npm - @highstate/k8s - Versions diffs - 0.7.1 → 0.7.3 - Mend

@highstate/k8s 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/dist/{helm-wPTgVV1N.js → chunk-K4WKJ4L5.js} +89 -47
package/dist/chunk-K4WKJ4L5.js.map +1 -0
package/dist/{shared-Clzbl5K-.js → chunk-T5Z2M4JE.js} +21 -7
package/dist/chunk-T5Z2M4JE.js.map +1 -0
package/dist/highstate.manifest.json +9 -0
package/dist/index.js +304 -154
package/dist/index.js.map +1 -0
package/dist/units/access-point/index.js +9 -7
package/dist/units/access-point/index.js.map +1 -0
package/dist/units/cert-manager/index.js +29 -29
package/dist/units/cert-manager/index.js.map +1 -0
package/dist/units/dns01-issuer/index.js +22 -14
package/dist/units/dns01-issuer/index.js.map +1 -0
package/dist/units/existing-cluster/index.js +49 -21
package/dist/units/existing-cluster/index.js.map +1 -0
package/package.json +15 -16
package/src/access-point.ts +185 -0
package/src/container.ts +271 -0
package/src/cron-job.ts +77 -0
package/src/deployment.ts +210 -0
package/src/gateway/backend.ts +61 -0
package/src/gateway/http-route.ts +139 -0
package/src/gateway/index.ts +2 -0
package/src/helm.ts +298 -0
package/src/index.ts +61 -0
package/src/job.ts +66 -0
package/src/network-policy.ts +732 -0
package/src/pod.ts +5 -0
package/src/pvc.ts +178 -0
package/src/scripting/bundle.ts +244 -0
package/src/scripting/container.ts +44 -0
package/src/scripting/environment.ts +79 -0
package/src/scripting/index.ts +3 -0
package/src/service.ts +279 -0
package/src/shared.ts +150 -0
package/src/stateful-set.ts +159 -0
package/src/units/access-point/index.ts +12 -0
package/src/units/cert-manager/index.ts +37 -0
package/src/units/dns01-issuer/index.ts +41 -0
package/src/units/dns01-issuer/solver.ts +23 -0
package/src/units/existing-cluster/index.ts +107 -0
package/src/workload.ts +150 -0
package/assets/charts.json +0 -8
package/dist/index.d.ts +0 -1036

package/src/service.ts ADDED Viewed

@@ -0,0 +1,279 @@
+import type { k8s } from "@highstate/library"
+import { core, types } from "@pulumi/kubernetes"
+import {
+  ComponentResource,
+  interpolate,
+  normalize,
+  output,
+  Output,
+  Resource,
+  type ComponentResourceOptions,
+  type Input,
+  type InputArray,
+  type Inputs,
+} from "@highstate/pulumi"
+import { omit } from "remeda"
+import { deepmerge } from "deepmerge-ts"
+import {
+  commonExtraArgs,
+  mapMetadata,
+  resourceIdToString,
+  verifyProvider,
+  type CommonArgs,
+  type ResourceId,
+} from "./shared"
+export type ServiceArgs = CommonArgs & {
+  port?: Input<types.input.core.v1.ServicePort>
+  /**
+   * The service to patch instead of creating a new one.
+   */
+  patch?: Input<k8s.Service>
+  /**
+   * The cluster to create the resource in.
+   */
+  cluster: Input<k8s.Cluster>
+} & types.input.core.v1.ServiceSpec
+const serviceExtraArgs = [...commonExtraArgs, "port", "ports", "patch"] as const
+export abstract class Service extends ComponentResource {
+  protected constructor(
+    type: string,
+    name: string,
+    args: Inputs,
+    opts: ComponentResourceOptions,
+    /**
+     * The cluster info associated with the service.
+     */
+    readonly clusterInfo: Output<k8s.ClusterInfo>,
+    /**
+     * The metadata of the underlying Kubernetes service.
+     */
+    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    /**
+     * The spec of the underlying Kubernetes service.
+     */
+    readonly spec: Output<types.output.core.v1.ServiceSpec>,
+    /**
+     * The status of the underlying Kubernetes service.
+     */
+    readonly status: Output<types.output.core.v1.ServiceStatus>,
+    /**
+     * The resources associated with the service.
+     */
+    readonly resources: InputArray<Resource>,
+  ) {
+    super(type, name, args, opts)
+  }
+  /**
+   * The Highstate service entity.
+   */
+  get entity(): Output<k8s.Service> {
+    return output({
+      type: "k8s.service",
+      clusterInfo: this.clusterInfo,
+      metadata: this.metadata,
+      spec: this.spec,
+    })
+  }
+  static create(name: string, args: ServiceArgs, opts: ComponentResourceOptions): Service {
+    return new CreatedService(name, args, opts)
+  }
+  static wrap(
+    name: string,
+    service: Input<core.v1.Service>,
+    clusterInfo: Input<k8s.ClusterInfo>,
+    opts: ComponentResourceOptions,
+  ): Service {
+    return new WrappedService(name, service, clusterInfo, opts)
+  }
+  static external(
+    name: string,
+    id: ResourceId,
+    clusterInfo: Input<k8s.ClusterInfo>,
+    opts: ComponentResourceOptions,
+  ): Service {
+    return new ExternalService(name, id, clusterInfo, opts)
+  }
+  static of(name: string, entity: Input<k8s.Service>, opts: ComponentResourceOptions): Service {
+    return new ExternalService(name, output(entity).metadata, output(entity).clusterInfo, opts)
+  }
+  /**
+   * Returns the host of the service accessible from the cluster.
+   *
+   * The format is `name.namespace.svc`.
+   */
+  get clusterHost(): Output<string> {
+    return interpolate`${this.metadata.name}.${this.metadata.namespace}.svc`
+  }
+  /**
+   * Returns the external IP of the service.
+   *
+   * If the load balancer is available, the external IP is returned, otherwise the IP of the node.
+   *
+   * If the service has no external IP, `undefined` is returned.
+   */
+  get externalIp(): Output<string | undefined> {
+    return output({ spec: this.spec, status: this.status }).apply(({ spec, status }) => {
+      const loadBalancerIp = status.loadBalancer?.ingress?.[0]?.ip
+      if (loadBalancerIp) {
+        return loadBalancerIp
+      }
+      const nodeIp = spec.externalIPs?.[0]
+      if (nodeIp) {
+        return nodeIp
+      }
+      return undefined
+    })
+  }
+  /**
+   * The "most public" IP of the service.
+   *
+   * Resolves to the external IP if available, otherwise the cluster IP.
+   *
+   * If the service is headless, an error is thrown.
+   */
+  get ip(): Output<string> {
+    return output({ spec: this.spec, externalIp: this.externalIp }).apply(
+      ({ spec, externalIp }) => {
+        if (externalIp) {
+          return externalIp
+        }
+        const clusterIp = spec.clusterIP
+        if (clusterIp && clusterIp !== "None") {
+          return clusterIp
+        }
+        throw new Error("The service does not have neither an external IP nor a cluster IP.")
+      },
+    )
+  }
+}
+class CreatedService extends Service {
+  constructor(name: string, args: ServiceArgs, opts: ComponentResourceOptions) {
+    const service = output(args).apply(async args => {
+      await verifyProvider(opts.provider, args.cluster.info)
+      return new (args.patch ? core.v1.ServicePatch : core.v1.Service)(
+        name,
+        {
+          metadata: mapMetadata(args.patch?.metadata ?? args, name),
+          spec: deepmerge(
+            {
+              ports: normalize(args.port, args.ports),
+            },
+            omit(args, serviceExtraArgs),
+          ),
+        },
+        { parent: this, ...opts },
+      )
+    })
+    super(
+      "highstate:k8s:Service",
+      name,
+      args,
+      opts,
+      output(args.cluster).info,
+      service.metadata,
+      service.spec,
+      service.status,
+      [service],
+    )
+  }
+}
+class WrappedService extends Service {
+  constructor(
+    name: string,
+    service: Input<core.v1.Service>,
+    clusterInfo: Input<k8s.ClusterInfo>,
+    opts: ComponentResourceOptions,
+  ) {
+    super(
+      "highstate:k8s:WrappedService",
+      name,
+      { service, clusterInfo },
+      opts,
+      output(clusterInfo),
+      output(service).metadata,
+      output(service).spec,
+      output(service).status,
+      [service],
+    )
+  }
+}
+class ExternalService extends Service {
+  constructor(
+    name: string,
+    id: ResourceId,
+    clusterInfo: Input<k8s.ClusterInfo>,
+    opts: ComponentResourceOptions,
+  ) {
+    const service = output(id).apply(async id => {
+      await verifyProvider(opts.provider, this.clusterInfo)
+      return core.v1.Service.get(
+        //
+        name,
+        resourceIdToString(id),
+        { parent: this, provider: opts.provider },
+      )
+    })
+    super(
+      "highstate:k8s:ExternalService",
+      name,
+      { id, clusterInfo },
+      opts,
+      output(clusterInfo),
+      service.metadata,
+      service.spec,
+      service.status,
+      [service],
+    )
+  }
+}
+export function mapContainerPortToServicePort(
+  port: types.input.core.v1.ContainerPort,
+): types.input.core.v1.ServicePort {
+  return {
+    name: port.name,
+    port: port.containerPort,
+    targetPort: port.containerPort,
+    protocol: port.protocol,
+  }
+}
+export function mapServiceToLabelSelector(
+  service: core.v1.Service,
+): types.input.meta.v1.LabelSelector {
+  return {
+    matchLabels: service.spec.selector,
+  }
+}

package/src/shared.ts ADDED Viewed

@@ -0,0 +1,150 @@
+import type { PartialKeys } from "@highstate/contract"
+import type { k8s } from "@highstate/library"
+import { Output, output, toPromise, type Input, type Unwrap } from "@highstate/pulumi"
+import { core, Provider, types } from "@pulumi/kubernetes"
+import { mergeDeep } from "remeda"
+const providers = new Map<string, Provider>()
+export function getProvider(cluster: Input<k8s.Cluster>): Promise<Provider> {
+  const provider = output(cluster).apply(cluster => {
+    const existingProvider = providers.get(cluster.info.id)
+    if (existingProvider) {
+      return existingProvider
+    }
+    const provider = new Provider(cluster.info.id, { kubeconfig: cluster.kubeconfig })
+    providers.set(cluster.info.id, provider)
+    return provider
+  })
+  return toPromise(provider)
+}
+export async function verifyProvider(
+  provider: Provider | undefined,
+  clusterInfo: Input<k8s.ClusterInfo>,
+): Promise<void> {
+  if (!provider) {
+    throw new Error("The provider must be passed to the resource.")
+  }
+  const urn = await toPromise(provider.urn)
+  const [, , , resouceName] = urn.split("::")
+  const expectedId = await toPromise(output(clusterInfo).id)
+  if (resouceName !== expectedId) {
+    throw new Error(
+      "The Kubernetes cluster of the provider is different from the one where the resource is deployed.",
+    )
+  }
+}
+export function createNamespace(
+  name: string,
+  provider: Provider,
+  args: core.v1.NamespaceArgs = {},
+): core.v1.Namespace {
+  return new core.v1.Namespace(
+    name,
+    mergeDeep(args, {
+      metadata: {
+        name,
+      },
+    }),
+    { provider },
+  )
+}
+export function getNamespace(name = "default", provider: Provider): core.v1.Namespace {
+  return core.v1.Namespace.get(name, name, { provider })
+}
+export type NamespaceLike = core.v1.Namespace | string
+export type CommonArgs = {
+  /**
+   * The name of the resource.
+   */
+  name?: string
+  /**
+   * The namespace to create the resource in.
+   */
+  namespace: Input<NamespaceLike | undefined>
+  /**
+   * The metadata to apply to the resource.
+   */
+  metadata?: Input<types.input.meta.v1.ObjectMeta>
+}
+export const commonExtraArgs = ["name", "namespace", "metadata"] as const
+export function mapMetadata(
+  args: PartialKeys<Unwrap<CommonArgs>, "namespace">,
+  fallbackName?: string,
+): types.input.meta.v1.ObjectMeta {
+  return {
+    ...args.metadata,
+    name: args.name ?? args.metadata?.name ?? fallbackName,
+    namespace: args.namespace ? mapNamespaceLikeToNamespaceName(args.namespace) : undefined,
+  }
+}
+export type SelectorLike = types.input.meta.v1.LabelSelector | Record<string, Input<string>>
+export function mapSelectorLikeToSelector(
+  selector: SelectorLike,
+): types.input.meta.v1.LabelSelector {
+  if ("matchLabels" in selector || "matchExpressions" in selector) {
+    return selector
+  }
+  return {
+    matchLabels: selector as Record<string, Input<string>>,
+  }
+}
+export function mapNamespaceLikeToNamespaceName(namespace: NamespaceLike): Output<string> {
+  return core.v1.Namespace.isInstance(namespace) ? namespace.metadata.name : output(namespace)
+}
+export function mapNamespaceNameToSelector(
+  namespace: Input<string>,
+): types.input.meta.v1.LabelSelector {
+  return {
+    matchLabels: {
+      "kubernetes.io/metadata.name": namespace,
+    },
+  }
+}
+export type ResourceId = {
+  name: Input<string>
+  namespace?: Input<string | undefined>
+}
+export function resourceIdToString(metadata: Input<ResourceId>): Output<string> {
+  return output(metadata).apply(metadata => {
+    return metadata.namespace ? `${metadata.namespace}/${metadata.name}` : metadata.name
+  })
+}
+export function getAppName(resourceId: Unwrap<ResourceId>): string {
+  if (resourceId.namespace !== resourceId.name) {
+    return `${resourceId.namespace ?? "default"}-${resourceId.name}`
+  }
+  return resourceId.name
+}
+export function getAppDisplayName(resourceId: Unwrap<ResourceId>): string {
+  if (resourceId.namespace !== resourceId.name) {
+    return `${resourceId.namespace ?? "default"}/${resourceId.name}`
+  }
+  return resourceId.name
+}

package/src/stateful-set.ts ADDED Viewed

@@ -0,0 +1,159 @@
+import type { k8s } from "@highstate/library"
+import type { HttpRoute } from "./gateway"
+import type { Service } from "./service"
+import {
+  output,
+  type ComponentResourceOptions,
+  ComponentResource,
+  Output,
+  type Inputs,
+  type Input,
+} from "@highstate/pulumi"
+import { apps, type types } from "@pulumi/kubernetes"
+import { omit } from "remeda"
+import { deepmerge } from "deepmerge-ts"
+import {
+  getPublicWorkloadComponents,
+  publicWorkloadExtraArgs,
+  type PublicWorkloadArgs,
+} from "./workload"
+import { mapMetadata, verifyProvider } from "./shared"
+import { mapContainerToRaw } from "./container"
+export type StatefulSetArgs = Omit<PublicWorkloadArgs, "patch"> & {
+  patch?: Input<k8s.StatefulSet>
+} & Partial<types.input.apps.v1.StatefulSetSpec>
+export abstract class StatefulSet extends ComponentResource {
+  protected constructor(
+    type: string,
+    name: string,
+    args: Inputs,
+    opts: ComponentResourceOptions,
+    /**
+     * The cluster info associated with the stateful set.
+     */
+    readonly clusterInfo: Output<k8s.ClusterInfo>,
+    /**
+     * The metadata of the underlying Kubernetes stateful set.
+     */
+    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    /**
+     * The spec of the underlying Kubernetes stateful set.
+     */
+    readonly spec: Output<types.output.apps.v1.StatefulSetSpec>,
+    /**
+     * The status of the underlying Kubernetes stateful set.
+     */
+    readonly status: Output<types.output.apps.v1.StatefulSetStatus>,
+    private readonly _service: Output<Service | undefined>,
+    private readonly _httpRoute: Output<HttpRoute | undefined>,
+  ) {
+    super(type, name, args, opts)
+  }
+  /**
+   * The Highstate stateful set entity.
+   */
+  get entity(): Output<k8s.StatefulSet> {
+    return output({
+      type: "k8s.stateful-set",
+      clusterInfo: this.clusterInfo,
+      metadata: this.metadata,
+      service: this.service.entity,
+    })
+  }
+  get optionalService(): Output<Service | undefined> {
+    return this._service
+  }
+  /**
+   * The service associated with the stateful set.
+   */
+  get service(): Output<Service> {
+    return this._service.apply(service => {
+      if (!service) {
+        throw new Error("The service is not available.")
+      }
+      return service
+    })
+  }
+  /**
+   * The HTTP route associated with the stateful set.
+   */
+  get httpRoute(): Output<HttpRoute> {
+    return this._httpRoute.apply(httpRoute => {
+      if (!httpRoute) {
+        throw new Error("The HTTP route is not available.")
+      }
+      return httpRoute
+    })
+  }
+  static create(name: string, args: StatefulSetArgs, opts: ComponentResourceOptions): StatefulSet {
+    return new CreatedStatefulSet(name, args, opts)
+  }
+}
+class CreatedStatefulSet extends StatefulSet {
+  constructor(name: string, args: StatefulSetArgs, opts: ComponentResourceOptions) {
+    const { containers, volumes, labels, service, httpRoute } = getPublicWorkloadComponents(
+      name,
+      args,
+      () => this,
+      opts,
+    )
+    const statefulSet = output({ args, containers, volumes, service }).apply(
+      async ({ args, containers, volumes, service }) => {
+        await verifyProvider(opts.provider, args.cluster?.info)
+        return new (args.patch ? apps.v1.StatefulSetPatch : apps.v1.StatefulSet)(
+          name,
+          {
+            metadata: mapMetadata(args.patch?.metadata ?? args, name),
+            spec: deepmerge(
+              {
+                serviceName: service?.metadata.name || name,
+                template: {
+                  metadata: !args.patch ? { labels } : undefined,
+                  spec: {
+                    containers: containers.map(container => mapContainerToRaw(container, name)),
+                    volumes,
+                  },
+                },
+                selector: !args.patch ? { matchLabels: labels } : undefined,
+              },
+              omit(args, publicWorkloadExtraArgs),
+            ),
+          },
+          { parent: this, ...opts },
+        )
+      },
+    )
+    super(
+      "highstate:k8s:StatefulSet",
+      name,
+      args,
+      opts,
+      output(args.cluster).info,
+      statefulSet.metadata,
+      statefulSet.spec,
+      statefulSet.status,
+      service,
+      httpRoute,
+    )
+  }
+}

package/src/units/access-point/index.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { k8s } from "@highstate/library"
+import { forUnit } from "@highstate/pulumi"
+const { inputs, outputs } = forUnit(k8s.accessPoint)
+export default outputs({
+  accessPoint: {
+    dnsProvider: inputs.dnsProvider,
+    gateway: inputs.gateway,
+    tlsIssuer: inputs.tlsIssuer,
+  },
+})

package/src/units/cert-manager/index.ts ADDED Viewed

@@ -0,0 +1,37 @@
+import { k8s } from "@highstate/library"
+import { forUnit } from "@highstate/pulumi"
+import { createNamespace, getProvider } from "../../shared"
+import { Chart } from "../../helm"
+import charts from "../../../assets/charts.json"
+const { inputs, outputs } = forUnit(k8s.certManager)
+const provider = await getProvider(inputs.k8sCluster)
+const namespace = createNamespace("cert-manager", provider)
+new Chart(
+  "cert-manager",
+  {
+    namespace: namespace.metadata.name,
+    cluster: inputs.k8sCluster,
+    chart: charts["cert-manager"],
+    values: {
+      crds: {
+        enabled: true,
+      },
+      config: {
+        apiVersion: "controller.config.cert-manager.io/v1alpha1",
+        kind: "ControllerConfiguration",
+        enableGatewayAPI: true,
+      },
+    },
+  },
+  { provider },
+)
+export default outputs({
+  k8sCluster: inputs.k8sCluster,
+})

package/src/units/dns01-issuer/index.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { k8s } from "@highstate/library"
+import { forUnit, unsecret } from "@highstate/pulumi"
+import { cert_manager } from "@highstate/cert-manager"
+import { getProvider } from "../../shared"
+import { createDns01Solver } from "./solver"
+const { name, inputs, outputs } = forUnit(k8s.dns01TlsIssuer)
+const provider = await getProvider(inputs.k8sCluster)
+const dns01Solver = await createDns01Solver(inputs.dnsProvider, provider)
+new cert_manager.v1.ClusterIssuer(
+  name,
+  {
+    metadata: {
+      name,
+    },
+    spec: {
+      acme: {
+        server: "https://acme-v02.api.letsencrypt.org/directory",
+        solvers: [
+          {
+            dns01: dns01Solver,
+            selector: { dnsZones: [inputs.dnsProvider.domain] },
+          },
+        ],
+        privateKeySecretRef: {
+          name,
+        },
+      },
+    },
+  },
+  { provider },
+)
+export default outputs({
+  tlsIssuer: {
+    clusterInfo: unsecret(inputs.k8sCluster.info),
+    clusterIssuerName: name,
+  },
+})

package/src/units/dns01-issuer/solver.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { dns } from "@highstate/library"
+import type { types } from "@highstate/cert-manager"
+import type { Input } from "@pulumi/pulumi"
+import type { Provider } from "@pulumi/kubernetes"
+import { capitalize } from "remeda"
+import { toPromise } from "@highstate/pulumi"
+export async function createDns01Solver(
+  dnsProviderInput: Input<dns.Provider>,
+  provider: Provider,
+): Promise<types.input.cert_manager.v1.ClusterIssuerSpecAcmeSolversDns01> {
+  const dnsProvider = await toPromise(dnsProviderInput)
+  const implName = `create${capitalize(dnsProvider.type)}Dns01Solver`
+  const implModule = (await import(`@highstate/${dnsProvider.type}`)) as Record<string, unknown>
+  const implFunction = implModule[implName] as (
+    dnsProvider: dns.Provider,
+    provider: Provider,
+  ) => types.input.cert_manager.v1.ClusterIssuerSpecAcmeSolversDns01
+  return implFunction(dnsProvider, provider)
+}