@highstate/k8s 0.7.1 → 0.7.3

package/src/pod.ts

@@ -0,0 +1,5 @@
+import type { types } from "@pulumi/kubernetes"
+
+export const podSpecDefaults: Partial<types.input.core.v1.PodSpec> = {
+  automountServiceAccountToken: false,
+}

package/src/pvc.ts

@@ -0,0 +1,178 @@
+import type { k8s } from "@highstate/library"
+import { core, type types } from "@pulumi/kubernetes"
+import {
+  ComponentResource,
+  Output,
+  output,
+  type ComponentResourceOptions,
+  type CustomResourceOptions,
+  type Input,
+  type Inputs,
+} from "@highstate/pulumi"
+import { deepmerge } from "deepmerge-ts"
+import { omit } from "remeda"
+import {
+  commonExtraArgs,
+  mapMetadata,
+  resourceIdToString,
+  verifyProvider,
+  type CommonArgs,
+  type ResourceId,
+} from "./shared"
+
+export type PersistentVolumeClaimArgs = CommonArgs &
+  types.input.core.v1.PersistentVolumeClaimSpec & {
+    /**
+     * The size of the volume to request.
+     *
+     * By default, the size is set to "100Mi".
+     */
+    size?: string
+
+    /**
+     * The cluster to create the resource in.
+     */
+    cluster: Input<k8s.Cluster>
+  }
+
+const extraPersistentVolumeClaimArgs = [...commonExtraArgs, "size", "cluster"] as const
+
+export abstract class PersistentVolumeClaim extends ComponentResource {
+  protected constructor(
+    type: string,
+    name: string,
+    args: Inputs,
+    opts: ComponentResourceOptions,
+
+    /**
+     * The cluster info associated with the pvc.
+     */
+    readonly clusterInfo: Output<k8s.ClusterInfo>,
+
+    /**
+     * The metadata of the underlying Kubernetes pvc.
+     */
+    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+
+    /**
+     * The spec of the underlying Kubernetes pvc.
+     */
+    readonly spec: Output<types.output.core.v1.PersistentVolumeClaimSpec>,
+
+    /**
+     * The status of the underlying Kubernetes pvc.
+     */
+    readonly status: Output<types.output.core.v1.PersistentVolumeClaimStatus>,
+  ) {
+    super(type, name, args, opts)
+  }
+
+  /**
+   * The Highstate service entity.
+   */
+  get entity(): Output<k8s.PersistentVolumeClaim> {
+    return output({
+      type: "k8s.persistent-volume-claim",
+      clusterInfo: this.clusterInfo,
+      metadata: this.metadata,
+    })
+  }
+
+  static create(
+    name: string,
+    args: PersistentVolumeClaimArgs,
+    opts: ComponentResourceOptions,
+  ): PersistentVolumeClaim {
+    return new CreatedPersistentVolumeClaim(name, args, opts)
+  }
+
+  static of(
+    name: string,
+    entity: Input<k8s.PersistentVolumeClaim>,
+    opts: ComponentResourceOptions,
+  ): PersistentVolumeClaim {
+    return new ExternalPersistentVolumeClaim(
+      name,
+      output(entity).metadata,
+      output(entity).clusterInfo,
+      opts,
+    )
+  }
+}
+
+export class CreatedPersistentVolumeClaim extends PersistentVolumeClaim {
+  constructor(name: string, args: PersistentVolumeClaimArgs, opts: CustomResourceOptions) {
+    const pvc = output(args).apply(args => {
+      return new core.v1.PersistentVolumeClaim(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          spec: deepmerge(
+            {
+              accessModes: ["ReadWriteOnce"],
+              resources: {
+                requests: {
+                  storage: args.size ?? "100Mi",
+                },
+              },
+            } satisfies types.input.core.v1.PersistentVolumeClaimSpec,
+            omit(args, extraPersistentVolumeClaimArgs),
+          ),
+        },
+        opts,
+      )
+    })
+
+    super(
+      "k8s:PersistentVolumeClaim",
+      name,
+      args,
+      opts,
+
+      output(args.cluster).info,
+      pvc.metadata,
+      pvc.spec,
+      pvc.status,
+    )
+  }
+}
+
+export class ExternalPersistentVolumeClaim extends PersistentVolumeClaim {
+  constructor(
+    name: string,
+    id: Input<ResourceId>,
+    clusterInfo: Input<k8s.ClusterInfo>,
+    opts: ComponentResourceOptions,
+  ) {
+    const pvc = output(id).apply(async id => {
+      await verifyProvider(opts.provider, this.clusterInfo)
+
+      return core.v1.PersistentVolumeClaim.get(
+        //
+        name,
+        resourceIdToString(id),
+        { parent: this, provider: opts.provider },
+      )
+    })
+
+    super(
+      "highstate:k8s:ExternalPersistentVolumeClaim",
+      name,
+      { id, clusterInfo },
+      opts,
+
+      output(clusterInfo),
+      pvc.metadata,
+      pvc.spec,
+      pvc.status,
+    )
+  }
+}
+
+export function getAutoVolumeName(workloadName: string, index: number): string {
+  if (index === 0) {
+    return `${workloadName}-data`
+  }
+
+  return `${workloadName}-data-${index}`
+}

package/src/scripting/bundle.ts

@@ -0,0 +1,244 @@
+import type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from "../container"
+import { core } from "@pulumi/kubernetes"
+import { apply, normalize, type InputArray } from "@highstate/pulumi"
+import {
+  ComponentResource,
+  output,
+  type ComponentResourceOptions,
+  type Input,
+  type Output,
+  type Unwrap,
+} from "@pulumi/pulumi"
+import { pipe } from "remeda"
+import { deepmerge } from "deepmerge-ts"
+import { text, trimIndentation } from "@highstate/contract"
+import { mapMetadata, type CommonArgs } from "../shared"
+import {
+  emptyScriptEnvironment,
+  type ResolvedScriptEnvironment,
+  type ScriptDistribution,
+  type ScriptEnvironment,
+} from "./environment"
+
+export type ScriptBundleArgs = CommonArgs & {
+  /**
+   * The environment to bundle the scripts from.
+   */
+  environment?: Input<ScriptEnvironment>
+
+  /**
+   * The environments to bundle the scripts from.
+   */
+  environments?: InputArray<ScriptEnvironment>
+
+  /**
+   * The distribution to use for the scripts.
+   */
+  distribution: ScriptDistribution
+}
+
+export class ScriptBundle extends ComponentResource {
+  /**
+   * The config map containing the scripts.
+   */
+  readonly configMap: Output<core.v1.ConfigMap>
+
+  /**
+   * The volumes that should be included in the workload.
+   */
+  readonly volumes: Output<WorkloadVolume[]>
+
+  /**
+   * The volume mounts that should be defined in the container.
+   */
+  readonly volumeMounts: Output<ContainerVolumeMount[]>
+
+  /**
+   * The environment variables that should be defined in the container.
+   */
+  readonly environment: Output<ContainerEnvironment>
+
+  /**
+   * The distribution to use for the scripts.
+   */
+  readonly distribution: ScriptDistribution
+
+  constructor(name: string, args: ScriptBundleArgs, opts?: ComponentResourceOptions) {
+    super("highstate:k8s:ScriptBundle", name, args, opts)
+
+    const scriptEnvironment = pipe(
+      output(args),
+      apply(args => normalize(args.environment, args.environments)),
+      apply(args => deepmerge(emptyScriptEnvironment, ...args)),
+    ) as Output<Unwrap<ResolvedScriptEnvironment>>
+
+    this.distribution = args.distribution
+    this.environment = scriptEnvironment.environment
+
+    this.configMap = output({ scriptEnvironment, args }).apply(({ scriptEnvironment, args }) => {
+      return new core.v1.ConfigMap(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          data: createScriptData(this.distribution, scriptEnvironment),
+        },
+        { ...opts, parent: this },
+      )
+    })
+
+    this.volumes = scriptEnvironment.volumes.apply(volumes => {
+      return [
+        ...volumes,
+        {
+          name: this.configMap.metadata.name,
+
+          configMap: {
+            name: this.configMap.metadata.name,
+            defaultMode: 0o550, // read and execute permissions
+          },
+        },
+      ]
+    })
+
+    this.volumeMounts = scriptEnvironment.volumeMounts.apply(volumeMounts => {
+      return [
+        ...volumeMounts,
+        {
+          volume: this.configMap,
+          mountPath: "/scripts",
+        },
+      ]
+    })
+
+    this.registerOutputs({
+      configMap: this.configMap,
+      volumes: this.volumes,
+      volumeMounts: this.volumeMounts,
+      environment: this.environment,
+    })
+  }
+}
+
+function createScriptData(
+  distribution: ScriptDistribution,
+  environment: Unwrap<ResolvedScriptEnvironment>,
+): Record<string, string> {
+  const scriptData: Record<string, string> = {}
+  const actions: string[] = []
+
+  const distributionEnvironment = environment[distribution]
+
+  if (distributionEnvironment.preInstallPackages.length > 0) {
+    scriptData["pre-install-packages.sh"] = getInstallPackagesScript(
+      distribution,
+      distributionEnvironment.preInstallPackages,
+    )
+
+    actions.push(`
+      echo "+ Installing pre-install packages..."
+      /scripts/pre-install-packages.sh
+      echo "+ Pre-install packages installed successfully"
+    `)
+  }
+
+  if (Object.keys(distributionEnvironment.preInstallScripts).length > 0) {
+    for (const key in distributionEnvironment.preInstallScripts) {
+      scriptData[`pre-install-${key}`] = distributionEnvironment.preInstallScripts[key]
+
+      actions.push(`
+        echo "+ Running pre-install script '${key}'..."
+        /scripts/pre-install-${key}
+        echo "+ Pre-install script '${key}'... Done"
+      `)
+    }
+  }
+
+  if (distributionEnvironment.packages.length > 0) {
+    scriptData["install-packages.sh"] = getInstallPackagesScript(
+      distribution,
+      distributionEnvironment.packages,
+    )
+
+    actions.push(`
+      echo "+ Installing packages..."
+      /scripts/install-packages.sh
+      echo "+ Packages installed successfully"
+    `)
+  }
+
+  if (Object.keys(environment.setupScripts).length > 0) {
+    for (const key in environment.setupScripts) {
+      scriptData[`setup-${key}`] = environment.setupScripts[key]
+
+      actions.push(`
+        echo "+ Running setup script '${key}'..."
+        /scripts/setup-${key}
+        echo "+ Setup script '${key}'... Done"
+      `)
+    }
+  }
+
+  if (Object.keys(environment.cleanupScripts).length > 0) {
+    const cleanupActions: string[] = []
+
+    for (const key in environment.cleanupScripts) {
+      scriptData[`cleanup-${key}`] = environment.cleanupScripts[key]
+
+      cleanupActions.push(`
+        echo "+ Running cleanup script '${key}'..."
+        /scripts/cleanup-${key}
+        echo "+ Cleanup script '${key}'... Done"
+      `)
+    }
+
+    actions.push(`
+      function cleanup() {
+      ${cleanupActions.map(s => s.trim()).join("\n\n")}
+      }
+
+      trap cleanup EXIT
+      trap cleanup SIGTERM
+    `)
+  }
+
+  for (const key in environment.scripts) {
+    scriptData[key] = environment.scripts[key]
+  }
+
+  scriptData["entrypoint.sh"] = trimIndentation(`
+    #!/bin/sh
+    set -e
+
+    if [ -z "$1" ]; then
+      echo "Usage: entrypoint.sh <main script> [args...]"
+      exit 1
+    fi
+
+  ${actions.map(s => s.trim()).join("\n\n")}
+
+    echo "+ Running main script..."
+    $@
+    echo "+ Main script completed"
+  `)
+
+  return scriptData
+}
+
+function getInstallPackagesScript(distribution: ScriptDistribution, packages: string[]): string {
+  if (distribution === "alpine") {
+    return text`
+      #!/bin/sh
+      set -e
+
+      apk add --no-cache ${packages.join(" ")}
+    `
+  } else {
+    return text`
+      #!/bin/sh
+      set -e
+
+      apt-get update
+      apt-get install -y ${packages.join(" ")}
+    `
+  }
+}

package/src/scripting/container.ts

@@ -0,0 +1,44 @@
+import type { Container } from "../container"
+import type { ScriptBundle } from "./bundle"
+import { Output, output, type Input } from "@pulumi/pulumi"
+import { merge } from "remeda"
+
+export interface ScriptContainer extends Container {
+  /**
+   * The script bundle to use.
+   */
+  bundle: Input<ScriptBundle>
+
+  /**
+   * The name of the main script to run.
+   * The script must be available in the bundle.
+   */
+  main: Input<string>
+}
+
+/**
+ * Creates a spec for a container that runs a script.
+ * This spec can be used to create a complete workload or an init container.
+ *
+ * @param options The options to create the container spec.
+ * @returns The container spec.
+ */
+export function createScriptContainer(options: ScriptContainer): Output<Container> {
+  return output(options).apply(options => {
+    const image =
+      options.bundle.distribution === "alpine"
+        ? "alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c"
+        : "ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782"
+
+    return {
+      image,
+      command: ["/scripts/entrypoint.sh", `/scripts/${options.main}`],
+
+      ...options,
+
+      volumeMounts: merge(options.bundle.volumeMounts, options.volumeMounts),
+      volumes: merge(options.bundle.volumes, options.volumes),
+      environment: merge(options.bundle.environment, options.environment),
+    }
+  })
+}

package/src/scripting/environment.ts

@@ -0,0 +1,79 @@
+import type { Input, InputArray, InputMap } from "@highstate/pulumi"
+import type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from "../container"
+
+export type ScriptDistribution = "alpine" | "ubuntu"
+
+export type DistributionEnvironment = {
+  /**
+   * The utility packages that should be installed before running "preInstallScripts".
+   *
+   * Useful for installing tools like `curl` to install additional repositories.
+   */
+  preInstallPackages?: InputArray<string>
+
+  /**
+   * The pre-install scripts that should be run before installing packages.
+   * Typically, these scripts are used to install additional repositories.
+   */
+  preInstallScripts?: InputMap<string>
+
+  /**
+   * The packages that are available in the environment.
+   */
+  packages?: InputArray<string>
+}
+
+export type ScriptEnvironment = {
+  [distribution in ScriptDistribution]?: DistributionEnvironment
+} & {
+  /**
+   * The setup scripts that should be run before the script.
+   */
+  setupScripts?: InputMap<string>
+
+  /**
+   * The cleanup scripts that should be run after the script.
+   */
+  cleanupScripts?: InputMap<string>
+
+  /**
+   * The arbitrary scripts available in the environment.
+   */
+  scripts?: InputMap<string>
+
+  /**
+   * The volumes that should be defined in the environment.
+   */
+  volumes?: InputArray<WorkloadVolume>
+
+  /**
+   * The volume mounts that should be defined in the environment.
+   */
+  volumeMounts?: InputArray<ContainerVolumeMount>
+
+  /**
+   * The environment variables that should be defined in the environment.
+   */
+  environment?: Input<ContainerEnvironment>
+}
+
+export type ResolvedScriptEnvironment = Omit<Required<ScriptEnvironment>, ScriptDistribution> & {
+  [distribution in ScriptDistribution]: Required<DistributionEnvironment>
+}
+
+const emptyDistributionEnvironment: Required<DistributionEnvironment> = {
+  preInstallPackages: [],
+  preInstallScripts: {},
+  packages: [],
+}
+
+export const emptyScriptEnvironment: ResolvedScriptEnvironment = {
+  alpine: emptyDistributionEnvironment,
+  ubuntu: emptyDistributionEnvironment,
+  setupScripts: {},
+  cleanupScripts: {},
+  scripts: {},
+  volumes: [],
+  volumeMounts: [],
+  environment: {},
+}

package/src/scripting/index.ts

@@ -0,0 +1,3 @@
+export * from "./bundle"
+export * from "./container"
+export * from "./environment"