@highstate/k8s 0.14.2 → 0.16.0

package/src/service.ts

@@ -1,4 +1,10 @@
-import { filterEndpoints, l4EndpointToString, parseL3Endpoint } from "@highstate/common"
+import {
+  addEndpointMetadata,
+  l3EndpointToL4,
+  mergeEndpoints,
+  parseEndpoint,
+  parseL4Protocol,
+} from "@highstate/common"
 import { check, getOrCreate } from "@highstate/contract"
 import { k8s, type network } from "@highstate/library"
 import {
@@ -12,14 +18,13 @@ import {
   toPromise,
 } from "@highstate/pulumi"
 import { core, type types } from "@pulumi/kubernetes"
-import { deepmerge } from "deepmerge-ts"
-import { omit, uniqueBy } from "remeda"
+import { omit, pipe } from "remeda"
 import { Namespace } from "./namespace"
 import {
   commonExtraArgs,
   getProvider,
   mapMetadata,
-  ScopedResource,
+  NamespacedResource,
   type ScopedResourceArgs,
 } from "./shared"
 
@@ -66,17 +71,18 @@ export function isEndpointFromCluster(
 /**
  * Represents a Kubernetes Service resource with endpoints and metadata.
  */
-export abstract class Service extends ScopedResource {
+export abstract class Service extends NamespacedResource {
+  static apiVersion = "v1"
+  static kind = "Service"
+
   protected constructor(
     type: string,
     name: string,
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    apiVersion: Output<string>,
-    kind: Output<string>,
-    namespace: Output<Namespace>,
     metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
 
     /**
      * The spec of the underlying Kubernetes service.
@@ -88,7 +94,7 @@ export abstract class Service extends ScopedResource {
      */
     readonly status: Output<types.output.core.v1.ServiceStatus>,
   ) {
-    super(type, name, args, opts, apiVersion, kind, namespace, metadata)
+    super(type, name, args, opts, metadata, namespace)
   }
 
   /**
@@ -96,10 +102,7 @@ export abstract class Service extends ScopedResource {
    */
   get entity(): Output<k8s.Service> {
     return output({
-      type: "service",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
+      ...this.entityBase,
       endpoints: this.endpoints,
     })
   }
@@ -225,18 +228,6 @@ export abstract class Service extends ScopedResource {
     return Service.for(resolvedEntity, output(cluster))
   }
 
-  /**
-   * Returns the endpoints of the service applying the given filter.
-   *
-   * If no filter is specified, the default behavior of `filterEndpoints` is used.
-   *
-   * @param filter If specified, the endpoints are filtered based on the given filter.
-   * @returns The endpoints of the service.
-   */
-  filterEndpoints(filter?: network.EndpointFilter): Output<k8s.ServiceEndpoint[]> {
-    return output(this.endpoints).apply(endpoints => filterEndpoints(endpoints, filter))
-  }
-
   /**
    * Returns the endpoints of the service including both internal and external endpoints.
    */
@@ -247,64 +238,57 @@ export abstract class Service extends ScopedResource {
       spec: this.spec,
       status: this.status,
     }).apply(({ cluster, metadata, spec, status }) => {
-      const endpointMetadata: k8s.EndpointServiceMetadata = {
-        "k8s.service": {
-          clusterId: cluster.id,
-          clusterName: cluster.name,
-          name: metadata.name,
-          namespace: metadata.namespace,
-          selector: spec.selector,
-          targetPort: spec.ports[0].targetPort ?? spec.ports[0].port,
-        },
+      function createMetadata(isInternal: boolean): k8s.EndpointServiceMetadata {
+        return {
+          "k8s.service": {
+            clusterId: cluster.id,
+            clusterName: cluster.name,
+            name: metadata.name,
+            namespace: metadata.namespace,
+            isInternal,
+            selector: spec.selector,
+            targetPort: spec.ports[0].targetPort ?? spec.ports[0].port,
+          },
+        }
       }
 
-      const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({
-        ...parseL3Endpoint(ip),
-        visibility: "internal" as network.EndpointVisibility,
-        port: spec.ports[0].port,
-        protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
-        metadata: endpointMetadata,
-      }))
-
-      if (clusterIpEndpoints.length > 0) {
-        clusterIpEndpoints.unshift({
-          type: "hostname",
-          visibility: "internal",
-          hostname: `${metadata.name}.${metadata.namespace}.svc.cluster.local`,
-          port: spec.ports[0].port,
-          protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
-          metadata: endpointMetadata,
-        })
-      }
-
-      const nodePortEndpoints =
-        spec.type === "NodePort"
-          ? cluster.endpoints.map(endpoint => ({
-              ...(endpoint as network.L3Endpoint),
-              port: spec.ports[0].nodePort,
-              protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
-              metadata: endpointMetadata,
-            }))
-          : []
+      const internalHosts = spec.clusterIPs.length
+        ? [...spec.clusterIPs, `${metadata.name}.${metadata.namespace}.svc.cluster.local`]
+        : []
+
+      const internalEndpoints = internalHosts.flatMap(ip =>
+        spec.ports.map(port =>
+          pipe(
+            ip,
+            parseEndpoint,
+            endpoint => l3EndpointToL4(endpoint, port.port, parseL4Protocol(port.protocol)),
+            endpoint => addEndpointMetadata(endpoint, createMetadata(true)),
+          ),
+        ),
+      )
 
-      const loadBalancerEndpoints =
-        spec.type === "LoadBalancer"
-          ? status.loadBalancer?.ingress?.map(endpoint => ({
-              ...parseL3Endpoint(endpoint.ip ?? endpoint.hostname),
-              port: spec.ports[0].port,
-              protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
-              metadata: endpointMetadata,
-            }))
+      const externalHosts =
+        spec.type === "NodePort" || spec.type === "LoadBalancer"
+          ? [
+              ...spec.externalIPs,
+              ...cluster.endpoints,
+              ...(status.loadBalancer?.ingress?.map(ingress => ingress.ip ?? ingress.hostname) ??
+                []),
+            ]
           : []
 
-      return uniqueBy(
-        [
-          ...(clusterIpEndpoints ?? []),
-          ...(loadBalancerEndpoints ?? []),
-          ...(nodePortEndpoints ?? []),
-        ],
-        l4EndpointToString,
+      const externalEndpoints = externalHosts.flatMap(ip =>
+        spec.ports.map(port =>
+          pipe(
+            ip,
+            parseEndpoint,
+            endpoint => l3EndpointToL4(endpoint, port.port, parseL4Protocol(port.protocol)),
+            endpoint => addEndpointMetadata(endpoint, createMetadata(false)),
+          ),
+        ),
       )
+
+      return mergeEndpoints([...internalEndpoints, ...externalEndpoints])
     })
   }
 }
@@ -316,22 +300,31 @@ export abstract class Service extends ScopedResource {
  * @param cluster The cluster where the service will be created.
  * @returns The service spec configuration.
  */
-function createServiceSpec(args: ServiceArgs, cluster: k8s.Cluster) {
+export function createServiceSpec(
+  args: Partial<ServiceArgs>,
+  cluster: k8s.Cluster,
+): Output<types.input.core.v1.ServiceSpec> {
   return output(args).apply(args => {
-    return deepmerge(
-      {
-        ports: normalize(args.port, args.ports),
+    return {
+      ...omit(args, serviceExtraArgs),
+
+      ports: normalize(args.port, args.ports),
+
+      // externalIPs: args.external
+      //   ? args.externalIPs
+      //     ? args.externalIPs
+      //     : cluster.externalIps.map(ip => ip.value)
+      //   : normalize(undefined, args.externalIPs),
 
-        externalIPs: args.external
+      // TODO: check for args.external being falsey
+      // for now we always set externalIPs since it for some reason fails if its empty
+      externalIPs:
+        args.externalIPs && args.externalIPs.length > 0
           ? args.externalIPs
-            ? args.externalIPs
-            : cluster.externalIps
-          : normalize(undefined, args.externalIPs),
+          : cluster.externalIps.map(ip => ip.value),
 
-        type: getServiceType(args, cluster),
-      },
-      omit(args, serviceExtraArgs),
-    )
+      type: getServiceType(args, cluster),
+    }
   })
 }
 
@@ -353,11 +346,8 @@ class CreatedService extends Service {
       name,
       args,
       opts,
-
-      service.apiVersion,
-      service.kind,
-      output(args.namespace),
       service.metadata,
+      output(args.namespace),
       service.spec,
       service.status,
     )
@@ -382,11 +372,8 @@ class ServicePatch extends Service {
       name,
       args,
       opts,
-
-      service.apiVersion,
-      service.kind,
-      output(args.namespace),
       service.metadata,
+      output(args.namespace),
       service.spec,
       service.status,
     )
@@ -412,11 +399,8 @@ class WrappedService extends Service {
       name,
       args,
       opts,
-
-      output(args.service).apiVersion,
-      output(args.service).kind,
-      output(args.namespace),
       output(args.service).metadata,
+      output(args.namespace),
       output(args.service).spec,
       output(args.service).status,
     )
@@ -450,11 +434,8 @@ class ExternalService extends Service {
       name,
       args,
       opts,
-
-      service.apiVersion,
-      service.kind,
-      output(args.namespace),
       service.metadata,
+      output(args.namespace),
       service.spec,
       service.status,
     )

package/src/shared.ts

@@ -114,7 +114,7 @@ export function validateCluster(
   return output({ entity, cluster }).apply(({ entity, cluster }) => {
     if (entity.clusterId !== cluster.id) {
       throw new Error(
-        `Cluster mismatch for ${entity.type} "${entity.metadata.name}": "${entity.clusterId}" != "${cluster.id}"`,
+        `Cluster mismatch for ${entity.kind} "${entity.metadata.name}": "${entity.clusterId}" != "${cluster.id}"`,
       )
     }
 
@@ -125,11 +125,26 @@ export function validateCluster(
 export { images }
 
 /**
- * Base class for all Kubernetes scoped resources.
+ * Base class for all Kubernetes resources.
  *
- * Provides common functionality for resources that have a cluster, namespace, metadata, and entity.
+ * Provides common functionality for resources that have a cluster and entity.
  */
-export abstract class ScopedResource extends ComponentResource {
+export abstract class Resource extends ComponentResource {
+  /**
+   * The Kubernetes API version (e.g., "v1", "apps/v1", "batch/v1").
+   */
+  static readonly apiVersion: string
+
+  /**
+   * The Kubernetes kind (e.g., "ConfigMap", "Deployment", "CronJob").
+   */
+  static readonly kind: string
+
+  /**
+   * Whether the resource is namespaced.
+   */
+  static readonly isNamespaced: boolean = false
+
   protected constructor(
     type: string,
     name: string,
@@ -137,19 +152,9 @@ export abstract class ScopedResource extends ComponentResource {
     opts: ComponentResourceOptions | undefined,
 
     /**
-     * The Kubernetes API version (e.g., "v1", "apps/v1", "batch/v1").
-     */
-    readonly apiVersion: Output<string>,
-
-    /**
-     * The Kubernetes kind (e.g., "ConfigMap", "Deployment", "CronJob").
-     */
-    readonly kind: Output<string>,
-
-    /**
-     * The namespace where the resource is located.
+     * The cluster where the resource is located.
      */
-    readonly namespace: Output<Namespace>,
+    readonly cluster: Output<k8s.Cluster>,
 
     /**
      * The metadata of the underlying Kubernetes resource.
@@ -160,14 +165,71 @@ export abstract class ScopedResource extends ComponentResource {
   }
 
   /**
-   * The cluster where the resource is located.
+   * The Kubernetes API version (e.g., "v1", "apps/v1", "batch/v1").
    */
-  get cluster(): Output<k8s.Cluster> {
-    return this.namespace.cluster
+  get apiVersion() {
+    return (this.constructor as typeof Resource).apiVersion
+  }
+
+  /**
+   * The Kubernetes kind (e.g., "ConfigMap", "Deployment", "CronJob").
+   */
+  get kind() {
+    return (this.constructor as typeof Resource).kind
+  }
+
+  get isNamespaced() {
+    return (this.constructor as typeof Resource).isNamespaced
+  }
+
+  protected get entityBase() {
+    return {
+      clusterId: this.cluster.id,
+      clusterName: this.cluster.name,
+      apiVersion: this.apiVersion,
+      kind: this.kind,
+      isNamespaced: false,
+      metadata: this.metadata,
+    }
+  }
+}
+
+/**
+ * Base class for all Kubernetes namespaced resources.
+ *
+ * Provides common functionality for resources that have a cluster, namespace, metadata, and entity.
+ */
+export abstract class NamespacedResource extends Resource {
+  static readonly isNamespaced = true
+
+  protected constructor(
+    type: string,
+    name: string,
+    args: Inputs,
+    opts: ComponentResourceOptions | undefined,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
+
+    /**
+     * The namespace where the resource is located.
+     */
+    readonly namespace: Output<Namespace>,
+  ) {
+    super(type, name, args, opts, namespace.cluster, metadata)
   }
 
   /**
    * The Highstate resource entity.
    */
-  abstract get entity(): Output<k8s.ScopedResource>
+  abstract get entity(): Output<k8s.NamespacedResource>
+
+  protected get entityBase() {
+    return {
+      clusterId: this.cluster.id,
+      clusterName: this.cluster.name,
+      apiVersion: this.apiVersion,
+      kind: this.kind,
+      isNamespaced: true,
+      metadata: this.metadata,
+    } as const
+  }
 }

package/src/stateful-set.ts

@@ -43,18 +43,19 @@ export type CreateOrGetStatefulSetArgs = StatefulSetArgs & {
 }
 
 export abstract class StatefulSet extends ExposableWorkload {
+  static apiVersion = "apps/v1"
+  static kind = "StatefulSet"
+
   protected constructor(
     type: string,
     name: string,
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    apiVersion: Output<string>,
-    kind: Output<string>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
     terminalArgs: Output<Unwrap<WorkloadTerminalArgs>>,
     containers: Output<Container[]>,
-    namespace: Output<Namespace>,
-    metadata: Output<types.output.meta.v1.ObjectMeta>,
     networkPolicy: Output<NetworkPolicy | undefined>,
 
     service: Output<Service | undefined>,
@@ -75,12 +76,10 @@ export abstract class StatefulSet extends ExposableWorkload {
       name,
       args,
       opts,
-      apiVersion,
-      kind,
+      metadata,
+      namespace,
       terminalArgs,
       containers,
-      namespace,
-      metadata,
       spec.template,
       networkPolicy,
       service,
@@ -97,11 +96,9 @@ export abstract class StatefulSet extends ExposableWorkload {
    */
   get entity(): Output<k8s.StatefulSet> {
     return output({
-      type: "stateful-set",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
+      ...this.entityBase,
       service: this.service.entity,
+      endpoints: this.service.endpoints,
     })
   }
 
@@ -297,12 +294,10 @@ class CreatedStatefulSet extends StatefulSet {
       args,
       opts,
 
-      statefulSet.apiVersion,
-      statefulSet.kind,
+      statefulSet.metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       containers,
-      output(args.namespace),
-      statefulSet.metadata,
       networkPolicy,
 
       service,
@@ -345,12 +340,10 @@ class StatefulSetPatch extends StatefulSet {
       args,
       opts,
 
-      statefulSet.apiVersion,
-      statefulSet.kind,
+      statefulSet.metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       containers,
-      output(args.namespace),
-      statefulSet.metadata,
       networkPolicy,
 
       service,
@@ -390,12 +383,10 @@ class WrappedStatefulSet extends StatefulSet {
       args,
       opts,
 
-      output(args.statefulSet).apiVersion,
-      output(args.statefulSet).kind,
+      output(args.statefulSet).metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       output([]),
-      output(args.namespace),
-      output(args.statefulSet).metadata,
 
       output(undefined),
       output(args.service),
@@ -435,12 +426,10 @@ class ExternalStatefulSet extends StatefulSet {
       args,
       opts,
 
-      statefulSet.apiVersion,
-      statefulSet.kind,
+      statefulSet.metadata,
+      output(args.namespace),
       output({}),
       output([]),
-      output(args.namespace),
-      statefulSet.metadata,
 
       output(undefined),
       output(undefined),

package/src/tls.ts

@@ -3,7 +3,6 @@ import type { types } from "@pulumi/kubernetes"
 import { cert_manager, type types as cmTypes } from "@highstate/cert-manager"
 import { getOrCreate } from "@highstate/contract"
 import {
-  ComponentResource,
   type ComponentResourceOptions,
   type Input,
   type Inputs,
@@ -15,7 +14,13 @@ import {
 import { omit } from "remeda"
 import { Namespace } from "./namespace"
 import { Secret } from "./secret"
-import { commonExtraArgs, getProvider, mapMetadata, type ScopedResourceArgs } from "./shared"
+import {
+  commonExtraArgs,
+  getProvider,
+  mapMetadata,
+  NamespacedResource,
+  type ScopedResourceArgs,
+} from "./shared"
 
 export type CertificateArgs = ScopedResourceArgs & cmTypes.input.cert_manager.v1.CertificateSpec
 
@@ -29,7 +34,10 @@ export type CreateOrGetCertificateArgs = CertificateArgs & {
 /**
  * Represents a cert-manager Certificate resource with metadata and secret.
  */
-export abstract class Certificate extends ComponentResource {
+export abstract class Certificate extends NamespacedResource {
+  static readonly apiVersion = "cert-manager.io/v1"
+  static readonly kind = "Certificate"
+
   private _secret?: Output<Secret>
 
   protected constructor(
@@ -38,15 +46,8 @@ export abstract class Certificate extends ComponentResource {
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    /**
-     * The namespace where the certificate is located.
-     */
-    readonly namespace: Output<Namespace>,
-
-    /**
-     * The metadata of the underlying cert-manager certificate.
-     */
-    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
 
     /**
      * The spec of the underlying cert-manager certificate.
@@ -58,26 +59,14 @@ export abstract class Certificate extends ComponentResource {
      */
     readonly status: Output<cmTypes.output.cert_manager.v1.CertificateStatus>,
   ) {
-    super(type, name, args, opts)
-  }
-
-  /**
-   * The cluster where the certificate is located.
-   */
-  get cluster(): Output<k8s.Cluster> {
-    return this.namespace.cluster
+    super(type, name, args, opts, metadata, namespace)
   }
 
   /**
    * The Highstate certificate entity.
    */
-  get entity(): Output<k8s.ScopedResource> {
-    return output({
-      type: "certificate",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
-    })
+  get entity(): Output<k8s.NamespacedResource> {
+    return output(this.entityBase)
   }
 
   /**
@@ -252,8 +241,8 @@ class CreatedCertificate extends Certificate {
       args,
       opts,
 
-      output(args.namespace),
       certificate.metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       certificate.spec,
       certificate.status,
     )
@@ -279,8 +268,8 @@ class CertificatePatch extends Certificate {
       args,
       opts,
 
-      output(args.namespace),
       certificate.metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       certificate.spec,
       certificate.status,
     )
@@ -307,8 +296,8 @@ class WrappedCertificate extends Certificate {
       args,
       opts,
 
-      output(args.namespace),
       output(args.certificate).metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       output(args.certificate).spec,
       output(args.certificate).status,
     )
@@ -343,8 +332,8 @@ class ExternalCertificate extends Certificate {
       args,
       opts,
 
-      output(args.namespace),
       certificate.metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       certificate.spec,
       certificate.status,
     )