@highstate/cilium 0.9.6 → 0.9.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/highstate.manifest.json +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/package.json +7 -7
package/dist/index.js
CHANGED
|
@@ -208,8 +208,8 @@ var CiliumNetworkPolicy = class _CiliumNetworkPolicy extends NetworkPolicy {
|
|
|
208
208
|
var cilium2 = {
|
|
209
209
|
repo: "https://helm.cilium.io",
|
|
210
210
|
name: "cilium",
|
|
211
|
-
version: "1.17.
|
|
212
|
-
sha256: "
|
|
211
|
+
version: "1.17.4",
|
|
212
|
+
sha256: "06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87"
|
|
213
213
|
};
|
|
214
214
|
export {
|
|
215
215
|
CiliumNetworkPolicy,
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/network-policy.ts","../assets/charts.json"],"sourcesContent":["import { type ResourceOptions, type Resource, output } from \"@highstate/pulumi\"\nimport {\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapSelectorLikeToSelector,\n mapServiceToLabelSelector,\n NetworkPolicy,\n type NetworkPolicyPort,\n type NormalizedNetworkPolicyArgs,\n type NormalizedRuleArgs,\n} from \"@highstate/k8s\"\nimport { cilium, types } from \"@highstate/cilium-crds\"\nimport { types as k8sTypes } from \"@pulumi/kubernetes\"\nimport { map, mapKeys, pipe, uniqueBy } from \"remeda\"\n\ntype Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &\n types.input.cilium.v2.CiliumNetworkPolicySpecEgress\n\nexport class CiliumNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n return new cilium.v2.CiliumNetworkPolicy(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: {\n description: args.description,\n endpointSelector: args.podSelector,\n ingress: CiliumNetworkPolicy.createIngressRules(args),\n egress: CiliumNetworkPolicy.createEgressRules(args),\n },\n },\n opts,\n )\n }\n\n private static createIngressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateIngress) {\n return [{}]\n }\n\n return uniqueBy(\n args.ingressRules.flatMap(rule => CiliumNetworkPolicy.createRules(\"from\", rule)),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateEgress) {\n return [{}]\n }\n\n const extraRules: Rule[] = []\n\n if (args.allowKubeApiServer) {\n extraRules.push({ toEntities: [\"kube-apiserver\"] })\n }\n\n return uniqueBy(\n args.egressRules\n .flatMap(rule => CiliumNetworkPolicy.createRules(\"to\", rule))\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRules(prefix: \"from\" | \"to\", rule: NormalizedRuleArgs): Rule[] {\n const port = CiliumNetworkPolicy.mapPorts(rule.ports)\n const ports = port ? [port] : undefined\n\n return [\n ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),\n ...(prefix === \"to\" ? CiliumNetworkPolicy.createFqdnRules(rule, ports) : []),\n ]\n }\n\n private static createAllRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (!rule.all) {\n return []\n }\n\n return [\n {\n [`${prefix}Entities`]: [\"all\"],\n toPorts: ports,\n },\n ]\n }\n\n private static createCidrRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.cidrs.length === 0) {\n return []\n }\n\n return [\n {\n [`${prefix}CIDR`]: rule.cidrs,\n toPorts: ports,\n },\n ]\n }\n\n private static createFqdnRules(\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgress[] {\n if (rule.fqdns.length === 0) {\n return []\n }\n\n const fqdnRules = rule.fqdns.map(fqdn => {\n return fqdn.includes(\"*\") ? { matchPattern: fqdn } : { matchName: fqdn }\n })\n\n return [\n {\n toFQDNs: fqdnRules,\n toPorts: ports,\n },\n {\n toEndpoints: [\n {\n matchLabels: {\n \"k8s:io.kubernetes.pod.namespace\": \"kube-system\",\n \"k8s:k8s-app\": \"kube-dns\",\n },\n },\n ],\n toPorts: [\n {\n ports: [{ port: \"53\", protocol: \"UDP\" }],\n rules: { dns: fqdnRules },\n },\n ],\n },\n ]\n }\n\n private static createServiceRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.services.length === 0) {\n return []\n }\n\n const selectors = rule.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return output(selector).apply(selector => ({\n matchLabels: {\n ...mapKeys(selector.matchLabels ?? {}, key => `k8s:${key}`),\n \"k8s:io.kubernetes.pod.namespace\": service.metadata.namespace,\n },\n }))\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static createNamespaceExpressions(\n rule: NormalizedRuleArgs,\n ): k8sTypes.input.meta.v1.LabelSelectorRequirement[] {\n if (rule.namespaces.length === 0) {\n return []\n }\n\n return pipe(\n //\n rule.namespaces,\n map(mapNamespaceLikeToNamespaceName),\n names => [\n {\n key: \"k8s:io.kubernetes.pod.namespace\",\n operator: \"In\",\n values: names,\n },\n ],\n )\n }\n\n private static createSelectorRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecIngress[] {\n const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule)\n\n if (rule.selectors.length === 0) {\n if (namespaceExpressions.length === 0) {\n // if no selectors and no namespaces are provided, we do not match\n return []\n }\n\n // if no selectors are provided, we only match on namespaces\n return [\n {\n [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],\n toPorts: ports,\n },\n ]\n }\n\n // otherwise, we match on selectors and namespaces\n const selectors = rule.selectors.map(selector => {\n const rawSelector = mapSelectorLikeToSelector(selector)\n\n return output(rawSelector).apply(rawSelector => {\n const expressions = map(rawSelector.matchExpressions ?? [], expression => ({\n key: `k8s:${expression.key}`,\n operator: expression.operator,\n values: expression.values,\n }))\n\n return {\n matchLabels: mapKeys(rawSelector.matchLabels ?? {}, key => `k8s:${key}`),\n matchExpressions: [...expressions, ...namespaceExpressions],\n }\n })\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts | undefined {\n if (ports.length === 0) {\n return\n }\n\n return {\n ports: ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port.toString(),\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0].toString(),\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n }),\n }\n }\n}\n","{\n \"cilium\": {\n \"repo\": \"https://helm.cilium.io\",\n \"name\": \"cilium\",\n \"version\": \"1.17.1\",\n \"sha256\": \"381de4f8f4c5eace677d3426aa8d896ef8d2318c2bf4d1172c9953345b744471\"\n }\n}\n"],"mappings":";AAAA,SAA8C,cAAc;AAC5D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AACP,SAAS,cAAqB;AAC9B,OAAkC;AAClC,SAAS,KAAK,SAAS,MAAM,gBAAgB;AAKtC,IAAM,sBAAN,MAAM,6BAA4B,cAAc;AAAA,EAC3C,OACR,MACA,MACA,MACU;AACV,WAAO,IAAI,OAAO,GAAG;AAAA,MACnB;AAAA,MACA;AAAA,QACE,UAAU,YAAY,MAAM,IAAI;AAAA,QAChC,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB,kBAAkB,KAAK;AAAA,UACvB,SAAS,qBAAoB,mBAAmB,IAAI;AAAA,UACpD,QAAQ,qBAAoB,kBAAkB,IAAI;AAAA,QACpD;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,mBAAmB,MAA2C;AAC3E,QAAI,KAAK,gBAAgB;AACvB,aAAO,CAAC,CAAC,CAAC;AAAA,IACZ;AAEA,WAAO;AAAA,MACL,KAAK,aAAa,QAAQ,UAAQ,qBAAoB,YAAY,QAAQ,IAAI,CAAC;AAAA,MAC/E,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBAAkB,MAA2C;AAC1E,QAAI,KAAK,eAAe;AACtB,aAAO,CAAC,CAAC,CAAC;AAAA,IACZ;AAEA,UAAM,aAAqB,CAAC;AAE5B,QAAI,KAAK,oBAAoB;AAC3B,iBAAW,KAAK,EAAE,YAAY,CAAC,gBAAgB,EAAE,CAAC;AAAA,IACpD;AAEA,WAAO;AAAA,MACL,KAAK,YACF,QAAQ,UAAQ,qBAAoB,YAAY,MAAM,IAAI,CAAC,EAC3D,OAAO,UAAU;AAAA,MACpB,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,YAAY,QAAuB,MAAkC;AAClF,UAAM,OAAO,qBAAoB,SAAS,KAAK,KAAK;AACpD,UAAM,QAAQ,OAAO,CAAC,IAAI,IAAI;AAE9B,WAAO;AAAA,MACL,GAAG,qBAAoB,eAAe,QAAQ,MAAM,KAAK;AAAA,MACzD,GAAG,qBAAoB,gBAAgB,QAAQ,MAAM,KAAK;AAAA,MAC1D,GAAG,qBAAoB,mBAAmB,QAAQ,MAAM,KAAK;AAAA,MAC7D,GAAG,qBAAoB,oBAAoB,QAAQ,MAAM,KAAK;AAAA,MAC9D,GAAI,WAAW,OAAO,qBAAoB,gBAAgB,MAAM,KAAK,IAAI,CAAC;AAAA,IAC5E;AAAA,EACF;AAAA,EAEA,OAAe,eACb,QACA,MACA,OACQ;AACR,QAAI,CAAC,KAAK,KAAK;AACb,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,UAAU,GAAG,CAAC,KAAK;AAAA,QAC7B,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,QACA,MACA,OACQ;AACR,QAAI,KAAK,MAAM,WAAW,GAAG;AAC3B,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,MAAM,GAAG,KAAK;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,MACA,OACuD;AACvD,QAAI,KAAK,MAAM,WAAW,GAAG;AAC3B,aAAO,CAAC;AAAA,IACV;AAEA,UAAM,YAAY,KAAK,MAAM,IAAI,UAAQ;AACvC,aAAO,KAAK,SAAS,GAAG,IAAI,EAAE,cAAc,KAAK,IAAI,EAAE,WAAW,KAAK;AAAA,IACzE,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,aAAa;AAAA,UACX;AAAA,YACE,aAAa;AAAA,cACX,mCAAmC;AAAA,cACnC,eAAe;AAAA,YACjB;AAAA,UACF;AAAA,QACF;AAAA,QACA,SAAS;AAAA,UACP;AAAA,YACE,OAAO,CAAC,EAAE,MAAM,MAAM,UAAU,MAAM,CAAC;AAAA,YACvC,OAAO,EAAE,KAAK,UAAU;AAAA,UAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,mBACb,QACA,MACA,OACQ;AACR,QAAI,KAAK,SAAS,WAAW,GAAG;AAC9B,aAAO,CAAC;AAAA,IACV;AAEA,UAAM,YAAY,KAAK,SAAS,IAAI,aAAW;AAC7C,YAAM,WAAW,0BAA0B,OAAO;AAElD,aAAO,OAAO,QAAQ,EAAE,MAAM,CAAAA,eAAa;AAAA,QACzC,aAAa;AAAA,UACX,GAAG,QAAQA,UAAS,eAAe,CAAC,GAAG,SAAO,OAAO,GAAG,EAAE;AAAA,UAC1D,mCAAmC,QAAQ,SAAS;AAAA,QACtD;AAAA,MACF,EAAE;AAAA,IACJ,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,WAAW,GAAG;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,2BACb,MACmD;AACnD,QAAI,KAAK,WAAW,WAAW,GAAG;AAChC,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA;AAAA,MAEL,KAAK;AAAA,MACL,IAAI,+BAA+B;AAAA,MACnC,WAAS;AAAA,QACP;AAAA,UACE,KAAK;AAAA,UACL,UAAU;AAAA,UACV,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,oBACb,QACA,MACA,OACwD;AACxD,UAAM,uBAAuB,qBAAoB,2BAA2B,IAAI;AAEhF,QAAI,KAAK,UAAU,WAAW,GAAG;AAC/B,UAAI,qBAAqB,WAAW,GAAG;AAErC,eAAO,CAAC;AAAA,MACV;AAGA,aAAO;AAAA,QACL;AAAA,UACE,CAAC,GAAG,MAAM,WAAW,GAAG,CAAC,EAAE,kBAAkB,qBAAqB,CAAC;AAAA,UACnE,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAGA,UAAM,YAAY,KAAK,UAAU,IAAI,cAAY;AAC/C,YAAM,cAAc,0BAA0B,QAAQ;AAEtD,aAAO,OAAO,WAAW,EAAE,MAAM,CAAAC,iBAAe;AAC9C,cAAM,cAAc,IAAIA,aAAY,oBAAoB,CAAC,GAAG,iBAAe;AAAA,UACzE,KAAK,OAAO,WAAW,GAAG;AAAA,UAC1B,UAAU,WAAW;AAAA,UACrB,QAAQ,WAAW;AAAA,QACrB,EAAE;AAEF,eAAO;AAAA,UACL,aAAa,QAAQA,aAAY,eAAe,CAAC,GAAG,SAAO,OAAO,GAAG,EAAE;AAAA,UACvE,kBAAkB,CAAC,GAAG,aAAa,GAAG,oBAAoB;AAAA,QAC5D;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,WAAW,GAAG;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,SACb,OACwE;AACxE,QAAI,MAAM,WAAW,GAAG;AACtB;AAAA,IACF;AAEA,WAAO;AAAA,MACL,OAAO,MAAM,IAAI,UAAQ;AACvB,YAAI,UAAU,MAAM;AAClB,iBAAO;AAAA,YACL,MAAM,KAAK,KAAK,SAAS;AAAA,YACzB,UAAU,KAAK,YAAY;AAAA,UAC7B;AAAA,QACF;AAEA,eAAO;AAAA,UACL,MAAM,KAAK,MAAM,CAAC,EAAE,SAAS;AAAA,UAC7B,SAAS,KAAK,MAAM,CAAC;AAAA,UACrB,UAAU,KAAK,YAAY;AAAA,QAC7B;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;AChRE,IAAAC,UAAU;AAAA,EACR,MAAQ;AAAA,EACR,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,QAAU;AACZ;","names":["selector","rawSelector","cilium"]}
|
|
1
|
+
{"version":3,"sources":["../src/network-policy.ts","../assets/charts.json"],"sourcesContent":["import { type ResourceOptions, type Resource, output } from \"@highstate/pulumi\"\nimport {\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapSelectorLikeToSelector,\n mapServiceToLabelSelector,\n NetworkPolicy,\n type NetworkPolicyPort,\n type NormalizedNetworkPolicyArgs,\n type NormalizedRuleArgs,\n} from \"@highstate/k8s\"\nimport { cilium, types } from \"@highstate/cilium-crds\"\nimport { types as k8sTypes } from \"@pulumi/kubernetes\"\nimport { map, mapKeys, pipe, uniqueBy } from \"remeda\"\n\ntype Rule = types.input.cilium.v2.CiliumNetworkPolicySpecIngress &\n types.input.cilium.v2.CiliumNetworkPolicySpecEgress\n\nexport class CiliumNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n return new cilium.v2.CiliumNetworkPolicy(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: {\n description: args.description,\n endpointSelector: args.podSelector,\n ingress: CiliumNetworkPolicy.createIngressRules(args),\n egress: CiliumNetworkPolicy.createEgressRules(args),\n },\n },\n opts,\n )\n }\n\n private static createIngressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateIngress) {\n return [{}]\n }\n\n return uniqueBy(\n args.ingressRules.flatMap(rule => CiliumNetworkPolicy.createRules(\"from\", rule)),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(args: NormalizedNetworkPolicyArgs): Rule[] {\n if (args.isolateEgress) {\n return [{}]\n }\n\n const extraRules: Rule[] = []\n\n if (args.allowKubeApiServer) {\n extraRules.push({ toEntities: [\"kube-apiserver\"] })\n }\n\n return uniqueBy(\n args.egressRules\n .flatMap(rule => CiliumNetworkPolicy.createRules(\"to\", rule))\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRules(prefix: \"from\" | \"to\", rule: NormalizedRuleArgs): Rule[] {\n const port = CiliumNetworkPolicy.mapPorts(rule.ports)\n const ports = port ? [port] : undefined\n\n return [\n ...CiliumNetworkPolicy.createAllRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createCidrRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createServiceRules(prefix, rule, ports),\n ...CiliumNetworkPolicy.createSelectorRules(prefix, rule, ports),\n ...(prefix === \"to\" ? CiliumNetworkPolicy.createFqdnRules(rule, ports) : []),\n ]\n }\n\n private static createAllRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (!rule.all) {\n return []\n }\n\n return [\n {\n [`${prefix}Entities`]: [\"all\"],\n toPorts: ports,\n },\n ]\n }\n\n private static createCidrRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.cidrs.length === 0) {\n return []\n }\n\n return [\n {\n [`${prefix}CIDR`]: rule.cidrs,\n toPorts: ports,\n },\n ]\n }\n\n private static createFqdnRules(\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgress[] {\n if (rule.fqdns.length === 0) {\n return []\n }\n\n const fqdnRules = rule.fqdns.map(fqdn => {\n return fqdn.includes(\"*\") ? { matchPattern: fqdn } : { matchName: fqdn }\n })\n\n return [\n {\n toFQDNs: fqdnRules,\n toPorts: ports,\n },\n {\n toEndpoints: [\n {\n matchLabels: {\n \"k8s:io.kubernetes.pod.namespace\": \"kube-system\",\n \"k8s:k8s-app\": \"kube-dns\",\n },\n },\n ],\n toPorts: [\n {\n ports: [{ port: \"53\", protocol: \"UDP\" }],\n rules: { dns: fqdnRules },\n },\n ],\n },\n ]\n }\n\n private static createServiceRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): Rule[] {\n if (rule.services.length === 0) {\n return []\n }\n\n const selectors = rule.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return output(selector).apply(selector => ({\n matchLabels: {\n ...mapKeys(selector.matchLabels ?? {}, key => `k8s:${key}`),\n \"k8s:io.kubernetes.pod.namespace\": service.metadata.namespace,\n },\n }))\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static createNamespaceExpressions(\n rule: NormalizedRuleArgs,\n ): k8sTypes.input.meta.v1.LabelSelectorRequirement[] {\n if (rule.namespaces.length === 0) {\n return []\n }\n\n return pipe(\n //\n rule.namespaces,\n map(mapNamespaceLikeToNamespaceName),\n names => [\n {\n key: \"k8s:io.kubernetes.pod.namespace\",\n operator: \"In\",\n values: names,\n },\n ],\n )\n }\n\n private static createSelectorRules(\n prefix: \"from\" | \"to\",\n rule: NormalizedRuleArgs,\n ports: types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts[] | undefined,\n ): types.input.cilium.v2.CiliumNetworkPolicySpecIngress[] {\n const namespaceExpressions = CiliumNetworkPolicy.createNamespaceExpressions(rule)\n\n if (rule.selectors.length === 0) {\n if (namespaceExpressions.length === 0) {\n // if no selectors and no namespaces are provided, we do not match\n return []\n }\n\n // if no selectors are provided, we only match on namespaces\n return [\n {\n [`${prefix}Endpoints`]: [{ matchExpressions: namespaceExpressions }],\n toPorts: ports,\n },\n ]\n }\n\n // otherwise, we match on selectors and namespaces\n const selectors = rule.selectors.map(selector => {\n const rawSelector = mapSelectorLikeToSelector(selector)\n\n return output(rawSelector).apply(rawSelector => {\n const expressions = map(rawSelector.matchExpressions ?? [], expression => ({\n key: `k8s:${expression.key}`,\n operator: expression.operator,\n values: expression.values,\n }))\n\n return {\n matchLabels: mapKeys(rawSelector.matchLabels ?? {}, key => `k8s:${key}`),\n matchExpressions: [...expressions, ...namespaceExpressions],\n }\n })\n })\n\n return [\n {\n [`${prefix}Endpoints`]: selectors,\n toPorts: ports,\n },\n ]\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.cilium.v2.CiliumNetworkPolicySpecEgressToPorts | undefined {\n if (ports.length === 0) {\n return\n }\n\n return {\n ports: ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port.toString(),\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0].toString(),\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n }),\n }\n }\n}\n","{\n \"cilium\": {\n \"repo\": \"https://helm.cilium.io\",\n \"name\": \"cilium\",\n \"version\": \"1.17.4\",\n \"sha256\": \"06dcedfe25c08c770d193690d561037153e233f9cde31e0705a06802d24cea87\"\n }\n}\n"],"mappings":";AAAA,SAA8C,cAAc;AAC5D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AACP,SAAS,cAAqB;AAC9B,OAAkC;AAClC,SAAS,KAAK,SAAS,MAAM,gBAAgB;AAKtC,IAAM,sBAAN,MAAM,6BAA4B,cAAc;AAAA,EAC3C,OACR,MACA,MACA,MACU;AACV,WAAO,IAAI,OAAO,GAAG;AAAA,MACnB;AAAA,MACA;AAAA,QACE,UAAU,YAAY,MAAM,IAAI;AAAA,QAChC,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB,kBAAkB,KAAK;AAAA,UACvB,SAAS,qBAAoB,mBAAmB,IAAI;AAAA,UACpD,QAAQ,qBAAoB,kBAAkB,IAAI;AAAA,QACpD;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,mBAAmB,MAA2C;AAC3E,QAAI,KAAK,gBAAgB;AACvB,aAAO,CAAC,CAAC,CAAC;AAAA,IACZ;AAEA,WAAO;AAAA,MACL,KAAK,aAAa,QAAQ,UAAQ,qBAAoB,YAAY,QAAQ,IAAI,CAAC;AAAA,MAC/E,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBAAkB,MAA2C;AAC1E,QAAI,KAAK,eAAe;AACtB,aAAO,CAAC,CAAC,CAAC;AAAA,IACZ;AAEA,UAAM,aAAqB,CAAC;AAE5B,QAAI,KAAK,oBAAoB;AAC3B,iBAAW,KAAK,EAAE,YAAY,CAAC,gBAAgB,EAAE,CAAC;AAAA,IACpD;AAEA,WAAO;AAAA,MACL,KAAK,YACF,QAAQ,UAAQ,qBAAoB,YAAY,MAAM,IAAI,CAAC,EAC3D,OAAO,UAAU;AAAA,MACpB,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,YAAY,QAAuB,MAAkC;AAClF,UAAM,OAAO,qBAAoB,SAAS,KAAK,KAAK;AACpD,UAAM,QAAQ,OAAO,CAAC,IAAI,IAAI;AAE9B,WAAO;AAAA,MACL,GAAG,qBAAoB,eAAe,QAAQ,MAAM,KAAK;AAAA,MACzD,GAAG,qBAAoB,gBAAgB,QAAQ,MAAM,KAAK;AAAA,MAC1D,GAAG,qBAAoB,mBAAmB,QAAQ,MAAM,KAAK;AAAA,MAC7D,GAAG,qBAAoB,oBAAoB,QAAQ,MAAM,KAAK;AAAA,MAC9D,GAAI,WAAW,OAAO,qBAAoB,gBAAgB,MAAM,KAAK,IAAI,CAAC;AAAA,IAC5E;AAAA,EACF;AAAA,EAEA,OAAe,eACb,QACA,MACA,OACQ;AACR,QAAI,CAAC,KAAK,KAAK;AACb,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,UAAU,GAAG,CAAC,KAAK;AAAA,QAC7B,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,QACA,MACA,OACQ;AACR,QAAI,KAAK,MAAM,WAAW,GAAG;AAC3B,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,MAAM,GAAG,KAAK;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,MACA,OACuD;AACvD,QAAI,KAAK,MAAM,WAAW,GAAG;AAC3B,aAAO,CAAC;AAAA,IACV;AAEA,UAAM,YAAY,KAAK,MAAM,IAAI,UAAQ;AACvC,aAAO,KAAK,SAAS,GAAG,IAAI,EAAE,cAAc,KAAK,IAAI,EAAE,WAAW,KAAK;AAAA,IACzE,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA;AAAA,QACE,aAAa;AAAA,UACX;AAAA,YACE,aAAa;AAAA,cACX,mCAAmC;AAAA,cACnC,eAAe;AAAA,YACjB;AAAA,UACF;AAAA,QACF;AAAA,QACA,SAAS;AAAA,UACP;AAAA,YACE,OAAO,CAAC,EAAE,MAAM,MAAM,UAAU,MAAM,CAAC;AAAA,YACvC,OAAO,EAAE,KAAK,UAAU;AAAA,UAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,mBACb,QACA,MACA,OACQ;AACR,QAAI,KAAK,SAAS,WAAW,GAAG;AAC9B,aAAO,CAAC;AAAA,IACV;AAEA,UAAM,YAAY,KAAK,SAAS,IAAI,aAAW;AAC7C,YAAM,WAAW,0BAA0B,OAAO;AAElD,aAAO,OAAO,QAAQ,EAAE,MAAM,CAAAA,eAAa;AAAA,QACzC,aAAa;AAAA,UACX,GAAG,QAAQA,UAAS,eAAe,CAAC,GAAG,SAAO,OAAO,GAAG,EAAE;AAAA,UAC1D,mCAAmC,QAAQ,SAAS;AAAA,QACtD;AAAA,MACF,EAAE;AAAA,IACJ,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,WAAW,GAAG;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,2BACb,MACmD;AACnD,QAAI,KAAK,WAAW,WAAW,GAAG;AAChC,aAAO,CAAC;AAAA,IACV;AAEA,WAAO;AAAA;AAAA,MAEL,KAAK;AAAA,MACL,IAAI,+BAA+B;AAAA,MACnC,WAAS;AAAA,QACP;AAAA,UACE,KAAK;AAAA,UACL,UAAU;AAAA,UACV,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,oBACb,QACA,MACA,OACwD;AACxD,UAAM,uBAAuB,qBAAoB,2BAA2B,IAAI;AAEhF,QAAI,KAAK,UAAU,WAAW,GAAG;AAC/B,UAAI,qBAAqB,WAAW,GAAG;AAErC,eAAO,CAAC;AAAA,MACV;AAGA,aAAO;AAAA,QACL;AAAA,UACE,CAAC,GAAG,MAAM,WAAW,GAAG,CAAC,EAAE,kBAAkB,qBAAqB,CAAC;AAAA,UACnE,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAGA,UAAM,YAAY,KAAK,UAAU,IAAI,cAAY;AAC/C,YAAM,cAAc,0BAA0B,QAAQ;AAEtD,aAAO,OAAO,WAAW,EAAE,MAAM,CAAAC,iBAAe;AAC9C,cAAM,cAAc,IAAIA,aAAY,oBAAoB,CAAC,GAAG,iBAAe;AAAA,UACzE,KAAK,OAAO,WAAW,GAAG;AAAA,UAC1B,UAAU,WAAW;AAAA,UACrB,QAAQ,WAAW;AAAA,QACrB,EAAE;AAEF,eAAO;AAAA,UACL,aAAa,QAAQA,aAAY,eAAe,CAAC,GAAG,SAAO,OAAO,GAAG,EAAE;AAAA,UACvE,kBAAkB,CAAC,GAAG,aAAa,GAAG,oBAAoB;AAAA,QAC5D;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,WAAO;AAAA,MACL;AAAA,QACE,CAAC,GAAG,MAAM,WAAW,GAAG;AAAA,QACxB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,SACb,OACwE;AACxE,QAAI,MAAM,WAAW,GAAG;AACtB;AAAA,IACF;AAEA,WAAO;AAAA,MACL,OAAO,MAAM,IAAI,UAAQ;AACvB,YAAI,UAAU,MAAM;AAClB,iBAAO;AAAA,YACL,MAAM,KAAK,KAAK,SAAS;AAAA,YACzB,UAAU,KAAK,YAAY;AAAA,UAC7B;AAAA,QACF;AAEA,eAAO;AAAA,UACL,MAAM,KAAK,MAAM,CAAC,EAAE,SAAS;AAAA,UAC7B,SAAS,KAAK,MAAM,CAAC;AAAA,UACrB,UAAU,KAAK,YAAY;AAAA,QAC7B;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;AChRE,IAAAC,UAAU;AAAA,EACR,MAAQ;AAAA,EACR,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,QAAU;AACZ;","names":["selector","rawSelector","cilium"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@highstate/cilium",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.8",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist",
|
|
@@ -21,17 +21,17 @@
|
|
|
21
21
|
"generate-crds": "./scripts/generate-crds.sh"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@highstate/cilium-crds": "^0.9.
|
|
25
|
-
"@highstate/k8s": "^0.9.
|
|
26
|
-
"@highstate/library": "^0.9.
|
|
27
|
-
"@highstate/pulumi": "^0.9.
|
|
24
|
+
"@highstate/cilium-crds": "^0.9.8",
|
|
25
|
+
"@highstate/k8s": "^0.9.8",
|
|
26
|
+
"@highstate/library": "^0.9.8",
|
|
27
|
+
"@highstate/pulumi": "^0.9.8",
|
|
28
28
|
"@pulumi/command": "^1.0.2",
|
|
29
29
|
"@pulumi/kubernetes": "^4.18.0",
|
|
30
30
|
"@pulumi/pulumi": "^3.165.0",
|
|
31
31
|
"remeda": "^2.21.0"
|
|
32
32
|
},
|
|
33
33
|
"devDependencies": {
|
|
34
|
-
"@highstate/cli": "^0.9.
|
|
34
|
+
"@highstate/cli": "^0.9.8"
|
|
35
35
|
},
|
|
36
|
-
"gitHead": "
|
|
36
|
+
"gitHead": "036db4d9937ff30edf15f143482c5702e5b7a7fb"
|
|
37
37
|
}
|