@highstate/k8s 0.7.2 → 0.7.4

package/src/units/existing-cluster/index.ts

@@ -0,0 +1,107 @@
+import { text } from "@highstate/contract"
+import { k8s } from "@highstate/library"
+import { forUnit, getUnitInstanceName, secret, toPromise } from "@highstate/pulumi"
+import { core, Provider } from "@pulumi/kubernetes"
+import { KubeConfig, AppsV1Api, CoreV1Api } from "@kubernetes/client-node"
+
+const { name, args, secrets, outputs } = forUnit(k8s.existingCluster)
+
+const kubeconfigContent = await toPromise(secrets.kubeconfig.apply(JSON.stringify))
+
+const provider = new Provider(name, { kubeconfig: kubeconfigContent })
+
+let cni: string | undefined
+
+const kubeConfig = new KubeConfig()
+kubeConfig.loadFromString(kubeconfigContent)
+
+const appsApi = kubeConfig.makeApiClient(AppsV1Api)
+const nodeApi = kubeConfig.makeApiClient(CoreV1Api)
+
+const isCilium = await appsApi
+  .readNamespacedDaemonSet({ name: "cilium", namespace: "kube-system" })
+  .then(() => true)
+  .catch(() => false)
+
+if (isCilium) {
+  cni = "cilium"
+}
+
+const isPrivateIp = (ip: string) => {
+  const privateIpRegex = /^(10|172\.16|192\.168)\./
+  return privateIpRegex.test(ip)
+}
+
+const nodes = await nodeApi.listNode()
+
+const externalIps = nodes.items.flatMap(node => {
+  const addresses = node.status?.addresses ?? []
+  const externalIp = addresses.find(address => address.type === "ExternalIP")
+  const internalIp = addresses.find(address => address.type === "InternalIP")
+
+  const result: string[] = []
+
+  if (externalIp?.address) {
+    result.push(externalIp.address)
+  }
+
+  if (internalIp?.address && args.internalIpsPolicy === "always") {
+    result.push(internalIp.address)
+  }
+
+  if (
+    internalIp?.address &&
+    args.internalIpsPolicy === "public" &&
+    !isPrivateIp(internalIp.address)
+  ) {
+    result.push(internalIp.address)
+  }
+
+  return result
+})
+
+const kubeSystem = core.v1.Namespace.get("kube-system", "kube-system", { provider })
+
+export default outputs({
+  cluster: {
+    info: {
+      id: kubeSystem.metadata.uid,
+      name,
+      cni,
+      externalIps,
+    },
+    kubeconfig: secret(kubeconfigContent),
+  },
+
+  $terminals: {
+    management: {
+      title: `K8S: ${getUnitInstanceName()}`,
+      description: "Manage the cluster using kubectl and helm",
+      image: "ghcr.io/exeteres/highstate/terminal-kubectl",
+      command: ["bash", "/welcome.sh"],
+      files: {
+        "/kubeconfig": secret(kubeconfigContent),
+
+        "/welcome.sh": text`
+          if [ "$HIGHSTATE_TERMINAL_FIRST_LAUNCH" = "1" ]; then
+            echo "Connecting to the cluster..."
+            kubectl cluster-info
+
+            echo "Use 'kubectl' and 'helm' to manage the cluster."
+            echo
+          fi
+
+          exec script -q -c bash /dev/null
+        `,
+      },
+      env: {
+        KUBECONFIG: "/kubeconfig",
+      },
+    },
+  },
+
+  $status: {
+    clusterId: kubeSystem.metadata.uid,
+    cni: cni ?? "unknown",
+  },
+})

package/src/workload.ts

@@ -0,0 +1,150 @@
+import type { types } from "@pulumi/kubernetes"
+import type { k8s } from "@highstate/library"
+import { normalize, type ComponentResourceOptions, type InputArray } from "@highstate/pulumi"
+import { ComponentResource, output, type Input, type Output } from "@pulumi/pulumi"
+import { uniqueBy } from "remeda"
+import { commonExtraArgs, type CommonArgs } from "./shared"
+import { mapContainerPortToServicePort, Service, type ServiceArgs } from "./service"
+import { HttpRoute, type HttpRouteArgs } from "./gateway"
+import {
+  mapContainerToRaw,
+  mapWorkloadVolume,
+  type Container,
+  type WorkloadVolume,
+} from "./container"
+
+export type WorkloadArgs = CommonArgs & {
+  container?: Input<Container>
+  containers?: InputArray<Container>
+
+  /**
+   * The cluster to create the resource in.
+   */
+  cluster: Input<k8s.Cluster>
+}
+
+export const workloadExtraArgs = [...commonExtraArgs, "container", "containers"] as const
+
+export class WorkloadBase<TArgs extends WorkloadArgs> extends ComponentResource {
+  protected readonly containers: Output<types.input.core.v1.Container[]>
+  protected readonly volumes: Output<types.input.core.v1.Volume[]>
+
+  constructor(type: string, name: string, args: TArgs, opts: ComponentResourceOptions | undefined) {
+    super(type, name, args, opts)
+
+    const containers = output(args).apply(args => normalize(args.container, args.containers))
+
+    this.containers = containers.apply(containers =>
+      containers.map(container => mapContainerToRaw(container, name)),
+    )
+
+    this.volumes = containers.apply(containers =>
+      containers
+        .flatMap(container => normalize(container.volume, container.volumes))
+        .map(mapWorkloadVolume),
+    )
+  }
+}
+
+export type PublicWorkloadArgs = WorkloadArgs & {
+  service?: Input<Omit<ServiceArgs, "cluster" | "namespace">>
+  httpRoute?: Input<Omit<HttpRouteArgs, "cluster" | "namespace">>
+  patch?: Input<k8s.Deployment | k8s.StatefulSet>
+} & Partial<types.input.apps.v1.StatefulSetSpec>
+
+export const publicWorkloadExtraArgs = [...workloadExtraArgs, "service", "httpRoute"] as const
+
+export function getWorkloadComponents(name: string, args: WorkloadArgs) {
+  const labels = {
+    "app.kubernetes.io/name": name,
+  }
+
+  const containers = output(args).apply(args => normalize(args.container, args.containers))
+  const volumes = containers.apply(containers => {
+    const containerVolumes = containers
+      .flatMap(container => normalize(container.volume, container.volumes))
+      .map(mapWorkloadVolume)
+
+    const containerVolumeMounts = containers
+      .flatMap(container => {
+        return normalize(container.volumeMount, container.volumeMounts)
+          .map(volumeMount => {
+            return "volume" in volumeMount ? volumeMount.volume : undefined
+          })
+          .filter(Boolean) as WorkloadVolume[]
+      })
+      .map(mapWorkloadVolume)
+
+    return uniqueBy([...containerVolumes, ...containerVolumeMounts], volume => volume.name)
+  })
+
+  return { labels, containers, volumes }
+}
+
+export function getPublicWorkloadComponents(
+  name: string,
+  args: PublicWorkloadArgs,
+  parent: () => ComponentResource,
+  opts: ComponentResourceOptions,
+) {
+  const { labels, containers, volumes } = getWorkloadComponents(name, args)
+
+  const service = output({ args, containers }).apply(({ args, containers }) => {
+    if (!args.service && !args.httpRoute) {
+      return undefined
+    }
+
+    if (args.patch?.service) {
+      return Service.of(name, args.patch.service, { parent: parent(), ...opts })
+    }
+
+    if (args.patch) {
+      return undefined
+    }
+
+    const ports = containers.flatMap(container => normalize(container.port, container.ports))
+
+    return Service.create(
+      name,
+      {
+        ...args.service,
+        selector: labels,
+        cluster: args.cluster,
+        namespace: args.namespace,
+
+        ports:
+          // allow to completely override the ports
+          !args.service?.port && !args.service?.ports
+            ? ports.map(mapContainerPortToServicePort)
+            : args.service?.ports,
+      },
+      { parent: parent(), ...opts },
+    )
+  })
+
+  const httpRoute = output({
+    args,
+    service,
+  }).apply(({ args, service }) => {
+    if (!args.httpRoute || !service) {
+      return undefined
+    }
+
+    if (args.patch) {
+      return undefined
+    }
+
+    return new HttpRoute(
+      name,
+      {
+        ...args.httpRoute,
+        rule: {
+          backend: service,
+        },
+      },
+      { parent: parent(), ...opts },
+    )
+  })
+
+  return { labels, containers, volumes, service, httpRoute }
+}

package/assets/charts.json

@@ -1,8 +0,0 @@
-{
-  "cert-manager": {
-    "repo": "https://charts.jetstack.io",
-    "name": "cert-manager",
-    "version": "v1.17.1",
-    "sha256": "48707f6e8937290da96065dc7de8b4f5a95d9707798d4b5a0d560f78c12996f7"
-  }
-}