@highstate/k8s 0.9.18 → 0.9.20

package/src/workload.ts

@@ -1,59 +1,81 @@
 import type { k8s } from "@highstate/library"
+import type { types } from "@pulumi/kubernetes"
 import type { DeploymentArgs } from "./deployment"
 import type { StatefulSetArgs } from "./stateful-set"
-import type { types } from "@pulumi/kubernetes"
+import { AccessPointRoute, type AccessPointRouteArgs } from "@highstate/common"
+import { type TerminalSpec, trimIndentation, type UnitTerminal } from "@highstate/contract"
 import {
-  normalize,
   type ComponentResourceOptions,
+  type DeepInput,
+  fileFromString,
   type InputArray,
-  type InstanceTerminal,
+  normalize,
+  normalizeInputs,
 } from "@highstate/pulumi"
 import {
-  ComponentResource,
-  interpolate,
-  Output,
-  output,
+  type ComponentResource,
   type CustomResourceOptions,
   type Input,
+  type Inputs,
+  interpolate,
+  type Output,
+  output,
+  type Unwrap,
 } from "@pulumi/pulumi"
-import { filter, isNonNullish, unique, uniqueBy } from "remeda"
-import { deepmerge } from "deepmerge-ts"
 import { sha256 } from "crypto-hash"
-import { commonExtraArgs, getProvider, images, type CommonArgs } from "./shared"
-import { mapContainerPortToServicePort, Service, type ServiceArgs } from "./service"
-import { HttpRoute, type HttpRouteArgs } from "./gateway"
+import { deepmerge } from "deepmerge-ts"
+import { filter, isNonNullish, unique, uniqueBy } from "remeda"
 import {
+  type Container,
   getWorkloadVolumeResourceUuid,
   mapContainerToRaw,
   mapWorkloadVolume,
-  type Container,
   type WorkloadVolume,
 } from "./container"
+import { Namespace } from "./namespace"
 import { NetworkPolicy, type NetworkPolicyArgs } from "./network-policy"
 import { podSpecDefaults } from "./pod"
+import { mapContainerPortToServicePort, Service, type ServiceArgs } from "./service"
+import { commonExtraArgs, images, ScopedResource, type ScopedResourceArgs } from "./shared"
 
-export type WorkloadArgs = CommonArgs & {
-  container?: Input<Container>
-  containers?: InputArray<Container>
-
+export type WorkloadTerminalArgs = {
   /**
    * The shell to use in the terminal.
    *
    * By default, `bash` is used.
    */
-  terminalShell?: string
+  shell?: string
+}
+
+export type WorkloadArgs = ScopedResourceArgs & {
+  container?: Input<Container>
+  containers?: InputArray<Container>
+
+  /**
+   * The args for the terminal to use.
+   */
+  terminal?: Input<WorkloadTerminalArgs>
 
   /**
    * The network policy to apply to the deployment.
    */
-  networkPolicy?: Input<Omit<NetworkPolicyArgs, "selector" | "cluster" | "namespace">>
+  networkPolicy?: Omit<NetworkPolicyArgs, "selector" | "cluster" | "namespace">
 }
 
 export const workloadExtraArgs = [...commonExtraArgs, "container", "containers"] as const
 
 export type ExposableWorkloadArgs = WorkloadArgs & {
   service?: Input<Omit<ServiceArgs, "cluster" | "namespace">>
-  httpRoute?: Input<Omit<HttpRouteArgs, "cluster" | "namespace">>
+
+  /**
+   * The configuration for the access point route to create.
+   */
+  route?: Input<Omit<AccessPointRouteArgs, "endpoints" | "customData">>
+
+  /**
+   * The configuration for the access point routes to create.
+   */
+  routes?: InputArray<Omit<AccessPointRouteArgs, "endpoints" | "customData">>
 
   /**
    * The existing workload to patch.
@@ -61,7 +83,12 @@ export type ExposableWorkloadArgs = WorkloadArgs & {
   existing?: Input<k8s.ExposableWorkload>
 }
 
-export const exposableWorkloadExtraArgs = [...workloadExtraArgs, "service", "httpRoute"] as const
+export const exposableWorkloadExtraArgs = [
+  ...workloadExtraArgs,
+  "service",
+  "route",
+  "routes",
+] as const
 
 export type ExposableWorkloadType = "Deployment" | "StatefulSet"
 
@@ -125,16 +152,20 @@ export function getWorkloadComponents(
     return output(rawVolumes.map(mapWorkloadVolume)).apply(uniqueBy(volume => volume.name))
   })
 
-  const podSpec = output({ args, containers, volumes }).apply(({ args, containers, volumes }) => {
+  const podSpec = output({
+    cluster: output(args.namespace).cluster,
+    containers,
+    volumes,
+  }).apply(({ cluster, containers, volumes }) => {
     const spec = {
       volumes,
-      containers: containers.map(container => mapContainerToRaw(container, args.cluster, name)),
+      containers: containers.map(container => mapContainerToRaw(container, cluster, name)),
       ...podSpecDefaults,
     } satisfies types.input.core.v1.PodSpec
 
     if (
       containers.some(container => container.enableTun) &&
-      args.cluster.quirks?.tunDevicePolicy?.type !== "plugin"
+      cluster.quirks?.tunDevicePolicy?.type !== "plugin"
     ) {
       spec.volumes = output(spec.volumes).apply(volumes => [
         ...(volumes ?? []),
@@ -162,6 +193,7 @@ export function getWorkloadComponents(
       metadata: {
         labels,
         annotations: {
+          // to trigger a redeployment when the volumes change
           "highstate.io/dependency-hash": dependencyHash,
         },
       },
@@ -169,28 +201,30 @@ export function getWorkloadComponents(
     } satisfies types.input.core.v1.PodTemplateSpec
   })
 
-  const networkPolicy = output({ args, containers }).apply(({ args, containers }) => {
+  const networkPolicy = output({ containers }).apply(({ containers }) => {
     const allowedEndpoints = containers.flatMap(container => container.allowedEndpoints ?? [])
 
     if (allowedEndpoints.length === 0 && !args.networkPolicy) {
       return output(undefined)
     }
 
-    return NetworkPolicy.create(
-      name,
-      {
-        cluster: args.cluster,
-        namespace: args.namespace,
-        selector: labels,
+    return output(
+      new NetworkPolicy(
+        name,
+        {
+          namespace: args.namespace,
+          selector: labels,
+          description: `Network policy for "${name}"`,
 
-        ...args.networkPolicy,
+          ...args.networkPolicy,
 
-        egressRules: [
-          ...(args.networkPolicy?.egressRules ?? []),
-          ...(allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []),
-        ],
-      },
-      { ...opts, parent: parent() },
+          egressRules: output(args.networkPolicy?.egressRules).apply(egressRules => [
+            ...(egressRules ?? []),
+            ...(allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []),
+          ]),
+        },
+        { ...opts, parent: parent() },
+      ),
     )
   })
 
@@ -206,93 +240,79 @@ export function getExposableWorkloadComponents(
   const { labels, containers, volumes, podSpec, podTemplate, networkPolicy } =
     getWorkloadComponents(name, args, parent, opts)
 
-  const service = output({ args, containers }).apply(async ({ args, containers }) => {
-    if (!args.service && !args.httpRoute) {
+  const service = output({
+    existing: args.existing,
+    serviceArgs: args.service,
+    containers,
+  }).apply(({ existing, serviceArgs, containers }) => {
+    if (!args.service && !args.route) {
       return undefined
     }
 
-    if (args.existing?.service) {
-      return Service.of(name, args.existing.service, args.cluster, { ...opts, parent: parent() })
+    if (existing?.service) {
+      return Service.for(existing.service, output(args.namespace).cluster)
     }
 
-    if (args.existing) {
+    if (existing) {
       return undefined
     }
 
     const ports = containers.flatMap(container => normalize(container.port, container.ports))
 
-    return Service.create(
-      name,
-      {
-        ...args.service,
-        selector: labels,
-        cluster: args.cluster,
-        namespace: args.namespace,
-
-        ports:
-          // allow to completely override the ports
-          !args.service?.port && !args.service?.ports
-            ? ports.map(mapContainerPortToServicePort)
-            : args.service?.ports,
-      },
-      {
-        ...opts,
-        parent: parent(),
-        provider: await getProvider(args.cluster),
-      },
-    )
+    return Service.create(name, {
+      ...serviceArgs,
+      selector: labels,
+      namespace: args.namespace,
+
+      ports:
+        // allow to completely override the ports
+        !serviceArgs?.port && !serviceArgs?.ports
+          ? ports.map(mapContainerPortToServicePort)
+          : serviceArgs?.ports,
+    })
   })
 
-  const httpRoute = output({
-    args,
+  const routes = output({
+    routesArgs: normalizeInputs(args.route, args.routes),
     service,
-  }).apply(async ({ args, service }) => {
-    if (!args.httpRoute || !service) {
-      return undefined
+    namespace: output(args.namespace),
+  }).apply(({ routesArgs, service, namespace }) => {
+    if (!routesArgs.length || !service) {
+      return []
     }
 
     if (args.existing) {
-      return undefined
+      return []
     }
 
-    return new HttpRoute(
-      name,
-      {
-        ...args.httpRoute,
-        cluster: args.cluster,
-        rule: {
-          backend: service,
-        },
-      },
-      {
-        ...opts,
-        parent: parent(),
-        provider: await getProvider(args.cluster),
-      },
-    )
+    return routesArgs.map(routeArgs => {
+      return new AccessPointRoute(name, {
+        ...routeArgs,
+        endpoints: service.endpoints,
+
+        // pass the native data to the route to allow implementation to use it
+        gatewayNativeData: service,
+        tlsCertificateNativeData: namespace,
+      })
+    })
   })
 
-  return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, httpRoute }
+  return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, routes }
 }
 
-export abstract class Workload extends ComponentResource {
+export abstract class Workload extends ScopedResource {
   protected constructor(
     type: string,
     protected readonly name: string,
-    private readonly args: WorkloadArgs,
+    args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    protected readonly resourceType: string,
-
-    /**
-     * The cluster where the workload is created.
-     */
-    readonly cluster: Output<k8s.Cluster>,
-
-    /**
-     * The metadata of the underlying Kubernetes workload.
-     */
-    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    apiVersion: Output<string>,
+    kind: Output<string>,
+    protected readonly terminalArgs: Output<Unwrap<WorkloadTerminalArgs>>,
+    protected readonly containers: Output<Container[]>,
+    namespace: Output<Namespace>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
 
     /**
      * The network policy associated with the workload.
@@ -301,81 +321,187 @@ export abstract class Workload extends ComponentResource {
      */
     readonly networkPolicy: Output<NetworkPolicy | undefined>,
   ) {
-    super(type, name, args, opts)
+    super(type, name, args, opts, apiVersion, kind, namespace, metadata)
   }
 
+  protected abstract getTerminalMeta(): Output<UnitTerminal["meta"]>
+
   /**
    * The instance terminal to interact with the deployment.
    */
-  get terminal(): Output<InstanceTerminal> {
-    const containerName = output(this.args).apply(args => {
-      const containers = normalize(args.container, args.containers)
-
+  get terminal(): Output<UnitTerminal> {
+    const containerName = output(this.containers).apply(containers => {
       return containers[0]?.name ?? this.name
     })
 
+    const shell = this.terminalArgs.apply(args => args.shell ?? "bash")
+
+    const workloadLabelQuery = output(this.metadata)
+      .apply(meta => meta.labels ?? {})
+      .apply(labels =>
+        Object.entries(labels)
+          .map(([key, value]) => `${key}=${value}`)
+          .join(","),
+      )
+
     return output({
       name: this.metadata.name,
-      title: interpolate`${Workload.getResourceDisplayType(this.resourceType)} (${this.metadata.name})`,
-      description: "Connect to the container of the workload",
-      icon: "devicon:kubernetes",
-
-      image: images["terminal-kubectl"].image,
-
-      command: [
-        "exec",
-        "kubectl",
-        "exec",
-        "-it",
-        "-n",
-        this.metadata.namespace,
-        interpolate`${this.resourceType}/${this.metadata.name}`,
-        "-c",
-        containerName,
-        "--",
-        this.args.terminalShell ?? "bash",
-      ],
-
-      files: {
-        "/kubeconfig": this.cluster.kubeconfig,
-      },
+      meta: this.getTerminalMeta(),
+
+      spec: {
+        image: images["terminal-kubectl"].image,
+        command: ["bash", "/welcome.sh"],
+
+        files: {
+          "/kubeconfig": fileFromString("kubeconfig", this.cluster.kubeconfig, { isSecret: true }),
+
+          "/welcome.sh": fileFromString(
+            "welcome.sh",
+            interpolate`
+              #!/bin/bash
+              set -euo pipefail
+
+              NAMESPACE="${this.metadata.namespace}"
+              RESOURCE_TYPE="${this.kind.apply(k => k.toLowerCase())}"
+              RESOURCE_NAME="${this.metadata.name}"
+              CONTAINER_NAME="${containerName}"
+              SHELL="${shell}"
+
+              echo "Connecting to $RESOURCE_TYPE \\"$RESOURCE_NAME\\" in namespace \\"$NAMESPACE\\""
+
+              # get all pods for this workload
+              PODS=$(kubectl get pods -n "$NAMESPACE" -l "${workloadLabelQuery}" -o jsonpath='{.items[*].metadata.name}' 2>/dev/null || echo "")
+
+              if [ -z "$PODS" ]; then
+                echo "No pods found"
+                exit 1
+              fi
+
+              # convert space-separated string to array
+              read -ra POD_ARRAY <<< "$PODS"
+
+              if [ \${#POD_ARRAY[@]} -eq 1 ]; then
+                # single pod found, connect directly
+                SELECTED_POD="\${POD_ARRAY[0]}"
+                echo "Found single pod: $SELECTED_POD"
+              else
+                # multiple pods found, use fzf for selection
+                echo "Found \${#POD_ARRAY[@]} pods. Please select one."
+                
+                SELECTED_POD=$(printf '%s\n' "\${POD_ARRAY[@]}" | fzf --prompt="Select pod: " --height 10 --border --info=inline)
+                
+                if [ -z "$SELECTED_POD" ]; then
+                  echo "No pod selected"
+                  exit 1
+                fi
+                
+                echo "Selected pod: $SELECTED_POD"
+              fi
+
+              # execute into the selected pod
+              exec kubectl exec -it -n "$NAMESPACE" "$SELECTED_POD" -c "$CONTAINER_NAME" -- "$SHELL"
+            `.apply(trimIndentation),
+          ),
+        },
 
-      env: {
-        KUBECONFIG: "/kubeconfig",
+        env: {
+          KUBECONFIG: "/kubeconfig",
+        },
       },
     })
   }
 
-  private static getResourceDisplayType(resourceType: string): string {
-    switch (resourceType) {
-      case "deployment":
-        return "Deployment"
-      case "statefulset":
-        return "StatefulSet"
-      case "daemonset":
-        return "DaemonSet"
-      default:
-        return resourceType.charAt(0).toUpperCase() + resourceType.slice(1)
-    }
+  /**
+   * Creates a terminal with a custom command.
+   *
+   * @param meta The metadata for the terminal.
+   * @param command The command to run in the terminal.
+   * @param spec Additional spec options for the terminal.
+   */
+  createTerminal(
+    name: string,
+    meta: UnitTerminal["meta"],
+    command: InputArray<string>,
+    spec?: { env?: DeepInput<TerminalSpec["env"]>; files?: DeepInput<TerminalSpec["files"]> },
+  ): Output<UnitTerminal> {
+    const containerName = output(this.containers).apply(containers => {
+      return containers[0]?.name ?? this.name
+    })
+
+    return output({
+      name,
+
+      meta: output(this.getTerminalMeta()).apply(currentMeta => ({
+        ...currentMeta,
+        ...meta,
+      })),
+
+      spec: {
+        image: images["terminal-kubectl"].image,
+
+        command: output(command).apply(command => [
+          "exec",
+          "kubectl",
+          "exec",
+          "-it",
+          "-n",
+          this.metadata.namespace,
+          interpolate`${this.kind.apply(k => k.toLowerCase())}/${this.metadata.name}`,
+          "-c",
+          containerName,
+          "--",
+          ...command,
+        ]),
+
+        files: {
+          "/kubeconfig": fileFromString("kubeconfig", this.cluster.kubeconfig, { isSecret: true }),
+          ...spec?.files,
+        },
+
+        env: {
+          KUBECONFIG: "/kubeconfig",
+          ...spec?.env,
+        },
+      },
+    })
   }
 }
 
 export abstract class ExposableWorkload extends Workload {
   protected constructor(
     type: string,
-    protected readonly name: string,
-    args: ExposableWorkloadArgs,
+    name: string,
+    args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    resourceType: string,
-    cluster: Output<k8s.Cluster>,
+    apiVersion: Output<string>,
+    kind: Output<string>,
+    terminalArgs: Output<Unwrap<WorkloadTerminalArgs>>,
+    containers: Output<Container[]>,
+    namespace: Output<Namespace>,
     metadata: Output<types.output.meta.v1.ObjectMeta>,
     networkPolicy: Output<NetworkPolicy | undefined>,
 
     protected readonly _service: Output<Service | undefined>,
-    protected readonly _httpRoute: Output<HttpRoute | undefined>,
+
+    /**
+     * The access point routes associated with the workload.
+     */
+    readonly routes: Output<AccessPointRoute[]>,
   ) {
-    super(type, name, args, opts, resourceType, cluster, metadata, networkPolicy)
+    super(
+      type,
+      name,
+      args,
+      opts,
+      apiVersion,
+      kind,
+      terminalArgs,
+      containers,
+      namespace,
+      metadata,
+      networkPolicy,
+    )
   }
 
   /**
@@ -385,13 +511,6 @@ export abstract class ExposableWorkload extends Workload {
     return this._service
   }
 
-  /**
-   * The HTTP route associated with the workload.
-   */
-  get optionalHttpRoute(): Output<HttpRoute | undefined> {
-    return this._httpRoute
-  }
-
   /**
    * The service associated with the workload.
    *
@@ -407,21 +526,6 @@ export abstract class ExposableWorkload extends Workload {
     })
   }
 
-  /**
-   * The HTTP route associated with the workload.
-   *
-   * Will throw an error if the HTTP route is not available.
-   */
-  get httpRoute(): Output<HttpRoute> {
-    return this._httpRoute.apply(httpRoute => {
-      if (!httpRoute) {
-        throw new Error(`The HTTP route of the workload "${this.name}" is not available.`)
-      }
-
-      return httpRoute
-    })
-  }
-
   /**
    * The entity of the workload.
    */
@@ -443,7 +547,7 @@ export abstract class ExposableWorkload extends Workload {
     opts?: CustomResourceOptions,
   ): Output<ExposableWorkload> {
     return output(args).apply(async args => {
-      if (args.existing?.type === "k8s.deployment") {
+      if (args.existing?.type === "deployment") {
         const { Deployment } = await import("./deployment")
 
         return Deployment.patch(
@@ -451,13 +555,13 @@ export abstract class ExposableWorkload extends Workload {
           {
             ...deepmerge(args, args.deployment),
             name: args.existing.metadata.name,
-            namespace: args.existing.metadata.namespace,
+            namespace: Namespace.forResourceAsync(args.existing, output(args.namespace).cluster),
           },
           opts,
         )
       }
 
-      if (args.existing?.type === "k8s.stateful-set") {
+      if (args.existing?.type === "stateful-set") {
         const { StatefulSet } = await import("./stateful-set")
 
         return StatefulSet.patch(
@@ -465,7 +569,7 @@ export abstract class ExposableWorkload extends Workload {
           {
             ...deepmerge(args, args.statefulSet),
             name: args.existing.metadata.name,
-            namespace: args.existing.metadata.namespace,
+            namespace: Namespace.forResourceAsync(args.existing, output(args.namespace).cluster),
           },
           opts,
         )

package/dist/chunk-5C2BJGES.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/cluster.ts"],"names":[],"mappings":";;;;;AAMA,SAAS,YAAY,EAAA,EAAY;AAC/B,EAAA,MAAM,cAAA,GAAiB,0BAAA;AACvB,EAAA,OAAO,cAAA,CAAe,KAAK,EAAE,CAAA;AAC/B;AAEA,eAAsB,iBAAA,CACpB,YACA,iBAAA,EACmB;AACnB,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,QAAA,EAAS;AAErC,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,OAAA,CAAQ,CAAA,IAAA,KAAQ;AACjC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,MAAA,EAAQ,SAAA,IAAa,EAAC;AAC7C,IAAA,MAAM,aAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW,OAAA,CAAQ,SAAS,YAAY,CAAA;AAC1E,IAAA,MAAM,aAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW,OAAA,CAAQ,SAAS,YAAY,CAAA;AAE1E,IAAA,MAAM,SAAmB,EAAC;AAE1B,IAAA,IAAI,YAAY,OAAA,EAAS;AACvB,MAAA,MAAA,CAAO,IAAA,CAAK,WAAW,OAAO,CAAA;AAAA,IAChC;AAEA,IAAA,IAAI,UAAA,EAAY,OAAA,IAAW,iBAAA,KAAsB,QAAA,EAAU;AACzD,MAAA,MAAA,CAAO,IAAA,CAAK,WAAW,OAAO,CAAA;AAAA,IAChC;AAEA,IAAA,IAAI,UAAA,EAAY,WAAW,iBAAA,KAAsB,QAAA,IAAY,CAAC,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AAC7F,MAAA,MAAA,CAAO,IAAA,CAAK,WAAW,OAAO,CAAA;AAAA,IAChC;AAEA,IAAA,OAAO,MAAA;AAAA,EACT,CAAC,CAAA;AACH;AAEO,SAAS,kBAAkB,UAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,YAAA;AAAA,IACN,KAAA,EAAO,oBAAA;AAAA,IACP,WAAA,EAAa,2CAAA;AAAA,IACb,IAAA,EAAM,oBAAA;AAAA,IAEN,KAAA,EAAO,cAAA,CAAO,kBAAkB,CAAA,CAAE,KAAA;AAAA,IAClC,OAAA,EAAS,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAA,IAE/B,KAAA,EAAO;AAAA,MACL,aAAA,EAAe,OAAO,UAAU,CAAA;AAAA,MAEhC,aAAA,EAAe,IAAA;AAAA;AAAA;;AAAA;AAAA;;AAAA;AAAA,MAAA;AAAA,KASjB;AAAA,IAEA,GAAA,EAAK;AAAA,MACH,UAAA,EAAY;AAAA;AACd,GACF;AACF","file":"chunk-5C2BJGES.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { text } from \"@highstate/contract\"\nimport { secret, type Input, type InstanceTerminal } from \"@highstate/pulumi\"\nimport { CoreV1Api, type KubeConfig } from \"@kubernetes/client-node\"\nimport { images } from \"./shared\"\n\nfunction isPrivateIp(ip: string) {\n  const privateIpRegex = /^(10|172\\.16|192\\.168)\\./\n  return privateIpRegex.test(ip)\n}\n\nexport async function detectExternalIps(\n  kubeConfig: KubeConfig,\n  internalIpsPolicy: k8s.InternalIpsPolicy,\n): Promise<string[]> {\n  const nodeApi = kubeConfig.makeApiClient(CoreV1Api)\n  const nodes = await nodeApi.listNode()\n\n  return nodes.items.flatMap(node => {\n    const addresses = node.status?.addresses ?? []\n    const externalIp = addresses.find(address => address.type === \"ExternalIP\")\n    const internalIp = addresses.find(address => address.type === \"InternalIP\")\n\n    const result: string[] = []\n\n    if (externalIp?.address) {\n      result.push(externalIp.address)\n    }\n\n    if (internalIp?.address && internalIpsPolicy === \"always\") {\n      result.push(internalIp.address)\n    }\n\n    if (internalIp?.address && internalIpsPolicy === \"public\" && !isPrivateIp(internalIp.address)) {\n      result.push(internalIp.address)\n    }\n\n    return result\n  })\n}\n\nexport function createK8sTerminal(kubeconfig: Input<string>): InstanceTerminal {\n  return {\n    name: \"management\",\n    title: \"Cluster Management\",\n    description: \"Manage the cluster using kubectl and helm\",\n    icon: \"devicon:kubernetes\",\n\n    image: images[\"terminal-kubectl\"].image,\n    command: [\"bash\", \"/welcome.sh\"],\n\n    files: {\n      \"/kubeconfig\": secret(kubeconfig),\n\n      \"/welcome.sh\": text`\n        echo \"Connecting to the cluster...\"\n        kubectl cluster-info\n\n        echo \"Use 'kubectl' and 'helm' to manage the cluster.\"\n        echo\n\n        exec bash\n      `,\n    },\n\n    env: {\n      KUBECONFIG: \"/kubeconfig\",\n    },\n  }\n}\n"]}