@highstate/k8s 0.20.0 → 0.21.1

package/dist/chunk-k4w9zpn5.js

@@ -0,0 +1,215 @@
+// @bun
+import {
+  Namespace,
+  NamespacedResource,
+  commonExtraArgs,
+  getProvider,
+  mapMetadata
+} from "./chunk-facs31cb.js";
+
+// src/service.ts
+import {
+  addEndpointMetadata,
+  l3EndpointToL4,
+  mergeEndpoints,
+  parseEndpoint,
+  parseL4Protocol
+} from "@highstate/common";
+import { check, getOrCreate } from "@highstate/contract";
+import { k8s } from "@highstate/library";
+import {
+  interpolate,
+  makeEntityOutput,
+  normalize,
+  output,
+  toPromise
+} from "@highstate/pulumi";
+import { core } from "@pulumi/kubernetes";
+import { omit, pipe } from "remeda";
+var serviceExtraArgs = [...commonExtraArgs, "port", "ports", "external"];
+function isEndpointFromCluster(endpoint, cluster) {
+  return check(k8s.serviceEndpointSchema, endpoint) && endpoint.metadata["k8s.service"].clusterId === cluster.id;
+}
+
+class Service extends NamespacedResource {
+  spec;
+  status;
+  static apiVersion = "v1";
+  static kind = "Service";
+  constructor(type, name, args, opts, metadata, namespace, spec, status) {
+    super(type, name, args, opts, metadata, namespace);
+    this.spec = spec;
+    this.status = status;
+  }
+  get entity() {
+    return makeEntityOutput({
+      entity: k8s.serviceEntity,
+      identity: this.metadata.uid,
+      meta: {
+        title: this.metadata.name
+      },
+      value: {
+        ...this.entityBase,
+        endpoints: this.endpoints
+      }
+    });
+  }
+  static create(name, args, opts) {
+    return new CreatedService(name, args, opts);
+  }
+  static createOrPatch(name, args, opts) {
+    if (args.existing) {
+      return new ServicePatch(name, {
+        ...args,
+        name: output(args.existing).metadata.name,
+        namespace: Namespace.forResourceAsync(args.existing, output(args.namespace).cluster)
+      });
+    }
+    return new CreatedService(name, args, opts);
+  }
+  static async createOrGet(name, args, opts) {
+    if (args.existing) {
+      return await Service.forAsync(args.existing, output(args.namespace).cluster);
+    }
+    return new CreatedService(name, args, opts);
+  }
+  static patch(name, args, opts) {
+    return new ServicePatch(name, args, opts);
+  }
+  static wrap(name, args, opts) {
+    return new WrappedService(name, args, opts);
+  }
+  static get(name, args, opts) {
+    return new ExternalService(name, args, opts);
+  }
+  static serviceCache = new Map;
+  static for(entity, cluster) {
+    return getOrCreate(Service.serviceCache, `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`, (name) => {
+      return Service.get(name, {
+        name: entity.metadata.name,
+        namespace: Namespace.forResourceAsync(entity, cluster)
+      });
+    });
+  }
+  static async forAsync(entity, cluster) {
+    const resolvedEntity = await toPromise(entity);
+    return Service.for(resolvedEntity, output(cluster));
+  }
+  get endpoints() {
+    return output({
+      cluster: this.cluster,
+      metadata: this.metadata,
+      spec: this.spec,
+      status: this.status,
+      portForwardCluster: this.namespace.portForwardCluster
+    }).apply(({ cluster, metadata, spec, status, portForwardCluster }) => {
+      function createMetadata(isInternal) {
+        return {
+          "k8s.service": {
+            clusterId: cluster.id,
+            clusterName: cluster.name,
+            name: metadata.name,
+            namespace: metadata.namespace,
+            isInternal,
+            selector: spec.selector,
+            targetPort: spec.ports[0].targetPort ?? spec.ports[0].port
+          }
+        };
+      }
+      const implRef = portForwardCluster ? {
+        package: "@highstate/k8s",
+        data: {
+          cluster: portForwardCluster
+        }
+      } : undefined;
+      const internalHosts = spec.clusterIPs.length ? [...spec.clusterIPs, `${metadata.name}.${metadata.namespace}.svc.cluster.local`] : [];
+      const internalEndpoints = internalHosts.flatMap((ip) => spec.ports.map((port) => pipe(ip, parseEndpoint, (endpoint) => l3EndpointToL4(endpoint, port.port, parseL4Protocol(port.protocol)), (endpoint) => addEndpointMetadata(endpoint, createMetadata(true)), (endpoint) => implRef ? { ...endpoint, implRef } : endpoint)));
+      const externalHosts = spec.type === "NodePort" || spec.type === "LoadBalancer" ? [
+        ...spec.externalIPs,
+        ...cluster.endpoints,
+        ...status.loadBalancer?.ingress?.map((ingress) => ingress.ip ?? ingress.hostname) ?? []
+      ] : [];
+      const externalEndpoints = externalHosts.flatMap((ip) => spec.ports.map((port) => pipe(ip, parseEndpoint, (endpoint) => l3EndpointToL4(endpoint, port.nodePort, parseL4Protocol(port.protocol)), (endpoint) => addEndpointMetadata(endpoint, createMetadata(false)), (endpoint) => implRef ? { ...endpoint, implRef } : endpoint)));
+      return mergeEndpoints([...internalEndpoints, ...externalEndpoints]);
+    });
+  }
+}
+function createServiceSpec(args, cluster) {
+  return output(args).apply((args2) => {
+    return {
+      ...omit(args2, serviceExtraArgs),
+      ports: normalize(args2.port, args2.ports),
+      externalIPs: args2.externalIPs && args2.externalIPs.length > 0 ? args2.externalIPs : cluster.externalIps.map((ip) => ip.value),
+      type: getServiceType(args2, cluster)
+    };
+  });
+}
+
+class CreatedService extends Service {
+  constructor(name, args, opts) {
+    const service = output(args.namespace).cluster.apply((cluster) => {
+      return new core.v1.Service(name, {
+        metadata: mapMetadata(args, name),
+        spec: createServiceSpec(args, cluster)
+      }, { ...opts, parent: this, provider: getProvider(cluster) });
+    });
+    super("highstate:k8s:Service", name, args, opts, service.metadata, output(args.namespace), service.spec, service.status);
+  }
+}
+
+class ServicePatch extends Service {
+  constructor(name, args, opts) {
+    const service = output(args.namespace).cluster.apply((cluster) => {
+      return new core.v1.ServicePatch(name, {
+        metadata: mapMetadata(args, name),
+        spec: createServiceSpec(args, cluster)
+      }, { ...opts, parent: this, provider: getProvider(cluster) });
+    });
+    super("highstate:k8s:ServicePatch", name, args, opts, service.metadata, output(args.namespace), service.spec, service.status);
+  }
+}
+
+class WrappedService extends Service {
+  constructor(name, args, opts) {
+    super("highstate:k8s:WrappedService", name, args, opts, output(args.service).metadata, output(args.namespace), output(args.service).spec, output(args.service).status);
+  }
+}
+
+class ExternalService extends Service {
+  constructor(name, args, opts) {
+    const service = output(args.namespace).cluster.apply((cluster) => {
+      return core.v1.Service.get(name, interpolate`${output(args.namespace).metadata.name}/${args.name}`, { ...opts, parent: this, provider: getProvider(cluster) });
+    });
+    super("highstate:k8s:ExternalService", name, args, opts, service.metadata, output(args.namespace), service.spec, service.status);
+  }
+}
+function mapContainerPortToServicePort(port) {
+  return {
+    name: port.name,
+    port: port.containerPort,
+    targetPort: port.containerPort,
+    protocol: port.protocol
+  };
+}
+function mapServiceToLabelSelector(service) {
+  return {
+    matchLabels: service.spec.selector
+  };
+}
+function getServiceType(service, cluster) {
+  if (service?.type) {
+    return service.type;
+  }
+  if (!service?.external) {
+    return "ClusterIP";
+  }
+  return cluster.quirks?.externalServiceType === "LoadBalancer" ? "LoadBalancer" : "NodePort";
+}
+function l4EndpointToServicePort(endpoint) {
+  return {
+    port: endpoint.port,
+    protocol: endpoint.protocol.toUpperCase()
+  };
+}
+
+export { isEndpointFromCluster, Service, createServiceSpec, mapContainerPortToServicePort, mapServiceToLabelSelector, getServiceType, l4EndpointToServicePort };

package/dist/chunk-pqc6w52f.js

@@ -0,0 +1,352 @@
+// @bun
+import {
+  Deployment
+} from "./chunk-7kgjgcft.js";
+import {
+  StatefulSet
+} from "./chunk-z6bmpnm7.js";
+import {
+  NetworkPolicy
+} from "./chunk-h1b79v66.js";
+import {
+  Service,
+  createServiceSpec
+} from "./chunk-k4w9zpn5.js";
+import {
+  getNamespaceName,
+  getProvider
+} from "./chunk-facs31cb.js";
+
+// src/helm.ts
+import { mkdir, readFile, unlink } from "fs/promises";
+import { resolve } from "path";
+import {
+  AccessPointRoute
+} from "@highstate/common";
+import { normalize, normalizeInputs, toPromise } from "@highstate/pulumi";
+import { local } from "@pulumi/command";
+import { apps, core, helm } from "@pulumi/kubernetes";
+import {
+  ComponentResource,
+  output
+} from "@pulumi/pulumi";
+import { sha256 } from "crypto-hash";
+import { glob } from "glob";
+import spawn from "nano-spawn";
+import { isNonNullish, omit } from "remeda";
+class Chart extends ComponentResource {
+  name;
+  args;
+  opts;
+  chart;
+  routes;
+  networkPolicies;
+  workloads;
+  constructor(name, args, opts) {
+    super("highstate:k8s:Chart", name, args, opts);
+    this.name = name;
+    this.args = args;
+    this.opts = opts;
+    const namespace = output(args.namespace).apply((namespace2) => output(namespace2 ? getNamespaceName(namespace2) : "default"));
+    this.chart = output(args.namespace).cluster.apply((cluster) => {
+      return new helm.v4.Chart(name, omit({
+        ...args,
+        chart: resolveHelmChart(args.chart),
+        namespace
+      }, ["route", "routes"]), {
+        ...opts,
+        parent: this,
+        provider: getProvider(cluster),
+        transforms: [
+          ...opts?.transforms ?? [],
+          async (resourceArgs) => {
+            const namespace2 = await toPromise(output(args.namespace).metadata.name);
+            const serviceName = args.serviceName ?? name;
+            const expectedName = `${name}:${namespace2}/${serviceName}`;
+            if (resourceArgs.type === "kubernetes:core/v1:Service" && resourceArgs.name === expectedName) {
+              const spec = await toPromise(resourceArgs.props.spec);
+              const serviceSpec = await toPromise(createServiceSpec(args.service ?? {}, cluster));
+              return {
+                props: {
+                  ...resourceArgs.props,
+                  spec: {
+                    ...spec,
+                    ...serviceSpec.ports?.length !== 0 ? serviceSpec : omit(serviceSpec, ["ports"])
+                  }
+                },
+                opts: resourceArgs.opts
+              };
+            }
+            return;
+          }
+        ]
+      });
+    });
+    this.routes = output(normalizeInputs(args.route ? { name: "default", route: args.route } : undefined, args.routes ? Object.entries(args.routes).map(([name2, route]) => ({ name: name2, route })) : undefined)).apply(async (routes) => {
+      if (routes.length === 0) {
+        return [];
+      }
+      return await Promise.all(routes.map(async ({ name: routeName, route }) => {
+        const { serviceName: _serviceName, rules: _rules, ...baseRoute } = route;
+        const accessPoint = route.accessPoint ?? args.accessPoint;
+        if (!accessPoint) {
+          throw new Error(`Access point is required for chart route "${name}-${routeName}". Set it on the route or on Chart args.accessPoint`);
+        }
+        const namespace2 = await toPromise(args.namespace);
+        const routeRules = await toPromise(route.rules);
+        const routeRuleValues = Object.values(routeRules ?? {});
+        const defaultServiceName = route.serviceName ?? args.serviceName ?? name;
+        const defaultServicePort = route.servicePort ?? args.servicePort;
+        const needsDefaultBackend = routeRuleValues.length === 0;
+        const defaultService = needsDefaultBackend ? await this.getService(defaultServiceName) : undefined;
+        const defaultServiceEndpoints = needsDefaultBackend && defaultService ? await this.resolveServiceEndpoints(defaultService, defaultServiceName, defaultServicePort, `${name}-${routeName}`) : undefined;
+        const resolvedRules = routeRules ? await Promise.all(Object.entries(routeRules).map(async ([ruleName, rule]) => {
+          const ruleServiceName = rule.serviceName ?? defaultServiceName;
+          const ruleService = await this.getService(ruleServiceName);
+          const ruleServicePort = rule.servicePort ?? route.servicePort ?? args.servicePort;
+          const ruleServiceEndpoints = await this.resolveServiceEndpoints(ruleService, ruleServiceName, ruleServicePort, `${name}-${routeName}:${ruleName}`);
+          return [
+            ruleName,
+            [
+              {
+                ...omit(rule, ["serviceName", "servicePort"]),
+                backend: {
+                  endpoints: ruleServiceEndpoints
+                }
+              }
+            ]
+          ];
+        })) : undefined;
+        const resolvedRulesInput = resolvedRules ? Object.fromEntries(resolvedRules) : undefined;
+        return new AccessPointRoute(`${name}-${routeName}`, {
+          ...baseRoute,
+          accessPoint,
+          ...defaultService ? {
+            backend: {
+              endpoints: defaultServiceEndpoints
+            }
+          } : {},
+          rules: resolvedRulesInput,
+          metadata: {
+            ...route.metadata ?? {},
+            "k8s.namespace": namespace2
+          }
+        }, { ...opts, parent: this });
+      }));
+    });
+    this.networkPolicies = output(args).apply((args2) => {
+      const policies = normalize(args2.networkPolicy, args2.networkPolicies);
+      return output(policies.map((policy) => {
+        return new NetworkPolicy(name, {
+          ...policy,
+          namespace: args2.namespace,
+          description: `Network policy for Helm chart "${name}"`
+        }, { ...opts, parent: this });
+      }));
+    });
+    this.workloads = output(this.chart).apply((chart) => {
+      return output(chart.resources.apply((resources) => {
+        return resources.map((resource) => {
+          if (apps.v1.Deployment.isInstance(resource)) {
+            return resource.metadata.name.apply((name2) => {
+              return Deployment.wrap(name2, { namespace: args.namespace, deployment: resource, terminal: args.terminal }, this.opts);
+            });
+          }
+          if (apps.v1.StatefulSet.isInstance(resource)) {
+            return resource.metadata.name.apply((name2) => {
+              return StatefulSet.wrap(name2, {
+                namespace: args.namespace,
+                statefulSet: resource,
+                service: this.getServiceOutput(name2),
+                terminal: args.terminal
+              }, this.opts);
+            });
+          }
+          return;
+        }).filter(isNonNullish);
+      }));
+    });
+  }
+  set service(_value) {}
+  set terminals(_value) {}
+  get service() {
+    return this.getServiceOutput(undefined);
+  }
+  get deployment() {
+    return this.getDeploymentOutput(this.name);
+  }
+  get statefulSet() {
+    return this.getStatefulSetOutput(this.name);
+  }
+  get terminals() {
+    return this.workloads.apply((workloads) => {
+      const terminalsByWorkload = workloads.map((workload) => output({ terminals: workload.terminals, workloadName: workload.metadata.name }));
+      return output(terminalsByWorkload).apply((workloadTerminals) => {
+        const hasMultipleWorkloads = workloadTerminals.length > 1;
+        return workloadTerminals.flatMap(({ terminals, workloadName }) => {
+          if (!hasMultipleWorkloads) {
+            return terminals;
+          }
+          return terminals.map((terminal) => ({
+            ...terminal,
+            meta: {
+              ...terminal.meta,
+              title: `${terminal.meta.title} | ${workloadName}`
+            }
+          }));
+        });
+      });
+    });
+  }
+  services = new Map;
+  async resolveServiceEndpoints(service, serviceName, servicePort, routeName) {
+    const endpoints = await toPromise(service.endpoints);
+    const servicePorts = await toPromise(service.spec.ports);
+    if (endpoints.length === 0) {
+      throw new Error(`No endpoints found for service "${serviceName}" in chart route "${routeName}"`);
+    }
+    let resolvedServicePort;
+    if (servicePort != null) {
+      const requestedServicePort = await toPromise(servicePort);
+      if (typeof requestedServicePort === "string") {
+        const namedPort = servicePorts?.find((port) => port.name === requestedServicePort);
+        if (!namedPort) {
+          throw new Error(`Named port "${requestedServicePort}" not found for service "${serviceName}" in chart route "${routeName}"`);
+        }
+        resolvedServicePort = namedPort.port;
+      } else {
+        resolvedServicePort = requestedServicePort;
+      }
+    } else {
+      resolvedServicePort = endpoints[0]?.port;
+    }
+    if (resolvedServicePort == null) {
+      throw new Error(`Unable to resolve service port for service "${serviceName}" in chart route "${routeName}"`);
+    }
+    const filteredEndpoints = endpoints.filter((endpoint) => endpoint.port === resolvedServicePort);
+    if (filteredEndpoints.length === 0) {
+      throw new Error(`No endpoints with port ${resolvedServicePort} found for service "${serviceName}" in chart route "${routeName}"`);
+    }
+    return filteredEndpoints;
+  }
+  getServiceOutput(name) {
+    return output({ args: this.args, chart: this.chart }).apply(({ args, chart }) => {
+      const resolvedName = name ?? args.serviceName ?? this.name;
+      const existingService = this.services.get(resolvedName);
+      if (existingService) {
+        return existingService;
+      }
+      const service = getChartServiceOutput(chart, resolvedName);
+      const wrappedService = Service.wrap(resolvedName, { namespace: args.namespace, service }, { ...this.opts, parent: this });
+      this.services.set(resolvedName, wrappedService);
+      return wrappedService;
+    });
+  }
+  getWorkloadOutput(name) {
+    return this.workloads.apply(async (workloads) => {
+      const workloadsWithNames = await toPromise(workloads.map((workload) => output({ workload, name: workload.metadata.name })));
+      const item = workloadsWithNames.find((w) => w.name === name);
+      if (!item) {
+        throw new Error(`Workload with name '${name}' not found in the chart workloads`);
+      }
+      return item.workload;
+    });
+  }
+  getDeploymentOutput(name) {
+    return this.getWorkloadOutput(name).apply((workload) => {
+      if (workload instanceof Deployment) {
+        return workload;
+      }
+      throw new Error(`Workload with name '${name}' is not a Deployment`);
+    });
+  }
+  getStatefulSetOutput(name) {
+    return this.getWorkloadOutput(name).apply((workload) => {
+      if (workload instanceof StatefulSet) {
+        return workload;
+      }
+      throw new Error(`Workload with name '${name}' is not a StatefulSet`);
+    });
+  }
+  getService(name) {
+    return toPromise(this.getServiceOutput(name));
+  }
+  getWorkload(name) {
+    return toPromise(this.getWorkloadOutput(name));
+  }
+  getDeployment(name) {
+    return toPromise(this.getDeploymentOutput(name));
+  }
+  getStatefulSet(name) {
+    return toPromise(this.getStatefulSetOutput(name));
+  }
+}
+
+class RenderedChart extends ComponentResource {
+  manifest;
+  command;
+  constructor(name, args, opts) {
+    super("highstate:k8s:RenderedChart", name, args, opts);
+    this.command = output(args).apply((args2) => {
+      const values = args2.values ? Object.entries(args2.values).flatMap(([key, value]) => ["--set", `${key}="${value}"`]) : [];
+      return new local.Command(name, {
+        create: output([
+          "helm",
+          "template",
+          resolveHelmChart(args2.chart),
+          ...args2.namespace ? ["--namespace", getNamespaceName(args2.namespace)] : [],
+          ...values
+        ]).apply((command) => command.join(" ")),
+        logging: "stderr"
+      }, { parent: this, ...opts });
+    });
+    this.manifest = this.command.stdout;
+    this.registerOutputs({ manifest: this.manifest, command: this.command });
+  }
+}
+async function resolveHelmChart(manifest) {
+  if (!process.env.HIGHSTATE_CACHE_DIR) {
+    throw new Error("Environment variable HIGHSTATE_CACHE_DIR is not set");
+  }
+  const chartsDir = resolve(process.env.HIGHSTATE_CACHE_DIR, "charts");
+  await mkdir(chartsDir, { recursive: true });
+  const globPattern = `${manifest.name}-*.tgz`;
+  const targetFileName = `${manifest.name}-${manifest.version}.tgz`;
+  const files = await glob(globPattern, { cwd: chartsDir });
+  if (files.includes(targetFileName)) {
+    return resolve(chartsDir, targetFileName);
+  }
+  for (const file of files) {
+    await unlink(resolve(chartsDir, file));
+  }
+  const isOci = manifest.repo.startsWith("oci://");
+  const chartRef = isOci ? `${manifest.repo.replace(/\/$/, "")}/${manifest.name}` : manifest.name;
+  const pullArgs = ["pull", chartRef, "--version", manifest.version, "--destination", chartsDir];
+  if (!isOci) {
+    pullArgs.push("--repo", manifest.repo);
+  }
+  await spawn("helm", pullArgs);
+  const content = await readFile(resolve(chartsDir, targetFileName));
+  const actualSha256 = await sha256(content);
+  if (actualSha256 !== manifest.sha256) {
+    throw new Error(`SHA256 mismatch for chart '${manifest.name}'`);
+  }
+  return resolve(chartsDir, targetFileName);
+}
+function getChartServiceOutput(chart, name) {
+  const services = chart.resources.apply((resources) => {
+    return resources.filter((r) => core.v1.Service.isInstance(r)).map((service) => ({ name: service.metadata.name, service }));
+  });
+  return output(services).apply((services2) => {
+    const service = services2.find((s) => s.name === name)?.service;
+    if (!service) {
+      throw new Error(`Service with name '${name}' not found in the chart resources`);
+    }
+    return service;
+  });
+}
+function getChartService(chart, name) {
+  return toPromise(getChartServiceOutput(chart, name));
+}
+
+export { Chart, RenderedChart, resolveHelmChart, getChartServiceOutput, getChartService };