@highstate/k8s 0.20.0 → 0.21.1

package/dist/impl/dynamic-endpoint-resolver.js

@@ -1,90 +1,91 @@
-import { isEndpointFromCluster } from '../chunk-OG2OPX7B.js';
-import '../chunk-TOLFVF4S.js';
-import { __using, __callDispose } from '../chunk-PZYGZSN5.js';
-import { crc32 } from 'node:zlib';
-import { dynamicEndpointResolverMediator, endpointToString, MaterializedFile, rebaseEndpoint, parseEndpoint } from '@highstate/common';
-import { z } from '@highstate/contract';
-import { k8s } from '@highstate/library';
-import { getUnitStateId } from '@highstate/pulumi';
-import spawn, { SubprocessError } from 'nano-spawn';
+// @bun
+import {
+  isEndpointFromCluster
+} from "../chunk-k4w9zpn5.js";
+import"../chunk-facs31cb.js";
+import {
+  __callDispose,
+  __using
+} from "../chunk-b05q6fm2.js";
 
-var resolveDynamicEndpoint = dynamicEndpointResolverMediator.implement(
-  z.object({ cluster: k8s.clusterEntity.schema }),
-  async ({ endpoint }, { cluster }) => {
-    if (!isEndpointFromCluster(endpoint, cluster)) {
-      throw new Error(
-        `Endpoint "${endpointToString(endpoint)}" is not from cluster "${cluster.id}"`
-      );
-    }
-    const { name, namespace } = endpoint.metadata["k8s.service"];
-    const localPort = getStablePort(`${cluster.id}:${namespace}:${name}`);
-    let subprocess;
-    return {
-      endpoint: rebaseEndpoint(endpoint, parseEndpoint(`localhost:${localPort}`)),
-      setup: async () => {
-        var _stack = [];
-        try {
-          console.log(
-            `[port-forward] starting port-forward for service "${name}" in namespace "${namespace}" on local port ${localPort}`
-          );
-          const config = MaterializedFile.for(cluster.kubeconfig);
-          const _ = __using(_stack, await config.open(), true);
-          subprocess = spawn("kubectl", [
-            "--kubeconfig",
-            config.path,
-            "port-forward",
-            `service/${name}`,
-            "-n",
-            namespace,
-            `${localPort}:${endpoint.port}`
-          ]);
-          subprocess.catch((err) => {
-            if (err instanceof SubprocessError && err.signalName === "SIGTERM") {
-              return;
+// src/impl/dynamic-endpoint-resolver.ts
+import { crc32 } from "zlib";
+import {
+  dynamicEndpointResolverMediator,
+  endpointToString,
+  MaterializedFile,
+  parseEndpoint,
+  rebaseEndpoint
+} from "@highstate/common";
+import { z } from "@highstate/contract";
+import { k8s } from "@highstate/library";
+import { getUnitStateId } from "@highstate/pulumi";
+import spawn, { SubprocessError } from "nano-spawn";
+var resolveDynamicEndpoint = dynamicEndpointResolverMediator.implement(z.object({ cluster: k8s.clusterEntity.schema }), async ({ endpoint }, { cluster }) => {
+  if (!isEndpointFromCluster(endpoint, cluster)) {
+    throw new Error(`Endpoint "${endpointToString(endpoint)}" is not from cluster "${cluster.id}"`);
+  }
+  const { name, namespace } = endpoint.metadata["k8s.service"];
+  const localPort = getStablePort(`${cluster.id}:${namespace}:${name}`);
+  let subprocess;
+  return {
+    endpoint: rebaseEndpoint(endpoint, parseEndpoint(`localhost:${localPort}`)),
+    setup: async () => {
+      let __stack = [];
+      try {
+        console.log(`[port-forward] starting port-forward for service "${name}" in namespace "${namespace}" on local port ${localPort}`);
+        const config = MaterializedFile.for(cluster.kubeconfig);
+        const _ = __using(__stack, await config.open(), 1);
+        subprocess = spawn("kubectl", [
+          "--kubeconfig",
+          config.path,
+          "port-forward",
+          `service/${name}`,
+          "-n",
+          namespace,
+          `${localPort}:${endpoint.port}`
+        ]);
+        subprocess.catch((err) => {
+          if (err instanceof SubprocessError && err.signalName === "SIGTERM") {
+            return;
+          }
+          throw err;
+        });
+        const nodeProcess = await subprocess.nodeChildProcess;
+        await new Promise((resolve, reject) => {
+          nodeProcess.stdout?.once("data", (data) => {
+            const output = data.toString();
+            if (output.includes("Forwarding from")) {
+              resolve();
+            } else {
+              reject(new Error(`Failed to start port-forward: ${output}`));
             }
-            throw err;
           });
-          const nodeProcess = await subprocess.nodeChildProcess;
-          await new Promise((resolve, reject) => {
-            nodeProcess.stdout?.once("data", (data) => {
-              const output = data.toString();
-              if (output.includes("Forwarding from")) {
-                resolve();
-              } else {
-                reject(new Error(`Failed to start port-forward: ${output}`));
-              }
-            });
-            nodeProcess.stderr?.once("data", (data) => {
-              reject(new Error(`Failed to start port-forward: ${data.toString()}`));
-            });
+          nodeProcess.stderr?.once("data", (data) => {
+            reject(new Error(`Failed to start port-forward: ${data.toString()}`));
           });
-          console.log(
-            `[port-forward] port-forward is ready for service "${name}" in namespace "${namespace}" on local port ${localPort}`
-          );
-        } catch (_2) {
-          var _error = _2, _hasError = true;
-        } finally {
-          var _promise = __callDispose(_stack, _error, _hasError);
-          _promise && await _promise;
-        }
-      },
-      dispose: async () => {
-        console.log(
-          `[port-forward] stopping port-forward for service "${name}" in namespace "${namespace}" on local port ${localPort}`
-        );
-        const nodeProcess = await subprocess.nodeChildProcess;
-        nodeProcess.kill();
+        });
+        console.log(`[port-forward] port-forward is ready for service "${name}" in namespace "${namespace}" on local port ${localPort}`);
+      } catch (_catch) {
+        var _err = _catch, _hasErr = 1;
+      } finally {
+        var _promise = __callDispose(__stack, _err, _hasErr);
+        _promise && await _promise;
       }
-    };
-  }
-);
+    },
+    dispose: async () => {
+      console.log(`[port-forward] stopping port-forward for service "${name}" in namespace "${namespace}" on local port ${localPort}`);
+      const nodeProcess = await subprocess.nodeChildProcess;
+      nodeProcess.kill();
+    }
+  };
+});
 function getStablePort(id) {
   const hash = crc32(`${getUnitStateId()}:${id}`);
-  const minPort = 3e4;
-  const maxPort = 6e4;
+  const minPort = 30000;
+  const maxPort = 60000;
   return Math.abs(hash) % (maxPort - minPort) + minPort;
 }
-
-export { resolveDynamicEndpoint };
-//# sourceMappingURL=dynamic-endpoint-resolver.js.map
-//# sourceMappingURL=dynamic-endpoint-resolver.js.map
+export {
+  resolveDynamicEndpoint
+};

package/dist/impl/gateway-route.js

@@ -1,44 +1,58 @@
-import { Gateway, HttpRoute, TcpRoute, UdpRoute } from '../chunk-P26SQ2ZB.js';
-import { Certificate } from '../chunk-IXE3OKB4.js';
-import { isEndpointFromCluster, Service, l4EndpointToServicePort } from '../chunk-OG2OPX7B.js';
-import { Namespace, mapMetadata, getProvider } from '../chunk-TOLFVF4S.js';
-import '../chunk-PZYGZSN5.js';
-import { gatewayRouteMediator } from '@highstate/common';
-import { k8s } from '@highstate/library';
-import { toPromise } from '@highstate/pulumi';
-import { core } from '@pulumi/kubernetes';
+// @bun
+import {
+  Gateway,
+  HttpRoute,
+  TcpRoute,
+  UdpRoute
+} from "../chunk-46ntav0c.js";
+import {
+  Certificate
+} from "../chunk-556pc9e6.js";
+import {
+  Service,
+  isEndpointFromCluster,
+  l4EndpointToServicePort
+} from "../chunk-k4w9zpn5.js";
+import {
+  Namespace,
+  getProvider,
+  mapMetadata
+} from "../chunk-facs31cb.js";
+import"../chunk-b05q6fm2.js";
 
-var createGatewayRoute = gatewayRouteMediator.implement(
-  k8s.gatewayDataSchema,
-  async ({ name, args: spec, opts }, data) => {
-    const namespace = resolveRouteNamespace(spec, data);
-    const certSecret = await getCertificateSecret(name, namespace, spec.certificate);
-    const certificateRef = certSecret ? {
-      kind: "Secret",
-      group: "",
-      name: certSecret.metadata.name
-    } : void 0;
-    const routeProtocol = resolveRouteProtocol(spec);
-    if (routeProtocol === "http") {
-      return await createHttpGatewayRoute({
-        name,
-        spec,
-        opts,
-        data,
-        namespace,
-        certificateRef
-      });
-    }
-    return await createL4GatewayRoute({
+// src/impl/gateway-route.ts
+import { gatewayRouteMediator } from "@highstate/common";
+import { k8s } from "@highstate/library";
+import { toPromise } from "@highstate/pulumi";
+import { core } from "@pulumi/kubernetes";
+var createGatewayRoute = gatewayRouteMediator.implement(k8s.gatewayDataSchema, async ({ name, args: spec, opts }, data) => {
+  const namespace = resolveRouteNamespace(spec, data);
+  const certSecret = await getCertificateSecret(name, namespace, spec.certificate);
+  const certificateRef = certSecret ? {
+    kind: "Secret",
+    group: "",
+    name: certSecret.metadata.name
+  } : undefined;
+  const routeProtocol = resolveRouteProtocol(spec);
+  if (routeProtocol === "http") {
+    return await createHttpGatewayRoute({
       name,
       spec,
       opts,
       data,
       namespace,
-      protocol: routeProtocol === "tcp" ? "TCP" : "UDP"
+      certificateRef
     });
   }
-);
+  return await createL4GatewayRoute({
+    name,
+    spec,
+    opts,
+    data,
+    namespace,
+    protocol: routeProtocol === "tcp" ? "TCP" : "UDP"
+  });
+});
 function resolveRouteNamespace(spec, data) {
   const metadataNamespace = spec.metadata["k8s.namespace"];
   if (metadataNamespace instanceof Namespace) {
@@ -65,61 +79,49 @@ async function createHttpGatewayRoute({
       hostname: listenerHostname,
       tls: {
         mode: "Terminate",
-        certificateRefs: certificateRef ? [certificateRef] : void 0
+        certificateRefs: certificateRef ? [certificateRef] : undefined
       }
     }
   ];
-  const gateway = Gateway.create(
-    name,
-    {
-      namespace,
-      gatewayClassName: data.className,
-      listeners
-    },
-    opts
-  );
+  const gateway = Gateway.create(name, {
+    namespace,
+    gatewayClassName: data.className,
+    listeners
+  }, opts);
   const ruleSpecs = Object.values(spec.rules);
-  const rules = await Promise.all(
-    ruleSpecs.map(async (ruleSpec, ruleIndex) => {
-      const backendRefs = await Promise.all(
-        ruleSpec.backends.map(async (backend, backendIndex) => {
-          const backendData = await resolveBackendFromEndpoints({
-            routeName: name,
-            backendName: `${ruleIndex}-${backendIndex}`,
-            endpoints: backend.endpoints,
-            namespace,
-            cluster: data.cluster,
-            opts
-          });
-          const backendPort = await selectBackendPort({
-            ports: backendData.ports,
-            protocol: "TCP",
-            targetPort: backendData.preferredTargetPort,
-            serviceName: backendData.serviceName,
-            routeName: name
-          });
-          return {
-            name: backendData.serviceName,
-            namespace: backendData.serviceNamespace,
-            port: backendPort.port
-          };
-        })
-      );
+  const rules = await Promise.all(ruleSpecs.map(async (ruleSpec, ruleIndex) => {
+    const backendRefs = await Promise.all(ruleSpec.backends.map(async (backend, backendIndex) => {
+      const backendData = await resolveBackendFromEndpoints({
+        routeName: name,
+        backendName: `${ruleIndex}-${backendIndex}`,
+        endpoints: backend.endpoints,
+        namespace,
+        cluster: data.cluster,
+        opts
+      });
+      const backendPort = await selectBackendPort({
+        ports: backendData.ports,
+        protocol: "TCP",
+        targetPort: backendData.preferredTargetPort,
+        serviceName: backendData.serviceName,
+        routeName: name
+      });
       return {
-        matches: ruleSpec.paths,
-        backends: backendRefs
+        name: backendData.serviceName,
+        namespace: backendData.serviceNamespace,
+        port: backendPort.port
       };
-    })
-  );
-  const httpRoute = new HttpRoute(
-    name,
-    {
-      gateway,
-      hostnames: spec.fqdns,
-      rules
-    },
-    opts
-  );
+    }));
+    return {
+      matches: ruleSpec.paths,
+      backends: backendRefs
+    };
+  }));
+  const httpRoute = new HttpRoute(name, {
+    gateway,
+    hostnames: spec.fqdns,
+    rules
+  }, opts);
   return {
     resource: httpRoute,
     endpoints: await toPromise(gateway.endpoints)
@@ -162,45 +164,33 @@ async function createL4GatewayRoute({
   const listenerName = `${protocol.toLowerCase()}-${listenerPort}`;
   const gatewayName = name;
   const gatewayResourceName = name;
-  const gateway = Gateway.create(
-    gatewayResourceName,
-    {
-      name: gatewayName,
-      namespace,
-      gatewayClassName: data.className,
-      listeners: [
-        {
-          name: listenerName,
-          port: listenerPort,
-          protocol
-        }
-      ]
-    },
-    opts
-  );
+  const gateway = Gateway.create(gatewayResourceName, {
+    name: gatewayName,
+    namespace,
+    gatewayClassName: data.className,
+    listeners: [
+      {
+        name: listenerName,
+        port: listenerPort,
+        protocol
+      }
+    ]
+  }, opts);
   const backendRef = {
     name: backendData.serviceName,
     namespace: backendData.serviceNamespace,
     port: backendPort.port
   };
   const routeOpts = { ...opts, parent: gateway };
-  const route = protocol === "TCP" ? new TcpRoute(
-    name,
-    {
-      gateway,
-      listenerName,
-      backend: backendRef
-    },
-    routeOpts
-  ) : new UdpRoute(
-    name,
-    {
-      gateway,
-      listenerName,
-      backend: backendRef
-    },
-    routeOpts
-  );
+  const route = protocol === "TCP" ? new TcpRoute(name, {
+    gateway,
+    listenerName,
+    backend: backendRef
+  }, routeOpts) : new UdpRoute(name, {
+    gateway,
+    listenerName,
+    backend: backendRef
+  }, routeOpts);
   return {
     resource: route,
     endpoints: await toPromise(gateway.endpoints)
@@ -209,7 +199,7 @@ async function createL4GatewayRoute({
 async function getCertificateSecret(_name, namespace, tlsCertificate) {
   const resolvedCertificate = await toPromise(tlsCertificate);
   if (!resolvedCertificate) {
-    return void 0;
+    return;
   }
   const resource = await toPromise(resolvedCertificate.resource);
   if (resource instanceof Certificate) {
@@ -221,9 +211,7 @@ async function getCertificateSecret(_name, namespace, tlsCertificate) {
       return await toPromise(resource.secret);
     }
   }
-  throw new Error(
-    "Not implemented: copying certificate secret across namespaces/clusters/different systems"
-  );
+  throw new Error("Not implemented: copying certificate secret across namespaces/clusters/different systems");
 }
 function resolveRouteProtocol(spec) {
   const rules = Object.values(spec.rules);
@@ -247,7 +235,7 @@ async function resolveBackendFromEndpoints({
   const serviceMeta = getServiceMetadataFromEndpoints(endpoints, cluster);
   if (serviceMeta) {
     const metadataPorts = endpoints.map((endpoint) => ({
-      name: typeof serviceMeta.targetPort === "string" ? serviceMeta.targetPort : void 0,
+      name: typeof serviceMeta.targetPort === "string" ? serviceMeta.targetPort : undefined,
       port: endpoint.port,
       protocol: endpoint.protocol.toUpperCase(),
       targetPort: serviceMeta.targetPort
@@ -259,19 +247,11 @@ async function resolveBackendFromEndpoints({
       preferredTargetPort: serviceMeta.targetPort
     };
   }
-  const syntheticService = await createServiceFromEndpoints(
-    `${routeName}-${backendName}`,
-    namespace,
-    endpoints,
-    cluster,
-    opts
-  );
+  const syntheticService = await createServiceFromEndpoints(`${routeName}-${backendName}`, namespace, endpoints, cluster, opts);
   const syntheticServiceName = await toPromise(syntheticService.service.metadata.name);
   const syntheticServiceNamespace = await toPromise(syntheticService.service.metadata.namespace);
   if (!syntheticServiceNamespace) {
-    throw new Error(
-      `Synthetic backend service "${syntheticServiceName}" for gateway route "${routeName}" has no namespace.`
-    );
+    throw new Error(`Synthetic backend service "${syntheticServiceName}" for gateway route "${routeName}" has no namespace.`);
   }
   return {
     serviceName: syntheticServiceName,
@@ -282,13 +262,11 @@ async function resolveBackendFromEndpoints({
 function getServiceMetadataFromEndpoints(endpoints, cluster) {
   const serviceEndpoints = endpoints.filter((endpoint) => isEndpointFromCluster(endpoint, cluster));
   if (serviceEndpoints.length === 0 || serviceEndpoints.length !== endpoints.length) {
-    return void 0;
+    return;
   }
   const first = serviceEndpoints[0].metadata["k8s.service"];
-  if (serviceEndpoints.some(
-    (endpoint) => endpoint.metadata["k8s.service"].name !== first.name || endpoint.metadata["k8s.service"].namespace !== first.namespace
-  )) {
-    return void 0;
+  if (serviceEndpoints.some((endpoint) => endpoint.metadata["k8s.service"].name !== first.name || endpoint.metadata["k8s.service"].namespace !== first.namespace)) {
+    return;
   }
   return {
     name: first.name,
@@ -332,17 +310,13 @@ async function createServiceFromEndpoints(name, namespace, endpointsInput, clust
     ports: ipEndpoints.map(l4EndpointToServicePort)
   });
   const endpointsName = `hs-backend-${name}`;
-  new core.v1.Endpoints(
-    endpointsName,
-    {
-      metadata: mapMetadata({ namespace }, endpointsName),
-      subsets: ipEndpoints.map((endpoint) => ({
-        addresses: [{ ip: endpoint.address.value }],
-        ports: [l4EndpointToServicePort(endpoint)]
-      }))
-    },
-    { ...opts, provider: getProvider(cluster), parent: service }
-  );
+  new core.v1.Endpoints(endpointsName, {
+    metadata: mapMetadata({ namespace }, endpointsName),
+    subsets: ipEndpoints.map((endpoint) => ({
+      addresses: [{ ip: endpoint.address.value }],
+      ports: [l4EndpointToServicePort(endpoint)]
+    }))
+  }, { ...opts, provider: getProvider(cluster), parent: service });
   return {
     service,
     ports: ipPortInfos
@@ -350,7 +324,7 @@ async function createServiceFromEndpoints(name, namespace, endpointsInput, clust
 }
 function toServicePortInfoFromEndpoint(endpoint) {
   return {
-    name: void 0,
+    name: undefined,
     port: endpoint.port,
     protocol: endpoint.protocol.toUpperCase(),
     targetPort: endpoint.port
@@ -365,15 +339,13 @@ async function selectBackendPort({
 }) {
   const candidates = ports.filter((port) => port.protocol === protocol);
   if (candidates.length === 0) {
-    throw new Error(
-      `Service "${serviceName}" does not expose any ${protocol} ports required by gateway route "${routeName}".`
-    );
+    throw new Error(`Service "${serviceName}" does not expose any ${protocol} ports required by gateway route "${routeName}".`);
   }
   if (!targetPort) {
     return candidates[0];
   }
   const resolvedTarget = await toPromise(targetPort);
-  if (resolvedTarget === void 0 || resolvedTarget === null) {
+  if (resolvedTarget === undefined || resolvedTarget === null) {
     return candidates[0];
   }
   if (typeof resolvedTarget === "number") {
@@ -389,9 +361,7 @@ async function selectBackendPort({
     if (match2) {
       return match2;
     }
-    throw new Error(
-      `Gateway route "${routeName}" requested target port ${resolvedTarget}, but service "${serviceName}" does not expose it for ${protocol} backends.`
-    );
+    throw new Error(`Gateway route "${routeName}" requested target port ${resolvedTarget}, but service "${serviceName}" does not expose it for ${protocol} backends.`);
   }
   const targetString = String(resolvedTarget);
   const match = candidates.find((candidate) => {
@@ -406,9 +376,7 @@ async function selectBackendPort({
   if (match) {
     return match;
   }
-  throw new Error(
-    `Gateway route "${routeName}" requested target port "${targetString}", but service "${serviceName}" does not expose it for ${protocol} backends.`
-  );
+  throw new Error(`Gateway route "${routeName}" requested target port "${targetString}", but service "${serviceName}" does not expose it for ${protocol} backends.`);
 }
 async function resolveListenerPort({
   requestedPort,
@@ -420,23 +388,18 @@ async function resolveListenerPort({
     return backendPort.port;
   }
   const resolved = await toPromise(requestedPort);
-  if (resolved === void 0 || resolved === null) {
+  if (resolved === undefined || resolved === null) {
     return backendPort.port;
   }
   if (!Number.isInteger(resolved)) {
-    throw new Error(
-      `Gateway route "${routeName}" must use integer listener ports for ${protocol.toLowerCase()} traffic.`
-    );
+    throw new Error(`Gateway route "${routeName}" must use integer listener ports for ${protocol.toLowerCase()} traffic.`);
   }
   const port = Number(resolved);
   if (port < 1 || port > 65535) {
-    throw new Error(
-      `Gateway route "${routeName}" specified listener port ${port}, which is outside the valid range 1-65535.`
-    );
+    throw new Error(`Gateway route "${routeName}" specified listener port ${port}, which is outside the valid range 1-65535.`);
   }
   return port;
 }
-
-export { createGatewayRoute };
-//# sourceMappingURL=gateway-route.js.map
-//# sourceMappingURL=gateway-route.js.map
+export {
+  createGatewayRoute
+};

package/dist/impl/tls-certificate.js

@@ -1,33 +1,32 @@
-import { Certificate } from '../chunk-IXE3OKB4.js';
-import { getProvider, Namespace } from '../chunk-TOLFVF4S.js';
-import '../chunk-PZYGZSN5.js';
-import { tlsCertificateMediator } from '@highstate/common';
-import { k8s } from '@highstate/library';
+// @bun
+import {
+  Certificate
+} from "../chunk-556pc9e6.js";
+import {
+  Namespace,
+  getProvider
+} from "../chunk-facs31cb.js";
+import"../chunk-b05q6fm2.js";
 
-var createCertificate = tlsCertificateMediator.implement(
-  k8s.tlsIssuerDataSchema,
-  ({ name, spec, opts }, data) => {
-    const provider = getProvider(data.cluster);
-    const metadata = spec.metadata;
-    const metadataNamespace = metadata?.["k8s.namespace"];
-    const namespace = metadataNamespace instanceof Namespace ? metadataNamespace : metadataNamespace ? Namespace.for(metadataNamespace, data.cluster) : Namespace.get("cert-manager", { name: "cert-manager", cluster: data.cluster });
-    return Certificate.create(
-      name,
-      {
-        namespace,
-        commonName: spec.commonName,
-        dnsNames: spec.dnsNames,
-        issuerRef: {
-          name: data.clusterIssuerName,
-          kind: "ClusterIssuer"
-        },
-        secretName: `hs-certificate-${name}`
-      },
-      { ...opts, provider }
-    );
-  }
-);
-
-export { createCertificate };
-//# sourceMappingURL=tls-certificate.js.map
-//# sourceMappingURL=tls-certificate.js.map
+// src/impl/tls-certificate.ts
+import { tlsCertificateMediator } from "@highstate/common";
+import { k8s } from "@highstate/library";
+var createCertificate = tlsCertificateMediator.implement(k8s.tlsIssuerDataSchema, ({ name, spec, opts }, data) => {
+  const provider = getProvider(data.cluster);
+  const metadata = spec.metadata;
+  const metadataNamespace = metadata?.["k8s.namespace"];
+  const namespace = metadataNamespace instanceof Namespace ? metadataNamespace : metadataNamespace ? Namespace.for(metadataNamespace, data.cluster) : Namespace.get("cert-manager", { name: "cert-manager", cluster: data.cluster });
+  return Certificate.create(name, {
+    namespace,
+    commonName: spec.commonName,
+    dnsNames: spec.dnsNames,
+    issuerRef: {
+      name: data.clusterIssuerName,
+      kind: "ClusterIssuer"
+    },
+    secretName: `hs-certificate-${name}`
+  }, { ...opts, provider });
+});
+export {
+  createCertificate
+};