@highstate/k8s 0.7.2 → 0.7.3

package/src/access-point.ts

@@ -0,0 +1,185 @@
+import type { k8s } from "@highstate/library"
+import type { core, Provider } from "@pulumi/kubernetes"
+import { DnsRecord } from "@highstate/common"
+import { gateway } from "@highstate/gateway-api"
+import {
+  normalize,
+  Output,
+  output,
+  toPromise,
+  type Input,
+  type InputArray,
+} from "@highstate/pulumi"
+import { NetworkPolicy } from "./network-policy"
+import { getAppDisplayName, getAppName, mapNamespaceLikeToNamespaceName } from "./shared"
+
+export type UseAccessPointResult = {
+  /**
+   * The gateway instance created according to the access point.
+   */
+  gateway: gateway.v1.Gateway
+
+  /**
+   * The DNS record associated created according to the access point and gateway.
+   */
+  dnsRecords: DnsRecord[]
+
+  /**
+   * The network policies associated with the access point.
+   */
+  networkPolicies: NetworkPolicy[]
+}
+
+export type UseAccessPointArgs = Omit<CreateGatewayArgs, "gateway"> & {
+  accessPoint: Input<k8s.AccessPoint>
+}
+
+export function useAccessPoint(args: UseAccessPointArgs): Promise<UseAccessPointResult> {
+  const result = output({ args, namespaceName: output(args.namespace).metadata.name }).apply(
+    ({ args, namespaceName }) => {
+      const gateway = createGateway({
+        ...args,
+        annotations: {
+          "cert-manager.io/cluster-issuer": args.accessPoint.tlsIssuer.clusterIssuerName,
+        },
+        gateway: args.accessPoint.gateway,
+      })
+
+      const dnsRecords = normalize(args.fqdn, args.fqdns).map(fqdn => {
+        return DnsRecord.create(fqdn, {
+          provider: args.accessPoint.dnsProvider,
+          type: "A",
+          value: args.accessPoint.gateway.ip,
+        })
+      })
+
+      const networkPolicies: Output<NetworkPolicy>[] = []
+
+      if (args.accessPoint.gateway.service) {
+        const displayName = getAppDisplayName(args.accessPoint.gateway.service.metadata)
+
+        networkPolicies.push(
+          NetworkPolicy.create(
+            `allow-ingress-from-${getAppName(args.accessPoint.gateway.service.metadata)}`,
+            {
+              cni: args.accessPoint.gateway.service.clusterInfo.cni,
+              namespace: args.namespace,
+
+              description: `Allow ingress traffic from the gateway "${displayName}".`,
+
+              ingressRule: {
+                fromNamespace: args.accessPoint.gateway.service.metadata.namespace,
+                fromSelector: args.accessPoint.gateway.service.spec.selector,
+              },
+            },
+            { provider: args.provider },
+          ),
+
+          NetworkPolicy.create(
+            `allow-egress-to-${namespaceName}`,
+            {
+              cni: args.accessPoint.gateway.service.clusterInfo.cni,
+              namespace: args.accessPoint.gateway.service.metadata.namespace,
+              selector: args.accessPoint.gateway.service.spec.selector,
+
+              description: `Allow egress traffic to the namespace "${namespaceName}".`,
+
+              egressRule: {
+                toNamespace: args.namespace,
+              },
+            },
+            { provider: args.provider },
+          ),
+        )
+      }
+
+      return output({
+        gateway,
+        dnsRecords,
+        networkPolicies,
+      })
+    },
+  )
+
+  return toPromise(result)
+}
+
+export type StandardAccessPointArgs = {
+  fqdn: string
+}
+
+export type StandardAccessPointInputs = {
+  accessPoint: Output<k8s.AccessPoint>
+  k8sCluster: Output<k8s.Cluster>
+}
+
+export function useStandardAcessPoint(
+  appName: string,
+  namespace: core.v1.Namespace,
+  args: StandardAccessPointArgs,
+  inputs: StandardAccessPointInputs,
+  provider: Provider,
+): Promise<UseAccessPointResult> {
+  return useAccessPoint({
+    name: appName,
+    namespace,
+
+    fqdn: args.fqdn,
+
+    accessPoint: inputs.accessPoint,
+    clusterInfo: inputs.k8sCluster.info,
+    provider,
+  })
+}
+
+export type CreateGatewayArgs = {
+  name: string
+  namespace: Input<core.v1.Namespace>
+  annotations?: Input<Record<string, string>>
+
+  fqdn?: Input<string>
+  fqdns?: InputArray<string>
+
+  gateway: Input<k8s.Gateway>
+  clusterInfo: Input<k8s.ClusterInfo>
+  provider: Provider
+}
+
+export function createGateway(args: CreateGatewayArgs): Output<gateway.v1.Gateway> {
+  return output(args).apply(args => {
+    if (args.clusterInfo.id !== args.gateway.clusterInfo.id) {
+      throw new Error(
+        "The provided Kubernetes cluster is different from the one where the gateway controller is deployed.",
+      )
+    }
+
+    return new gateway.v1.Gateway(
+      args.name,
+      {
+        metadata: {
+          name: args.name,
+          namespace: mapNamespaceLikeToNamespaceName(args.namespace),
+          annotations: args.annotations,
+        },
+        spec: {
+          gatewayClassName: output(args.gateway).gatewayClassName,
+          listeners: normalize(args.fqdn, args.fqdns).map(fqdn => {
+            const normalizedName = fqdn.replace(/\*/g, "wildcard")
+
+            return {
+              name: `https-${normalizedName}`,
+              port: output(args.gateway).httpsListenerPort,
+              protocol: "HTTPS",
+              hostname: fqdn,
+              tls: {
+                mode: "Terminate",
+                certificateRefs: [{ name: normalizedName }],
+              },
+            }
+          }),
+        },
+      },
+      { provider: args.provider, deletedWith: args.namespace },
+    )
+  })
+}

package/src/container.ts

@@ -0,0 +1,271 @@
+import type { PartialKeys } from "@highstate/contract"
+import { core, type types } from "@pulumi/kubernetes"
+import { normalize, output, type Input, type InputArray, type Unwrap } from "@highstate/pulumi"
+import { concat, map, omit } from "remeda"
+import { PersistentVolumeClaim } from "./pvc"
+
+export type Container = Omit<PartialKeys<types.input.core.v1.Container, "name">, "volumeMounts"> & {
+  /**
+   * The single port to add to the container.
+   */
+  port?: Input<types.input.core.v1.ContainerPort>
+
+  /**
+   * The volume mount to attach to the container.
+   */
+  volumeMount?: Input<ContainerVolumeMount>
+
+  /**
+   * The volume mounts to attach to the container.
+   */
+  volumeMounts?: InputArray<ContainerVolumeMount>
+
+  /**
+   * The volume to include in the parent workload.
+   * It is like the `volumes` property, but defined at the container level.
+   * It will be defined as a volume mount in the parent workload automatically.
+   */
+  volume?: Input<WorkloadVolume>
+
+  /**
+   * The volumes to include in the parent workload.
+   * It is like the `volumes` property, but defined at the container level.
+   * It will be defined as a volume mount in the parent workload automatically.
+   */
+  volumes?: InputArray<WorkloadVolume>
+
+  /**
+   * The map of environment variables to set in the container.
+   * It is like the `env` property, but more convenient to use.
+   */
+  environment?: Input<ContainerEnvironment>
+
+  /**
+   * The source of environment variables to set in the container.
+   * It is like the `envFrom` property, but more convenient to use.
+   */
+  environmentSource?: Input<ContainerEnvironmentSource>
+
+  /**
+   * The sources of environment variables to set in the container.
+   * It is like the `envFrom` property, but more convenient to use.
+   */
+  environmentSources?: InputArray<ContainerEnvironmentSource>
+}
+
+const containerExtraArgs = [
+  "port",
+  "volumeMount",
+  "volume",
+  "environment",
+  "environmentSource",
+  "environmentSources",
+] as const
+
+export type ContainerEnvironment = Record<
+  string,
+  Input<string | undefined | null | ContainerEnvironmentVariable>
+>
+
+export type ContainerEnvironmentVariable =
+  | types.input.core.v1.EnvVarSource
+  | {
+      /**
+       * The secret to select from.
+       */
+      secret: Input<core.v1.Secret>
+
+      /**
+       * The key of the secret to select from.
+       */
+      key: string
+    }
+  | {
+      /**
+       * The config map to select from.
+       */
+      configMap: Input<core.v1.ConfigMap>
+
+      /**
+       * The key of the config map to select from.
+       */
+      key: string
+    }
+
+export type ContainerEnvironmentSource =
+  | types.input.core.v1.EnvFromSource
+  | core.v1.ConfigMap
+  | core.v1.Secret
+
+export type ContainerVolumeMount =
+  | types.input.core.v1.VolumeMount
+  | (Omit<types.input.core.v1.VolumeMount, "name"> & {
+      /**
+       * The volume to mount.
+       */
+      volume: Input<WorkloadVolume>
+    })
+
+export type WorkloadVolume =
+  | types.input.core.v1.Volume
+  | core.v1.PersistentVolumeClaim
+  | PersistentVolumeClaim
+  | core.v1.ConfigMap
+  | core.v1.Secret
+
+export function mapContainerToRaw(
+  container: Unwrap<Container>,
+  fallbackName: string,
+): types.input.core.v1.Container {
+  const containerName = container.name ?? fallbackName
+
+  return {
+    ...omit(container, containerExtraArgs),
+
+    name: containerName,
+    ports: normalize(container.port, container.ports),
+
+    volumeMounts: map(normalize(container.volumeMount, container.volumeMounts), mapVolumeMount),
+
+    env: concat(
+      container.environment ? mapContainerEnvironment(container.environment) : [],
+      container.env ?? [],
+    ),
+
+    envFrom: concat(
+      map(
+        normalize(container.environmentSource, container.environmentSources),
+        mapEnvironmentSource,
+      ),
+      container.envFrom ?? [],
+    ),
+  }
+}
+
+export function mapContainerEnvironment(
+  environment: Unwrap<ContainerEnvironment>,
+): types.input.core.v1.EnvVar[] {
+  const envVars: types.input.core.v1.EnvVar[] = []
+
+  for (const [name, value] of Object.entries(environment)) {
+    if (!value) {
+      continue
+    }
+
+    if (typeof value === "string") {
+      envVars.push({ name, value })
+      continue
+    }
+
+    if ("secret" in value) {
+      envVars.push({
+        name,
+        valueFrom: {
+          secretKeyRef: {
+            name: value.secret.metadata.name,
+            key: value.key,
+          },
+        },
+      })
+      continue
+    }
+
+    if ("configMap" in value) {
+      envVars.push({
+        name,
+        valueFrom: {
+          configMapKeyRef: {
+            name: value.configMap.metadata.name,
+            key: value.key,
+          },
+        },
+      })
+      continue
+    }
+
+    envVars.push({ name, valueFrom: value })
+  }
+
+  return envVars
+}
+
+export function mapVolumeMount(volumeMount: ContainerVolumeMount): types.input.core.v1.VolumeMount {
+  if ("volume" in volumeMount) {
+    return omit(
+      {
+        ...volumeMount,
+        name: output(volumeMount.volume)
+          .apply(mapWorkloadVolume)
+          .apply(volume => output(volume.name)),
+      },
+      ["volume"],
+    )
+  }
+
+  return {
+    ...volumeMount,
+    name: volumeMount.name,
+  }
+}
+
+export function mapEnvironmentSource(
+  envFrom: ContainerEnvironmentSource,
+): types.input.core.v1.EnvFromSource {
+  if (envFrom instanceof core.v1.ConfigMap) {
+    return {
+      configMapRef: {
+        name: envFrom.metadata.name,
+      },
+    }
+  }
+
+  if (envFrom instanceof core.v1.Secret) {
+    return {
+      secretRef: {
+        name: envFrom.metadata.name,
+      },
+    }
+  }
+
+  return envFrom
+}
+
+export function mapWorkloadVolume(volume: WorkloadVolume) {
+  if (volume instanceof PersistentVolumeClaim) {
+    return {
+      name: volume.metadata.name,
+      persistentVolumeClaim: {
+        claimName: volume.metadata.name,
+      },
+    }
+  }
+
+  if (volume instanceof core.v1.PersistentVolumeClaim) {
+    return {
+      name: volume.metadata.name,
+      persistentVolumeClaim: {
+        claimName: volume.metadata.name,
+      },
+    }
+  }
+
+  if (volume instanceof core.v1.ConfigMap) {
+    return {
+      name: volume.metadata.name,
+      configMap: {
+        name: volume.metadata.name,
+      },
+    }
+  }
+
+  if (volume instanceof core.v1.Secret) {
+    return {
+      name: volume.metadata.name,
+      secret: {
+        secretName: volume.metadata.name,
+      },
+    }
+  }
+
+  return volume
+}

package/src/cron-job.ts

@@ -0,0 +1,77 @@
+import type { RequiredKeys } from "@highstate/contract"
+import { batch, type types } from "@pulumi/kubernetes"
+import {
+  ComponentResource,
+  normalize,
+  Output,
+  output,
+  type ComponentResourceOptions,
+  type Input,
+  type InputArray,
+} from "@highstate/pulumi"
+import { mergeDeep, omit } from "remeda"
+import { mapContainerToRaw, mapWorkloadVolume, type Container } from "./container"
+import { commonExtraArgs, mapMetadata, type CommonArgs } from "./shared"
+
+export type CronJobArgs = CommonArgs & {
+  container?: Input<Container>
+  containers?: InputArray<Container>
+} & Omit<RequiredKeys<Partial<types.input.batch.v1.CronJobSpec>, "schedule">, "jobTemplate"> & {
+    jobTemplate?: {
+      metadata?: types.input.meta.v1.ObjectMeta
+      spec?: Omit<types.input.batch.v1.JobSpec, "template"> & {
+        template?: {
+          metadata?: types.input.meta.v1.ObjectMeta
+          spec?: Partial<types.input.core.v1.PodSpec>
+        }
+      }
+    }
+  }
+
+const cronJobExtraArgs = [...commonExtraArgs, "container", "containers"] as const
+
+export class CronJob extends ComponentResource {
+  /**
+   * The underlying Kubernetes job.
+   */
+  public readonly cronJob: Output<batch.v1.CronJob>
+
+  constructor(name: string, args: CronJobArgs, opts?: ComponentResourceOptions) {
+    super("highstate:k8s:CronJob", name, args, opts)
+
+    this.cronJob = output(args).apply(args => {
+      const containers = normalize(args.container, args.containers)
+
+      return new batch.v1.CronJob(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+
+          spec: mergeDeep(
+            {
+              jobTemplate: {
+                spec: {
+                  template: {
+                    spec: {
+                      containers: containers.map(container => mapContainerToRaw(container, name)),
+
+                      volumes: containers
+                        .flatMap(container => normalize(container.volume, container.volumes))
+                        .map(mapWorkloadVolume),
+                    },
+                  },
+                },
+              },
+
+              schedule: args.schedule,
+            } satisfies types.input.batch.v1.CronJobSpec,
+            omit(args, cronJobExtraArgs) as types.input.batch.v1.CronJobSpec,
+          ),
+        },
+        { parent: this, ...opts },
+      )
+    })
+
+    this.registerOutputs({ cronJob: this.cronJob })
+  }
+}