@highstate/k8s 0.19.1 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-FE4SHRAJ.js → chunk-23X5SXQG.js} +22 -7
- package/dist/chunk-23X5SXQG.js.map +1 -0
- package/dist/{chunk-LGHFSXNT.js → chunk-ADHZK6V2.js} +14 -10
- package/dist/chunk-ADHZK6V2.js.map +1 -0
- package/dist/{chunk-VCXWCZ43.js → chunk-BTAEFJ5N.js} +27 -15
- package/dist/chunk-BTAEFJ5N.js.map +1 -0
- package/dist/{chunk-BR2CLUUD.js → chunk-IXE3OKB4.js} +27 -8
- package/dist/chunk-IXE3OKB4.js.map +1 -0
- package/dist/{chunk-TWBMG6TD.js → chunk-OG2OPX7B.js} +30 -12
- package/dist/chunk-OG2OPX7B.js.map +1 -0
- package/dist/{chunk-DCUMJSO6.js → chunk-P26SQ2ZB.js} +17 -51
- package/dist/chunk-P26SQ2ZB.js.map +1 -0
- package/dist/{chunk-MIC2BHGS.js → chunk-PG27ZY2H.js} +25 -7
- package/dist/chunk-PG27ZY2H.js.map +1 -0
- package/dist/chunk-PZYGZSN5.js +54 -0
- package/dist/{chunk-PZ5AY32C.js.map → chunk-PZYGZSN5.js.map} +1 -1
- package/dist/{chunk-YIJUVPU2.js → chunk-S77TE7UC.js} +27 -15
- package/dist/chunk-S77TE7UC.js.map +1 -0
- package/dist/{chunk-P2VOUU7E.js → chunk-SZKOAHNX.js} +383 -205
- package/dist/chunk-SZKOAHNX.js.map +1 -0
- package/dist/chunk-TOLFVF4S.js +889 -0
- package/dist/chunk-TOLFVF4S.js.map +1 -0
- package/dist/{chunk-RVB4WWZZ.js → chunk-TVKT3ZYX.js} +174 -18
- package/dist/chunk-TVKT3ZYX.js.map +1 -0
- package/dist/cron-job-RKB2HYTO.js +7 -0
- package/dist/{cron-job-NX4HD4FI.js.map → cron-job-RKB2HYTO.js.map} +1 -1
- package/dist/deployment-T35TUOL2.js +7 -0
- package/dist/{deployment-O2LJ5WR5.js.map → deployment-T35TUOL2.js.map} +1 -1
- package/dist/highstate.manifest.json +3 -2
- package/dist/impl/dynamic-endpoint-resolver.js +90 -0
- package/dist/impl/dynamic-endpoint-resolver.js.map +1 -0
- package/dist/impl/gateway-route.js +159 -62
- package/dist/impl/gateway-route.js.map +1 -1
- package/dist/impl/tls-certificate.js +6 -5
- package/dist/impl/tls-certificate.js.map +1 -1
- package/dist/index.js +106 -23
- package/dist/index.js.map +1 -1
- package/dist/job-PE4AKOHB.js +7 -0
- package/dist/job-PE4AKOHB.js.map +1 -0
- package/dist/stateful-set-LUIRHQJY.js +7 -0
- package/dist/{stateful-set-VJYKTQ72.js.map → stateful-set-LUIRHQJY.js.map} +1 -1
- package/dist/units/cert-manager/index.js +7 -8
- package/dist/units/cert-manager/index.js.map +1 -1
- package/dist/units/cluster-patch/index.js +6 -6
- package/dist/units/cluster-patch/index.js.map +1 -1
- package/dist/units/dns01-issuer/index.js +52 -15
- package/dist/units/dns01-issuer/index.js.map +1 -1
- package/dist/units/existing-cluster/index.js +39 -18
- package/dist/units/existing-cluster/index.js.map +1 -1
- package/dist/units/gateway-api/index.js +2 -2
- package/dist/units/reduced-access-cluster/index.js +8 -8
- package/dist/units/reduced-access-cluster/index.js.map +1 -1
- package/package.json +9 -7
- package/src/cluster.ts +12 -8
- package/src/config-map.ts +15 -5
- package/src/container.ts +4 -2
- package/src/cron-job.ts +25 -4
- package/src/deployment.ts +32 -17
- package/src/gateway/backend.ts +3 -3
- package/src/gateway/gateway.ts +12 -56
- package/src/helm.ts +354 -22
- package/src/impl/dynamic-endpoint-resolver.ts +109 -0
- package/src/impl/gateway-route.ts +231 -57
- package/src/impl/tls-certificate.ts +8 -3
- package/src/index.ts +1 -0
- package/src/job.ts +23 -5
- package/src/kubectl.ts +166 -0
- package/src/namespace.ts +47 -3
- package/src/network-policy.ts +1 -1
- package/src/pvc.ts +12 -2
- package/src/rbac.ts +28 -5
- package/src/scripting/environment.ts +3 -2
- package/src/secret.ts +15 -5
- package/src/service.ts +28 -6
- package/src/shared.ts +30 -2
- package/src/stateful-set.ts +32 -17
- package/src/tls.ts +31 -5
- package/src/units/cluster-patch/index.ts +5 -5
- package/src/units/dns01-issuer/index.ts +56 -12
- package/src/units/existing-cluster/index.ts +36 -15
- package/src/units/reduced-access-cluster/index.ts +6 -3
- package/src/worker.ts +4 -2
- package/src/workload.ts +453 -213
- package/dist/chunk-4G6LLC2X.js +0 -240
- package/dist/chunk-4G6LLC2X.js.map +0 -1
- package/dist/chunk-BR2CLUUD.js.map +0 -1
- package/dist/chunk-DCUMJSO6.js.map +0 -1
- package/dist/chunk-FE4SHRAJ.js.map +0 -1
- package/dist/chunk-KMLRI5UZ.js +0 -155
- package/dist/chunk-KMLRI5UZ.js.map +0 -1
- package/dist/chunk-LGHFSXNT.js.map +0 -1
- package/dist/chunk-MIC2BHGS.js.map +0 -1
- package/dist/chunk-OBDQONMV.js +0 -401
- package/dist/chunk-OBDQONMV.js.map +0 -1
- package/dist/chunk-P2VOUU7E.js.map +0 -1
- package/dist/chunk-PZ5AY32C.js +0 -9
- package/dist/chunk-RVB4WWZZ.js.map +0 -1
- package/dist/chunk-TWBMG6TD.js.map +0 -1
- package/dist/chunk-VCXWCZ43.js.map +0 -1
- package/dist/chunk-YIJUVPU2.js.map +0 -1
- package/dist/cron-job-NX4HD4FI.js +0 -8
- package/dist/deployment-O2LJ5WR5.js +0 -8
- package/dist/job-SYME6Y43.js +0 -8
- package/dist/job-SYME6Y43.js.map +0 -1
- package/dist/stateful-set-VJYKTQ72.js +0 -8
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/scripting/environment.ts","../src/scripting/bundle.ts","../src/scripting/container.ts","../src/worker.ts"],"names":["args","scriptEnvironment","hasFunctionScripts","output","options","resources"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuFA,IAAM,4BAAA,GAA+B;AAAA,EACnC,oBAAoB,EAAC;AAAA,EACrB,mBAAmB,EAAC;AAAA,EACpB,UAAU;AACZ,CAAA;AAEO,IAAM,sBAAA,GAAoD;AAAA,EAC/D,MAAA,EAAQ;AAAA,IACN,GAAG,4BAAA;AAAA,IACH,KAAA,EAAO,gFAAA;AAAA,IACP,gBAAA,EAAkB;AAAA;AAAA,MAEhB,kCAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,GAAG,4BAAA;AAAA,IACH,KAAA,EAAO,gFAAA;AAAA,IACP,gBAAA,EAAkB;AAAA;AAAA,MAEhB,6BAAA;AAAA,MACA,8BAAA;AAAA,MACA,8BAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EAEA,cAAc,EAAC;AAAA,EACf,gBAAgB,EAAC;AAAA,EACjB,OAAO,EAAC;AAAA,EACR,SAAS,EAAC;AAAA,EACV,cAAc,EAAC;AAAA,EACf,aAAa,EAAC;AAAA,EACd,kBAAkB;AACpB;AAEO,IAAM,oBAAA,GAA2D;AAAA,EACtE,MAAA,EAAQ,kFAAA;AAAA,EACR,MAAA,EAAQ;AACV;;;ACpFO,IAAM,YAAA,GAAN,cAA2B,iBAAA,CAAkB;AAAA;AAAA;AAAA;AAAA,EAIzC,SAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAc,IAAA,EAAwB,IAAA,EAAiC;AACjF,IAAA,KAAA,CAAM,4BAAA,EAA8B,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEpD,IAAA,MAAM,iBAAA,GAAoB,OAAO,IAAI,CAAA,CAClC,MAAM,CAAAA,KAAAA,KAAQ,UAAUA,KAAAA,CAAK,WAAA,EAAaA,MAAK,YAAY,CAAC,EAC5D,KAAA,CAAM,CAAAA,UAAQ,SAAA,CAAU,sBAAA,EAAwB,GAAGA,KAAI,CAAC,CAAA;AAI3D,IAAA,MAAM,kBAAA,GAAqB,iBAAA,CAAkB,KAAA,CAAM,CAAAC,kBAAAA,KAAqB;AACtE,MAAA,OAAO,MAAA,CAAO,OAAOA,kBAAAA,CAAkB,KAAK,EAAE,IAAA,CAAK,CAAA,IAAA,KAAQ,OAAO,IAAA,KAAS,UAAU,CAAA;AAAA,IACvF,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,eAAe,IAAA,CAAK,YAAA;AACzB,IAAA,IAAA,CAAK,cAAc,iBAAA,CAAkB,WAAA;AAErC,IAAA,IAAA,CAAK,QAAQ,kBAAA,CAAmB,KAAA;AAAA,MAAM,CAAAC,mBAAAA,KACpC,MAAA;AAAA,QACEA,mBAAAA,GACI,qBAAqB,IAAA,CAAK,YAAY,IACtC,iBAAA,CAAkB,IAAA,CAAK,YAAY,CAAA,CAAE;AAAA;AAC3C,KACF;AAEA,IAAA,IAAA,CAAK,mBAAmB,MAAA,CAAO,EAAE,iBAAA,EAAmB,kBAAA,EAAoB,CAAA,CAAE,KAAA;AAAA,MACxE,CAAC,EAAE,iBAAA,EAAAD,kBAAAA,EAAmB,kBAAA,EAAAC,qBAAmB,KAAM;AAC7C,QAAA,MAAM,gBAAA,GAAmB;AAAA,UACvB,GAAGD,kBAAAA,CAAkB,gBAAA;AAAA,UACrB,GAAGA,kBAAAA,CAAkB,IAAA,CAAK,YAAY,CAAA,CAAE;AAAA,SAC1C;AAEA,QAAA,IAAIC,mBAAAA,EAAoB;AACtB,UAAA,gBAAA,CAAiB,KAAK,8BAA8B,CAAA;AAAA,QACtD;AAEA,QAAA,OAAO,gBAAA,CAAiB,GAAA,CAAI,CAAA,QAAA,KAAY,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,MACjE;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,EAAE,iBAAA,EAAmB,MAAM,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,iBAAA,EAAAD,kBAAAA,EAAmB,IAAA,EAAAD,OAAK,KAAM;AAC1F,MAAA,OAAO,SAAA,CAAU,MAAA;AAAA,QACf,IAAA;AAAA,QACA;AAAA,UACE,WAAWA,KAAAA,CAAK,SAAA;AAAA,UAEhB,IAAA,EAAM,gBAAA,CAAiB,IAAA,CAAK,YAAA,EAAcC,kBAAiB;AAAA,SAC7D;AAAA,QACA,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,IAAA;AAAK,OAC1B;AAAA,IACF,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,EAAE,kBAAA,EAAoB,SAAS,iBAAA,CAAkB,OAAA,EAAS,CAAA,CAAE,KAAA;AAAA,MAChF,CAAC,EAAE,kBAAA,EAAAC,mBAAAA,EAAoB,SAAQ,KAAM;AACnC,QAAA,OAAO;AAAA,UACL,GAAG,OAAA;AAAA,UACH;AAAA,YACE,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAA,CAAS,IAAA;AAAA,YAE9B,SAAA,EAAW;AAAA,cACT,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAA,CAAS,IAAA;AAAA,cAC9B,WAAA,EAAa;AAAA;AAAA;AACf,WACF;AAAA,UACA,GAAIA,mBAAAA,GAAqB,CAAC,EAAE,IAAA,EAAM,cAAA,EAAgB,QAAA,EAAU,EAAC,EAAG,CAAA,GAAI;AAAC,SACvE;AAAA,MACF;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,eAAe,MAAA,CAAO;AAAA,MACzB,kBAAA;AAAA,MACA,cAAc,iBAAA,CAAkB;AAAA,KACjC,EAAE,KAAA,CAAM,CAAC,EAAE,kBAAA,EAAAA,mBAAAA,EAAoB,cAAa,KAAM;AACjD,MAAA,OAAO;AAAA,QACL,GAAG,YAAA;AAAA,QACH;AAAA,UACE,QAAQ,IAAA,CAAK,SAAA;AAAA,UACb,SAAA,EAAW;AAAA,SACb;AAAA,QACA,GAAIA,mBAAAA,GACA,CAAC,EAAE,IAAA,EAAM,gBAAgB,SAAA,EAAW,uBAAA,EAAyB,CAAA,GAC7D;AAAC,OACP;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AACF;AAEA,SAAS,qBAAqB,KAAA,EAAuB;AACnD,EAAA,IAAI,KAAA,CAAM,UAAA,CAAW,YAAY,CAAA,EAAG;AAClC,IAAA,OAAO,KAAA,CAAM,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA;AAAA,EACvC;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,eAAe,gBAAA,CACb,cACA,WAAA,EACiC;AACjC,EAAA,MAAM,aAAqC,EAAC;AAC5C,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,MAAM,uBAAA,GAA0B,YAAY,YAAY,CAAA;AACxD,EAAA,MAAM,YAAA,GAAe,EAAE,GAAG,WAAA,CAAY,YAAA,EAAa;AAEnD,EAAA,IAAI,kBAAA,GAAqB,KAAA;AAEzB,EAAA,KAAA,MAAW,GAAA,IAAO,YAAY,KAAA,EAAO;AACnC,IAAA,IAAI,OAAO,WAAA,CAAY,KAAA,CAAM,GAAG,MAAM,UAAA,EAAY;AAChD,MAAA,MAAM,aAAa,MAAM,iBAAA,CAAkB,WAAA,CAAY,KAAA,CAAM,GAAG,CAAC,CAAA;AAEjE,MAAA,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA;AAAA;AAAA;AAAA,QAAA,EAGd,WAAW,IAAI;;AAAA,gBAAA,EAEP,WAAW,UAAU,CAAA;AAAA,MAAA,CAAA;AAGjC,MAAA,kBAAA,GAAqB,IAAA;AAAA,IACvB,CAAA,MAAO;AACL,MAAA,UAAA,CAAW,GAAG,CAAA,GAAI,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,IAAI,kBAAA,EAAoB;AACtB,IAAA,MAAM,WAAA,GAAc,MAAM,eAAA,EAAgB;AAE1C,IAAA,WAAA,CAAY,YAAA,GAAe,MAAA;AAAA,MACzB,SAAA,CAAU,WAAA,CAAY,YAAA,IAAgB,IAAI,oBAAoB,CAAA;AAAA,MAC9D,CAAC,CAAA,EAAG,GAAA,KAAQ,GAAA,CAAI,WAAW,aAAa;AAAA,KAC1C;AAEA,IAAA,WAAA,CAAY,eAAA,GAAkB,MAAA;AAAA,MAC5B,SAAA,CAAU,WAAA,CAAY,eAAA,IAAmB,IAAI,oBAAoB,CAAA;AAAA,MACjE,CAAC,CAAA,EAAG,GAAA,KAAQ,GAAA,CAAI,WAAW,aAAa;AAAA,KAC1C;AAEA,IAAA,UAAA,CAAW,cAAc,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,WAAA,EAAa,MAAM,CAAC,CAAA;AAEhE,IAAA,YAAA,CAAa,yBAAyB,CAAA,GAAI,IAAA;AAAA;AAAA;;AAAA;AAAA;AAAA,IAAA,CAAA;AAAA,EAO5C;AAEA,EAAA,IAAI,uBAAA,CAAwB,kBAAA,CAAmB,MAAA,GAAS,CAAA,EAAG;AACzD,IAAA,UAAA,CAAW,yBAAyB,CAAA,GAAI,wBAAA;AAAA,MACtC,YAAA;AAAA,MACA,uBAAA,CAAwB;AAAA,KAC1B;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA;AAAA;AAAA;AAAA,IAAA,CAIZ,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,OAAO,IAAA,CAAK,uBAAA,CAAwB,iBAAiB,CAAA,CAAE,SAAS,CAAA,EAAG;AACrE,IAAA,KAAA,MAAW,GAAA,IAAO,wBAAwB,iBAAA,EAAmB;AAC3D,MAAA,UAAA,CAAW,eAAe,GAAG,CAAA,CAAE,CAAA,GAAI,uBAAA,CAAwB,kBAAkB,GAAG,CAAA;AAEhF,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,4CAAA,EAC2B,GAAG,CAAA;AAAA,6BAAA,EAClB,GAAG;AAAA,oCAAA,EACI,GAAG,CAAA;AAAA,MAAA,CAClC,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,IAAI,uBAAA,CAAwB,QAAA,CAAS,MAAA,GAAS,CAAA,EAAG;AAC/C,IAAA,UAAA,CAAW,qBAAqB,CAAA,GAAI,wBAAA;AAAA,MAClC,YAAA;AAAA,MACA,uBAAA,CAAwB;AAAA,KAC1B;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA;AAAA;AAAA;AAAA,IAAA,CAIZ,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA,CAAE,SAAS,CAAA,EAAG;AACxC,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,UAAA,CAAW,CAAA,MAAA,EAAS,GAAG,CAAA,CAAE,CAAA,GAAI,aAAa,GAAG,CAAA;AAE7C,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,sCAAA,EACqB,GAAG,CAAA;AAAA,uBAAA,EAClB,GAAG;AAAA,8BAAA,EACI,GAAG,CAAA;AAAA,MAAA,CAC5B,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,IAAA,CAAK,WAAA,CAAY,cAAc,CAAA,CAAE,SAAS,CAAA,EAAG;AACtD,IAAA,MAAM,iBAA2B,EAAC;AAElC,IAAA,KAAA,MAAW,GAAA,IAAO,YAAY,cAAA,EAAgB;AAC5C,MAAA,UAAA,CAAW,WAAW,GAAG,CAAA,CAAE,CAAA,GAAI,WAAA,CAAY,eAAe,GAAG,CAAA;AAE7D,MAAA,cAAA,CAAe,IAAA,CAAK;AAAA,wCAAA,EACgB,GAAG,CAAA;AAAA,yBAAA,EAClB,GAAG;AAAA,gCAAA,EACI,GAAG,CAAA;AAAA,MAAA,CAC9B,CAAA;AAAA,IACH;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA;AAAA,MAAA,EAET,cAAA,CAAe,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAA,CAAE,IAAA,CAAK,MAAM,CAAC;AAAA;;AAAA;AAAA;AAAA,IAAA,CAKjD,CAAA;AAAA,EACH;AAEA,EAAA,UAAA,CAAW,eAAe,IAAI,eAAA,CAAgB;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;;AAAA,EAAA,EAS5C,OAAA,CAAQ,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAA,CAAE,IAAA,CAAK,MAAM,CAAC;;AAAA;AAAA;AAAA;AAAA,EAAA,CAKxC,CAAA;AAED,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,wBAAA,CAAyB,cAAkC,QAAA,EAA4B;AAC9F,EAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAA;AAAA;AAAA;;AAAA,yBAAA,EAIgB,QAAA,CAAS,IAAA,CAAK,GAAG,CAAC;AAAA,IAAA,CAAA;AAAA,EAE3C,CAAA,MAAO;AACL,IAAA,OAAO,IAAA;AAAA;AAAA;;AAAA;AAAA,yBAAA,EAKgB,QAAA,CAAS,IAAA,CAAK,GAAG,CAAC;AAAA,IAAA,CAAA;AAAA,EAE3C;AACF;ACxTO,SAAS,sBAAsB,OAAA,EAA6C;AACjF,EAAA,MAAM,MAAA,GAASC,MAAAA,CAAO,OAAA,CAAQ,MAAM,CAAA;AAEpC,EAAA,OAAOA,MAAAA,CAAO;AAAA,IACZ,OAAA;AAAA,IACA,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,kBAAkB,MAAA,CAAO;AAAA,GAC1B,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,OAAA,EAAAC,QAAAA,EAAS,KAAA,EAAO,YAAA,EAAc,OAAA,EAAS,WAAA,EAAa,gBAAA,EAAiB,KAAM;AACrF,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAS,CAAC,wBAAA,EAA0B,CAAA,SAAA,EAAYA,QAAAA,CAAQ,IAAI,CAAA,CAAE,CAAA;AAAA,MAE9D,GAAGA,QAAAA;AAAA,MAEH,YAAA,EAAc,CAAC,GAAG,YAAA,EAAc,GAAIA,QAAAA,CAAQ,YAAA,IAAgB,EAAG,CAAA;AAAA,MAC/D,OAAA,EAAS,CAAC,GAAG,OAAA,EAAS,GAAIA,QAAAA,CAAQ,OAAA,IAAW,EAAG,CAAA;AAAA,MAChD,WAAA,EAAa,KAAA,CAAM,WAAA,EAAaA,QAAAA,CAAQ,WAAW,CAAA;AAAA,MACnD,gBAAA,EAAkB,CAAC,GAAG,gBAAA,EAAkB,GAAIA,QAAAA,CAAQ,gBAAA,IAAoB,EAAG;AAAA,KAC7E;AAAA,EACF,CAAC,CAAA;AACH;ACxCA,eAAsB,mBAAA,CACpB,WACA,SAAA,EACqC;AACrC,EAAA,MAAM,KAAA,GAAQ,IAAI,kBAAA,CAAmB,SAAA,EAAW;AAAA,IAC9C,IAAA,EAAM;AAAA,MACJ,KAAA,EAAO,CAAC,KAAA,EAAO,MAAA,EAAQ,OAAO;AAAA,KAChC;AAAA,IAEA,SAAA;AAAA,IACA;AAAA,GACD,CAAA;AAED,EAAA,OAAOD,MAAAA,CAAO;AAAA,IACZ,IAAA,EAAM,SAAA;AAAA,IACN,KAAA,EAAO,cAAA,CAAO,oBAAoB,CAAA,CAAE,KAAA;AAAA,IAEpC,MAAA,EAAQ;AAAA,MACN,UAAA,EAAY,MAAM,OAAA,CAAQ,UAAA;AAAA,MAC1B,SAAA,EAAWA,MAAAA,CAAO,SAAS,CAAA,CAAE,KAAA,CAAM,CAAAE,UAAAA,KAAaA,UAAAA,CAAU,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAC;AAAA;AAC9E,GACD,CAAA;AACH","file":"index.js","sourcesContent":["import type { InputEndpoint } from \"@highstate/common\"\nimport type { Input, InputArray, InputRecord } from \"@highstate/pulumi\"\nimport type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from \"../container\"\n\nexport type ScriptDistribution = \"alpine\" | \"ubuntu\"\n\nexport type DistributionEnvironment = {\n /**\n * The image that should be used for the distribution.\n */\n image?: Input<string>\n\n /**\n * The utility packages that should be installed before running \"preInstallScripts\".\n *\n * Useful for installing tools like `curl` to install additional repositories.\n */\n preInstallPackages?: InputArray<string>\n\n /**\n * The pre-install scripts that should be run before installing packages.\n * Typically, these scripts are used to install additional repositories.\n */\n preInstallScripts?: InputRecord<string>\n\n /**\n * The packages that are available in the environment.\n */\n packages?: InputArray<string>\n\n /**\n * The endpoint which the script is allowed to access scoped to the distribution.\n *\n * Typically, this is used to allow access to the package manager.\n *\n * Will be used to generate a network policy.\n */\n allowedEndpoints?: InputArray<InputEndpoint>\n}\n\nexport type ScriptProgram = () => unknown\n\nexport type ScriptEnvironment = {\n [distribution in ScriptDistribution]?: DistributionEnvironment\n} & {\n /**\n * The setup scripts that should be run before the script.\n */\n setupScripts?: InputRecord<string>\n\n /**\n * The cleanup scripts that should be run after the script.\n */\n cleanupScripts?: InputRecord<string>\n\n /**\n * The arbitrary files available in the environment including scripts.\n */\n files?: InputRecord<string | ScriptProgram>\n\n /**\n * The volumes that should be defined in the environment.\n */\n volumes?: InputArray<WorkloadVolume>\n\n /**\n * The volume mounts that should be defined in the environment.\n */\n volumeMounts?: InputArray<ContainerVolumeMount>\n\n /**\n * The environment variables that should be defined in the environment.\n */\n environment?: Input<ContainerEnvironment>\n\n /**\n * The endpoint which the script is allowed to access.\n *\n * Will be used to generate a network policy.\n */\n allowedEndpoints?: InputArray<InputEndpoint>\n}\n\nexport type ResolvedScriptEnvironment = Omit<Required<ScriptEnvironment>, ScriptDistribution> & {\n [distribution in ScriptDistribution]: Required<DistributionEnvironment>\n}\n\nconst emptyDistributionEnvironment = {\n preInstallPackages: [],\n preInstallScripts: {},\n packages: [],\n}\n\nexport const emptyScriptEnvironment: ResolvedScriptEnvironment = {\n alpine: {\n ...emptyDistributionEnvironment,\n image: \"alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c\",\n allowedEndpoints: [\n //\n \"tcp://dl-cdn.alpinelinux.org:443\",\n \"tcp://dl-cdn.alpinelinux.org:80\",\n ],\n },\n\n ubuntu: {\n ...emptyDistributionEnvironment,\n image: \"ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782\",\n allowedEndpoints: [\n //\n \"tcp://archive.ubuntu.com:80\",\n \"tcp://archive.ubuntu.com:443\",\n \"tcp://security.ubuntu.com:80\",\n \"tcp://security.ubuntu.com:443\",\n ],\n },\n\n setupScripts: {},\n cleanupScripts: {},\n files: {},\n volumes: [],\n volumeMounts: [],\n environment: {},\n allowedEndpoints: [],\n}\n\nexport const functionScriptImages: Record<ScriptDistribution, string> = {\n alpine: \"oven/bun@sha256:6b14922b0885c3890cdb0b396090af1da486ba941df5ee94391eef64f7113c61\",\n ubuntu: \"oven/bun@sha256:66b431441dc4c36d7e8164bfc61e6348ec1d7ce2862fc3a29f5dc9856e8205e4\",\n}\n","import type { network } from \"@highstate/library\"\nimport type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from \"../container\"\nimport type { ScopedResourceArgs } from \"../shared\"\nimport { parseEndpoint } from \"@highstate/common\"\nimport { text, trimIndentation } from \"@highstate/contract\"\nimport { type InputArray, normalize } from \"@highstate/pulumi\"\nimport {\n ComponentResource,\n type ComponentResourceOptions,\n type Input,\n type Output,\n output,\n type Unwrap,\n} from \"@pulumi/pulumi\"\nimport { serializeFunction } from \"@pulumi/pulumi/runtime/index.js\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { readPackageJSON } from \"pkg-types\"\nimport { mapValues, omitBy } from \"remeda\"\nimport { ConfigMap } from \"../config-map\"\nimport {\n emptyScriptEnvironment,\n functionScriptImages,\n type ResolvedScriptEnvironment,\n type ScriptDistribution,\n type ScriptEnvironment,\n} from \"./environment\"\n\nexport type ScriptBundleArgs = ScopedResourceArgs & {\n /**\n * The environment to bundle the scripts from.\n */\n environment?: Input<ScriptEnvironment>\n\n /**\n * The environments to bundle the scripts from.\n */\n environments?: InputArray<ScriptEnvironment>\n\n /**\n * The distribution to use for the scripts.\n */\n distribution: ScriptDistribution\n}\n\nexport class ScriptBundle extends ComponentResource {\n /**\n * The config map containing the scripts.\n */\n readonly configMap: Output<ConfigMap>\n\n /**\n * The volumes that should be included in the workload.\n */\n readonly volumes: Output<WorkloadVolume[]>\n\n /**\n * The volume mounts that should be defined in the container.\n */\n readonly volumeMounts: Output<ContainerVolumeMount[]>\n\n /**\n * The environment variables that should be defined in the container.\n */\n readonly environment: Output<ContainerEnvironment>\n\n /**\n * The image to use for the scripts.\n */\n readonly image: Output<string>\n\n /**\n * The distribution to use for the scripts.\n */\n readonly distribution: ScriptDistribution\n\n /**\n * The list of endpoints that the script is allowed to access.\n */\n readonly allowedEndpoints: Output<network.L3Endpoint[]>\n\n constructor(name: string, args: ScriptBundleArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:ScriptBundle\", name, args, opts)\n\n const scriptEnvironment = output(args)\n .apply(args => normalize(args.environment, args.environments))\n .apply(args => deepmerge(emptyScriptEnvironment, ...args)) as Output<\n Unwrap<ResolvedScriptEnvironment>\n >\n\n const hasFunctionScripts = scriptEnvironment.apply(scriptEnvironment => {\n return Object.values(scriptEnvironment.files).some(file => typeof file === \"function\")\n })\n\n this.distribution = args.distribution\n this.environment = scriptEnvironment.environment\n\n this.image = hasFunctionScripts.apply(hasFunctionScripts =>\n output(\n hasFunctionScripts\n ? functionScriptImages[args.distribution]\n : scriptEnvironment[args.distribution].image,\n ),\n )\n\n this.allowedEndpoints = output({ scriptEnvironment, hasFunctionScripts }).apply(\n ({ scriptEnvironment, hasFunctionScripts }) => {\n const allowedEndpoints = [\n ...scriptEnvironment.allowedEndpoints,\n ...scriptEnvironment[args.distribution].allowedEndpoints,\n ]\n\n if (hasFunctionScripts) {\n allowedEndpoints.push(\"tcp://registry.npmjs.org:443\")\n }\n\n return allowedEndpoints.map(endpoint => parseEndpoint(endpoint))\n },\n )\n\n this.configMap = output({ scriptEnvironment, args }).apply(({ scriptEnvironment, args }) => {\n return ConfigMap.create(\n name,\n {\n namespace: args.namespace,\n\n data: createScriptData(this.distribution, scriptEnvironment),\n },\n { ...opts, parent: this },\n )\n })\n\n this.volumes = output({ hasFunctionScripts, volumes: scriptEnvironment.volumes }).apply(\n ({ hasFunctionScripts, volumes }) => {\n return [\n ...volumes,\n {\n name: this.configMap.metadata.name,\n\n configMap: {\n name: this.configMap.metadata.name,\n defaultMode: 0o550, // read and execute permissions\n },\n },\n ...(hasFunctionScripts ? [{ name: \"node-modules\", emptyDir: {} }] : []),\n ]\n },\n )\n\n this.volumeMounts = output({\n hasFunctionScripts,\n volumeMounts: scriptEnvironment.volumeMounts,\n }).apply(({ hasFunctionScripts, volumeMounts }) => {\n return [\n ...volumeMounts,\n {\n volume: this.configMap,\n mountPath: \"/scripts\",\n },\n ...(hasFunctionScripts\n ? [{ name: \"node-modules\", mountPath: \"/scripts/node_modules\" }]\n : []),\n ]\n })\n }\n}\n\nfunction stripWorkspacePrefix(value: string): string {\n if (value.startsWith(\"workspace:\")) {\n return value.replace(\"workspace:\", \"\")\n }\n\n return value\n}\n\nasync function createScriptData(\n distribution: ScriptDistribution,\n environment: Unwrap<ResolvedScriptEnvironment>,\n): Promise<Record<string, string>> {\n const scriptData: Record<string, string> = {}\n const actions: string[] = []\n\n const distributionEnvironment = environment[distribution]\n const setupScripts = { ...environment.setupScripts }\n\n let hasFunctionScripts = false\n\n for (const key in environment.files) {\n if (typeof environment.files[key] === \"function\") {\n const serialized = await serializeFunction(environment.files[key])\n\n scriptData[key] = text`\n #!/usr/local/bin/bun\n \n ${serialized.text}\n\n exports.${serialized.exportName}()\n `\n\n hasFunctionScripts = true\n } else {\n scriptData[key] = environment.files[key]\n }\n }\n\n if (hasFunctionScripts) {\n const packageJson = await readPackageJSON()\n\n packageJson.dependencies = omitBy(\n mapValues(packageJson.dependencies ?? {}, stripWorkspacePrefix),\n (_, key) => key.startsWith(\"@highstate/\"),\n )\n\n packageJson.devDependencies = omitBy(\n mapValues(packageJson.devDependencies ?? {}, stripWorkspacePrefix),\n (_, key) => key.startsWith(\"@highstate/\"),\n )\n\n scriptData[\"package.json\"] = JSON.stringify(packageJson, null, 2)\n\n setupScripts[\"resolve-dependencies.sh\"] = text`\n #!/usr/local/bin/bun\n set -e\n\n cd /scripts\n bun install --production\n `\n }\n\n if (distributionEnvironment.preInstallPackages.length > 0) {\n scriptData[\"pre-install-packages.sh\"] = getInstallPackagesScript(\n distribution,\n distributionEnvironment.preInstallPackages,\n )\n\n actions.push(`\n echo \"+ Installing pre-install packages...\"\n /scripts/pre-install-packages.sh\n echo \"+ Pre-install packages installed successfully\"\n `)\n }\n\n if (Object.keys(distributionEnvironment.preInstallScripts).length > 0) {\n for (const key in distributionEnvironment.preInstallScripts) {\n scriptData[`pre-install-${key}`] = distributionEnvironment.preInstallScripts[key]\n\n actions.push(`\n echo \"+ Running pre-install script '${key}'...\"\n /scripts/pre-install-${key}\n echo \"+ Pre-install script '${key}'... Done\"\n `)\n }\n }\n\n if (distributionEnvironment.packages.length > 0) {\n scriptData[\"install-packages.sh\"] = getInstallPackagesScript(\n distribution,\n distributionEnvironment.packages,\n )\n\n actions.push(`\n echo \"+ Installing packages...\"\n /scripts/install-packages.sh\n echo \"+ Packages installed successfully\"\n `)\n }\n\n if (Object.keys(setupScripts).length > 0) {\n for (const key in setupScripts) {\n scriptData[`setup-${key}`] = setupScripts[key]\n\n actions.push(`\n echo \"+ Running setup script '${key}'...\"\n /scripts/setup-${key}\n echo \"+ Setup script '${key}'... Done\"\n `)\n }\n }\n\n if (Object.keys(environment.cleanupScripts).length > 0) {\n const cleanupActions: string[] = []\n\n for (const key in environment.cleanupScripts) {\n scriptData[`cleanup-${key}`] = environment.cleanupScripts[key]\n\n cleanupActions.push(`\n echo \"+ Running cleanup script '${key}'...\"\n /scripts/cleanup-${key}\n echo \"+ Cleanup script '${key}'... Done\"\n `)\n }\n\n actions.push(`\n function cleanup() {\n ${cleanupActions.map(s => s.trim()).join(\"\\n\\n\")}\n }\n\n trap cleanup EXIT\n trap cleanup SIGTERM\n `)\n }\n\n scriptData[\"entrypoint.sh\"] = trimIndentation(`\n #!/bin/sh\n set -e\n\n if [ -z \"$1\" ]; then\n echo \"Usage: entrypoint.sh <main script> [args...]\"\n exit 1\n fi\n\n ${actions.map(s => s.trim()).join(\"\\n\\n\")}\n\n echo \"+ Running main script...\"\n $@\n echo \"+ Main script completed\"\n `)\n\n return scriptData\n}\n\nfunction getInstallPackagesScript(distribution: ScriptDistribution, packages: string[]): string {\n if (distribution === \"alpine\") {\n return text`\n #!/bin/sh\n set -e\n\n apk add --no-cache ${packages.join(\" \")}\n `\n } else {\n return text`\n #!/bin/sh\n set -e\n\n apt-get update\n apt-get install -y ${packages.join(\" \")}\n `\n }\n}\n","import type { Container } from \"../container\"\nimport type { ScriptBundle } from \"./bundle\"\nimport { type Input, type Output, output } from \"@pulumi/pulumi\"\nimport { merge } from \"remeda\"\n\nexport type ScriptContainer = Container & {\n /**\n * The script bundle to use.\n */\n bundle: Input<ScriptBundle>\n\n /**\n * The name of the main script to run.\n * The script must be available in the bundle.\n */\n main: Input<string>\n}\n\n/**\n * Creates a spec for a container that runs a script.\n * This spec can be used to create a complete workload or an init container.\n *\n * @param options The options to create the container spec.\n * @returns The container spec.\n */\nexport function createScriptContainer(options: ScriptContainer): Output<Container> {\n const bundle = output(options.bundle)\n\n return output({\n options,\n image: bundle.image,\n volumeMounts: bundle.volumeMounts,\n volumes: bundle.volumes,\n environment: bundle.environment,\n allowedEndpoints: bundle.allowedEndpoints,\n }).apply(({ options, image, volumeMounts, volumes, environment, allowedEndpoints }) => {\n return {\n image,\n command: [\"/scripts/entrypoint.sh\", `/scripts/${options.main}`],\n\n ...options,\n\n volumeMounts: [...volumeMounts, ...(options.volumeMounts ?? [])],\n volumes: [...volumes, ...(options.volumes ?? [])],\n environment: merge(environment, options.environment),\n allowedEndpoints: [...allowedEndpoints, ...(options.allowedEndpoints ?? [])],\n } as Container\n })\n}\n","import type { UnitWorker } from \"@highstate/contract\"\nimport type { k8s } from \"@highstate/library\"\nimport type { DeepInput, Input, InputArray, Unwrap } from \"@highstate/pulumi\"\nimport type { Namespace } from \"./namespace\"\nimport { type Output, output } from \"@pulumi/pulumi\"\nimport { ClusterAccessScope } from \"./rbac\"\nimport { images, type NamespacedResource } from \"./shared\"\n\nexport async function createMonitorWorker(\n namespace: Input<Namespace>,\n resources: InputArray<NamespacedResource>,\n): Promise<Output<Unwrap<UnitWorker>>> {\n const scope = new ClusterAccessScope(\"monitor\", {\n rule: {\n verbs: [\"get\", \"list\", \"watch\"],\n },\n\n namespace,\n resources,\n })\n\n return output({\n name: \"monitor\",\n image: images[\"worker.k8s-monitor\"].image,\n\n params: {\n kubeconfig: scope.cluster.kubeconfig,\n resources: output(resources).apply(resources => resources.map(r => r.entity)),\n } satisfies DeepInput<k8s.MonitorWorkerParams>,\n })\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/kubectl.ts","../src/scripting/environment.ts","../src/scripting/bundle.ts","../src/scripting/container.ts","../src/worker.ts"],"names":["command","ComponentResource","output","args","scriptEnvironment","hasFunctionScripts","options","resources"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAuDA,SAAS,cAAc,OAAA,EAAoC;AACzD,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AAC1B,IAAA,OAAO,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,EACzB;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,gBAAA,CACP,SACA,SAAA,EACgB;AAChB,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,OAAO,MAAA,CAAO,CAAC,OAAA,EAAS,SAAS,CAAC,CAAA,CAAE,KAAA;AAAA,MAClC,CAAC,CAAC,GAAA,EAAK,EAAE,CAAA,KAAM,cAAc,EAAE,CAAA,CAAA,EAAI,aAAA,CAAc,GAAG,CAAC,CAAA;AAAA,KACvD;AAAA,EACF;AAEA,EAAA,OAAO,MAAA,CAAO,OAAO,CAAA,CAAE,KAAA,CAAM,SAAO,CAAA,QAAA,EAAW,aAAA,CAAc,GAAG,CAAC,CAAA,CAAE,CAAA;AACrE;AAEA,SAAS,wBAAA,CACP,SACA,QAAA,EACgB;AAChB,EAAA,OAAO,MAAA,CAAO;AAAA,IACZ,OAAA;AAAA,IACA,IAAA,EAAM,MAAA,CAAO,QAAQ,CAAA,CAAE,IAAA;AAAA,IACvB,IAAA,EAAM,MAAA,CAAO,QAAQ,CAAA,CAAE,QAAA,CAAS;AAAA,GACjC,EAAE,KAAA,CAAM,CAAC,EAAE,OAAA,EAAAA,QAAAA,EAAS,IAAA,EAAM,IAAA,EAAK,KAAM;AACpC,IAAA,MAAM,IAAA,GAAO,KAAK,WAAA,EAAY;AAE9B,IAAA,OAAO,YAAY,IAAI,CAAA,CAAA,EAAI,IAAI,CAAA,IAAA,EAAO,aAAA,CAAcA,QAAO,CAAC,CAAA,CAAA;AAAA,EAC9D,CAAC,CAAA;AACH;AAEO,IAAM,WAAA,GAAN,MAAM,YAAA,SAAoB,iBAAA,CAAkB;AAAA;AAAA;AAAA;AAAA,EAIxC,OAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAc,IAAA,EAAuB,IAAA,EAAiC;AAChF,IAAA,KAAA,CAAM,2BAAA,EAA6B,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEnD,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,MAAM,CAAA,OAAA,KAAW;AACnD,MAAA,MAAM,UAAA,GAAa,gBAAA,CAAiB,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA;AAE1D,MAAA,OAAO,IAAI,OAAA,CAAQ,CAAA,QAAA,EAAW,IAAI,CAAA,CAAA,EAAI;AAAA,QACpC,IAAA,EAAM,OAAA;AAAA,QACN,MAAA,EAAQ,gBAAA,CAAiB,IAAA,CAAK,MAAA,EAAQ,KAAK,SAAS,CAAA;AAAA,QACpD,MAAA,EAAQ,KAAK,MAAA,GAAS,gBAAA,CAAiB,KAAK,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,GAAI,MAAA;AAAA,QACtE,MAAA,EAAQ,KAAK,MAAA,GAAS,gBAAA,CAAiB,KAAK,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,GAAI,MAAA;AAAA,QACtE,KAAA,EAAO,CAAC,UAAU,CAAA;AAAA,QAClB,KAAA,EAAO,cAAA,CAAO,kBAAkB,CAAA,CAAE,KAAA;AAAA,QAClC,cAAA,EAAgB,MAAA;AAAA,QAChB,WAAA,EAAa;AAAA,UACX,YAAY,UAAA,CAAW;AAAA;AACzB,OACD,CAAA;AAAA,IACH,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,MAAA,GAAS,KAAK,OAAA,CAAQ,MAAA;AAC3B,IAAA,IAAA,CAAK,MAAA,GAAS,KAAK,OAAA,CAAQ,MAAA;AAAA,EAC7B;AAAA,EAEA,OAAO,YAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACa;AACb,IAAA,OAAO,IAAI,YAAA;AAAA,MACT,IAAA;AAAA,MACA;AAAA,QACE,OAAA,EAAS,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA;AAAA,QAChC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,SAAA,EAAW,MAAA,CAAO,IAAA,CAAK,SAAS,EAAE,QAAA,CAAS;AAAA,OAC7C;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,OAAO,QAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACa;AACb,IAAA,OAAO,YAAA,CAAY,YAAA;AAAA,MACjB,IAAA;AAAA,MACA;AAAA,QACE,SAAA,EAAW,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,SAAA;AAAA,QACjC,MAAA,EAAQ,wBAAA,CAAyB,IAAA,CAAK,MAAA,EAAQ,KAAK,QAAQ,CAAA;AAAA,QAC3D,MAAA,EAAQ,KAAK,MAAA,GAAS,wBAAA,CAAyB,KAAK,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,GAAI,MAAA;AAAA,QAC7E,MAAA,EAAQ,KAAK,MAAA,GAAS,wBAAA,CAAyB,KAAK,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,GAAI;AAAA,OAC/E;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF;;;AC7EA,IAAM,4BAAA,GAA+B;AAAA,EACnC,oBAAoB,EAAC;AAAA,EACrB,mBAAmB,EAAC;AAAA,EACpB,UAAU;AACZ,CAAA;AAEO,IAAM,sBAAA,GAAoD;AAAA,EAC/D,MAAA,EAAQ;AAAA,IACN,GAAG,4BAAA;AAAA,IACH,KAAA,EAAO,eAAO,MAAA,CAAO,KAAA;AAAA,IACrB,gBAAA,EAAkB;AAAA;AAAA,MAEhB,kCAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,GAAG,4BAAA;AAAA,IACH,KAAA,EAAO,eAAO,MAAA,CAAO,KAAA;AAAA,IACrB,gBAAA,EAAkB;AAAA;AAAA,MAEhB,6BAAA;AAAA,MACA,8BAAA;AAAA,MACA,8BAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EAEA,cAAc,EAAC;AAAA,EACf,gBAAgB,EAAC;AAAA,EACjB,OAAO,EAAC;AAAA,EACR,SAAS,EAAC;AAAA,EACV,cAAc,EAAC;AAAA,EACf,aAAa,EAAC;AAAA,EACd,kBAAkB;AACpB;AAEO,IAAM,oBAAA,GAA2D;AAAA,EACtE,MAAA,EAAQ,kFAAA;AAAA,EACR,MAAA,EAAQ;AACV;;;ACrFO,IAAM,YAAA,GAAN,cAA2BC,iBAAAA,CAAkB;AAAA;AAAA;AAAA;AAAA,EAIzC,SAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAc,IAAA,EAAwB,IAAA,EAAiC;AACjF,IAAA,KAAA,CAAM,4BAAA,EAA8B,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEpD,IAAA,MAAM,iBAAA,GAAoBC,OAAO,IAAI,CAAA,CAClC,MAAM,CAAAC,KAAAA,KAAQ,UAAUA,KAAAA,CAAK,WAAA,EAAaA,MAAK,YAAY,CAAC,EAC5D,KAAA,CAAM,CAAAA,UAAQ,SAAA,CAAU,sBAAA,EAAwB,GAAGA,KAAI,CAAC,CAAA;AAI3D,IAAA,MAAM,kBAAA,GAAqB,iBAAA,CAAkB,KAAA,CAAM,CAAAC,kBAAAA,KAAqB;AACtE,MAAA,OAAO,MAAA,CAAO,OAAOA,kBAAAA,CAAkB,KAAK,EAAE,IAAA,CAAK,CAAA,IAAA,KAAQ,OAAO,IAAA,KAAS,UAAU,CAAA;AAAA,IACvF,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,eAAe,IAAA,CAAK,YAAA;AACzB,IAAA,IAAA,CAAK,cAAc,iBAAA,CAAkB,WAAA;AAErC,IAAA,IAAA,CAAK,QAAQ,kBAAA,CAAmB,KAAA;AAAA,MAAM,CAAAC,mBAAAA,KACpCH,MAAAA;AAAA,QACEG,mBAAAA,GACI,qBAAqB,IAAA,CAAK,YAAY,IACtC,iBAAA,CAAkB,IAAA,CAAK,YAAY,CAAA,CAAE;AAAA;AAC3C,KACF;AAEA,IAAA,IAAA,CAAK,mBAAmBH,MAAAA,CAAO,EAAE,iBAAA,EAAmB,kBAAA,EAAoB,CAAA,CAAE,KAAA;AAAA,MACxE,CAAC,EAAE,iBAAA,EAAAE,kBAAAA,EAAmB,kBAAA,EAAAC,qBAAmB,KAAM;AAC7C,QAAA,MAAM,gBAAA,GAAmB;AAAA,UACvB,GAAGD,kBAAAA,CAAkB,gBAAA;AAAA,UACrB,GAAGA,kBAAAA,CAAkB,IAAA,CAAK,YAAY,CAAA,CAAE;AAAA,SAC1C;AAEA,QAAA,IAAIC,mBAAAA,EAAoB;AACtB,UAAA,gBAAA,CAAiB,KAAK,8BAA8B,CAAA;AAAA,QACtD;AAEA,QAAA,OAAO,gBAAA,CAAiB,GAAA,CAAI,CAAA,QAAA,KAAY,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,MACjE;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,SAAA,GAAYH,MAAAA,CAAO,EAAE,iBAAA,EAAmB,MAAM,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,iBAAA,EAAAE,kBAAAA,EAAmB,IAAA,EAAAD,OAAK,KAAM;AAC1F,MAAA,OAAO,SAAA,CAAU,MAAA;AAAA,QACf,IAAA;AAAA,QACA;AAAA,UACE,WAAWA,KAAAA,CAAK,SAAA;AAAA,UAEhB,IAAA,EAAM,gBAAA,CAAiB,IAAA,CAAK,YAAA,EAAcC,kBAAiB;AAAA,SAC7D;AAAA,QACA,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,IAAA;AAAK,OAC1B;AAAA,IACF,CAAC,CAAA;AAED,IAAA,IAAA,CAAK,OAAA,GAAUF,OAAO,EAAE,kBAAA,EAAoB,SAAS,iBAAA,CAAkB,OAAA,EAAS,CAAA,CAAE,KAAA;AAAA,MAChF,CAAC,EAAE,kBAAA,EAAAG,mBAAAA,EAAoB,SAAQ,KAAM;AACnC,QAAA,OAAO;AAAA,UACL,GAAG,OAAA;AAAA,UACH;AAAA,YACE,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAA,CAAS,IAAA;AAAA,YAE9B,SAAA,EAAW;AAAA,cACT,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAA,CAAS,IAAA;AAAA,cAC9B,WAAA,EAAa;AAAA;AAAA;AACf,WACF;AAAA,UACA,GAAIA,mBAAAA,GAAqB,CAAC,EAAE,IAAA,EAAM,cAAA,EAAgB,QAAA,EAAU,EAAC,EAAG,CAAA,GAAI;AAAC,SACvE;AAAA,MACF;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,eAAeH,MAAAA,CAAO;AAAA,MACzB,kBAAA;AAAA,MACA,cAAc,iBAAA,CAAkB;AAAA,KACjC,EAAE,KAAA,CAAM,CAAC,EAAE,kBAAA,EAAAG,mBAAAA,EAAoB,cAAa,KAAM;AACjD,MAAA,OAAO;AAAA,QACL,GAAG,YAAA;AAAA,QACH;AAAA,UACE,QAAQ,IAAA,CAAK,SAAA;AAAA,UACb,SAAA,EAAW;AAAA,SACb;AAAA,QACA,GAAIA,mBAAAA,GACA,CAAC,EAAE,IAAA,EAAM,gBAAgB,SAAA,EAAW,uBAAA,EAAyB,CAAA,GAC7D;AAAC,OACP;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AACF;AAEA,SAAS,qBAAqB,KAAA,EAAuB;AACnD,EAAA,IAAI,KAAA,CAAM,UAAA,CAAW,YAAY,CAAA,EAAG;AAClC,IAAA,OAAO,KAAA,CAAM,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA;AAAA,EACvC;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,eAAe,gBAAA,CACb,cACA,WAAA,EACiC;AACjC,EAAA,MAAM,aAAqC,EAAC;AAC5C,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,MAAM,uBAAA,GAA0B,YAAY,YAAY,CAAA;AACxD,EAAA,MAAM,YAAA,GAAe,EAAE,GAAG,WAAA,CAAY,YAAA,EAAa;AAEnD,EAAA,IAAI,kBAAA,GAAqB,KAAA;AAEzB,EAAA,KAAA,MAAW,GAAA,IAAO,YAAY,KAAA,EAAO;AACnC,IAAA,IAAI,OAAO,WAAA,CAAY,KAAA,CAAM,GAAG,MAAM,UAAA,EAAY;AAChD,MAAA,MAAM,aAAa,MAAM,iBAAA,CAAkB,WAAA,CAAY,KAAA,CAAM,GAAG,CAAC,CAAA;AAEjE,MAAA,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA;AAAA;AAAA;AAAA,QAAA,EAGd,WAAW,IAAI;;AAAA,gBAAA,EAEP,WAAW,UAAU,CAAA;AAAA,MAAA,CAAA;AAGjC,MAAA,kBAAA,GAAqB,IAAA;AAAA,IACvB,CAAA,MAAO;AACL,MAAA,UAAA,CAAW,GAAG,CAAA,GAAI,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,IAAI,kBAAA,EAAoB;AACtB,IAAA,MAAM,WAAA,GAAc,MAAM,eAAA,EAAgB;AAE1C,IAAA,WAAA,CAAY,YAAA,GAAe,MAAA;AAAA,MACzB,SAAA,CAAU,WAAA,CAAY,YAAA,IAAgB,IAAI,oBAAoB,CAAA;AAAA,MAC9D,CAAC,CAAA,EAAG,GAAA,KAAQ,GAAA,CAAI,WAAW,aAAa;AAAA,KAC1C;AAEA,IAAA,WAAA,CAAY,eAAA,GAAkB,MAAA;AAAA,MAC5B,SAAA,CAAU,WAAA,CAAY,eAAA,IAAmB,IAAI,oBAAoB,CAAA;AAAA,MACjE,CAAC,CAAA,EAAG,GAAA,KAAQ,GAAA,CAAI,WAAW,aAAa;AAAA,KAC1C;AAEA,IAAA,UAAA,CAAW,cAAc,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,WAAA,EAAa,MAAM,CAAC,CAAA;AAEhE,IAAA,YAAA,CAAa,yBAAyB,CAAA,GAAI,IAAA;AAAA;AAAA;;AAAA;AAAA;AAAA,IAAA,CAAA;AAAA,EAO5C;AAEA,EAAA,IAAI,uBAAA,CAAwB,kBAAA,CAAmB,MAAA,GAAS,CAAA,EAAG;AACzD,IAAA,UAAA,CAAW,yBAAyB,CAAA,GAAI,wBAAA;AAAA,MACtC,YAAA;AAAA,MACA,uBAAA,CAAwB;AAAA,KAC1B;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA;AAAA;AAAA;AAAA,IAAA,CAIZ,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,OAAO,IAAA,CAAK,uBAAA,CAAwB,iBAAiB,CAAA,CAAE,SAAS,CAAA,EAAG;AACrE,IAAA,KAAA,MAAW,GAAA,IAAO,wBAAwB,iBAAA,EAAmB;AAC3D,MAAA,UAAA,CAAW,eAAe,GAAG,CAAA,CAAE,CAAA,GAAI,uBAAA,CAAwB,kBAAkB,GAAG,CAAA;AAEhF,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,4CAAA,EAC2B,GAAG,CAAA;AAAA,6BAAA,EAClB,GAAG;AAAA,oCAAA,EACI,GAAG,CAAA;AAAA,MAAA,CAClC,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,IAAI,uBAAA,CAAwB,QAAA,CAAS,MAAA,GAAS,CAAA,EAAG;AAC/C,IAAA,UAAA,CAAW,qBAAqB,CAAA,GAAI,wBAAA;AAAA,MAClC,YAAA;AAAA,MACA,uBAAA,CAAwB;AAAA,KAC1B;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA;AAAA;AAAA;AAAA,IAAA,CAIZ,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA,CAAE,SAAS,CAAA,EAAG;AACxC,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,UAAA,CAAW,CAAA,MAAA,EAAS,GAAG,CAAA,CAAE,CAAA,GAAI,aAAa,GAAG,CAAA;AAE7C,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,sCAAA,EACqB,GAAG,CAAA;AAAA,uBAAA,EAClB,GAAG;AAAA,8BAAA,EACI,GAAG,CAAA;AAAA,MAAA,CAC5B,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,IAAA,CAAK,WAAA,CAAY,cAAc,CAAA,CAAE,SAAS,CAAA,EAAG;AACtD,IAAA,MAAM,iBAA2B,EAAC;AAElC,IAAA,KAAA,MAAW,GAAA,IAAO,YAAY,cAAA,EAAgB;AAC5C,MAAA,UAAA,CAAW,WAAW,GAAG,CAAA,CAAE,CAAA,GAAI,WAAA,CAAY,eAAe,GAAG,CAAA;AAE7D,MAAA,cAAA,CAAe,IAAA,CAAK;AAAA,wCAAA,EACgB,GAAG,CAAA;AAAA,yBAAA,EAClB,GAAG;AAAA,gCAAA,EACI,GAAG,CAAA;AAAA,MAAA,CAC9B,CAAA;AAAA,IACH;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA;AAAA,MAAA,EAET,cAAA,CAAe,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAA,CAAE,IAAA,CAAK,MAAM,CAAC;AAAA;;AAAA;AAAA;AAAA,IAAA,CAKjD,CAAA;AAAA,EACH;AAEA,EAAA,UAAA,CAAW,eAAe,IAAI,eAAA,CAAgB;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;;AAAA,EAAA,EAS5C,OAAA,CAAQ,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAA,CAAE,IAAA,CAAK,MAAM,CAAC;;AAAA;AAAA;AAAA;AAAA,EAAA,CAKxC,CAAA;AAED,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,wBAAA,CAAyB,cAAkC,QAAA,EAA4B;AAC9F,EAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAA;AAAA;AAAA;;AAAA,yBAAA,EAIgB,QAAA,CAAS,IAAA,CAAK,GAAG,CAAC;AAAA,IAAA,CAAA;AAAA,EAE3C,CAAA,MAAO;AACL,IAAA,OAAO,IAAA;AAAA;AAAA;;AAAA;AAAA,yBAAA,EAKgB,QAAA,CAAS,IAAA,CAAK,GAAG,CAAC;AAAA,IAAA,CAAA;AAAA,EAE3C;AACF;ACxTO,SAAS,sBAAsB,OAAA,EAA6C;AACjF,EAAA,MAAM,MAAA,GAASH,MAAAA,CAAO,OAAA,CAAQ,MAAM,CAAA;AAEpC,EAAA,OAAOA,MAAAA,CAAO;AAAA,IACZ,OAAA;AAAA,IACA,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,kBAAkB,MAAA,CAAO;AAAA,GAC1B,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,OAAA,EAAAI,QAAAA,EAAS,KAAA,EAAO,YAAA,EAAc,OAAA,EAAS,WAAA,EAAa,gBAAA,EAAiB,KAAM;AACrF,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAS,CAAC,wBAAA,EAA0B,CAAA,SAAA,EAAYA,QAAAA,CAAQ,IAAI,CAAA,CAAE,CAAA;AAAA,MAE9D,GAAGA,QAAAA;AAAA,MAEH,YAAA,EAAc,CAAC,GAAG,YAAA,EAAc,GAAIA,QAAAA,CAAQ,YAAA,IAAgB,EAAG,CAAA;AAAA,MAC/D,OAAA,EAAS,CAAC,GAAG,OAAA,EAAS,GAAIA,QAAAA,CAAQ,OAAA,IAAW,EAAG,CAAA;AAAA,MAChD,WAAA,EAAa,KAAA,CAAM,WAAA,EAAaA,QAAAA,CAAQ,WAAW,CAAA;AAAA,MACnD,gBAAA,EAAkB,CAAC,GAAG,gBAAA,EAAkB,GAAIA,QAAAA,CAAQ,gBAAA,IAAoB,EAAG;AAAA,KAC7E;AAAA,EACF,CAAC,CAAA;AACH;ACxCA,eAAsB,mBAAA,CACpB,WACA,SAAA,EACqC;AACrC,EAAA,MAAM,KAAA,GAAQ,IAAI,kBAAA,CAAmB,SAAA,EAAW;AAAA,IAC9C,IAAA,EAAM;AAAA,MACJ,SAAA,EAAW,CAAC,EAAA,EAAI,MAAM,CAAA;AAAA,MACtB,SAAA,EAAW,CAAC,aAAA,EAAe,cAAA,EAAgB,YAAY,MAAM,CAAA;AAAA,MAC7D,KAAA,EAAO,CAAC,KAAA,EAAO,MAAA,EAAQ,OAAO;AAAA,KAChC;AAAA,IAEA,SAAA;AAAA,IACA;AAAA,GACD,CAAA;AAED,EAAA,OAAOJ,MAAAA,CAAO;AAAA,IACZ,IAAA,EAAM,SAAA;AAAA,IACN,KAAA,EAAO,cAAA,CAAO,oBAAoB,CAAA,CAAE,KAAA;AAAA,IAEpC,MAAA,EAAQ;AAAA,MACN,UAAA,EAAY,2BAAA,CAA4B,KAAA,CAAM,OAAO,CAAA;AAAA,MACrD,SAAA,EAAWA,MAAAA,CAAO,SAAS,CAAA,CAAE,KAAA,CAAM,CAAAK,UAAAA,KAAaA,UAAAA,CAAU,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAC;AAAA;AAC9E,GACD,CAAA;AACH","file":"index.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport type { InputOrArray } from \"@highstate/pulumi\"\nimport type { Namespace } from \"./namespace\"\nimport type { Workload } from \"./workload\"\nimport { Command, MaterializedFile } from \"@highstate/common\"\nimport {\n ComponentResource,\n type ComponentResourceOptions,\n type Input,\n type Output,\n output,\n} from \"@pulumi/pulumi\"\nimport { images } from \"./shared\"\n\nexport type KubeCommandArgs = {\n /**\n * The kubernetes cluster to run the command against.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * The namespace to run the command in, if any.\n */\n namespace?: Input<string>\n\n /**\n * The create command to run.\n */\n create: InputOrArray<string>\n\n /**\n * The update command to run.\n */\n update?: InputOrArray<string>\n\n /**\n * The delete command to run.\n */\n delete?: InputOrArray<string>\n}\n\nexport type NamespaceKubeCommandArgs = Omit<KubeCommandArgs, \"cluster\" | \"namespace\"> & {\n /**\n * The namespace to run the command in.\n */\n namespace: Input<Namespace>\n}\n\nexport type ExecKubeCommandArgs = Omit<KubeCommandArgs, \"cluster\" | \"namespace\"> & {\n /**\n * The workload to exec into.\n */\n workload: Input<Workload>\n}\n\nfunction createCommand(command: string | string[]): string {\n if (Array.isArray(command)) {\n return command.join(\" \")\n }\n\n return command\n}\n\nfunction buildKubeCommand(\n command: InputOrArray<string>,\n namespace?: Input<string>,\n): Output<string> {\n if (namespace) {\n return output([command, namespace]).apply(\n ([cmd, ns]) => `kubectl -n ${ns} ${createCommand(cmd)}`,\n )\n }\n\n return output(command).apply(cmd => `kubectl ${createCommand(cmd)}`)\n}\n\nfunction buildWorkloadExecCommand(\n command: InputOrArray<string>,\n workload: Input<Workload>,\n): Output<string> {\n return output({\n command,\n kind: output(workload).kind,\n name: output(workload).metadata.name,\n }).apply(({ command, kind, name }) => {\n const type = kind.toLowerCase()\n\n return `exec -it ${type}/${name} -- ${createCommand(command)}`\n })\n}\n\nexport class KubeCommand extends ComponentResource {\n /**\n * The underlying command that will be executed when this unit is invoked.\n */\n readonly command: Output<Command>\n\n /**\n * The standard output of the command.\n */\n readonly stdout: Output<string>\n\n /**\n * The standard error of the command.\n */\n readonly stderr: Output<string>\n\n constructor(name: string, args: KubeCommandArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:KubeCommand\", name, args, opts)\n\n this.command = output(args.cluster).apply(cluster => {\n const kubeconfig = MaterializedFile.for(cluster.kubeconfig)\n\n return new Command(`kubectl-${name}`, {\n host: \"local\",\n create: buildKubeCommand(args.create, args.namespace),\n update: args.update ? buildKubeCommand(args.update, args.namespace) : undefined,\n delete: args.delete ? buildKubeCommand(args.delete, args.namespace) : undefined,\n files: [kubeconfig],\n image: images[\"terminal-kubectl\"].image,\n containerShell: \"bash\",\n environment: {\n KUBECONFIG: kubeconfig.path,\n },\n })\n })\n\n this.stdout = this.command.stdout\n this.stderr = this.command.stderr\n }\n\n static forNamespace(\n name: string,\n args: NamespaceKubeCommandArgs,\n opts?: ComponentResourceOptions,\n ): KubeCommand {\n return new KubeCommand(\n name,\n {\n cluster: output(args.namespace).cluster,\n create: args.create,\n update: args.update,\n delete: args.delete,\n namespace: output(args.namespace).metadata.name,\n },\n opts,\n )\n }\n\n static execInto(\n name: string,\n args: ExecKubeCommandArgs,\n opts?: ComponentResourceOptions,\n ): KubeCommand {\n return KubeCommand.forNamespace(\n name,\n {\n namespace: output(args.workload).namespace,\n create: buildWorkloadExecCommand(args.create, args.workload),\n update: args.update ? buildWorkloadExecCommand(args.update, args.workload) : undefined,\n delete: args.delete ? buildWorkloadExecCommand(args.delete, args.workload) : undefined,\n },\n opts,\n )\n }\n}\n","import type { InputEndpoint } from \"@highstate/common\"\nimport type { Input, InputArray, InputRecord } from \"@highstate/pulumi\"\nimport type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from \"../container\"\nimport { images } from \"..\"\n\nexport type ScriptDistribution = \"alpine\" | \"ubuntu\"\n\nexport type DistributionEnvironment = {\n /**\n * The image that should be used for the distribution.\n */\n image?: Input<string>\n\n /**\n * The utility packages that should be installed before running \"preInstallScripts\".\n *\n * Useful for installing tools like `curl` to install additional repositories.\n */\n preInstallPackages?: InputArray<string>\n\n /**\n * The pre-install scripts that should be run before installing packages.\n * Typically, these scripts are used to install additional repositories.\n */\n preInstallScripts?: InputRecord<string>\n\n /**\n * The packages that are available in the environment.\n */\n packages?: InputArray<string>\n\n /**\n * The endpoint which the script is allowed to access scoped to the distribution.\n *\n * Typically, this is used to allow access to the package manager.\n *\n * Will be used to generate a network policy.\n */\n allowedEndpoints?: InputArray<InputEndpoint>\n}\n\nexport type ScriptProgram = () => unknown\n\nexport type ScriptEnvironment = {\n [distribution in ScriptDistribution]?: DistributionEnvironment\n} & {\n /**\n * The setup scripts that should be run before the script.\n */\n setupScripts?: InputRecord<string>\n\n /**\n * The cleanup scripts that should be run after the script.\n */\n cleanupScripts?: InputRecord<string>\n\n /**\n * The arbitrary files available in the environment including scripts.\n */\n files?: InputRecord<string | ScriptProgram>\n\n /**\n * The volumes that should be defined in the environment.\n */\n volumes?: InputArray<WorkloadVolume>\n\n /**\n * The volume mounts that should be defined in the environment.\n */\n volumeMounts?: InputArray<ContainerVolumeMount>\n\n /**\n * The environment variables that should be defined in the environment.\n */\n environment?: Input<ContainerEnvironment>\n\n /**\n * The endpoint which the script is allowed to access.\n *\n * Will be used to generate a network policy.\n */\n allowedEndpoints?: InputArray<InputEndpoint>\n}\n\nexport type ResolvedScriptEnvironment = Omit<Required<ScriptEnvironment>, ScriptDistribution> & {\n [distribution in ScriptDistribution]: Required<DistributionEnvironment>\n}\n\nconst emptyDistributionEnvironment = {\n preInstallPackages: [],\n preInstallScripts: {},\n packages: [],\n}\n\nexport const emptyScriptEnvironment: ResolvedScriptEnvironment = {\n alpine: {\n ...emptyDistributionEnvironment,\n image: images.alpine.image,\n allowedEndpoints: [\n //\n \"tcp://dl-cdn.alpinelinux.org:443\",\n \"tcp://dl-cdn.alpinelinux.org:80\",\n ],\n },\n\n ubuntu: {\n ...emptyDistributionEnvironment,\n image: images.ubuntu.image,\n allowedEndpoints: [\n //\n \"tcp://archive.ubuntu.com:80\",\n \"tcp://archive.ubuntu.com:443\",\n \"tcp://security.ubuntu.com:80\",\n \"tcp://security.ubuntu.com:443\",\n ],\n },\n\n setupScripts: {},\n cleanupScripts: {},\n files: {},\n volumes: [],\n volumeMounts: [],\n environment: {},\n allowedEndpoints: [],\n}\n\nexport const functionScriptImages: Record<ScriptDistribution, string> = {\n alpine: \"oven/bun@sha256:6b14922b0885c3890cdb0b396090af1da486ba941df5ee94391eef64f7113c61\",\n ubuntu: \"oven/bun@sha256:66b431441dc4c36d7e8164bfc61e6348ec1d7ce2862fc3a29f5dc9856e8205e4\",\n}\n","import type { network } from \"@highstate/library\"\nimport type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from \"../container\"\nimport type { ScopedResourceArgs } from \"../shared\"\nimport { parseEndpoint } from \"@highstate/common\"\nimport { text, trimIndentation } from \"@highstate/contract\"\nimport { type InputArray, normalize } from \"@highstate/pulumi\"\nimport {\n ComponentResource,\n type ComponentResourceOptions,\n type Input,\n type Output,\n output,\n type Unwrap,\n} from \"@pulumi/pulumi\"\nimport { serializeFunction } from \"@pulumi/pulumi/runtime/index.js\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { readPackageJSON } from \"pkg-types\"\nimport { mapValues, omitBy } from \"remeda\"\nimport { ConfigMap } from \"../config-map\"\nimport {\n emptyScriptEnvironment,\n functionScriptImages,\n type ResolvedScriptEnvironment,\n type ScriptDistribution,\n type ScriptEnvironment,\n} from \"./environment\"\n\nexport type ScriptBundleArgs = ScopedResourceArgs & {\n /**\n * The environment to bundle the scripts from.\n */\n environment?: Input<ScriptEnvironment>\n\n /**\n * The environments to bundle the scripts from.\n */\n environments?: InputArray<ScriptEnvironment>\n\n /**\n * The distribution to use for the scripts.\n */\n distribution: ScriptDistribution\n}\n\nexport class ScriptBundle extends ComponentResource {\n /**\n * The config map containing the scripts.\n */\n readonly configMap: Output<ConfigMap>\n\n /**\n * The volumes that should be included in the workload.\n */\n readonly volumes: Output<WorkloadVolume[]>\n\n /**\n * The volume mounts that should be defined in the container.\n */\n readonly volumeMounts: Output<ContainerVolumeMount[]>\n\n /**\n * The environment variables that should be defined in the container.\n */\n readonly environment: Output<ContainerEnvironment>\n\n /**\n * The image to use for the scripts.\n */\n readonly image: Output<string>\n\n /**\n * The distribution to use for the scripts.\n */\n readonly distribution: ScriptDistribution\n\n /**\n * The list of endpoints that the script is allowed to access.\n */\n readonly allowedEndpoints: Output<network.L3Endpoint[]>\n\n constructor(name: string, args: ScriptBundleArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:ScriptBundle\", name, args, opts)\n\n const scriptEnvironment = output(args)\n .apply(args => normalize(args.environment, args.environments))\n .apply(args => deepmerge(emptyScriptEnvironment, ...args)) as Output<\n Unwrap<ResolvedScriptEnvironment>\n >\n\n const hasFunctionScripts = scriptEnvironment.apply(scriptEnvironment => {\n return Object.values(scriptEnvironment.files).some(file => typeof file === \"function\")\n })\n\n this.distribution = args.distribution\n this.environment = scriptEnvironment.environment\n\n this.image = hasFunctionScripts.apply(hasFunctionScripts =>\n output(\n hasFunctionScripts\n ? functionScriptImages[args.distribution]\n : scriptEnvironment[args.distribution].image,\n ),\n )\n\n this.allowedEndpoints = output({ scriptEnvironment, hasFunctionScripts }).apply(\n ({ scriptEnvironment, hasFunctionScripts }) => {\n const allowedEndpoints = [\n ...scriptEnvironment.allowedEndpoints,\n ...scriptEnvironment[args.distribution].allowedEndpoints,\n ]\n\n if (hasFunctionScripts) {\n allowedEndpoints.push(\"tcp://registry.npmjs.org:443\")\n }\n\n return allowedEndpoints.map(endpoint => parseEndpoint(endpoint))\n },\n )\n\n this.configMap = output({ scriptEnvironment, args }).apply(({ scriptEnvironment, args }) => {\n return ConfigMap.create(\n name,\n {\n namespace: args.namespace,\n\n data: createScriptData(this.distribution, scriptEnvironment),\n },\n { ...opts, parent: this },\n )\n })\n\n this.volumes = output({ hasFunctionScripts, volumes: scriptEnvironment.volumes }).apply(\n ({ hasFunctionScripts, volumes }) => {\n return [\n ...volumes,\n {\n name: this.configMap.metadata.name,\n\n configMap: {\n name: this.configMap.metadata.name,\n defaultMode: 0o550, // read and execute permissions\n },\n },\n ...(hasFunctionScripts ? [{ name: \"node-modules\", emptyDir: {} }] : []),\n ]\n },\n )\n\n this.volumeMounts = output({\n hasFunctionScripts,\n volumeMounts: scriptEnvironment.volumeMounts,\n }).apply(({ hasFunctionScripts, volumeMounts }) => {\n return [\n ...volumeMounts,\n {\n volume: this.configMap,\n mountPath: \"/scripts\",\n },\n ...(hasFunctionScripts\n ? [{ name: \"node-modules\", mountPath: \"/scripts/node_modules\" }]\n : []),\n ]\n })\n }\n}\n\nfunction stripWorkspacePrefix(value: string): string {\n if (value.startsWith(\"workspace:\")) {\n return value.replace(\"workspace:\", \"\")\n }\n\n return value\n}\n\nasync function createScriptData(\n distribution: ScriptDistribution,\n environment: Unwrap<ResolvedScriptEnvironment>,\n): Promise<Record<string, string>> {\n const scriptData: Record<string, string> = {}\n const actions: string[] = []\n\n const distributionEnvironment = environment[distribution]\n const setupScripts = { ...environment.setupScripts }\n\n let hasFunctionScripts = false\n\n for (const key in environment.files) {\n if (typeof environment.files[key] === \"function\") {\n const serialized = await serializeFunction(environment.files[key])\n\n scriptData[key] = text`\n #!/usr/local/bin/bun\n \n ${serialized.text}\n\n exports.${serialized.exportName}()\n `\n\n hasFunctionScripts = true\n } else {\n scriptData[key] = environment.files[key]\n }\n }\n\n if (hasFunctionScripts) {\n const packageJson = await readPackageJSON()\n\n packageJson.dependencies = omitBy(\n mapValues(packageJson.dependencies ?? {}, stripWorkspacePrefix),\n (_, key) => key.startsWith(\"@highstate/\"),\n )\n\n packageJson.devDependencies = omitBy(\n mapValues(packageJson.devDependencies ?? {}, stripWorkspacePrefix),\n (_, key) => key.startsWith(\"@highstate/\"),\n )\n\n scriptData[\"package.json\"] = JSON.stringify(packageJson, null, 2)\n\n setupScripts[\"resolve-dependencies.sh\"] = text`\n #!/usr/local/bin/bun\n set -e\n\n cd /scripts\n bun install --production\n `\n }\n\n if (distributionEnvironment.preInstallPackages.length > 0) {\n scriptData[\"pre-install-packages.sh\"] = getInstallPackagesScript(\n distribution,\n distributionEnvironment.preInstallPackages,\n )\n\n actions.push(`\n echo \"+ Installing pre-install packages...\"\n /scripts/pre-install-packages.sh\n echo \"+ Pre-install packages installed successfully\"\n `)\n }\n\n if (Object.keys(distributionEnvironment.preInstallScripts).length > 0) {\n for (const key in distributionEnvironment.preInstallScripts) {\n scriptData[`pre-install-${key}`] = distributionEnvironment.preInstallScripts[key]\n\n actions.push(`\n echo \"+ Running pre-install script '${key}'...\"\n /scripts/pre-install-${key}\n echo \"+ Pre-install script '${key}'... Done\"\n `)\n }\n }\n\n if (distributionEnvironment.packages.length > 0) {\n scriptData[\"install-packages.sh\"] = getInstallPackagesScript(\n distribution,\n distributionEnvironment.packages,\n )\n\n actions.push(`\n echo \"+ Installing packages...\"\n /scripts/install-packages.sh\n echo \"+ Packages installed successfully\"\n `)\n }\n\n if (Object.keys(setupScripts).length > 0) {\n for (const key in setupScripts) {\n scriptData[`setup-${key}`] = setupScripts[key]\n\n actions.push(`\n echo \"+ Running setup script '${key}'...\"\n /scripts/setup-${key}\n echo \"+ Setup script '${key}'... Done\"\n `)\n }\n }\n\n if (Object.keys(environment.cleanupScripts).length > 0) {\n const cleanupActions: string[] = []\n\n for (const key in environment.cleanupScripts) {\n scriptData[`cleanup-${key}`] = environment.cleanupScripts[key]\n\n cleanupActions.push(`\n echo \"+ Running cleanup script '${key}'...\"\n /scripts/cleanup-${key}\n echo \"+ Cleanup script '${key}'... Done\"\n `)\n }\n\n actions.push(`\n function cleanup() {\n ${cleanupActions.map(s => s.trim()).join(\"\\n\\n\")}\n }\n\n trap cleanup EXIT\n trap cleanup SIGTERM\n `)\n }\n\n scriptData[\"entrypoint.sh\"] = trimIndentation(`\n #!/bin/sh\n set -e\n\n if [ -z \"$1\" ]; then\n echo \"Usage: entrypoint.sh <main script> [args...]\"\n exit 1\n fi\n\n ${actions.map(s => s.trim()).join(\"\\n\\n\")}\n\n echo \"+ Running main script...\"\n $@\n echo \"+ Main script completed\"\n `)\n\n return scriptData\n}\n\nfunction getInstallPackagesScript(distribution: ScriptDistribution, packages: string[]): string {\n if (distribution === \"alpine\") {\n return text`\n #!/bin/sh\n set -e\n\n apk add --no-cache ${packages.join(\" \")}\n `\n } else {\n return text`\n #!/bin/sh\n set -e\n\n apt-get update\n apt-get install -y ${packages.join(\" \")}\n `\n }\n}\n","import type { Container } from \"../container\"\nimport type { ScriptBundle } from \"./bundle\"\nimport { type Input, type Output, output } from \"@pulumi/pulumi\"\nimport { merge } from \"remeda\"\n\nexport type ScriptContainer = Container & {\n /**\n * The script bundle to use.\n */\n bundle: Input<ScriptBundle>\n\n /**\n * The name of the main script to run.\n * The script must be available in the bundle.\n */\n main: Input<string>\n}\n\n/**\n * Creates a spec for a container that runs a script.\n * This spec can be used to create a complete workload or an init container.\n *\n * @param options The options to create the container spec.\n * @returns The container spec.\n */\nexport function createScriptContainer(options: ScriptContainer): Output<Container> {\n const bundle = output(options.bundle)\n\n return output({\n options,\n image: bundle.image,\n volumeMounts: bundle.volumeMounts,\n volumes: bundle.volumes,\n environment: bundle.environment,\n allowedEndpoints: bundle.allowedEndpoints,\n }).apply(({ options, image, volumeMounts, volumes, environment, allowedEndpoints }) => {\n return {\n image,\n command: [\"/scripts/entrypoint.sh\", `/scripts/${options.main}`],\n\n ...options,\n\n volumeMounts: [...volumeMounts, ...(options.volumeMounts ?? [])],\n volumes: [...volumes, ...(options.volumes ?? [])],\n environment: merge(environment, options.environment),\n allowedEndpoints: [...allowedEndpoints, ...(options.allowedEndpoints ?? [])],\n } as Container\n })\n}\n","import type { UnitWorker } from \"@highstate/contract\"\nimport type { k8s } from \"@highstate/library\"\nimport type { DeepInput, Input, InputArray, Unwrap } from \"@highstate/pulumi\"\nimport type { Namespace } from \"./namespace\"\nimport { type Output, output } from \"@pulumi/pulumi\"\nimport { ClusterAccessScope } from \"./rbac\"\nimport { getClusterKubeconfigContent, images, type NamespacedResource } from \"./shared\"\n\nexport async function createMonitorWorker(\n namespace: Input<Namespace>,\n resources: InputArray<NamespacedResource>,\n): Promise<Output<Unwrap<UnitWorker>>> {\n const scope = new ClusterAccessScope(\"monitor\", {\n rule: {\n apiGroups: [\"\", \"apps\"],\n resources: [\"deployments\", \"statefulsets\", \"services\", \"pods\"],\n verbs: [\"get\", \"list\", \"watch\"],\n },\n\n namespace,\n resources,\n })\n\n return output({\n name: \"monitor\",\n image: images[\"worker.k8s-monitor\"].image,\n\n params: {\n kubeconfig: getClusterKubeconfigContent(scope.cluster),\n resources: output(resources).apply(resources => resources.map(r => r.entity)),\n } satisfies DeepInput<k8s.MonitorWorkerParams>,\n })\n}\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"names":[],"mappings":"","file":"job-PE4AKOHB.js"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export { StatefulSet } from './chunk-S77TE7UC.js';
|
|
2
|
+
import './chunk-SZKOAHNX.js';
|
|
3
|
+
import './chunk-OG2OPX7B.js';
|
|
4
|
+
import './chunk-TOLFVF4S.js';
|
|
5
|
+
import './chunk-PZYGZSN5.js';
|
|
6
|
+
//# sourceMappingURL=stateful-set-LUIRHQJY.js.map
|
|
7
|
+
//# sourceMappingURL=stateful-set-LUIRHQJY.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":[],"names":[],"mappings":"","file":"stateful-set-
|
|
1
|
+
{"version":3,"sources":[],"names":[],"mappings":"","file":"stateful-set-LUIRHQJY.js"}
|
|
@@ -1,11 +1,10 @@
|
|
|
1
|
-
import { Chart } from '../../chunk-
|
|
2
|
-
import '../../chunk-
|
|
3
|
-
import '../../chunk-
|
|
4
|
-
import '../../chunk-
|
|
5
|
-
import '../../chunk-
|
|
6
|
-
import '../../chunk-
|
|
7
|
-
import
|
|
8
|
-
import '../../chunk-PZ5AY32C.js';
|
|
1
|
+
import { Chart } from '../../chunk-TVKT3ZYX.js';
|
|
2
|
+
import '../../chunk-BTAEFJ5N.js';
|
|
3
|
+
import '../../chunk-S77TE7UC.js';
|
|
4
|
+
import '../../chunk-SZKOAHNX.js';
|
|
5
|
+
import '../../chunk-OG2OPX7B.js';
|
|
6
|
+
import { Namespace } from '../../chunk-TOLFVF4S.js';
|
|
7
|
+
import '../../chunk-PZYGZSN5.js';
|
|
9
8
|
import { k8s } from '@highstate/library';
|
|
10
9
|
import { forUnit } from '@highstate/pulumi';
|
|
11
10
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../assets/charts.json","../../../src/units/cert-manager/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../assets/charts.json","../../../src/units/cert-manager/index.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,IAAA,cAAA,GAAA;AAAA,EACE,cAAA,EAAgB;AAAA,IACd,IAAA,EAAQ,4BAAA;AAAA,IACR,IAAA,EAAQ,cAAA;AAAA,IACR,OAAA,EAAW,SAAA;AAAA,IACX,MAAA,EAAU;AAAA;AAEd,CAAA;;;ACDA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,WAAW,CAAA;AAEzD,IAAM,SAAA,GAAY,UAAU,MAAA,CAAO,cAAA,EAAgB,EAAE,OAAA,EAAS,MAAA,CAAO,YAAY,CAAA;AAEjF,IAAI,MAAM,cAAA,EAAgB;AAAA,EACxB,SAAA;AAAA,EAEA,KAAA,EAAO,eAAO,cAAc,CAAA;AAAA,EAE5B,MAAA,EAAQ;AAAA,IACN,IAAA,EAAM;AAAA,MACJ,OAAA,EAAS;AAAA,KACX;AAAA,IAEA,MAAA,EAAQ;AAAA,MACN,UAAA,EAAY,4CAAA;AAAA,MACZ,IAAA,EAAM,yBAAA;AAAA,MACN,kBAAkB,IAAA,CAAK;AAAA;AACzB;AAEJ,CAAC,CAAA;AAED,IAAO,uBAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,MAAA,CAAO;AACrB,CAAC","file":"index.js","sourcesContent":["{\n \"cert-manager\": {\n \"repo\": \"https://charts.jetstack.io\",\n \"name\": \"cert-manager\",\n \"version\": \"v1.18.2\",\n \"sha256\": \"daddf7af7b1f0eaaa10edd790aefa0bd8c2b07830febf659460d843217f5b3c5\"\n }\n}\n","import { k8s } from \"@highstate/library\"\nimport { forUnit } from \"@highstate/pulumi\"\nimport charts from \"../../../assets/charts.json\"\nimport { Chart } from \"../../helm\"\nimport { Namespace } from \"../../namespace\"\n\nconst { args, inputs, outputs } = forUnit(k8s.certManager)\n\nconst namespace = Namespace.create(\"cert-manager\", { cluster: inputs.k8sCluster })\n\nnew Chart(\"cert-manager\", {\n namespace,\n\n chart: charts[\"cert-manager\"],\n\n values: {\n crds: {\n enabled: true,\n },\n\n config: {\n apiVersion: \"controller.config.cert-manager.io/v1alpha1\",\n kind: \"ControllerConfiguration\",\n enableGatewayAPI: args.enableGatewayApi,\n },\n },\n})\n\nexport default outputs({\n k8sCluster: inputs.k8sCluster,\n})\n"]}
|
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
import '../../chunk-
|
|
1
|
+
import '../../chunk-PZYGZSN5.js';
|
|
2
2
|
import { parseEndpoints, l4EndpointToString, l3EndpointToString } from '@highstate/common';
|
|
3
3
|
import { k8s } from '@highstate/library';
|
|
4
4
|
import { forUnit, toPromise } from '@highstate/pulumi';
|
|
5
5
|
|
|
6
6
|
var { args, inputs, outputs } = forUnit(k8s.clusterPatch);
|
|
7
7
|
var cluster = await toPromise(inputs.k8sCluster);
|
|
8
|
-
var endpoints =
|
|
9
|
-
var apiEndpoints =
|
|
8
|
+
var endpoints = parseEndpoints([...args.endpoints, ...inputs.endpoints], 3);
|
|
9
|
+
var apiEndpoints = parseEndpoints([...args.apiEndpoints, ...inputs.apiEndpoints], 4);
|
|
10
10
|
var newEndpoints = endpoints.length > 0 ? endpoints : cluster.endpoints;
|
|
11
11
|
var newApiEndpoints = apiEndpoints.length > 0 ? apiEndpoints : cluster.apiEndpoints;
|
|
12
12
|
var cluster_patch_default = outputs({
|
|
13
|
-
k8sCluster:
|
|
14
|
-
...k8sCluster,
|
|
13
|
+
k8sCluster: {
|
|
14
|
+
...inputs.k8sCluster,
|
|
15
15
|
endpoints: newEndpoints,
|
|
16
16
|
apiEndpoints: newApiEndpoints
|
|
17
|
-
}
|
|
17
|
+
},
|
|
18
18
|
$statusFields: {
|
|
19
19
|
endpoints: endpoints.map(l3EndpointToString),
|
|
20
20
|
apiEndpoints: apiEndpoints.map(l4EndpointToString)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/units/cluster-patch/index.ts"],"names":[],"mappings":";;;;;AAIA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,YAAY,CAAA;AAE1D,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AACjD,IAAM,
|
|
1
|
+
{"version":3,"sources":["../../../src/units/cluster-patch/index.ts"],"names":[],"mappings":";;;;;AAIA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,YAAY,CAAA;AAE1D,IAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AACjD,IAAM,SAAA,GAAY,cAAA,CAAe,CAAC,GAAG,IAAA,CAAK,WAAW,GAAG,MAAA,CAAO,SAAS,CAAA,EAAG,CAAC,CAAA;AAC5E,IAAM,YAAA,GAAe,cAAA,CAAe,CAAC,GAAG,IAAA,CAAK,cAAc,GAAG,MAAA,CAAO,YAAY,CAAA,EAAG,CAAC,CAAA;AAErF,IAAM,YAAA,GAAe,SAAA,CAAU,MAAA,GAAS,CAAA,GAAI,YAAY,OAAA,CAAQ,SAAA;AAChE,IAAM,eAAA,GAAkB,YAAA,CAAa,MAAA,GAAS,CAAA,GAAI,eAAe,OAAA,CAAQ,YAAA;AAEzE,IAAO,wBAAQ,OAAA,CAAQ;AAAA,EACrB,UAAA,EAAY;AAAA,IACV,GAAG,MAAA,CAAO,UAAA;AAAA,IACV,SAAA,EAAW,YAAA;AAAA,IACX,YAAA,EAAc;AAAA,GAChB;AAAA,EAEA,aAAA,EAAe;AAAA,IACb,SAAA,EAAW,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,IAC3C,YAAA,EAAc,YAAA,CAAa,GAAA,CAAI,kBAAkB;AAAA;AAErD,CAAC","file":"index.js","sourcesContent":["import { l3EndpointToString, l4EndpointToString, parseEndpoints } from \"@highstate/common\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\n\nconst { args, inputs, outputs } = forUnit(k8s.clusterPatch)\n\nconst cluster = await toPromise(inputs.k8sCluster)\nconst endpoints = parseEndpoints([...args.endpoints, ...inputs.endpoints], 3)\nconst apiEndpoints = parseEndpoints([...args.apiEndpoints, ...inputs.apiEndpoints], 4)\n\nconst newEndpoints = endpoints.length > 0 ? endpoints : cluster.endpoints\nconst newApiEndpoints = apiEndpoints.length > 0 ? apiEndpoints : cluster.apiEndpoints\n\nexport default outputs({\n k8sCluster: {\n ...inputs.k8sCluster,\n endpoints: newEndpoints,\n apiEndpoints: newApiEndpoints,\n },\n\n $statusFields: {\n endpoints: endpoints.map(l3EndpointToString),\n apiEndpoints: apiEndpoints.map(l4EndpointToString),\n },\n})\n"]}
|
|
@@ -1,16 +1,39 @@
|
|
|
1
1
|
import { dns01SolverMediator } from '../../chunk-HH2JJELM.js';
|
|
2
|
-
import { getProviderAsync, Namespace } from '../../chunk-
|
|
3
|
-
import '../../chunk-
|
|
2
|
+
import { getProviderAsync, Namespace, Secret } from '../../chunk-TOLFVF4S.js';
|
|
3
|
+
import '../../chunk-PZYGZSN5.js';
|
|
4
4
|
import { cert_manager } from '@highstate/cert-manager';
|
|
5
|
-
import { k8s } from '@highstate/library';
|
|
6
|
-
import { forUnit } from '@highstate/pulumi';
|
|
5
|
+
import { k8s, common } from '@highstate/library';
|
|
6
|
+
import { forUnit, makeEntityOutput } from '@highstate/pulumi';
|
|
7
7
|
|
|
8
|
-
var { name, inputs, outputs } = forUnit(k8s.dns01TlsIssuer);
|
|
8
|
+
var { name, args, secrets, inputs, outputs } = forUnit(k8s.dns01TlsIssuer);
|
|
9
9
|
var provider = await getProviderAsync(inputs.k8sCluster);
|
|
10
10
|
var certManagerNs = Namespace.get("cert-manager", {
|
|
11
11
|
name: "cert-manager",
|
|
12
12
|
cluster: inputs.k8sCluster
|
|
13
13
|
});
|
|
14
|
+
var eabSecret;
|
|
15
|
+
if (args.acmeServer.type === "zerossl") {
|
|
16
|
+
if (!secrets.eabKeyId || !secrets.eabKeySecret) {
|
|
17
|
+
throw new Error("EAB key ID and secret are required for ZeroSSL ACME server");
|
|
18
|
+
}
|
|
19
|
+
eabSecret = Secret.create(`${name}-eab`, {
|
|
20
|
+
namespace: certManagerNs,
|
|
21
|
+
stringData: {
|
|
22
|
+
keyId: secrets.eabKeyId,
|
|
23
|
+
keySecret: secrets.eabKeySecret
|
|
24
|
+
}
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
var getAcmeServer = () => {
|
|
28
|
+
switch (args.acmeServer.type) {
|
|
29
|
+
case "zerossl":
|
|
30
|
+
return "https://acme.zerossl.com/v2/DV90";
|
|
31
|
+
case "letsencrypt":
|
|
32
|
+
return "https://acme-v02.api.letsencrypt.org/directory";
|
|
33
|
+
case "custom":
|
|
34
|
+
return args.acmeServer.url;
|
|
35
|
+
}
|
|
36
|
+
};
|
|
14
37
|
new cert_manager.v1.ClusterIssuer(
|
|
15
38
|
name,
|
|
16
39
|
{
|
|
@@ -19,7 +42,7 @@ new cert_manager.v1.ClusterIssuer(
|
|
|
19
42
|
},
|
|
20
43
|
spec: {
|
|
21
44
|
acme: {
|
|
22
|
-
server:
|
|
45
|
+
server: getAcmeServer(),
|
|
23
46
|
solvers: [
|
|
24
47
|
{
|
|
25
48
|
dns01: dns01SolverMediator.callOutput(inputs.dnsProvider.implRef, {
|
|
@@ -30,23 +53,37 @@ new cert_manager.v1.ClusterIssuer(
|
|
|
30
53
|
],
|
|
31
54
|
privateKeySecretRef: {
|
|
32
55
|
name
|
|
33
|
-
}
|
|
56
|
+
},
|
|
57
|
+
externalAccountBinding: eabSecret ? {
|
|
58
|
+
keyID: eabSecret.stringData.keyId,
|
|
59
|
+
keySecretRef: {
|
|
60
|
+
name: eabSecret.metadata.name,
|
|
61
|
+
key: "keySecret"
|
|
62
|
+
}
|
|
63
|
+
} : void 0
|
|
34
64
|
}
|
|
35
65
|
}
|
|
36
66
|
},
|
|
37
67
|
{ provider }
|
|
38
68
|
);
|
|
39
69
|
var dns01_issuer_default = outputs({
|
|
40
|
-
tlsIssuer: {
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
70
|
+
tlsIssuer: makeEntityOutput({
|
|
71
|
+
entity: common.tlsIssuerEntity,
|
|
72
|
+
identity: `${name}:tls-issuer`,
|
|
73
|
+
meta: {
|
|
74
|
+
title: name
|
|
75
|
+
},
|
|
76
|
+
value: {
|
|
77
|
+
zones: inputs.dnsProvider.zones,
|
|
78
|
+
implRef: {
|
|
79
|
+
package: "@highstate/k8s",
|
|
80
|
+
data: {
|
|
81
|
+
clusterIssuerName: name,
|
|
82
|
+
cluster: inputs.k8sCluster
|
|
83
|
+
}
|
|
47
84
|
}
|
|
48
85
|
}
|
|
49
|
-
},
|
|
86
|
+
}),
|
|
50
87
|
$statusFields: {
|
|
51
88
|
zones: inputs.dnsProvider.zones
|
|
52
89
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/units/dns01-issuer/index.ts"],"names":[],"mappings":";;;;;;;
|
|
1
|
+
{"version":3,"sources":["../../../src/units/dns01-issuer/index.ts"],"names":[],"mappings":";;;;;;;AAQA,IAAM,EAAE,MAAM,IAAA,EAAM,OAAA,EAAS,QAAQ,OAAA,EAAQ,GAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AAE3E,IAAM,QAAA,GAAW,MAAM,gBAAA,CAAiB,MAAA,CAAO,UAAU,CAAA;AAEzD,IAAM,aAAA,GAAgB,SAAA,CAAU,GAAA,CAAI,cAAA,EAAgB;AAAA,EAClD,IAAA,EAAM,cAAA;AAAA,EACN,SAAS,MAAA,CAAO;AAClB,CAAC,CAAA;AAED,IAAI,SAAA;AAEJ,IAAI,IAAA,CAAK,UAAA,CAAW,IAAA,KAAS,SAAA,EAAW;AACtC,EAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,IAAY,CAAC,QAAQ,YAAA,EAAc;AAC9C,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AAEA,EAAA,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,IAAI,CAAA,IAAA,CAAA,EAAQ;AAAA,IACvC,SAAA,EAAW,aAAA;AAAA,IACX,UAAA,EAAY;AAAA,MACV,OAAO,OAAA,CAAQ,QAAA;AAAA,MACf,WAAW,OAAA,CAAQ;AAAA;AACrB,GACD,CAAA;AACH;AAEA,IAAM,gBAAgB,MAAM;AAC1B,EAAA,QAAQ,IAAA,CAAK,WAAW,IAAA;AAAM,IAC5B,KAAK,SAAA;AACH,MAAA,OAAO,kCAAA;AAAA,IACT,KAAK,aAAA;AACH,MAAA,OAAO,gDAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,KAAK,UAAA,CAAW,GAAA;AAAA;AAE7B,CAAA;AAEA,IAAI,aAAa,EAAA,CAAG,aAAA;AAAA,EAClB,IAAA;AAAA,EACA;AAAA,IACE,QAAA,EAAU;AAAA,MACR;AAAA,KACF;AAAA,IACA,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM;AAAA,QACJ,QAAQ,aAAA,EAAc;AAAA,QACtB,OAAA,EAAS;AAAA,UACP;AAAA,YACE,KAAA,EAAO,mBAAA,CAAoB,UAAA,CAAW,MAAA,CAAO,YAAY,OAAA,EAAS;AAAA,cAChE,SAAA,EAAW;AAAA,aACZ,CAAA;AAAA,YACD,QAAA,EAAU,EAAE,QAAA,EAAU,MAAA,CAAO,YAAY,KAAA;AAAM;AACjD,SACF;AAAA,QACA,mBAAA,EAAqB;AAAA,UACnB;AAAA,SACF;AAAA,QACA,wBAAwB,SAAA,GACpB;AAAA,UACE,KAAA,EAAO,UAAU,UAAA,CAAW,KAAA;AAAA,UAC5B,YAAA,EAAc;AAAA,YACZ,IAAA,EAAM,UAAU,QAAA,CAAS,IAAA;AAAA,YACzB,GAAA,EAAK;AAAA;AACP,SACF,GACA;AAAA;AACN;AACF,GACF;AAAA,EACA,EAAE,QAAA;AACJ,CAAA;AAEA,IAAO,uBAAQ,OAAA,CAAQ;AAAA,EACrB,WAAW,gBAAA,CAAiB;AAAA,IAC1B,QAAQ,MAAA,CAAO,eAAA;AAAA,IACf,QAAA,EAAU,GAAG,IAAI,CAAA,WAAA,CAAA;AAAA,IACjB,IAAA,EAAM;AAAA,MACJ,KAAA,EAAO;AAAA,KACT;AAAA,IACA,KAAA,EAAO;AAAA,MACL,KAAA,EAAO,OAAO,WAAA,CAAY,KAAA;AAAA,MAC1B,OAAA,EAAS;AAAA,QACP,OAAA,EAAS,gBAAA;AAAA,QACT,IAAA,EAAM;AAAA,UACJ,iBAAA,EAAmB,IAAA;AAAA,UACnB,SAAS,MAAA,CAAO;AAAA;AAClB;AACF;AACF,GACD,CAAA;AAAA,EAED,aAAA,EAAe;AAAA,IACb,KAAA,EAAO,OAAO,WAAA,CAAY;AAAA;AAE9B,CAAC","file":"index.js","sourcesContent":["import { cert_manager } from \"@highstate/cert-manager\"\nimport { common, k8s } from \"@highstate/library\"\nimport { forUnit, makeEntityOutput } from \"@highstate/pulumi\"\nimport { dns01SolverMediator } from \"../../dns01-solver\"\nimport { Namespace } from \"../../namespace\"\nimport { Secret } from \"../../secret\"\nimport { getProviderAsync } from \"../../shared\"\n\nconst { name, args, secrets, inputs, outputs } = forUnit(k8s.dns01TlsIssuer)\n\nconst provider = await getProviderAsync(inputs.k8sCluster)\n\nconst certManagerNs = Namespace.get(\"cert-manager\", {\n name: \"cert-manager\",\n cluster: inputs.k8sCluster,\n})\n\nlet eabSecret: Secret | undefined\n\nif (args.acmeServer.type === \"zerossl\") {\n if (!secrets.eabKeyId || !secrets.eabKeySecret) {\n throw new Error(\"EAB key ID and secret are required for ZeroSSL ACME server\")\n }\n\n eabSecret = Secret.create(`${name}-eab`, {\n namespace: certManagerNs,\n stringData: {\n keyId: secrets.eabKeyId,\n keySecret: secrets.eabKeySecret,\n },\n })\n}\n\nconst getAcmeServer = () => {\n switch (args.acmeServer.type) {\n case \"zerossl\":\n return \"https://acme.zerossl.com/v2/DV90\"\n case \"letsencrypt\":\n return \"https://acme-v02.api.letsencrypt.org/directory\"\n case \"custom\":\n return args.acmeServer.url\n }\n}\n\nnew cert_manager.v1.ClusterIssuer(\n name,\n {\n metadata: {\n name,\n },\n spec: {\n acme: {\n server: getAcmeServer(),\n solvers: [\n {\n dns01: dns01SolverMediator.callOutput(inputs.dnsProvider.implRef, {\n namespace: certManagerNs,\n }),\n selector: { dnsZones: inputs.dnsProvider.zones },\n },\n ],\n privateKeySecretRef: {\n name,\n },\n externalAccountBinding: eabSecret\n ? {\n keyID: eabSecret.stringData.keyId,\n keySecretRef: {\n name: eabSecret.metadata.name,\n key: \"keySecret\",\n },\n }\n : undefined,\n },\n },\n },\n { provider },\n)\n\nexport default outputs({\n tlsIssuer: makeEntityOutput({\n entity: common.tlsIssuerEntity,\n identity: `${name}:tls-issuer`,\n meta: {\n title: name,\n },\n value: {\n zones: inputs.dnsProvider.zones,\n implRef: {\n package: \"@highstate/k8s\",\n data: {\n clusterIssuerName: name,\n cluster: inputs.k8sCluster,\n },\n },\n },\n }),\n\n $statusFields: {\n zones: inputs.dnsProvider.zones,\n },\n})\n"]}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { detectExternalIps, createK8sTerminal } from '../../chunk-
|
|
2
|
-
import '../../chunk-
|
|
3
|
-
import '../../chunk-
|
|
1
|
+
import { detectExternalIps, createK8sTerminal } from '../../chunk-ADHZK6V2.js';
|
|
2
|
+
import '../../chunk-TOLFVF4S.js';
|
|
3
|
+
import '../../chunk-PZYGZSN5.js';
|
|
4
4
|
import { parseAddress, mergeAddresses, parseEndpoints, parseEndpoint, mergeEndpoints, l4EndpointToString, l3EndpointToString } from '@highstate/common';
|
|
5
|
-
import { k8s } from '@highstate/library';
|
|
6
|
-
import { forUnit, toPromise,
|
|
5
|
+
import { k8s, common } from '@highstate/library';
|
|
6
|
+
import { forUnit, toPromise, makeEntityOutput } from '@highstate/pulumi';
|
|
7
7
|
import { KubeConfig, AppsV1Api } from '@kubernetes/client-node';
|
|
8
8
|
import { Provider, core } from '@pulumi/kubernetes';
|
|
9
9
|
|
|
@@ -26,29 +26,50 @@ if (args.autoDetectExternalIps) {
|
|
|
26
26
|
const detectedIps = await detectExternalIps(kubeConfig, args.internalIpsPolicy);
|
|
27
27
|
externalIps = mergeAddresses([...externalIps, ...detectedIps]);
|
|
28
28
|
}
|
|
29
|
-
var endpoints =
|
|
29
|
+
var endpoints = parseEndpoints([...args.endpoints, ...inputs.endpoints]);
|
|
30
30
|
if (args.useExternalIpsAsEndpoints) {
|
|
31
31
|
const ipEndpoints = externalIps.map((ip) => parseEndpoint(ip));
|
|
32
32
|
endpoints = mergeEndpoints([...endpoints, ...ipEndpoints]);
|
|
33
33
|
}
|
|
34
|
-
var apiEndpoints =
|
|
34
|
+
var apiEndpoints = parseEndpoints([...args.apiEndpoints, ...inputs.endpoints], 4);
|
|
35
35
|
if (args.useKubeconfigApiEndpoint) {
|
|
36
36
|
const configEndpoint = parseEndpoint(kubeConfig.clusters[0].server.replace("https://", ""), 4);
|
|
37
37
|
apiEndpoints = mergeEndpoints([configEndpoint, ...apiEndpoints]);
|
|
38
38
|
}
|
|
39
39
|
var kubeSystem = core.v1.Namespace.get("kube-system", "kube-system", { provider });
|
|
40
40
|
var existing_cluster_default = outputs({
|
|
41
|
-
k8sCluster: {
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
41
|
+
k8sCluster: makeEntityOutput({
|
|
42
|
+
entity: k8s.clusterEntity,
|
|
43
|
+
identity: kubeSystem.metadata.uid,
|
|
44
|
+
value: {
|
|
45
|
+
id: kubeSystem.metadata.uid,
|
|
46
|
+
connectionId: kubeSystem.metadata.uid,
|
|
47
|
+
name,
|
|
48
|
+
networkPolicyImplRef,
|
|
49
|
+
externalIps,
|
|
50
|
+
endpoints,
|
|
51
|
+
apiEndpoints,
|
|
52
|
+
quirks: args.quirks,
|
|
53
|
+
kubeconfig: makeEntityOutput({
|
|
54
|
+
entity: common.fileEntity,
|
|
55
|
+
identity: `${name}:kubeconfig`,
|
|
56
|
+
meta: {
|
|
57
|
+
title: "Kubeconfig"
|
|
58
|
+
},
|
|
59
|
+
value: {
|
|
60
|
+
content: {
|
|
61
|
+
type: "embedded-secret",
|
|
62
|
+
value: kubeconfigContent
|
|
63
|
+
},
|
|
64
|
+
meta: {
|
|
65
|
+
name: "kubeconfig",
|
|
66
|
+
contentType: "text/yaml",
|
|
67
|
+
mode: 384
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
})
|
|
71
|
+
}
|
|
72
|
+
}),
|
|
52
73
|
$terminals: [createK8sTerminal(kubeconfigContent)],
|
|
53
74
|
$statusFields: {
|
|
54
75
|
clusterId: kubeSystem.metadata.uid,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/units/existing-cluster/index.ts"],"names":[],"mappings":";;;;;;;;;AAeA,IAAM,EAAE,MAAM,IAAA,EAAM,MAAA,EAAQ,SAAS,OAAA,EAAQ,GAAI,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AAE5E,IAAM,iBAAA,GAAoB,MAAM,SAAA,CAAU,OAAA,CAAQ,WAAW,KAAA,CAAM,IAAA,CAAK,SAAS,CAAC,CAAA;AAElF,IAAM,WAAW,IAAI,QAAA,CAAS,MAAM,EAAE,UAAA,EAAY,mBAAmB,CAAA;AAErE,IAAI,oBAAA;AAEJ,IAAM,UAAA,GAAa,IAAI,UAAA,EAAW;AAClC,UAAA,CAAW,eAAe,iBAAiB,CAAA;AAE3C,IAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAElD,IAAM,YAAY,MAAM,OAAA,CACrB,uBAAA,CAAwB,EAAE,MAAM,QAAA,EAAU,SAAA,EAAW,aAAA,EAAe,EACpE,IAAA,CAAK,MAAM,IAAI,CAAA,CACf,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,IAAI,SAAA,EAAW;AACb,EAAA,oBAAA,GAAuB;AAAA,IACrB,OAAA,EAAS,mBAAA;AAAA,IACT,MAAM;AAAC,GACT;AACF;AAGA,IAAI,WAAA,GAAc,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,YAAY,CAAA;AAEnD,IAAI,KAAK,qBAAA,EAAuB;AAC9B,EAAA,MAAM,WAAA,GAAc,MAAM,iBAAA,CAAkB,UAAA,EAAY,KAAK,iBAAiB,CAAA;AAC9E,EAAA,WAAA,GAAc,eAAe,CAAC,GAAG,WAAA,EAAa,GAAG,WAAW,CAAC,CAAA;AAC/D;AAGA,IAAI,
|
|
1
|
+
{"version":3,"sources":["../../../src/units/existing-cluster/index.ts"],"names":[],"mappings":";;;;;;;;;AAeA,IAAM,EAAE,MAAM,IAAA,EAAM,MAAA,EAAQ,SAAS,OAAA,EAAQ,GAAI,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AAE5E,IAAM,iBAAA,GAAoB,MAAM,SAAA,CAAU,OAAA,CAAQ,WAAW,KAAA,CAAM,IAAA,CAAK,SAAS,CAAC,CAAA;AAElF,IAAM,WAAW,IAAI,QAAA,CAAS,MAAM,EAAE,UAAA,EAAY,mBAAmB,CAAA;AAErE,IAAI,oBAAA;AAEJ,IAAM,UAAA,GAAa,IAAI,UAAA,EAAW;AAClC,UAAA,CAAW,eAAe,iBAAiB,CAAA;AAE3C,IAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAElD,IAAM,YAAY,MAAM,OAAA,CACrB,uBAAA,CAAwB,EAAE,MAAM,QAAA,EAAU,SAAA,EAAW,aAAA,EAAe,EACpE,IAAA,CAAK,MAAM,IAAI,CAAA,CACf,KAAA,CAAM,MAAM,KAAK,CAAA;AAEpB,IAAI,SAAA,EAAW;AACb,EAAA,oBAAA,GAAuB;AAAA,IACrB,OAAA,EAAS,mBAAA;AAAA,IACT,MAAM;AAAC,GACT;AACF;AAGA,IAAI,WAAA,GAAc,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,YAAY,CAAA;AAEnD,IAAI,KAAK,qBAAA,EAAuB;AAC9B,EAAA,MAAM,WAAA,GAAc,MAAM,iBAAA,CAAkB,UAAA,EAAY,KAAK,iBAAiB,CAAA;AAC9E,EAAA,WAAA,GAAc,eAAe,CAAC,GAAG,WAAA,EAAa,GAAG,WAAW,CAAC,CAAA;AAC/D;AAGA,IAAI,SAAA,GAAY,eAAe,CAAC,GAAG,KAAK,SAAA,EAAW,GAAG,MAAA,CAAO,SAAS,CAAC,CAAA;AAEvE,IAAI,KAAK,yBAAA,EAA2B;AAClC,EAAA,MAAM,cAAc,WAAA,CAAY,GAAA,CAAI,CAAA,EAAA,KAAM,aAAA,CAAc,EAAE,CAAC,CAAA;AAC3D,EAAA,SAAA,GAAY,eAAe,CAAC,GAAG,SAAA,EAAW,GAAG,WAAW,CAAC,CAAA;AAC3D;AAGA,IAAI,YAAA,GAAe,cAAA,CAAe,CAAC,GAAG,IAAA,CAAK,cAAc,GAAG,MAAA,CAAO,SAAS,CAAA,EAAG,CAAC,CAAA;AAEhF,IAAI,KAAK,wBAAA,EAA0B;AACjC,EAAA,MAAM,cAAA,GAAiB,aAAA,CAAc,UAAA,CAAW,QAAA,CAAS,CAAC,CAAA,CAAE,MAAA,CAAO,OAAA,CAAQ,UAAA,EAAY,EAAE,CAAA,EAAG,CAAC,CAAA;AAC7F,EAAA,YAAA,GAAe,cAAA,CAAe,CAAC,cAAA,EAAgB,GAAG,YAAY,CAAC,CAAA;AACjE;AAEA,IAAM,UAAA,GAAa,KAAK,EAAA,CAAG,SAAA,CAAU,IAAI,aAAA,EAAe,aAAA,EAAe,EAAE,QAAA,EAAU,CAAA;AAEnF,IAAO,2BAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,gBAAA,CAAiB;AAAA,IAC3B,QAAQ,GAAA,CAAI,aAAA;AAAA,IACZ,QAAA,EAAU,WAAW,QAAA,CAAS,GAAA;AAAA,IAC9B,KAAA,EAAO;AAAA,MACL,EAAA,EAAI,WAAW,QAAA,CAAS,GAAA;AAAA,MACxB,YAAA,EAAc,WAAW,QAAA,CAAS,GAAA;AAAA,MAClC,IAAA;AAAA,MACA,oBAAA;AAAA,MACA,WAAA;AAAA,MACA,SAAA;AAAA,MACA,YAAA;AAAA,MACA,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,YAAY,gBAAA,CAAiB;AAAA,QAC3B,QAAQ,MAAA,CAAO,UAAA;AAAA,QACf,QAAA,EAAU,GAAG,IAAI,CAAA,WAAA,CAAA;AAAA,QACjB,IAAA,EAAM;AAAA,UACJ,KAAA,EAAO;AAAA,SACT;AAAA,QACA,KAAA,EAAO;AAAA,UACL,OAAA,EAAS;AAAA,YACP,IAAA,EAAM,iBAAA;AAAA,YACN,KAAA,EAAO;AAAA,WACT;AAAA,UACA,IAAA,EAAM;AAAA,YACJ,IAAA,EAAM,YAAA;AAAA,YACN,WAAA,EAAa,WAAA;AAAA,YACb,IAAA,EAAM;AAAA;AACR;AACF,OACD;AAAA;AACH,GACD,CAAA;AAAA,EAED,UAAA,EAAY,CAAC,iBAAA,CAAkB,iBAAiB,CAAC,CAAA;AAAA,EAEjD,aAAA,EAAe;AAAA,IACb,SAAA,EAAW,WAAW,QAAA,CAAS,GAAA;AAAA,IAC/B,SAAA,EAAW,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,IAC3C,YAAA,EAAc,YAAA,CAAa,GAAA,CAAI,kBAAkB;AAAA;AAErD,CAAC","file":"index.js","sourcesContent":["import {\n l3EndpointToString,\n l4EndpointToString,\n mergeAddresses,\n mergeEndpoints,\n parseAddress,\n parseEndpoint,\n parseEndpoints,\n} from \"@highstate/common\"\nimport { common, type ImplementationReference, k8s } from \"@highstate/library\"\nimport { forUnit, makeEntityOutput, toPromise } from \"@highstate/pulumi\"\nimport { AppsV1Api, KubeConfig } from \"@kubernetes/client-node\"\nimport { core, Provider } from \"@pulumi/kubernetes\"\nimport { createK8sTerminal, detectExternalIps } from \"../../cluster\"\n\nconst { name, args, inputs, secrets, outputs } = forUnit(k8s.existingCluster)\n\nconst kubeconfigContent = await toPromise(secrets.kubeconfig.apply(JSON.stringify))\n\nconst provider = new Provider(name, { kubeconfig: kubeconfigContent })\n\nlet networkPolicyImplRef: ImplementationReference | undefined\n\nconst kubeConfig = new KubeConfig()\nkubeConfig.loadFromString(kubeconfigContent)\n\nconst appsApi = kubeConfig.makeApiClient(AppsV1Api)\n\nconst hasCilium = await appsApi\n .readNamespacedDaemonSet({ name: \"cilium\", namespace: \"kube-system\" })\n .then(() => true)\n .catch(() => false)\n\nif (hasCilium) {\n networkPolicyImplRef = {\n package: \"@highstate/cilium\",\n data: {},\n }\n}\n\n// calculate external IPs\nlet externalIps = args.externalIps.map(parseAddress)\n\nif (args.autoDetectExternalIps) {\n const detectedIps = await detectExternalIps(kubeConfig, args.internalIpsPolicy)\n externalIps = mergeAddresses([...externalIps, ...detectedIps])\n}\n\n// calculate endpoints\nlet endpoints = parseEndpoints([...args.endpoints, ...inputs.endpoints])\n\nif (args.useExternalIpsAsEndpoints) {\n const ipEndpoints = externalIps.map(ip => parseEndpoint(ip))\n endpoints = mergeEndpoints([...endpoints, ...ipEndpoints])\n}\n\n// calculate api endpoints\nlet apiEndpoints = parseEndpoints([...args.apiEndpoints, ...inputs.endpoints], 4)\n\nif (args.useKubeconfigApiEndpoint) {\n const configEndpoint = parseEndpoint(kubeConfig.clusters[0].server.replace(\"https://\", \"\"), 4)\n apiEndpoints = mergeEndpoints([configEndpoint, ...apiEndpoints])\n}\n\nconst kubeSystem = core.v1.Namespace.get(\"kube-system\", \"kube-system\", { provider })\n\nexport default outputs({\n k8sCluster: makeEntityOutput({\n entity: k8s.clusterEntity,\n identity: kubeSystem.metadata.uid,\n value: {\n id: kubeSystem.metadata.uid,\n connectionId: kubeSystem.metadata.uid,\n name,\n networkPolicyImplRef,\n externalIps,\n endpoints,\n apiEndpoints,\n quirks: args.quirks,\n kubeconfig: makeEntityOutput({\n entity: common.fileEntity,\n identity: `${name}:kubeconfig`,\n meta: {\n title: \"Kubeconfig\",\n },\n value: {\n content: {\n type: \"embedded-secret\",\n value: kubeconfigContent,\n },\n meta: {\n name: \"kubeconfig\",\n contentType: \"text/yaml\",\n mode: 0o600,\n },\n },\n }),\n },\n }),\n\n $terminals: [createK8sTerminal(kubeconfigContent)],\n\n $statusFields: {\n clusterId: kubeSystem.metadata.uid,\n endpoints: endpoints.map(l3EndpointToString),\n apiEndpoints: apiEndpoints.map(l4EndpointToString),\n },\n})\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { getProviderAsync } from '../../chunk-
|
|
2
|
-
import '../../chunk-
|
|
1
|
+
import { getProviderAsync } from '../../chunk-TOLFVF4S.js';
|
|
2
|
+
import '../../chunk-PZYGZSN5.js';
|
|
3
3
|
import { k8s } from '@highstate/library';
|
|
4
4
|
import { forUnit } from '@highstate/pulumi';
|
|
5
5
|
import { yaml } from '@pulumi/kubernetes';
|
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import '../../chunk-
|
|
4
|
-
import { Namespace } from '../../chunk-OBDQONMV.js';
|
|
5
|
-
import '../../chunk-PZ5AY32C.js';
|
|
1
|
+
import { createK8sTerminal } from '../../chunk-ADHZK6V2.js';
|
|
2
|
+
import { ClusterAccessScope, Namespace, getClusterKubeconfigContent } from '../../chunk-TOLFVF4S.js';
|
|
3
|
+
import '../../chunk-PZYGZSN5.js';
|
|
6
4
|
import { text, trimIndentation } from '@highstate/contract';
|
|
7
5
|
import { k8s } from '@highstate/library';
|
|
8
|
-
import { forUnit, toPromise, output, interpolate,
|
|
6
|
+
import { forUnit, toPromise, output, interpolate, makeFileOutput, secret } from '@highstate/pulumi';
|
|
9
7
|
import { join } from 'remeda';
|
|
10
8
|
|
|
11
9
|
var { args, inputs, outputs } = forUnit(k8s.reducedAccessCluster);
|
|
@@ -29,7 +27,7 @@ var resourceLines = await toPromise(
|
|
|
29
27
|
);
|
|
30
28
|
var reduced_access_cluster_default = outputs({
|
|
31
29
|
k8sCluster: accessScope.cluster,
|
|
32
|
-
$terminals: [createK8sTerminal(accessScope.cluster
|
|
30
|
+
$terminals: [createK8sTerminal(secret(getClusterKubeconfigContent(accessScope.cluster)))],
|
|
33
31
|
$pages: {
|
|
34
32
|
index: {
|
|
35
33
|
meta: {
|
|
@@ -52,7 +50,9 @@ var reduced_access_cluster_default = outputs({
|
|
|
52
50
|
},
|
|
53
51
|
{
|
|
54
52
|
type: "file",
|
|
55
|
-
file:
|
|
53
|
+
file: makeFileOutput({
|
|
54
|
+
name: "kubeconfig",
|
|
55
|
+
content: secret(getClusterKubeconfigContent(accessScope.cluster)),
|
|
56
56
|
contentType: "text/yaml",
|
|
57
57
|
isSecret: true
|
|
58
58
|
})
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/units/reduced-access-cluster/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../src/units/reduced-access-cluster/index.ts"],"names":[],"mappings":";;;;;;;;AASA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,IAAI,oBAAoB,CAAA;AAElE,IAAM,cAAA,GAAiB,MAAM,SAAA,CAAU,MAAM,CAAA;AAE7C,IAAM,cAAc,IAAI,kBAAA;AAAA,EACtB,OAAA;AAAA,EACA;AAAA,IACE,WAAW,SAAA,CAAU,GAAA,CAAI,cAAA,CAAe,SAAA,EAAW,OAAO,UAAU,CAAA;AAAA,IACpE,eAAA,EAAiB,cAAA,CAAe,eAAA,CAAgB,GAAA,CAAI,CAAA,EAAA,KAAM,UAAU,GAAA,CAAI,EAAA,EAAI,MAAA,CAAO,UAAU,CAAC,CAAA;AAAA,IAC9F,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,WAAW,cAAA,CAAe;AAAA,GAC5B;AAAA,EACA;AACF,CAAA;AAEA,IAAM,gBAAgB,MAAM,SAAA;AAAA,EAC1B,MAAA;AAAA,IACE,eAAe,SAAA,CAAU,GAAA;AAAA,MAAI,CAAA,CAAA,KAC3B,EAAE,YAAA,GACE,WAAA,CAAA,EAAA,EAAgB,EAAE,IAAI,CAAA,EAAA,EAAK,EAAE,QAAA,CAAS,SAAS,IAAI,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA,CAAA,CAAA,GAClE,WAAA,CAAA,EAAA,EAAgB,EAAE,IAAI,CAAA,EAAA,EAAK,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA,CAAA;AAAA;AAChD,GACF,CAAE,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC;AACpB,CAAA;AAEA,IAAO,iCAAQ,OAAA,CAAQ;AAAA,EACrB,YAAY,WAAA,CAAY,OAAA;AAAA,EAExB,UAAA,EAAY,CAAC,iBAAA,CAAkB,MAAA,CAAO,4BAA4B,WAAA,CAAY,OAAO,CAAC,CAAC,CAAC,CAAA;AAAA,EAExF,MAAA,EAAQ;AAAA,IACN,KAAA,EAAO;AAAA,MACL,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO;AAAA,OACT;AAAA,MACA,OAAA,EAAS;AAAA,QACP;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,IAAA;AAAA;AAAA;AAAA,YAAA,EAGL,aAAa;AAAA,UAAA;AAAA,SAEnB;AAAA,QACA;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,IAAA;AAAA;AAAA,UAAA;AAAA,SAGX;AAAA,QACA;AAAA,UACE,IAAA,EAAM,MAAA;AAAA,UACN,MAAM,cAAA,CAAe;AAAA,YACnB,IAAA,EAAM,YAAA;AAAA,YACN,OAAA,EAAS,MAAA,CAAO,2BAAA,CAA4B,WAAA,CAAY,OAAO,CAAC,CAAA;AAAA,YAChE,WAAA,EAAa,WAAA;AAAA,YACb,QAAA,EAAU;AAAA,WACX;AAAA,SACH;AAAA,QACA;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,MAAA;AAAA,YACP,WAAA;AAAA;;AAAA;AAAA,cAAA,EAII,WAAA,CAAY,QAAQ,UAAU;AAAA;AAAA,YAAA,CAAA,CAEhC,MAAM,eAAe;AAAA;AACzB,SACF;AAAA,QACA;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS;AAAA;AACX;AACF;AACF;AAEJ,CAAC","file":"index.js","sourcesContent":["import { text, trimIndentation } from \"@highstate/contract\"\nimport { k8s } from \"@highstate/library\"\nimport { forUnit, interpolate, makeFileOutput, output, secret, toPromise } from \"@highstate/pulumi\"\nimport { join } from \"remeda\"\nimport { createK8sTerminal } from \"../../cluster\"\nimport { Namespace } from \"../../namespace\"\nimport { ClusterAccessScope } from \"../../rbac\"\nimport { getClusterKubeconfigContent } from \"../../shared\"\n\nconst { args, inputs, outputs } = forUnit(k8s.reducedAccessCluster)\n\nconst resolvedInputs = await toPromise(inputs)\n\nconst accessScope = new ClusterAccessScope(\n \"scope\",\n {\n namespace: Namespace.for(resolvedInputs.namespace, inputs.k8sCluster),\n extraNamespaces: resolvedInputs.extraNamespaces.map(ns => Namespace.for(ns, inputs.k8sCluster)),\n rules: args.rules,\n resources: resolvedInputs.resources,\n },\n {},\n)\n\nconst resourceLines = await toPromise(\n output(\n resolvedInputs.resources.map(r =>\n r.isNamespaced\n ? interpolate`- ${r.kind} \"${r.metadata.namespace}/${r.metadata.name}\"`\n : interpolate`- ${r.kind} \"${r.metadata.name}\"`,\n ),\n ).apply(join(\"\\n\")),\n)\n\nexport default outputs({\n k8sCluster: accessScope.cluster,\n\n $terminals: [createK8sTerminal(secret(getClusterKubeconfigContent(accessScope.cluster)))],\n\n $pages: {\n index: {\n meta: {\n title: \"Reduced Access Cluster\",\n },\n content: [\n {\n type: \"markdown\",\n content: text`\n The access to this cluster was reduced to the following resources:\n \n ${resourceLines}\n `,\n },\n {\n type: \"markdown\",\n content: text`\n You can access these resources using the following kubeconfig:\n `,\n },\n {\n type: \"file\",\n file: makeFileOutput({\n name: \"kubeconfig\",\n content: secret(getClusterKubeconfigContent(accessScope.cluster)),\n contentType: \"text/yaml\",\n isSecret: true,\n }),\n },\n {\n type: \"markdown\",\n content: secret(\n interpolate`\n You can also copy the following content of the kubeconfig file:\n\n \\`\\`\\`yaml\n ${accessScope.cluster.kubeconfig}\n \\`\\`\\`\n `.apply(trimIndentation),\n ),\n },\n {\n type: \"markdown\",\n content: \"You can also use terminal to verify the access to the resources.\",\n },\n ],\n },\n },\n})\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@highstate/k8s",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.20.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist",
|
|
@@ -49,6 +49,7 @@
|
|
|
49
49
|
"./units/existing-cluster": "./dist/units/existing-cluster/index.js",
|
|
50
50
|
"./units/gateway-api": "./dist/units/gateway-api/index.js",
|
|
51
51
|
"./units/reduced-access-cluster": "./dist/units/reduced-access-cluster/index.js",
|
|
52
|
+
"./impl/dynamic-endpoint-resolver": "./dist/impl/dynamic-endpoint-resolver.js",
|
|
52
53
|
"./impl/gateway-route": "./dist/impl/gateway-route.js",
|
|
53
54
|
"./impl/tls-certificate": "./dist/impl/tls-certificate.js"
|
|
54
55
|
},
|
|
@@ -64,26 +65,27 @@
|
|
|
64
65
|
"@kubernetes/client-node": "^1.1.0",
|
|
65
66
|
"@pulumi/command": "^1.0.2",
|
|
66
67
|
"@pulumi/kubernetes": "^4.18.0",
|
|
67
|
-
"@pulumi/pulumi": "3.
|
|
68
|
+
"@pulumi/pulumi": "3.220.0",
|
|
68
69
|
"crypto-hash": "^3.1.0",
|
|
69
70
|
"deepmerge-ts": "^7.1.5",
|
|
70
71
|
"glob": "^11.0.1",
|
|
71
72
|
"nano-spawn": "^0.2.0",
|
|
73
|
+
"get-port-please": "^3.1.2",
|
|
72
74
|
"pkg-types": "^2.1.0",
|
|
73
75
|
"remeda": "^2.21.0",
|
|
74
76
|
"yaml": "^2.8.1",
|
|
75
77
|
"@highstate/cert-manager": "0.14.0",
|
|
78
|
+
"@highstate/common": "0.20.0",
|
|
79
|
+
"@highstate/contract": "0.20.0",
|
|
76
80
|
"@highstate/gateway-api": "0.14.0",
|
|
77
|
-
"@highstate/
|
|
78
|
-
"@highstate/pulumi": "0.
|
|
79
|
-
"@highstate/common": "0.19.1",
|
|
80
|
-
"@highstate/library": "0.19.1"
|
|
81
|
+
"@highstate/library": "0.20.0",
|
|
82
|
+
"@highstate/pulumi": "0.20.0"
|
|
81
83
|
},
|
|
82
84
|
"devDependencies": {
|
|
83
85
|
"@biomejs/biome": "2.2.0",
|
|
84
86
|
"@typescript/native-preview": "^7.0.0-dev.20250920.1",
|
|
85
87
|
"type-fest": "^4.41.0",
|
|
86
|
-
"@highstate/cli": "0.
|
|
88
|
+
"@highstate/cli": "0.20.0"
|
|
87
89
|
},
|
|
88
90
|
"repository": {
|
|
89
91
|
"url": "https://github.com/highstate-io/highstate"
|