@highstate/cilium 0.9.20 → 0.9.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/highstate.manifest.json +2 -2
- package/dist/index.js +3 -3
- package/dist/index.js.map +1 -1
- package/dist/unit/index.js +1 -1
- package/dist/unit/index.js.map +1 -1
- package/package.json +14 -9
- package/src/impl/network-policy.ts +6 -7
- package/src/unit/index.ts +1 -1
package/dist/unit/index.js
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { cilium } from '../chunk-QJ3DFAUT.js';
|
|
2
|
+
import { l3EndpointToString } from '@highstate/common';
|
|
2
3
|
import { Chart, Namespace } from '@highstate/k8s';
|
|
3
4
|
import { k8s } from '@highstate/library';
|
|
4
5
|
import { forUnit, toPromise, ResourceHook, secret } from '@highstate/pulumi';
|
|
5
|
-
import { l3EndpointToString } from '@highstate/common';
|
|
6
6
|
import { KubeConfig, CoreV1Api } from '@kubernetes/client-node';
|
|
7
7
|
|
|
8
8
|
var { args, inputs, outputs } = forUnit(k8s.cilium);
|
package/dist/unit/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;;AAOA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,MAAM,CAAA;AAEpD,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AAEjD,IAAM,eAAA,GAAkB,IAAI,YAAA,CAAa,kBAAA,EAAoB,YAAY;AAEvE,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,EAAW;AAClC,EAAA,UAAA,CAAW,cAAA,CAAe,QAAQ,UAAU,CAAA;AAE5C,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAClD,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,uBAAA,EAAwB;AAEtD,EAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,IACZ,QAAQ,KAAA,CAAM,GAAA;AAAA,MAAI,CAAA,GAAA,KAChB,QAAQ,mBAAA,CAAoB;AAAA,QAC1B,IAAA,EAAM,IAAI,QAAA,EAAU,IAAA;AAAA,QACpB,SAAA,EAAW,IAAI,QAAA,EAAU;AAAA,OAC1B;AAAA;AACH,GACF;AACF,CAAC,CAAA;AAED,IAAI,KAAA;AAAA,EACF,QAAA;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAU,GAAA,CAAI,aAAA,EAAe,EAAE,IAAA,EAAM,aAAA,EAAe,SAAS,CAAA;AAAA,IACxE,KAAA,EAAA,MAAA;AAAA,IAEA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM;AAAA,OACR;AAAA,MAEA,oBAAA,EAAsB,MAAA;AAAA,MAEtB,QAAA,EAAU;AAAA,QACR,QAAA,EAAU;AAAA,OACZ;AAAA,MAEA,MAAA,EAAQ;AAAA,QACN,KAAA,EAAO;AAAA,UACL,SAAS,IAAA,CAAK;AAAA,SAChB;AAAA,QACA,EAAA,EAAI;AAAA,UACF,SAAS,IAAA,CAAK;AAAA;AAChB,OACF;AAAA,MAEA,QAAA,EAAU;AAAA,QACR,qBAAA,EAAuB;AAAA,OACzB;AAAA,MAEA,cAAA,EAAgB,kBAAA,CAAmB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAC,CAAA;AAAA,MAC1D,gBAAgB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAA,CAAE,KAAK,QAAA;AAAS;AACxD,GACF;AAAA,EACA,EAAE,KAAA,EAAO,EAAE,aAAa,CAAC,eAAe,GAAE;AAC5C,CAAA;AAEA,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,MAAA,CAAO;AAAA,IACjB,GAAG,OAAA;AAAA,IACH,GAAA,EAAK,QAAA;AAAA,IACL,QAAA,EAAU;AAAA,MACR,GAAG,OAAA,CAAQ,QAAA;AAAA,MACX,MAAA,EAAQ;AAAA,QACN,4BAAA,EAA8B,KAAK,4BAAA,IAAgC;AAAA;AACrE;AACF,GACD;AACH,CAAC","file":"index.js","sourcesContent":["import { Chart, Namespace } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, ResourceHook, secret, toPromise } from \"@highstate/pulumi\"\nimport {
|
|
1
|
+
{"version":3,"sources":["../../src/unit/index.ts"],"names":[],"mappings":";;;;;;;AAOA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,MAAM,CAAA;AAEpD,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AAEjD,IAAM,eAAA,GAAkB,IAAI,YAAA,CAAa,kBAAA,EAAoB,YAAY;AAEvE,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,EAAW;AAClC,EAAA,UAAA,CAAW,cAAA,CAAe,QAAQ,UAAU,CAAA;AAE5C,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAClD,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,uBAAA,EAAwB;AAEtD,EAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,IACZ,QAAQ,KAAA,CAAM,GAAA;AAAA,MAAI,CAAA,GAAA,KAChB,QAAQ,mBAAA,CAAoB;AAAA,QAC1B,IAAA,EAAM,IAAI,QAAA,EAAU,IAAA;AAAA,QACpB,SAAA,EAAW,IAAI,QAAA,EAAU;AAAA,OAC1B;AAAA;AACH,GACF;AACF,CAAC,CAAA;AAED,IAAI,KAAA;AAAA,EACF,QAAA;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAU,GAAA,CAAI,aAAA,EAAe,EAAE,IAAA,EAAM,aAAA,EAAe,SAAS,CAAA;AAAA,IACxE,KAAA,EAAA,MAAA;AAAA,IAEA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM;AAAA,OACR;AAAA,MAEA,oBAAA,EAAsB,MAAA;AAAA,MAEtB,QAAA,EAAU;AAAA,QACR,QAAA,EAAU;AAAA,OACZ;AAAA,MAEA,MAAA,EAAQ;AAAA,QACN,KAAA,EAAO;AAAA,UACL,SAAS,IAAA,CAAK;AAAA,SAChB;AAAA,QACA,EAAA,EAAI;AAAA,UACF,SAAS,IAAA,CAAK;AAAA;AAChB,OACF;AAAA,MAEA,QAAA,EAAU;AAAA,QACR,qBAAA,EAAuB;AAAA,OACzB;AAAA,MAEA,cAAA,EAAgB,kBAAA,CAAmB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAC,CAAA;AAAA,MAC1D,gBAAgB,OAAA,CAAQ,YAAA,CAAa,CAAC,CAAA,CAAE,KAAK,QAAA;AAAS;AACxD,GACF;AAAA,EACA,EAAE,KAAA,EAAO,EAAE,aAAa,CAAC,eAAe,GAAE;AAC5C,CAAA;AAEA,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,MAAA,CAAO;AAAA,IACjB,GAAG,OAAA;AAAA,IACH,GAAA,EAAK,QAAA;AAAA,IACL,QAAA,EAAU;AAAA,MACR,GAAG,OAAA,CAAQ,QAAA;AAAA,MACX,MAAA,EAAQ;AAAA,QACN,4BAAA,EAA8B,KAAK,4BAAA,IAAgC;AAAA;AACrE;AACF,GACD;AACH,CAAC","file":"index.js","sourcesContent":["import { l3EndpointToString } from \"@highstate/common\"\nimport { Chart, Namespace } from \"@highstate/k8s\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, ResourceHook, secret, toPromise } from \"@highstate/pulumi\"\nimport { CoreV1Api, KubeConfig } from \"@kubernetes/client-node\"\nimport { chart } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.cilium)\n\nconst cluster = await toPromise(inputs.k8sCluster)\n\nconst afterCreateHook = new ResourceHook(\"restart-all-pods\", async () => {\n // restart (delete) all pods to make Cilium manage their networking\n const kubeConfig = new KubeConfig()\n kubeConfig.loadFromString(cluster.kubeconfig)\n\n const coreApi = kubeConfig.makeApiClient(CoreV1Api)\n const allPods = await coreApi.listPodForAllNamespaces()\n\n await Promise.all(\n allPods.items.map(pod =>\n coreApi.deleteNamespacedPod({\n name: pod.metadata?.name!,\n namespace: pod.metadata?.namespace!,\n }),\n ),\n )\n})\n\nnew Chart(\n \"cilium\",\n {\n namespace: Namespace.get(\"kube-system\", { name: \"kube-system\", cluster }),\n chart,\n\n values: {\n ipam: {\n mode: \"kubernetes\",\n },\n\n kubeProxyReplacement: \"true\",\n\n operator: {\n replicas: 1,\n },\n\n hubble: {\n relay: {\n enabled: args.enableHubble,\n },\n ui: {\n enabled: args.enableHubble,\n },\n },\n\n dnsProxy: {\n dnsRejectResponseCode: \"nameError\",\n },\n\n k8sServiceHost: l3EndpointToString(cluster.apiEndpoints[0]),\n k8sServicePort: cluster.apiEndpoints[0].port.toString(),\n },\n },\n { hooks: { afterCreate: [afterCreateHook] } },\n)\n\nexport default outputs({\n k8sCluster: secret({\n ...cluster,\n cni: \"cilium\",\n metadata: {\n ...cluster.metadata,\n cilium: {\n allowForbiddenFqdnResolution: args.allowForbiddenFqdnResolution ?? false,\n },\n } satisfies k8s.CiliumClusterMetadata,\n }),\n})\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@highstate/cilium",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.22",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist",
|
|
@@ -19,14 +19,17 @@
|
|
|
19
19
|
"scripts": {
|
|
20
20
|
"build": "highstate build",
|
|
21
21
|
"update-charts": "../../scripts/update-charts.sh ./assets/charts.json",
|
|
22
|
-
"generate-crds": "./scripts/generate-crds.sh"
|
|
22
|
+
"generate-crds": "./scripts/generate-crds.sh",
|
|
23
|
+
"typecheck": "tsgo --noEmit --skipLibCheck",
|
|
24
|
+
"biome": "biome check --write --unsafe --error-on-warnings",
|
|
25
|
+
"biome:check": "biome check --error-on-warnings"
|
|
23
26
|
},
|
|
24
27
|
"dependencies": {
|
|
25
|
-
"@highstate/cilium-crds": "^0.9.
|
|
26
|
-
"@highstate/common": "^0.9.
|
|
27
|
-
"@highstate/k8s": "^0.9.
|
|
28
|
-
"@highstate/library": "^0.9.
|
|
29
|
-
"@highstate/pulumi": "^0.9.
|
|
28
|
+
"@highstate/cilium-crds": "^0.9.22",
|
|
29
|
+
"@highstate/common": "^0.9.22",
|
|
30
|
+
"@highstate/k8s": "^0.9.22",
|
|
31
|
+
"@highstate/library": "^0.9.22",
|
|
32
|
+
"@highstate/pulumi": "^0.9.22",
|
|
30
33
|
"@kubernetes/client-node": "^1.3.0",
|
|
31
34
|
"@pulumi/command": "^1.0.2",
|
|
32
35
|
"@pulumi/kubernetes": "^4.18.0",
|
|
@@ -34,7 +37,9 @@
|
|
|
34
37
|
"remeda": "^2.21.0"
|
|
35
38
|
},
|
|
36
39
|
"devDependencies": {
|
|
37
|
-
"@
|
|
40
|
+
"@biomejs/biome": "2.2.0",
|
|
41
|
+
"@highstate/cli": "^0.9.22",
|
|
42
|
+
"@typescript/native-preview": "^7.0.0-dev.20250920.1"
|
|
38
43
|
},
|
|
39
|
-
"gitHead": "
|
|
44
|
+
"gitHead": "1f84c124e6ec7739f4ae4f5ef2ead8876ec3b7c1"
|
|
40
45
|
}
|
|
@@ -1,20 +1,19 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
1
|
+
import type { types as k8sTypes } from "@pulumi/kubernetes"
|
|
2
|
+
import { cilium, type types } from "@highstate/cilium-crds"
|
|
3
|
+
import { check } from "@highstate/contract"
|
|
3
4
|
import {
|
|
4
5
|
getNamespaceName,
|
|
5
6
|
mapMetadata,
|
|
6
7
|
mapSelectorLikeToSelector,
|
|
7
8
|
mapServiceToLabelSelector,
|
|
8
|
-
networkPolicyMediator,
|
|
9
9
|
type NetworkPolicyPort,
|
|
10
10
|
type NormalizedNetworkPolicyArgs,
|
|
11
11
|
type NormalizedRuleArgs,
|
|
12
|
+
networkPolicyMediator,
|
|
12
13
|
} from "@highstate/k8s"
|
|
13
|
-
import {
|
|
14
|
-
import
|
|
14
|
+
import { implementationReferenceSchema, k8s } from "@highstate/library"
|
|
15
|
+
import { ComponentResource, output, type ResourceOptions } from "@highstate/pulumi"
|
|
15
16
|
import { map, mapKeys, pipe, uniqueBy } from "remeda"
|
|
16
|
-
import { check } from "@highstate/contract"
|
|
17
|
-
import { implementationReferenceSchema } from "@highstate/library"
|
|
18
17
|
|
|
19
18
|
type Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &
|
|
20
19
|
types.input.cilium.v2.CiliumNetworkPolicySpecEgress
|
package/src/unit/index.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
+
import { l3EndpointToString } from "@highstate/common"
|
|
1
2
|
import { Chart, Namespace } from "@highstate/k8s"
|
|
2
3
|
import { k8s } from "@highstate/library"
|
|
3
4
|
import { forUnit, ResourceHook, secret, toPromise } from "@highstate/pulumi"
|
|
4
|
-
import { l3EndpointToString } from "@highstate/common"
|
|
5
5
|
import { CoreV1Api, KubeConfig } from "@kubernetes/client-node"
|
|
6
6
|
import { chart } from "../shared"
|
|
7
7
|
|