@highstate/k8s 0.15.0 → 0.16.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highstate/k8s",
-  "version": "0.15.0",
+  "version": "0.16.0",
   "type": "module",
   "files": [
     "dist",
@@ -20,10 +20,6 @@
         "mode": "manual",
         "version": "1"
       },
-      "./units/cluster-dns": {
-        "mode": "manual",
-        "version": "1"
-      },
       "./units/dns01-issuer": {
         "mode": "manual",
         "version": "1"
@@ -49,7 +45,6 @@
     },
     "./units/cert-manager": "./dist/units/cert-manager/index.js",
     "./units/cluster-patch": "./dist/units/cluster-patch/index.js",
-    "./units/cluster-dns": "./dist/units/cluster-dns/index.js",
     "./units/dns01-issuer": "./dist/units/dns01-issuer/index.js",
     "./units/existing-cluster": "./dist/units/existing-cluster/index.js",
     "./units/gateway-api": "./dist/units/gateway-api/index.js",
@@ -77,18 +72,18 @@
     "pkg-types": "^2.1.0",
     "remeda": "^2.21.0",
     "yaml": "^2.8.1",
-    "@highstate/contract": "0.16.0",
-    "@highstate/common": "0.15.0",
     "@highstate/cert-manager": "0.14.0",
+    "@highstate/common": "0.16.0",
+    "@highstate/contract": "0.17.0",
     "@highstate/gateway-api": "0.14.0",
-    "@highstate/library": "0.15.0",
-    "@highstate/pulumi": "0.16.0"
+    "@highstate/library": "0.16.0",
+    "@highstate/pulumi": "0.17.0"
   },
   "devDependencies": {
     "@biomejs/biome": "2.2.0",
     "@typescript/native-preview": "^7.0.0-dev.20250920.1",
     "type-fest": "^4.41.0",
-    "@highstate/cli": "0.16.0"
+    "@highstate/cli": "0.17.0"
   },
   "repository": {
     "url": "https://github.com/highstate-io/highstate"

package/src/cluster.ts

@@ -1,38 +1,38 @@
-import type { k8s } from "@highstate/library"
+import type { k8s, network } from "@highstate/library"
+import { isPrivateAddress, parseAddress } from "@highstate/common"
 import { text, type UnitTerminal } from "@highstate/contract"
 import { fileFromString, type Input, type Output, output } from "@highstate/pulumi"
 import { CoreV1Api, type KubeConfig } from "@kubernetes/client-node"
 import { images } from "./shared"
 
-function isPrivateIp(ip: string) {
-  const privateIpRegex = /^(10|172\.16|192\.168)\./
-  return privateIpRegex.test(ip)
-}
-
 export async function detectExternalIps(
   kubeConfig: KubeConfig,
   internalIpsPolicy: k8s.InternalIpsPolicy,
-): Promise<string[]> {
+): Promise<network.Address[]> {
   const nodeApi = kubeConfig.makeApiClient(CoreV1Api)
   const nodes = await nodeApi.listNode()
 
   return nodes.items.flatMap(node => {
     const addresses = node.status?.addresses ?? []
+
     const externalIp = addresses.find(address => address.type === "ExternalIP")
     const internalIp = addresses.find(address => address.type === "InternalIP")
 
-    const result: string[] = []
+    const externalAddress = externalIp ? parseAddress(externalIp.address) : undefined
+    const internalAddress = internalIp ? parseAddress(internalIp.address) : undefined
+
+    const result: network.Address[] = []
 
-    if (externalIp?.address) {
-      result.push(externalIp.address)
+    if (externalAddress) {
+      result.push(externalAddress)
     }
 
-    if (internalIp?.address && internalIpsPolicy === "always") {
-      result.push(internalIp.address)
+    if (internalAddress && internalIpsPolicy === "always") {
+      result.push(internalAddress)
     }
 
-    if (internalIp?.address && internalIpsPolicy === "public" && !isPrivateIp(internalIp.address)) {
-      result.push(internalIp.address)
+    if (internalAddress && internalIpsPolicy === "public" && !isPrivateAddress(internalAddress)) {
+      result.push(internalAddress)
     }
 
     return result

package/src/config-map.ts

@@ -11,7 +11,7 @@ import {
   output,
 } from "@pulumi/pulumi"
 import { Namespace } from "./namespace"
-import { getProvider, mapMetadata, ScopedResource, type ScopedResourceArgs } from "./shared"
+import { getProvider, mapMetadata, NamespacedResource, type ScopedResourceArgs } from "./shared"
 
 export type ConfigMapArgs = ScopedResourceArgs &
   Omit<types.input.core.v1.ConfigMap, "kind" | "metadata" | "apiVersion">
@@ -20,42 +20,38 @@ export type CreateOrGetConfigMapArgs = ConfigMapArgs & {
   /**
    * The config map entity to patch/retrieve.
    */
-  existing: Input<k8s.ScopedResource> | undefined
+  existing: Input<k8s.NamespacedResource> | undefined
 }
 
 /**
  * Represents a Kubernetes ConfigMap resource with metadata and data.
  */
-export abstract class ConfigMap extends ScopedResource {
+export abstract class ConfigMap extends NamespacedResource {
+  static apiVersion = "v1"
+  static kind = "ConfigMap"
+
   protected constructor(
     type: string,
     name: string,
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    apiVersion: Output<string>,
-    kind: Output<string>,
-    namespace: Output<Namespace>,
     metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
 
     /**
      * The data of the underlying Kubernetes config map.
      */
     readonly data: Output<Record<string, string>>,
   ) {
-    super(type, name, args, opts, apiVersion, kind, namespace, metadata)
+    super(type, name, args, opts, metadata, namespace)
   }
 
   /**
    * The Highstate config map entity.
    */
-  get entity(): Output<k8s.ScopedResource> {
-    return output({
-      type: "config-map",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
-    })
+  get entity(): Output<k8s.ConfigMap> {
+    return output(this.entityBase)
   }
 
   /**
@@ -156,7 +152,7 @@ export abstract class ConfigMap extends ScopedResource {
    * @param entity The entity to get the config map for.
    * @param cluster The cluster where the config map is located.
    */
-  static for(entity: k8s.ScopedResource, cluster: Input<k8s.Cluster>): ConfigMap {
+  static for(entity: k8s.NamespacedResource, cluster: Input<k8s.Cluster>): ConfigMap {
     return getOrCreate(
       ConfigMap.configMapCache,
       `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`,
@@ -181,7 +177,7 @@ export abstract class ConfigMap extends ScopedResource {
    * @param cluster The cluster where the config map is located.
    */
   static async forAsync(
-    entity: Input<k8s.ScopedResource>,
+    entity: Input<k8s.NamespacedResource>,
     cluster: Input<k8s.Cluster>,
   ): Promise<ConfigMap> {
     const resolvedEntity = await toPromise(entity)
@@ -211,10 +207,8 @@ class CreatedConfigMap extends ConfigMap {
       name,
       args,
       opts,
-      configMap.apiVersion,
-      configMap.kind,
-      output(args.namespace),
       configMap.metadata,
+      output(args.namespace),
       configMap.data,
     )
   }
@@ -242,10 +236,8 @@ class ConfigMapPatch extends ConfigMap {
       name,
       args,
       opts,
-      configMap.apiVersion,
-      configMap.kind,
-      output(args.namespace),
       configMap.metadata,
+      output(args.namespace),
       configMap.data,
     )
   }
@@ -270,11 +262,8 @@ class WrappedConfigMap extends ConfigMap {
       name,
       args,
       opts,
-
-      output(args.configMap).apiVersion,
-      output(args.configMap).kind,
-      output(args.namespace),
       output(args.configMap).metadata,
+      output(args.namespace),
       output(args.configMap).data,
     )
   }
@@ -307,11 +296,8 @@ class ExternalConfigMap extends ConfigMap {
       name,
       args,
       opts,
-
-      configMap.apiVersion,
-      configMap.kind,
-      output(args.namespace),
       configMap.metadata,
+      output(args.namespace),
       configMap.data,
     )
   }

package/src/container.ts

@@ -67,7 +67,7 @@ export type Container = Omit<PartialKeys<types.input.core.v1.Container, "name">,
    *
    * This is used to generate a network policy.
    */
-  allowedEndpoints?: InputArray<network.L34Endpoint>
+  allowedEndpoints?: InputArray<network.L3Endpoint>
 
   /**
    * Enable the TUN device in the container.

package/src/cron-job.ts

@@ -1,4 +1,4 @@
-import type { RequiredKeys, UnitTerminal } from "@highstate/contract"
+import type { UnitTerminal } from "@highstate/contract"
 import type { k8s } from "@highstate/library"
 import type { Container } from "./container"
 import type { NetworkPolicy } from "./network-policy"
@@ -26,7 +26,7 @@ import {
 } from "./workload"
 
 export type CronJobArgs = ScopedResourceArgs &
-  Omit<RequiredKeys<Partial<types.input.batch.v1.CronJobSpec>, "schedule">, "jobTemplate"> & {
+  Omit<Partial<types.input.batch.v1.CronJobSpec>, "jobTemplate"> & {
     jobTemplate?: {
       metadata?: types.input.meta.v1.ObjectMeta
       spec?: Omit<types.input.batch.v1.JobSpec, "template"> & {
@@ -42,25 +42,26 @@ export type CreateOrGetCronJobArgs = CronJobArgs & {
   /**
    * The cron job entity to patch/retrieve.
    */
-  existing: Input<k8s.ScopedResource> | undefined
+  existing: Input<k8s.NamespacedResource> | undefined
 }
 
 /**
  * Represents a Kubernetes CronJob resource with metadata and spec.
  */
 export abstract class CronJob extends Workload {
+  static apiVersion = "batch/v1"
+  static kind = "CronJob"
+
   protected constructor(
     type: string,
     name: string,
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    apiVersion: Output<string>,
-    kind: Output<string>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
     terminalArgs: Output<Unwrap<WorkloadTerminalArgs>>,
     containers: Output<Container[]>,
-    namespace: Output<Namespace>,
-    metadata: Output<types.output.meta.v1.ObjectMeta>,
     networkPolicy: Output<NetworkPolicy | undefined>,
 
     /**
@@ -78,12 +79,10 @@ export abstract class CronJob extends Workload {
       name,
       args,
       opts,
-      apiVersion,
-      kind,
+      metadata,
+      namespace,
       terminalArgs,
       containers,
-      namespace,
-      metadata,
       spec.jobTemplate.spec.template,
       networkPolicy,
     )
@@ -96,13 +95,8 @@ export abstract class CronJob extends Workload {
   /**
    * The Highstate cron job entity.
    */
-  get entity(): Output<k8s.ScopedResource> {
-    return output({
-      type: "cron-job",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
-    })
+  get entity(): Output<k8s.CronJob> {
+    return output(this.entityBase)
   }
 
   protected getTerminalMeta(): Output<UnitTerminal["meta"]> {
@@ -209,7 +203,7 @@ export abstract class CronJob extends Workload {
    * @param entity The entity to get the cron job for.
    * @param cluster The cluster where the cron job is located.
    */
-  static for(entity: k8s.ScopedResource, cluster: Input<k8s.Cluster>): CronJob {
+  static for(entity: k8s.NamespacedResource, cluster: Input<k8s.Cluster>): CronJob {
     return getOrCreate(
       CronJob.cronJobCache,
       `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`,
@@ -234,7 +228,7 @@ export abstract class CronJob extends Workload {
    * @param cluster The cluster where the cron job is located.
    */
   static async forAsync(
-    entity: Input<k8s.ScopedResource>,
+    entity: Input<k8s.NamespacedResource>,
     cluster: Input<k8s.Cluster>,
   ): Promise<CronJob> {
     const resolvedEntity = await toPromise(entity)
@@ -292,15 +286,11 @@ class CreatedCronJob extends CronJob {
       name,
       args,
       opts,
-
-      cronJob.apiVersion,
-      cronJob.kind,
+      cronJob.metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       containers,
-      output(args.namespace),
-      cronJob.metadata,
       networkPolicy,
-
       cronJob.spec,
       cronJob.status,
     )
@@ -330,7 +320,7 @@ class CronJobPatch extends CronJob {
                     template: podTemplate,
                   },
                 },
-                schedule: args.schedule,
+                schedule: args.schedule!,
               } satisfies types.input.batch.v1.CronJobSpec,
               omit(args, cronJobExtraArgs) as types.input.batch.v1.CronJobSpec,
             )
@@ -349,15 +339,11 @@ class CronJobPatch extends CronJob {
       name,
       args,
       opts,
-
-      cronJob.apiVersion,
-      cronJob.kind,
+      cronJob.metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       containers,
-      output(args.namespace),
-      cronJob.metadata,
       networkPolicy,
-
       cronJob.spec,
       cronJob.status,
     )
@@ -389,12 +375,10 @@ class WrappedCronJob extends CronJob {
       args,
       opts,
 
-      output(args.cronJob).apiVersion,
-      output(args.cronJob).kind,
+      output(args.cronJob).metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       output([]),
-      output(args.namespace),
-      output(args.cronJob).metadata,
       output(undefined),
 
       output(args.cronJob).spec,
@@ -431,12 +415,10 @@ class ExternalCronJob extends CronJob {
       args,
       opts,
 
-      cronJob.apiVersion,
-      cronJob.kind,
+      cronJob.metadata,
+      output(args.namespace),
       output({}),
       output([]),
-      output(args.namespace),
-      cronJob.metadata,
       output(undefined),
 
       cronJob.spec,

package/src/deployment.ts

@@ -43,18 +43,20 @@ export type CreateOrGetDeploymentArgs = DeploymentArgs & {
 }
 
 export abstract class Deployment extends ExposableWorkload {
+  static readonly apiVersion = "apps/v1"
+  static readonly kind = "Deployment"
+
   protected constructor(
     type: string,
     name: string,
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    apiVersion: Output<string>,
-    kind: Output<string>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
+
     terminalArgs: Output<Unwrap<WorkloadTerminalArgs>>,
     containers: Output<Container[]>,
-    namespace: Output<Namespace>,
-    metadata: Output<types.output.meta.v1.ObjectMeta>,
     networkPolicy: Output<NetworkPolicy | undefined>,
 
     service: Output<Service | undefined>,
@@ -75,12 +77,10 @@ export abstract class Deployment extends ExposableWorkload {
       name,
       args,
       opts,
-      apiVersion,
-      kind,
+      metadata,
+      namespace,
       terminalArgs,
       containers,
-      namespace,
-      metadata,
       spec.template,
       networkPolicy,
       service,
@@ -105,12 +105,12 @@ export abstract class Deployment extends ExposableWorkload {
    * The Highstate deployment entity.
    */
   get entity(): Output<k8s.Deployment> {
+    const service = this._service.apply(service => service?.entity)
+
     return output({
-      type: "deployment",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
-      service: this._service.apply(service => service?.entity),
+      ...this.entityBase,
+      service,
+      endpoints: service.apply(svc => output(svc?.endpoints ?? [])),
     })
   }
 
@@ -276,14 +276,13 @@ class CreatedDeployment extends Deployment {
       args,
       opts,
 
-      deployment.apiVersion,
-      deployment.kind,
+      deployment.metadata,
+      output(args.namespace),
+
       output(args.terminal ?? {}),
       containers,
-      output(args.namespace),
-      deployment.metadata,
-      networkPolicy,
 
+      networkPolicy,
       service,
       routes,
 
@@ -324,12 +323,10 @@ class DeploymentPatch extends Deployment {
       args,
       opts,
 
-      deployment.apiVersion,
-      deployment.kind,
+      deployment.metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       containers,
-      output(args.namespace),
-      deployment.metadata,
       networkPolicy,
 
       service,
@@ -366,12 +363,10 @@ class WrappedDeployment extends Deployment {
       args,
       opts,
 
-      output(args.deployment).apiVersion,
-      output(args.deployment).kind,
+      output(args.deployment).metadata,
+      output(args.namespace),
       output(args.terminal ?? {}),
       output([]),
-      output(args.namespace),
-      output(args.deployment).metadata,
 
       output(undefined),
       output(undefined),
@@ -411,12 +406,10 @@ class ExternalDeployment extends Deployment {
       args,
       opts,
 
-      deployment.apiVersion,
-      deployment.kind,
+      deployment.metadata,
+      output(args.namespace),
       output({}),
       output([]),
-      output(args.namespace),
-      deployment.metadata,
 
       output(undefined),
       output(undefined),

package/src/gateway/gateway.ts

@@ -1,11 +1,10 @@
 import type { k8s, network } from "@highstate/library"
 import type { types } from "@pulumi/kubernetes"
 import type { SetRequired } from "type-fest"
-import { parseL3Endpoint } from "@highstate/common"
+import { parseEndpoint } from "@highstate/common"
 import { getOrCreate } from "@highstate/contract"
 import { gateway, type types as gwTypes } from "@highstate/gateway-api"
 import {
-  ComponentResource,
   type ComponentResourceOptions,
   type Input,
   type InputArray,
@@ -17,7 +16,13 @@ import {
 } from "@highstate/pulumi"
 import { omit } from "remeda"
 import { Namespace } from "../namespace"
-import { commonExtraArgs, getProvider, mapMetadata, type ScopedResourceArgs } from "../shared"
+import {
+  commonExtraArgs,
+  getProvider,
+  mapMetadata,
+  NamespacedResource,
+  type ScopedResourceArgs,
+} from "../shared"
 
 export type GatewayArgs = ScopedResourceArgs & {
   /**
@@ -43,7 +48,10 @@ const gatewayExtraArgs = [...commonExtraArgs, "fqdn", "fqdns"] as const
 /**
  * Represents a Kubernetes Gateway resource.
  */
-export abstract class Gateway extends ComponentResource {
+export abstract class Gateway extends NamespacedResource {
+  static readonly apiVersion = "gateway.networking.k8s.io/v1"
+  static readonly kind = "Gateway"
+
   protected constructor(
     type: string,
     name: string,
@@ -53,12 +61,8 @@ export abstract class Gateway extends ComponentResource {
     /**
      * The namespace where the gateway is located.
      */
-    readonly namespace: Output<Namespace>,
-
-    /**
-     * The metadata of the underlying Kubernetes gateway.
-     */
-    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
+    namespace: Output<Namespace>,
 
     /**
      * The spec of the underlying Gateway resource.
@@ -70,26 +74,14 @@ export abstract class Gateway extends ComponentResource {
      */
     readonly status: Output<gwTypes.output.gateway.v1.GatewayStatus>,
   ) {
-    super(type, name, args, opts)
-  }
-
-  /**
-   * The cluster where the gateway is located.
-   */
-  get cluster(): Output<k8s.Cluster> {
-    return this.namespace.cluster
+    super(type, name, args, opts, metadata, namespace)
   }
 
   /**
    * The Highstate gateway entity.
    */
   get entity(): Output<k8s.Gateway> {
-    return output({
-      type: "gateway",
-      clusterId: this.cluster.id,
-      clusterName: this.cluster.name,
-      metadata: this.metadata,
-    })
+    return output(this.entityBase)
   }
 
   /**
@@ -101,7 +93,7 @@ export abstract class Gateway extends ComponentResource {
         return []
       }
 
-      return addresses.map(address => parseL3Endpoint(address.value))
+      return addresses.map(address => parseEndpoint(address.value))
     })
   }
 
@@ -299,8 +291,8 @@ class CreatedGateway extends Gateway {
       args,
       opts,
 
-      output(args.namespace),
       gatewayResource.metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       gatewayResource.spec,
       gatewayResource.status,
     )
@@ -326,8 +318,8 @@ class GatewayPatch extends Gateway {
       args,
       opts,
 
-      output(args.namespace),
       gatewayResource.metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       gatewayResource.spec,
       gatewayResource.status,
     )
@@ -354,8 +346,8 @@ class WrappedGateway extends Gateway {
       args,
       opts,
 
-      output(args.namespace),
       output(args.gateway).metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       output(args.gateway).spec,
       output(args.gateway).status,
     )
@@ -390,8 +382,8 @@ class ExternalGateway extends Gateway {
       args,
       opts,
 
-      output(args.namespace),
       gatewayResource.metadata as Output<types.output.meta.v1.ObjectMeta>,
+      output(args.namespace),
       gatewayResource.spec,
       gatewayResource.status,
     )

package/src/helm.ts

@@ -26,7 +26,7 @@ import spawn from "nano-spawn"
 import { isNonNullish, omit } from "remeda"
 import { Deployment } from "./deployment"
 import { NetworkPolicy, type NetworkPolicyArgs } from "./network-policy"
-import { getServiceType, Service, type ServiceArgs } from "./service"
+import { createServiceSpec, Service, type ServiceArgs } from "./service"
 import { getNamespaceName, getProvider, type NamespaceLike } from "./shared"
 import { StatefulSet } from "./stateful-set"
 
@@ -147,19 +147,18 @@ export class Chart extends ComponentResource {
                 resourceArgs.type === "kubernetes:core/v1:Service" &&
                 resourceArgs.name === expectedName
               ) {
-                const spec = resourceArgs.props.spec as types.input.core.v1.ServiceSpec
+                const spec = await toPromise(
+                  resourceArgs.props.spec as types.input.core.v1.ServiceSpec,
+                )
+
+                const serviceSpec = await toPromise(createServiceSpec(args.service ?? {}, cluster))
 
                 return {
                   props: {
                     ...resourceArgs.props,
                     spec: {
                       ...spec,
-                      ...(args.service ?? {}),
-
-                      type: getServiceType(args.service, cluster),
-
-                      externalIPs:
-                        args.service?.externalIPs ?? cluster.externalIps ?? spec.externalIPs,
+                      ...omit(serviceSpec, ["ports"]),
                     },
                   },
                   opts: resourceArgs.opts,