAAC,EAAG,CAAA,GAAA,KAAO,CAAA,IAAA,EAAO,GAAG,CAAA,CAAE,CAAA;AAAA,UAC1D,iCAAA,EAAmC,QAAQ,QAAA,CAAS;AAAA;AACtD,OACF,CAAE,CAAA;AAAA,IACJ,CAAC,CAAA;AAED,IAAA,OAAO;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,GAAG,SAAA;AAAA,QACxB,OAAA,EAAS;AAAA;AACX,KACF;AAAA,EACF;AAAA,EAEA,OAAe,2BACb,IAAA,EACmD;AACnD,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,MAAA,KAAW,CAAA,EAAG;AAChC,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,OAAO,IAAA;AAAA;AAAA,MAEL,IAAA,CAAK,UAAA;AAAA,MACL,IAAI,+BAA+B,CAAA;AAAA,MACnC,CAAA,KAAA,KAAS;AAAA,QACP;AAAA,UACE,GAAA,EAAK,iCAAA;AAAA,UACL,QAAA,EAAU,IAAA;AAAA,UACV,MAAA,EAAQ;AAAA;AACV;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAe,mBAAA,CACb,MAAA,EACA,IAAA,EACA,KAAA,EACwD;AACxD,IAAA,MAAM,oBAAA,GAAuB,oBAAA,CAAoB,0BAAA,CAA2B,IAAI,CAAA;AAEhF,IAAA,IAAI,IAAA,CAAK,SAAA,CAAU,MAAA,KAAW,CAAA,EAAG;AAC/B,MAAA,IAAI,oBAAA,CAAqB,WAAW,CAAA,EAAG;AAErC,QAAA,OAAO,EAAC;AAAA,MACV;AAGA,MAAA,OAAO;AAAA,QACL;AAAA,UACE,CAAC,GAAG,MAAM,CAAA,SAAA,CAAW,GAAG,CAAC,EAAE,gBAAA,EAAkB,oBAAA,EAAsB,CAAA;AAAA,UACnE,OAAA,EAAS;AAAA;AACX,OACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,CAAA,QAAA,KAAY;AAC/C,MAAA,MAAM,WAAA,GAAc,0BAA0B,QAAQ,CAAA;AAEtD,MAAA,OAAO,MAAA,CAAO,WAAW,CAAA,CAAE,KAAA,CAAM,CAAAC,YAAAA,KAAe;AAC9C,QAAA,MAAM,cAAc,GAAA,CAAIA,YAAAA,CAAY,gBAAA,IAAoB,IAAI,CAAA,UAAA,MAAe;AAAA,UACzE,GAAA,EAAK,CAAA,IAAA,EAAO,UAAA,CAAW,GAAG,CAAA,CAAA;AAAA,UAC1B,UAAU,UAAA,CAAW,QAAA;AAAA,UACrB,QAAQ,UAAA,CAAW;AAAA,SACrB,CAAE,CAAA;AAEF,QAAA,OAAO;AAAA,UACL,WAAA,EAAa,QAAQA,YAAAA,CAAY,WAAA,IAAe,EAAC,EAAG,CAAA,GAAA,KAAO,CAAA,IAAA,EAAO,GAAG,CAAA,CAAE,CAAA;AAAA,UACvE,gBAAA,EAAkB,CAAC,GAAG,WAAA,EAAa,GAAG,oBAAoB;AAAA,SAC5D;AAAA,MACF,CAAC,CAAA;AAAA,IACH,CAAC,CAAA;AAED,IAAA,OAAO;AAAA,MACL;AAAA,QACE,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,GAAG,QAAA,CAAS,SAAA,EAAW,CAAAC,KAAAA,KAAQ,IAAA,CAAK,SAAA,CAAUA,KAAI,CAAC,CAAA;AAAA,QACxE,OAAA,EAAS;AAAA;AACX,KACF;AAAA,EACF;AAAA,EAEA,OAAe,SACb,KAAA,EACwE;AACxE,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,MAAA;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA,CAAM,GAAA,CAAI,CAAA,IAAA,KAAQ;AACvB,QAAA,IAAI,UAAU,IAAA,EAAM;AAClB,UAAA,OAAO;AAAA,YACL,IAAA,EAAM,IAAA,CAAK,IAAA,CAAK,QAAA,EAAS;AAAA,YACzB,QAAA,EAAU,KAAK,QAAA,IAAY;AAAA,WAC7B;AAAA,QACF;AAEA,QAAA,OAAO;AAAA,UACL,IAAA,EAAM,IAAA,CAAK,KAAA,CAAM,CAAC,EAAE,QAAA,EAAS;AAAA,UAC7B,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,CAAC,CAAA;AAAA,UACrB,QAAA,EAAU,KAAK,QAAA,IAAY;AAAA,SAC7B;AAAA,MACF,CAAC;AAAA,KACH;AAAA,EACF;AACF","file":"index.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { type ResourceOptions, type Resource, output } from \"@highstate/pulumi\"\nimport {\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapSelectorLikeToSelector,\n mapServiceToLabelSelector,\n NetworkPolicy,\n type NetworkPolicyPort,\n type NormalizedNetworkPolicyArgs,\n type NormalizedRuleArgs,\n} from \"@highstate/k8s\"\nimport { cilium, types } from \"@highstate/cilium-crds\"\nimport { types as k8sTypes } from \"@pulumi/kubernetes\"\nimport { map, mapKeys, pipe, uniqueBy } from \"remeda\"\nimport { getCiliumClusterMetadata } from \"./shared\"\n\ntype Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &\n types.input.cilium.v2.CiliumNetworkPolicySpecEgress\n\nexport class CiliumNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n return new cilium.v2.CiliumNetworkPolicy(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: {\n description: args.description,\n endpointSelector: args.podSelector,\n ingress: CiliumNetworkPolicy.createIngressRules(args),\n egress: CiliumNetworkPolicy.createEgressRules(args),\n },\n },\n opts,\n )\n }\n\n private static createIngressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateIngress) {\n return [{}]\n }\n\n return uniqueBy(\n args.ingressRules.flatMap(rule =>\n CiliumNetworkPolicy.createRules(\"from\", rule, args.cluster),\n ),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateEgress) {\n return [{}]\n }\n\n const extraRules: Rule[] = []\n\n if (args.allowKubeApiServer) {\n extraRules.push({ toEntities: [\"kube-apiserver\"] })\n }\n\n return uniqueBy(\n args.egressRules\n .flatMap(rule => CiliumNetworkPolicy.createRules(\"to\", rule, args.cluster))\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n cluster: k8s.Cluster,\n ): Rule[] {\n const port = CiliumNetworkPolicy.mapPorts(rule.ports)\n const ports = port ? [port] : undefined\n\n return [\n ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),\n ...(prefix === \"to\" ? CiliumNetworkPolicy.createFqdnRules(rule, ports, cluster) : []),\n ]\n }\n\n private static createAllRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (!rule.all) {\n return []\n }\n\n return [\n {\n [`${prefix}Entities`]: [\"all\"],\n toPorts: ports,\n },\n ]\n }\n\n private static createCidrRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.cidrs.length === 0) {\n return []\n }\n\n return [\n {\n [`${prefix}CIDR`]: rule.cidrs,\n toPorts: ports,\n },\n ]\n }\n\n private static createFqdnRules(\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n cluster: k8s.Cluster,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgress[] {\n if (rule.fqdns.length === 0) {\n return []\n }\n\n const fqdnRules = rule.fqdns.map(fqdn => {\n return fqdn.includes(\"*\") ? { matchPattern: fqdn } : { matchName: fqdn }\n })\n\n return [\n {\n toFQDNs: fqdnRules,\n toPorts: ports,\n },\n {\n toEndpoints: [\n {\n matchLabels: {\n \"k8s:io.kubernetes.pod.namespace\": \"kube-system\",\n \"k8s:k8s-app\": \"kube-dns\",\n },\n },\n ],\n toPorts: [\n {\n ports: [{ port: \"53\", protocol: \"UDP\" }],\n rules: {\n dns: getCiliumClusterMetadata(cluster).allowForbiddenFqdnResolution\n ? [{ matchPattern: \"*\" }]\n : fqdnRules,\n },\n },\n ],\n },\n ]\n }\n\n private static createServiceRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.services.length === 0) {\n return []\n }\n\n const selectors = rule.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return output(selector).apply(selector => ({\n matchLabels: {\n ...mapKeys(selector.matchLabels ?? {}, key => `k8s:${key}`),\n \"k8s:io.kubernetes.pod.namespace\": service.metadata.namespace,\n },\n }))\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static createNamespaceExpressions(\n rule: NormalizedRuleArgs,\n ): k8sTypes.input.meta.v1.LabelSelectorRequirement[] {\n if (rule.namespaces.length === 0) {\n return []\n }\n\n return pipe(\n //\n rule.namespaces,\n map(mapNamespaceLikeToNamespaceName),\n names => [\n {\n key: \"k8s:io.kubernetes.pod.namespace\",\n operator: \"In\",\n values: names,\n },\n ],\n )\n }\n\n private static createSelectorRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecIngress[] {\n const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule)\n\n if (rule.selectors.length === 0) {\n if (namespaceExpressions.length === 0) {\n // if no selectors and no namespaces are provided, we do not match\n return []\n }\n\n // if no selectors are provided, we only match on namespaces\n return [\n {\n [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],\n toPorts: ports,\n },\n ]\n }\n\n // otherwise, we match on selectors and namespaces\n const selectors = rule.selectors.map(selector => {\n const rawSelector = mapSelectorLikeToSelector(selector)\n\n return output(rawSelector).apply(rawSelector => {\n const expressions = map(rawSelector.matchExpressions ?? [], expression => ({\n key: `k8s:${expression.key}`,\n operator: expression.operator,\n values: expression.values,\n }))\n\n return {\n matchLabels: mapKeys(rawSelector.matchLabels ?? {}, key => `k8s:${key}`),\n matchExpressions: [...expressions, ...namespaceExpressions],\n }\n })\n })\n\n return [\n {\n [`${prefix}Endpoints`]: uniqueBy(selectors, rule => JSON.stringify(rule)),\n toPorts: ports,\n },\n ]\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts | undefined {\n if (ports.length === 0) {\n return\n }\n\n return {\n ports: ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port.toString(),\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0].toString(),\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n }),\n }\n }\n}\n"]}
|
package/dist/unit/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;AAMA,IAAM,EAAE,
|
|
1
|
+
{"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;AAMA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,MAAM,CAAA;AAEpD,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AAEjD,IAAI,MAAM,QAAA,EAAU;AAAA,EAClB,OAAA;AAAA,EACA,SAAA,EAAW,aAAA;AAAA,EAEX,KAAA,EAAA,MAAA;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM;AAAA,KACR;AAAA,IAEA,oBAAA,EAAsB,MAAA;AAAA,IAEtB,QAAA,EAAU;AAAA,MACR,QAAA,EAAU;AAAA,KACZ;AAAA,IAEA,MAAA,EAAQ;AAAA,MACN,KAAA,EAAO;AAAA,QACL,OAAA,EAAS;AAAA,OACX;AAAA,MACA,EAAA,EAAI;AAAA,QACF,OAAA,EAAS;AAAA;AACX,KACF;AAAA,IAEA,QAAA,EAAU;AAAA,MACR,qBAAA,EAAuB;AAAA,KACzB;AAAA,IAEA,cAAA,EAAgB,kBAAA,CAAmB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAC,CAAA;AAAA,IAC1D,gBAAgB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAA,CAAE,KAAK,QAAA;AAAS;AAE1D,CAAC,CAAA;AAED,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,MAAA,CAAO;AAAA,IACjB,GAAG,OAAA;AAAA,IACH,GAAA,EAAK,QAAA;AAAA,IACL,QAAA,EAAU;AAAA,MACR,GAAG,OAAA,CAAQ,QAAA;AAAA,MACX,MAAA,EAAQ;AAAA,QACN,8BAA8B,IAAA,CAAK;AAAA;AACrC;AACF,GACD;AACH,CAAC","file":"index.js","sourcesContent":["import { Chart } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, secret, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString } from \"@highstate/common\"\nimport { chart, type CiliumClusterMetadata } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.cilium)\n\nconst cluster = await toPromise(inputs.k8sCluster)\n\nnew Chart(\"cilium\", {\n cluster,\n namespace: \"kube-system\",\n\n chart,\n\n values: {\n ipam: {\n mode: \"kubernetes\",\n },\n\n kubeProxyReplacement: \"true\",\n\n operator: {\n replicas: 1,\n },\n\n hubble: {\n relay: {\n enabled: true,\n },\n ui: {\n enabled: true,\n },\n },\n\n dnsProxy: {\n dnsRejectResponseCode: \"nameError\",\n },\n\n k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),\n k8sServicePort: cluster.apiEndpoints[0].port.toString(),\n },\n})\n\nexport default outputs({\n k8sCluster: secret({\n ...cluster,\n cni: \"cilium\",\n metadata: {\n ...cluster.metadata,\n cilium: {\n allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution,\n } satisfies CiliumClusterMetadata,\n },\n }),\n})\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@highstate/cilium",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.18",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist",
|
|
@@ -22,18 +22,18 @@
|
|
|
22
22
|
"generate-crds": "./scripts/generate-crds.sh"
|
|
23
23
|
},
|
|
24
24
|
"dependencies": {
|
|
25
|
-
"@highstate/cilium-crds": "^0.9.
|
|
26
|
-
"@highstate/common": "^0.9.
|
|
27
|
-
"@highstate/k8s": "^0.9.
|
|
28
|
-
"@highstate/library": "^0.9.
|
|
29
|
-
"@highstate/pulumi": "^0.9.
|
|
25
|
+
"@highstate/cilium-crds": "^0.9.18",
|
|
26
|
+
"@highstate/common": "^0.9.18",
|
|
27
|
+
"@highstate/k8s": "^0.9.18",
|
|
28
|
+
"@highstate/library": "^0.9.18",
|
|
29
|
+
"@highstate/pulumi": "^0.9.18",
|
|
30
30
|
"@pulumi/command": "^1.0.2",
|
|
31
31
|
"@pulumi/kubernetes": "^4.18.0",
|
|
32
|
-
"@pulumi/pulumi": "^3.
|
|
32
|
+
"@pulumi/pulumi": "^3.184.0",
|
|
33
33
|
"remeda": "^2.21.0"
|
|
34
34
|
},
|
|
35
35
|
"devDependencies": {
|
|
36
|
-
"@highstate/cli": "^0.9.
|
|
36
|
+
"@highstate/cli": "^0.9.18"
|
|
37
37
|
},
|
|
38
|
-
"gitHead": "
|
|
38
|
+
"gitHead": "9ebcd7da56b00b8ca08bf52cc8438f527338cd64"
|
|
39
39
|
}
|