@highstate/cilium 0.9.18 → 0.9.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist/chunk-QJ3DFAUT.js +47 -0
  2. package/dist/chunk-QJ3DFAUT.js.map +1 -0
  3. package/dist/highstate.manifest.json +2 -2
  4. package/dist/index.js +18977 -26
  5. package/dist/index.js.map +1 -1
  6. package/dist/unit/index.js +48 -30
  7. package/dist/unit/index.js.map +1 -1
  8. package/package.json +9 -8
  9. package/src/{network-policy.ts → impl/network-policy.ts} +38 -30
  10. package/src/index.ts +3 -1
  11. package/src/shared.ts +0 -23
  12. package/src/unit/index.ts +51 -30
  13. package/dist/chunk-M4DV2DAJ.js +0 -16
  14. package/dist/chunk-M4DV2DAJ.js.map +0 -1
package/dist/unit/index.js CHANGED
@@ -1,38 +1,56 @@
1
- import { cilium } from '../chunk-M4DV2DAJ.js';
2
- import { Chart } from '@highstate/k8s';
1
+ import { cilium } from '../chunk-QJ3DFAUT.js';
2
+ import { Chart, Namespace } from '@highstate/k8s';
3
3
  import { k8s } from '@highstate/library';
4
- import { forUnit, toPromise, secret } from '@highstate/pulumi';
4
+ import { forUnit, toPromise, ResourceHook, secret } from '@highstate/pulumi';
5
5
  import { l3EndpointToString } from '@highstate/common';
6
+ import { KubeConfig, CoreV1Api } from '@kubernetes/client-node';
6
7
 
7
8
  var { args, inputs, outputs } = forUnit(k8s.cilium);
8
9
  var cluster = await toPromise(inputs.k8sCluster);
9
- new Chart("cilium", {
10
- cluster,
11
- namespace: "kube-system",
12
- chart: cilium,
13
- values: {
14
- ipam: {
15
- mode: "kubernetes"
16
- },
17
- kubeProxyReplacement: "true",
18
- operator: {
19
- replicas: 1
20
- },
21
- hubble: {
22
- relay: {
23
- enabled: true
24
- },
25
- ui: {
26
- enabled: true
27
- }
28
- },
29
- dnsProxy: {
30
- dnsRejectResponseCode: "nameError"
31
- },
32
- k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),
33
- k8sServicePort: cluster.apiEndpoints[0].port.toString()
34
- }
10
+ var afterCreateHook = new ResourceHook("restart-all-pods", async () => {
11
+ const kubeConfig = new KubeConfig();
12
+ kubeConfig.loadFromString(cluster.kubeconfig);
13
+ const coreApi = kubeConfig.makeApiClient(CoreV1Api);
14
+ const allPods = await coreApi.listPodForAllNamespaces();
15
+ await Promise.all(
16
+ allPods.items.map(
17
+ (pod) => coreApi.deleteNamespacedPod({
18
+ name: pod.metadata?.name,
19
+ namespace: pod.metadata?.namespace
20
+ })
21
+ )
22
+ );
35
23
  });
24
+ new Chart(
25
+ "cilium",
26
+ {
27
+ namespace: Namespace.get("kube-system", { name: "kube-system", cluster }),
28
+ chart: cilium,
29
+ values: {
30
+ ipam: {
31
+ mode: "kubernetes"
32
+ },
33
+ kubeProxyReplacement: "true",
34
+ operator: {
35
+ replicas: 1
36
+ },
37
+ hubble: {
38
+ relay: {
39
+ enabled: args.enableHubble
40
+ },
41
+ ui: {
42
+ enabled: args.enableHubble
43
+ }
44
+ },
45
+ dnsProxy: {
46
+ dnsRejectResponseCode: "nameError"
47
+ },
48
+ k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),
49
+ k8sServicePort: cluster.apiEndpoints[0].port.toString()
50
+ }
51
+ },
52
+ { hooks: { afterCreate: [afterCreateHook] } }
53
+ );
36
54
  var unit_default = outputs({
37
55
  k8sCluster: secret({
38
56
  ...cluster,
@@ -40,7 +58,7 @@ var unit_default = outputs({
40
58
  metadata: {
41
59
  ...cluster.metadata,
42
60
  cilium: {
43
- allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution
61
+ allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution ?? false
44
62
  }
45
63
  }
46
64
  })
package/dist/unit/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;AAMA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,MAAM,CAAA;AAEpD,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AAEjD,IAAI,MAAM,QAAA,EAAU;AAAA,EAClB,OAAA;AAAA,EACA,SAAA,EAAW,aAAA;AAAA,EAEX,KAAA,EAAA,MAAA;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM;AAAA,KACR;AAAA,IAEA,oBAAA,EAAsB,MAAA;AAAA,IAEtB,QAAA,EAAU;AAAA,MACR,QAAA,EAAU;AAAA,KACZ;AAAA,IAEA,MAAA,EAAQ;AAAA,MACN,KAAA,EAAO;AAAA,QACL,OAAA,EAAS;AAAA,OACX;AAAA,MACA,EAAA,EAAI;AAAA,QACF,OAAA,EAAS;AAAA;AACX,KACF;AAAA,IAEA,QAAA,EAAU;AAAA,MACR,qBAAA,EAAuB;AAAA,KACzB;AAAA,IAEA,cAAA,EAAgB,kBAAA,CAAmB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAC,CAAA;AAAA,IAC1D,gBAAgB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAA,CAAE,KAAK,QAAA;AAAS;AAE1D,CAAC,CAAA;AAED,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,MAAA,CAAO;AAAA,IACjB,GAAG,OAAA;AAAA,IACH,GAAA,EAAK,QAAA;AAAA,IACL,QAAA,EAAU;AAAA,MACR,GAAG,OAAA,CAAQ,QAAA;AAAA,MACX,MAAA,EAAQ;AAAA,QACN,8BAA8B,IAAA,CAAK;AAAA;AACrC;AACF,GACD;AACH,CAAC","file":"index.js","sourcesContent":["import { Chart } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, secret, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString } from \"@highstate/common\"\nimport { chart, type CiliumClusterMetadata } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.cilium)\n\nconst cluster = await toPromise(inputs.k8sCluster)\n\nnew Chart(\"cilium\", {\n cluster,\n namespace: \"kube-system\",\n\n chart,\n\n values: {\n ipam: {\n mode: \"kubernetes\",\n },\n\n kubeProxyReplacement: \"true\",\n\n operator: {\n replicas: 1,\n },\n\n hubble: {\n relay: {\n enabled: true,\n },\n ui: {\n enabled: true,\n },\n },\n\n dnsProxy: {\n dnsRejectResponseCode: \"nameError\",\n },\n\n k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),\n k8sServicePort: cluster.apiEndpoints[0].port.toString(),\n },\n})\n\nexport default outputs({\n k8sCluster: secret({\n ...cluster,\n cni: \"cilium\",\n metadata: {\n ...cluster.metadata,\n cilium: {\n allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution,\n } satisfies CiliumClusterMetadata,\n },\n }),\n})\n"]}
1
+ {"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;;AAOA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,MAAM,CAAA;AAEpD,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AAEjD,IAAM,eAAA,GAAkB,IAAI,YAAA,CAAa,kBAAA,EAAoB,YAAY;AAEvE,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,EAAW;AAClC,EAAA,UAAA,CAAW,cAAA,CAAe,QAAQ,UAAU,CAAA;AAE5C,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAClD,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,uBAAA,EAAwB;AAEtD,EAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,IACZ,QAAQ,KAAA,CAAM,GAAA;AAAA,MAAI,CAAA,GAAA,KAChB,QAAQ,mBAAA,CAAoB;AAAA,QAC1B,IAAA,EAAM,IAAI,QAAA,EAAU,IAAA;AAAA,QACpB,SAAA,EAAW,IAAI,QAAA,EAAU;AAAA,OAC1B;AAAA;AACH,GACF;AACF,CAAC,CAAA;AAED,IAAI,KAAA;AAAA,EACF,QAAA;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAU,GAAA,CAAI,aAAA,EAAe,EAAE,IAAA,EAAM,aAAA,EAAe,SAAS,CAAA;AAAA,IACxE,KAAA,EAAA,MAAA;AAAA,IAEA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM;AAAA,OACR;AAAA,MAEA,oBAAA,EAAsB,MAAA;AAAA,MAEtB,QAAA,EAAU;AAAA,QACR,QAAA,EAAU;AAAA,OACZ;AAAA,MAEA,MAAA,EAAQ;AAAA,QACN,KAAA,EAAO;AAAA,UACL,SAAS,IAAA,CAAK;AAAA,SAChB;AAAA,QACA,EAAA,EAAI;AAAA,UACF,SAAS,IAAA,CAAK;AAAA;AAChB,OACF;AAAA,MAEA,QAAA,EAAU;AAAA,QACR,qBAAA,EAAuB;AAAA,OACzB;AAAA,MAEA,cAAA,EAAgB,kBAAA,CAAmB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAC,CAAA;AAAA,MAC1D,gBAAgB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAA,CAAE,KAAK,QAAA;AAAS;AACxD,GACF;AAAA,EACA,EAAE,KAAA,EAAO,EAAE,aAAa,CAAC,eAAe,GAAE;AAC5C,CAAA;AAEA,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,MAAA,CAAO;AAAA,IACjB,GAAG,OAAA;AAAA,IACH,GAAA,EAAK,QAAA;AAAA,IACL,QAAA,EAAU;AAAA,MACR,GAAG,OAAA,CAAQ,QAAA;AAAA,MACX,MAAA,EAAQ;AAAA,QACN,4BAAA,EAA8B,KAAK,4BAAA,IAAgC;AAAA;AACrE;AACF,GACD;AACH,CAAC","file":"index.js","sourcesContent":["import { Chart, Namespace } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, ResourceHook, secret, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString } from \"@highstate/common\"\nimport { CoreV1Api, KubeConfig } from \"@kubernetes/client-node\"\nimport { chart } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.cilium)\n\nconst cluster = await toPromise(inputs.k8sCluster)\n\nconst afterCreateHook = new ResourceHook(\"restart-all-pods\", async () => {\n // restart (delete) all pods to make Cilium manage their networking\n const kubeConfig = new KubeConfig()\n kubeConfig.loadFromString(cluster.kubeconfig)\n\n const coreApi = kubeConfig.makeApiClient(CoreV1Api)\n const allPods = await coreApi.listPodForAllNamespaces()\n\n await Promise.all(\n allPods.items.map(pod =>\n coreApi.deleteNamespacedPod({\n name: pod.metadata?.name!,\n namespace: pod.metadata?.namespace!,\n }),\n ),\n )\n})\n\nnew Chart(\n \"cilium\",\n {\n namespace: Namespace.get(\"kube-system\", { name: \"kube-system\", cluster }),\n chart,\n\n values: {\n ipam: {\n mode: \"kubernetes\",\n },\n\n kubeProxyReplacement: \"true\",\n\n operator: {\n replicas: 1,\n },\n\n hubble: {\n relay: {\n enabled: args.enableHubble,\n },\n ui: {\n enabled: args.enableHubble,\n },\n },\n\n dnsProxy: {\n dnsRejectResponseCode: \"nameError\",\n },\n\n k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),\n k8sServicePort: cluster.apiEndpoints[0].port.toString(),\n },\n },\n { hooks: { afterCreate: [afterCreateHook] } },\n)\n\nexport default outputs({\n k8sCluster: secret({\n ...cluster,\n cni: \"cilium\",\n metadata: {\n ...cluster.metadata,\n cilium: {\n allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution ?? false,\n },\n } satisfies k8s.CiliumClusterMetadata,\n }),\n})\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highstate/cilium",
3
- "version": "0.9.18",
3
+ "version": "0.9.20",
4
4
  "type": "module",
5
5
  "files": [
6
6
  "dist",
@@ -22,18 +22,19 @@
22
22
  "generate-crds": "./scripts/generate-crds.sh"
23
23
  },
24
24
  "dependencies": {
25
- "@highstate/cilium-crds": "^0.9.18",
26
- "@highstate/common": "^0.9.18",
27
- "@highstate/k8s": "^0.9.18",
28
- "@highstate/library": "^0.9.18",
29
- "@highstate/pulumi": "^0.9.18",
25
+ "@highstate/cilium-crds": "^0.9.20",
26
+ "@highstate/common": "^0.9.20",
27
+ "@highstate/k8s": "^0.9.20",
28
+ "@highstate/library": "^0.9.20",
29
+ "@highstate/pulumi": "^0.9.20",
30
+ "@kubernetes/client-node": "^1.3.0",
30
31
  "@pulumi/command": "^1.0.2",
31
32
  "@pulumi/kubernetes": "^4.18.0",
32
33
  "@pulumi/pulumi": "^3.184.0",
33
34
  "remeda": "^2.21.0"
34
35
  },
35
36
  "devDependencies": {
36
- "@highstate/cli": "^0.9.18"
37
+ "@highstate/cli": "^0.9.20"
37
38
  },
38
- "gitHead": "9ebcd7da56b00b8ca08bf52cc8438f527338cd64"
39
+ "gitHead": "4bf9183450c2c6f51d6a99d77efc379ff5c7b7ef"
39
40
  }
package/src/{network-policy.ts → impl/network-policy.ts} RENAMED
@@ -1,30 +1,34 @@
1
- import type { k8s } from "@highstate/library"
2
- import { type ResourceOptions, type Resource, output } from "@highstate/pulumi"
1
+ import { k8s } from "@highstate/library"
2
+ import { ComponentResource, output, type ResourceOptions } from "@highstate/pulumi"
3
3
  import {
4
+ getNamespaceName,
4
5
  mapMetadata,
5
- mapNamespaceLikeToNamespaceName,
6
6
  mapSelectorLikeToSelector,
7
7
  mapServiceToLabelSelector,
8
- NetworkPolicy,
8
+ networkPolicyMediator,
9
9
  type NetworkPolicyPort,
10
10
  type NormalizedNetworkPolicyArgs,
11
11
  type NormalizedRuleArgs,
12
12
  } from "@highstate/k8s"
13
- import { cilium, types } from "@highstate/cilium-crds"
14
- import { types as k8sTypes } from "@pulumi/kubernetes"
13
+ import { cilium, type types } from "@highstate/cilium-crds"
14
+ import type { types as k8sTypes } from "@pulumi/kubernetes"
15
15
  import { map, mapKeys, pipe, uniqueBy } from "remeda"
16
- import { getCiliumClusterMetadata } from "./shared"
16
+ import { check } from "@highstate/contract"
17
+ import { implementationReferenceSchema } from "@highstate/library"
17
18
 
18
19
  type Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &
19
20
  types.input.cilium.v2.CiliumNetworkPolicySpecEgress
20
21
 
21
- export class CiliumNetworkPolicy extends NetworkPolicy {
22
- protected create(
23
- name: string,
24
- args: NormalizedNetworkPolicyArgs,
25
- opts?: ResourceOptions,
26
- ): Resource {
27
- return new cilium.v2.CiliumNetworkPolicy(
22
+ class CiliumNetworkPolicy extends ComponentResource {
23
+ /**
24
+ * The underlying Cilium network policy resource.
25
+ */
26
+ public readonly networkPolicy: cilium.v2.CiliumNetworkPolicy
27
+
28
+ constructor(name: string, args: NormalizedNetworkPolicyArgs, opts?: ResourceOptions) {
29
+ super("highstate:cilium:NetworkPolicy", name, args, opts)
30
+
31
+ this.networkPolicy = new cilium.v2.CiliumNetworkPolicy(
28
32
  name,
29
33
  {
30
34
  metadata: mapMetadata(args, name),
@@ -35,7 +39,7 @@ export class CiliumNetworkPolicy extends NetworkPolicy {
35
39
  egress: CiliumNetworkPolicy.createEgressRules(args),
36
40
  },
37
41
  },
38
- opts,
42
+ { ...opts, parent: this },
39
43
  )
40
44
  }
41
45
 
@@ -153,9 +157,11 @@ export class CiliumNetworkPolicy extends NetworkPolicy {
153
157
  {
154
158
  ports: [{ port: "53", protocol: "UDP" }],
155
159
  rules: {
156
- dns: getCiliumClusterMetadata(cluster).allowForbiddenFqdnResolution
157
- ? [{ matchPattern: "*" }]
158
- : fqdnRules,
160
+ dns:
161
+ check(k8s.ciliumClusterMetadata, cluster.metadata) &&
162
+ cluster.metadata.cilium.allowForbiddenFqdnResolution
163
+ ? [{ matchPattern: "*" }]
164
+ : fqdnRules,
159
165
  },
160
166
  },
161
167
  ],
@@ -198,18 +204,13 @@ export class CiliumNetworkPolicy extends NetworkPolicy {
198
204
  return []
199
205
  }
200
206
 
201
- return pipe(
202
- //
203
- rule.namespaces,
204
- map(mapNamespaceLikeToNamespaceName),
205
- names => [
206
- {
207
- key: "k8s:io.kubernetes.pod.namespace",
208
- operator: "In",
209
- values: names,
210
- },
211
- ],
212
- )
207
+ return pipe(rule.namespaces, map(getNamespaceName), names => [
208
+ {
209
+ key: "k8s:io.kubernetes.pod.namespace",
210
+ operator: "In",
211
+ values: names,
212
+ },
213
+ ])
213
214
  }
214
215
 
215
216
  private static createSelectorRules(
@@ -285,3 +286,10 @@ export class CiliumNetworkPolicy extends NetworkPolicy {
285
286
  }
286
287
  }
287
288
  }
289
+
290
+ export const createNetworkPolicy = networkPolicyMediator.implement(
291
+ implementationReferenceSchema,
292
+ ({ name, args }) => {
293
+ return new CiliumNetworkPolicy(name, args)
294
+ },
295
+ )
package/src/index.ts CHANGED
@@ -1,2 +1,4 @@
1
- export { CiliumNetworkPolicy } from "./network-policy"
2
1
  export { chart } from "./shared"
2
+
3
+ // Implementations
4
+ import "./impl/network-policy"
package/src/shared.ts CHANGED
@@ -1,24 +1 @@
1
- import type { k8s } from "@highstate/library"
2
-
3
1
  export { cilium as chart } from "../assets/charts.json"
4
-
5
- export type CiliumClusterMetadata = {
6
- /**
7
- * If set to `true`, the generated network policy will allow
8
- * all DNS queries to be resolved, even if they are
9
- * for forbidden (non-allowed) FQDNs.
10
- *
11
- * By default, is not set.
12
- */
13
- allowForbiddenFqdnResolution?: boolean
14
- }
15
-
16
- export function getCiliumClusterMetadata(cluster: k8s.Cluster): CiliumClusterMetadata {
17
- return cluster.metadata?.cilium ?? {}
18
- }
19
-
20
- export function hasCiliumClusterMetadata(
21
- cluster: k8s.Cluster,
22
- ): cluster is k8s.Cluster & { metadata: { cilium: CiliumClusterMetadata } } {
23
- return Boolean(cluster.metadata?.cilium)
24
- }
package/src/unit/index.ts CHANGED
@@ -1,47 +1,68 @@
1
- import { Chart } from "@highstate/k8s"
1
+ import { Chart, Namespace } from "@highstate/k8s"
2
2
  import { k8s } from "@highstate/library"
3
- import { forUnit, secret, toPromise } from "@highstate/pulumi"
3
+ import { forUnit, ResourceHook, secret, toPromise } from "@highstate/pulumi"
4
4
  import { l3EndpointToString } from "@highstate/common"
5
- import { chart, type CiliumClusterMetadata } from "../shared"
5
+ import { CoreV1Api, KubeConfig } from "@kubernetes/client-node"
6
+ import { chart } from "../shared"
6
7
 
7
8
  const { args, inputs, outputs } = forUnit(k8s.cilium)
8
9
 
9
10
  const cluster = await toPromise(inputs.k8sCluster)
10
11
 
11
- new Chart("cilium", {
12
- cluster,
13
- namespace: "kube-system",
12
+ const afterCreateHook = new ResourceHook("restart-all-pods", async () => {
13
+ // restart (delete) all pods to make Cilium manage their networking
14
+ const kubeConfig = new KubeConfig()
15
+ kubeConfig.loadFromString(cluster.kubeconfig)
14
16
 
15
- chart,
17
+ const coreApi = kubeConfig.makeApiClient(CoreV1Api)
18
+ const allPods = await coreApi.listPodForAllNamespaces()
16
19
 
17
- values: {
18
- ipam: {
19
- mode: "kubernetes",
20
- },
20
+ await Promise.all(
21
+ allPods.items.map(pod =>
22
+ coreApi.deleteNamespacedPod({
23
+ name: pod.metadata?.name!,
24
+ namespace: pod.metadata?.namespace!,
25
+ }),
26
+ ),
27
+ )
28
+ })
21
29
 
22
- kubeProxyReplacement: "true",
30
+ new Chart(
31
+ "cilium",
32
+ {
33
+ namespace: Namespace.get("kube-system", { name: "kube-system", cluster }),
34
+ chart,
23
35
 
24
- operator: {
25
- replicas: 1,
26
- },
36
+ values: {
37
+ ipam: {
38
+ mode: "kubernetes",
39
+ },
27
40
 
28
- hubble: {
29
- relay: {
30
- enabled: true,
41
+ kubeProxyReplacement: "true",
42
+
43
+ operator: {
44
+ replicas: 1,
31
45
  },
32
- ui: {
33
- enabled: true,
46
+
47
+ hubble: {
48
+ relay: {
49
+ enabled: args.enableHubble,
50
+ },
51
+ ui: {
52
+ enabled: args.enableHubble,
53
+ },
34
54
  },
35
- },
36
55
 
37
- dnsProxy: {
38
- dnsRejectResponseCode: "nameError",
39
- },
56
+ dnsProxy: {
57
+ dnsRejectResponseCode: "nameError",
58
+ },
40
59
 
41
- k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),
42
- k8sServicePort: cluster.apiEndpoints[0].port.toString(),
60
+ k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),
61
+ k8sServicePort: cluster.apiEndpoints[0].port.toString(),
62
+ },
43
63
  },
44
- })
64
+ { hooks: { afterCreate: [afterCreateHook] } },
65
+ )
45
66
 
46
67
  export default outputs({
47
68
  k8sCluster: secret({
@@ -50,8 +71,8 @@ export default outputs({
50
71
  metadata: {
51
72
  ...cluster.metadata,
52
73
  cilium: {
53
- allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution,
54
- } satisfies CiliumClusterMetadata,
55
- },
74
+ allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution ?? false,
75
+ },
76
+ } satisfies k8s.CiliumClusterMetadata,
56
77
  }),
57
78
  })
package/dist/chunk-M4DV2DAJ.js DELETED
@@ -1,16 +0,0 @@
1
- // assets/charts.json
2
- var cilium = {
3
- repo: "https://helm.cilium.io",
4
- name: "cilium",
5
- version: "1.17.4",
6
- sha256: "06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87"
7
- };
8
-
9
- // src/shared.ts
10
- function getCiliumClusterMetadata(cluster) {
11
- return cluster.metadata?.cilium ?? {};
12
- }
13
-
14
- export { cilium, getCiliumClusterMetadata };
15
- //# sourceMappingURL=chunk-M4DV2DAJ.js.map
16
- //# sourceMappingURL=chunk-M4DV2DAJ.js.map
package/dist/chunk-M4DV2DAJ.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../assets/charts.json","../src/shared.ts"],"names":[],"mappings":";AACE,IAAA,MAAA,GAAU;AAAA,EACR,IAAA,EAAQ,wBAAA;AAAA,EACR,IAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAW,QAAA;AAAA,EACX,MAAA,EAAU;AACZ;;;ACSK,SAAS,yBAAyB,OAAA,EAA6C;AACpF,EAAA,OAAO,OAAA,CAAQ,QAAA,EAAU,MAAA,IAAU,EAAC;AACtC","file":"chunk-M4DV2DAJ.js","sourcesContent":["{\n \"cilium\": {\n \"repo\": \"https://helm.cilium.io\",\n \"name\": \"cilium\",\n \"version\": \"1.17.4\",\n \"sha256\": \"06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87\"\n }\n}\n","import type { k8s } from \"@highstate/library\"\n\nexport { cilium as chart } from \"../assets/charts.json\"\n\nexport type CiliumClusterMetadata = {\n /**\n * If set to `true`, the generated network policy will allow\n * all DNS queries to be resolved, even if they are\n * for forbidden (non-allowed) FQDNs.\n *\n * By default, is not set.\n */\n allowForbiddenFqdnResolution?: boolean\n}\n\nexport function getCiliumClusterMetadata(cluster: k8s.Cluster): CiliumClusterMetadata {\n return cluster.metadata?.cilium ?? {}\n}\n\nexport function hasCiliumClusterMetadata(\n cluster: k8s.Cluster,\n): cluster is k8s.Cluster & { metadata: { cilium: CiliumClusterMetadata } } {\n return Boolean(cluster.metadata?.cilium)\n}\n"]}