@highstate/k8s 0.9.18 → 0.9.20

package/dist/chunk-BBIY3KUN.js

@@ -1,1557 +0,0 @@
-import { commonExtraArgs, mapMetadata, resourceIdToString, getProvider, withPatchName, mapSelectorLikeToSelector, mapNamespaceNameToSelector, mapNamespaceLikeToNamespaceName, images_exports } from './chunk-5TLC5BXR.js';
-import { core, networking } from '@pulumi/kubernetes';
-import { ComponentResource, output, normalize, interpolate } from '@highstate/pulumi';
-import { uniqueBy, omit, pipe, map, groupBy, capitalize, mergeDeep, flat, merge, filter, isNonNullish, unique, concat } from 'remeda';
-import { deepmerge } from 'deepmerge-ts';
-import { filterEndpoints, parseL3Endpoint, l4EndpointToString, parseL34Endpoint, l34EndpointToString, l3EndpointToCidr } from '@highstate/common';
-import { gateway } from '@highstate/gateway-api';
-import { ComponentResource as ComponentResource$1, output as output$1, interpolate as interpolate$1 } from '@pulumi/pulumi';
-import '@highstate/library';
-import { sha256 } from 'crypto-hash';
-
-var serviceExtraArgs = [...commonExtraArgs, "port", "ports", "external"];
-function hasServiceMetadata(endpoint) {
-  return endpoint.metadata?.k8sService !== void 0;
-}
-function getServiceMetadata(endpoint) {
-  return endpoint.metadata?.k8sService;
-}
-function withServiceMetadata(endpoint, metadata) {
-  return {
-    ...endpoint,
-    metadata: {
-      ...endpoint.metadata,
-      k8sService: metadata
-    }
-  };
-}
-function isFromCluster(endpoint, cluster) {
-  return getServiceMetadata(endpoint)?.clusterId === cluster.id;
-}
-var Service = class extends ComponentResource {
-  constructor(type, name, args, opts, cluster, metadata, spec, status) {
-    super(type, name, args, opts);
-    this.cluster = cluster;
-    this.metadata = metadata;
-    this.spec = spec;
-    this.status = status;
-  }
-  /**
-   * The Highstate service entity.
-   */
-  get entity() {
-    return output({
-      type: "k8s.service",
-      clusterId: this.cluster.id,
-      metadata: this.metadata,
-      endpoints: this.endpoints
-    });
-  }
-  static create(name, args, opts) {
-    return new CreatedService(name, args, opts);
-  }
-  static wrap(name, service, cluster, opts) {
-    return new WrappedService(name, service, cluster, opts);
-  }
-  static get(name, id, cluster, opts) {
-    return new ExternalService(name, id, cluster, opts);
-  }
-  static of(name, entity, cluster, opts) {
-    return new ExternalService(
-      name,
-      output(entity).metadata,
-      output({ cluster, entity }).apply(({ cluster: cluster2, entity: entity2 }) => {
-        if (cluster2.id !== entity2.clusterId) {
-          throw new Error(
-            `Cluster mismatch when wrapping service "${name}": "${cluster2.id}" != "${entity2.clusterId}"`
-          );
-        }
-        return cluster2;
-      }),
-      opts
-    );
-  }
-  /**
-   * Returns the endpoints of the service applying the given filter.
-   *
-   * If no filter is specified, the default behavior of `filterEndpoints` is used.
-   *
-   * @param filter If specified, the endpoints are filtered based on the given filter.
-   * @returns The endpoints of the service.
-   */
-  filterEndpoints(filter2) {
-    return output({ endpoints: this.endpoints }).apply(({ endpoints }) => {
-      return filterEndpoints(endpoints, filter2);
-    });
-  }
-  /**
-   * Returns the endpoints of the service including both internal and external endpoints.
-   */
-  get endpoints() {
-    return output({
-      cluster: this.cluster,
-      metadata: this.metadata,
-      spec: this.spec,
-      status: this.status
-    }).apply(({ cluster, metadata, spec, status }) => {
-      const endpointMetadata = {
-        k8sService: {
-          clusterId: cluster.id,
-          name: metadata.name,
-          namespace: metadata.namespace,
-          selector: spec.selector,
-          targetPort: spec.ports[0].targetPort ?? spec.ports[0].port
-        }
-      };
-      const clusterIpEndpoints = spec.clusterIPs?.map((ip) => ({
-        ...parseL3Endpoint(ip),
-        visibility: "internal",
-        port: spec.ports[0].port,
-        protocol: spec.ports[0].protocol?.toLowerCase(),
-        metadata: endpointMetadata
-      }));
-      if (clusterIpEndpoints.length > 0) {
-        clusterIpEndpoints.unshift({
-          type: "hostname",
-          visibility: "internal",
-          hostname: `${metadata.name}.${metadata.namespace}.svc.cluster.local`,
-          port: spec.ports[0].port,
-          protocol: spec.ports[0].protocol?.toLowerCase(),
-          metadata: endpointMetadata
-        });
-      }
-      const nodePortEndpoints = spec.type === "NodePort" ? cluster.endpoints.map((endpoint) => ({
-        ...endpoint,
-        port: spec.ports[0].nodePort,
-        protocol: spec.ports[0].protocol?.toLowerCase(),
-        metadata: endpointMetadata
-      })) : [];
-      const loadBalancerEndpoints = spec.type === "LoadBalancer" ? status.loadBalancer?.ingress?.map((endpoint) => ({
-        ...parseL3Endpoint(endpoint.ip ?? endpoint.hostname),
-        port: spec.ports[0].port,
-        protocol: spec.ports[0].protocol?.toLowerCase(),
-        metadata: endpointMetadata
-      })) : [];
-      return uniqueBy(
-        [
-          ...clusterIpEndpoints ?? [],
-          ...loadBalancerEndpoints ?? [],
-          ...nodePortEndpoints ?? []
-        ],
-        (endpoint) => l4EndpointToString(endpoint)
-      );
-    });
-  }
-};
-var CreatedService = class extends Service {
-  constructor(name, args, opts) {
-    const service = output(args).apply((args2) => {
-      return new core.v1.Service(
-        name,
-        {
-          metadata: mapMetadata(args2, name),
-          spec: deepmerge(
-            {
-              ports: normalize(args2.port, args2.ports),
-              externalIPs: args2.external ? args2.externalIPs ?? args2.cluster.externalIps : args2.cluster.externalIps,
-              type: getServiceType(args2, args2.cluster)
-            },
-            omit(args2, serviceExtraArgs)
-          )
-        },
-        { parent: this, ...opts }
-      );
-    });
-    super(
-      "highstate:k8s:Service",
-      name,
-      args,
-      opts,
-      output(args.cluster),
-      service.metadata,
-      service.spec,
-      service.status
-    );
-  }
-};
-var WrappedService = class extends Service {
-  constructor(name, service, cluster, opts) {
-    super(
-      "highstate:k8s:WrappedService",
-      name,
-      { service, clusterInfo: cluster },
-      opts,
-      output(cluster),
-      output(service).metadata,
-      output(service).spec,
-      output(service).status
-    );
-  }
-};
-var ExternalService = class extends Service {
-  constructor(name, id, cluster, opts) {
-    const service = output(id).apply((id2) => {
-      return core.v1.Service.get(
-        //
-        name,
-        resourceIdToString(id2),
-        { ...opts, parent: this }
-      );
-    });
-    super(
-      "highstate:k8s:ExternalService",
-      name,
-      { id, cluster },
-      opts,
-      output(cluster),
-      service.metadata,
-      service.spec,
-      service.status
-    );
-  }
-};
-function mapContainerPortToServicePort(port) {
-  return {
-    name: port.name,
-    port: port.containerPort,
-    targetPort: port.containerPort,
-    protocol: port.protocol
-  };
-}
-function mapServiceToLabelSelector(service) {
-  return {
-    matchLabels: service.spec.selector
-  };
-}
-function getServiceType(service, cluster) {
-  if (service?.type) {
-    return service.type;
-  }
-  if (!service?.external) {
-    return "ClusterIP";
-  }
-  return cluster.quirks?.externalServiceType === "LoadBalancer" ? "LoadBalancer" : "NodePort";
-}
-function resolveBackendRef(ref) {
-  if (Service.isInstance(ref)) {
-    return output({
-      name: ref.metadata.name,
-      namespace: ref.metadata.namespace,
-      port: ref.spec.ports[0].port
-    });
-  }
-  if ("service" in ref) {
-    const service = output(ref.service);
-    return output({
-      name: service.metadata.name,
-      namespace: service.metadata.namespace,
-      port: ref.port
-    });
-  }
-  return output({
-    name: ref.name,
-    namespace: ref.namespace,
-    port: ref.port
-  });
-}
-
-// src/gateway/http-route.ts
-var HttpRoute = class extends ComponentResource {
-  /**
-   * The underlying Kubernetes resource.
-   */
-  route;
-  constructor(name, args, opts) {
-    super("highstate:k8s:HttpRoute", name, args, opts);
-    this.route = output({
-      args,
-      gatewayNamespace: output(args.gateway).metadata.namespace
-    }).apply(async ({ args: args2, gatewayNamespace }) => {
-      return new gateway.v1.HTTPRoute(
-        name,
-        {
-          metadata: mapMetadata(
-            {
-              ...args2,
-              namespace: gatewayNamespace
-            },
-            name
-          ),
-          spec: {
-            hostnames: normalize(args2.hostname, args2.hostnames),
-            parentRefs: [
-              {
-                name: args2.gateway.metadata.name
-              }
-            ],
-            rules: normalize(args2.rule, args2.rules).map((rule) => ({
-              timeouts: rule.timeouts,
-              matches: pipe(
-                normalize(rule.match, rule.matches),
-                map(mapHttpRouteRuleMatch),
-                addDefaultPathMatch
-              ),
-              filters: normalize(rule.filter, rule.filters),
-              backendRefs: rule.backend ? [resolveBackendRef(rule.backend)] : void 0
-            }))
-          }
-        },
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(args2.cluster)
-        }
-      );
-    });
-  }
-};
-function addDefaultPathMatch(matches) {
-  return matches.length ? matches : [{ path: { type: "PathPrefix", value: "/" } }];
-}
-function mapHttpRouteRuleMatch(match) {
-  if (typeof match === "string") {
-    return { path: { type: "PathPrefix", value: match } };
-  }
-  return match;
-}
-var extraPersistentVolumeClaimArgs = [...commonExtraArgs, "size"];
-var PersistentVolumeClaim = class extends ComponentResource {
-  constructor(type, name, args, opts, cluster, metadata, spec, status) {
-    super(type, name, args, opts);
-    this.cluster = cluster;
-    this.metadata = metadata;
-    this.spec = spec;
-    this.status = status;
-  }
-  /**
-   * The Highstate PVC entity.
-   */
-  get entity() {
-    return output({
-      type: "k8s.persistent-volume-claim",
-      clusterId: this.cluster.id,
-      metadata: this.metadata
-    });
-  }
-  static create(name, args, opts) {
-    return new CreatedPersistentVolumeClaim(name, args, opts);
-  }
-  static of(name, entity, cluster, opts) {
-    return new ExternalPersistentVolumeClaim(name, output(entity).metadata, cluster, opts);
-  }
-  static createOrGet(name, args, opts) {
-    if (!args.existing) {
-      return new CreatedPersistentVolumeClaim(name, args, opts);
-    }
-    return new ExternalPersistentVolumeClaim(
-      name,
-      output(args.existing).metadata,
-      args.cluster,
-      opts
-    );
-  }
-};
-var CreatedPersistentVolumeClaim = class extends PersistentVolumeClaim {
-  constructor(name, args, opts) {
-    const pvc = output(args).apply(async (args2) => {
-      return new core.v1.PersistentVolumeClaim(
-        name,
-        {
-          metadata: mapMetadata(args2, name),
-          spec: deepmerge(
-            {
-              accessModes: ["ReadWriteOnce"],
-              resources: {
-                requests: {
-                  storage: args2.size ?? "100Mi"
-                }
-              }
-            },
-            omit(args2, extraPersistentVolumeClaimArgs)
-          )
-        },
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(args2.cluster)
-        }
-      );
-    });
-    super(
-      "k8s:PersistentVolumeClaim",
-      name,
-      args,
-      opts,
-      output(args.cluster),
-      pvc.metadata,
-      pvc.spec,
-      pvc.status
-    );
-  }
-};
-var ExternalPersistentVolumeClaim = class extends PersistentVolumeClaim {
-  constructor(name, id, cluster, opts) {
-    const pvc = output(id).apply(async (id2) => {
-      return core.v1.PersistentVolumeClaim.get(
-        //
-        name,
-        resourceIdToString(id2),
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(cluster)
-        }
-      );
-    });
-    super(
-      "highstate:k8s:ExternalPersistentVolumeClaim",
-      name,
-      { id, cluster },
-      opts,
-      output(cluster),
-      pvc.metadata,
-      pvc.spec,
-      pvc.status
-    );
-  }
-};
-var Secret = class extends ComponentResource$1 {
-  constructor(type, name, args, opts, cluster, metadata, data, stringData) {
-    super(type, name, args, opts);
-    this.cluster = cluster;
-    this.metadata = metadata;
-    this.data = data;
-    this.stringData = stringData;
-  }
-  /**
-   * Creates a new secret.
-   */
-  static create(name, args, opts) {
-    return new CreatedSecret(name, args, opts);
-  }
-  /**
-   * Creates a new secret or patches an existing one.
-   *
-   * Will throw an error if the secret does not exist when `args.resource` is provided.
-   */
-  static createOrPatch(name, args, opts) {
-    if (!args.existing) {
-      return new CreatedSecret(name, args, opts);
-    }
-    return new SecretPatch(
-      name,
-      {
-        ...args,
-        name: withPatchName("secret", args.existing, args.cluster),
-        namespace: output$1(args.existing).metadata.namespace
-      },
-      opts
-    );
-  }
-  /**
-   * Gets an existing secret.
-   *
-   * Will throw an error if the secret does not exist.
-   */
-  static get(name, id, cluster, opts) {
-    return new ExternalSecret(name, id, cluster, opts);
-  }
-};
-var CreatedSecret = class extends Secret {
-  constructor(name, args, opts) {
-    const secret = output$1(args).apply(async (args2) => {
-      return new core.v1.Secret(
-        name,
-        {
-          metadata: mapMetadata(args2, name),
-          data: args2.data,
-          stringData: args2.stringData,
-          type: args2.type,
-          immutable: args2.immutable
-        },
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(args2.cluster)
-        }
-      );
-    });
-    super(
-      "highstate:k8s:Secret",
-      name,
-      args,
-      opts,
-      output$1(args.cluster),
-      secret.metadata,
-      secret.data,
-      secret.stringData
-    );
-  }
-};
-var SecretPatch = class extends Secret {
-  constructor(name, args, opts) {
-    const secret = output$1(args).apply(async (args2) => {
-      return new core.v1.SecretPatch(
-        name,
-        {
-          metadata: mapMetadata(args2, name),
-          data: args2.data,
-          stringData: args2.stringData,
-          type: args2.type,
-          immutable: args2.immutable
-        },
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(args2.cluster)
-        }
-      );
-    });
-    super(
-      "highstate:k8s:SecretPatch",
-      name,
-      args,
-      opts,
-      output$1(args.cluster),
-      secret.metadata,
-      secret.data,
-      secret.stringData
-    );
-  }
-};
-var ExternalSecret = class extends Secret {
-  constructor(name, id, cluster, opts) {
-    const secret = output$1(id).apply(async (realName) => {
-      return core.v1.Secret.get(
-        //
-        name,
-        realName,
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(cluster)
-        }
-      );
-    });
-    super(
-      "highstate:k8s:ExternalSecret",
-      name,
-      { id, cluster },
-      opts,
-      output$1(cluster),
-      secret.metadata,
-      secret.data,
-      secret.stringData
-    );
-  }
-};
-var ConfigMap = class extends ComponentResource$1 {
-  constructor(type, name, args, opts, cluster, metadata, data) {
-    super(type, name, args, opts);
-    this.cluster = cluster;
-    this.metadata = metadata;
-    this.data = data;
-  }
-  /**
-   * Creates a new config map.
-   */
-  static create(name, args, opts) {
-    return new CreatedConfigMap(name, args, opts);
-  }
-  /**
-   * Creates a new config map or patches an existing one.
-   *
-   * Will throw an error if the config map does not exist when `args.resource` is provided.
-   */
-  static createOrPatch(name, args, opts) {
-    if (!args.existing) {
-      return new CreatedConfigMap(name, args, opts);
-    }
-    return new ConfigMapPatch(
-      name,
-      {
-        ...args,
-        name: withPatchName("configmap", args.existing, args.cluster),
-        namespace: output$1(args.existing).metadata.namespace
-      },
-      opts
-    );
-  }
-  /**
-   * Gets an existing config map.
-   *
-   * Will throw an error if the config map does not exist.
-   */
-  static get(name, id, cluster, opts) {
-    return new ExternalConfigMap(name, id, cluster, opts);
-  }
-};
-var CreatedConfigMap = class extends ConfigMap {
-  constructor(name, args, opts) {
-    const configMap = output$1(args).apply(async (args2) => {
-      return new core.v1.ConfigMap(
-        name,
-        {
-          metadata: mapMetadata(args2, name),
-          data: args2.data
-        },
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(args2.cluster)
-        }
-      );
-    });
-    super(
-      "highstate:k8s:ConfigMap",
-      name,
-      args,
-      opts,
-      output$1(args.cluster),
-      configMap.metadata,
-      configMap.data
-    );
-  }
-};
-var ConfigMapPatch = class extends ConfigMap {
-  constructor(name, args, opts) {
-    const configMap = output$1(args).apply(async (args2) => {
-      return new core.v1.ConfigMapPatch(
-        name,
-        {
-          metadata: mapMetadata(args2, name),
-          data: args2.data
-        },
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(args2.cluster)
-        }
-      );
-    });
-    super(
-      "highstate:k8s:ConfigMapPatch",
-      name,
-      args,
-      opts,
-      output$1(args.cluster),
-      configMap.metadata,
-      configMap.data
-    );
-  }
-};
-var ExternalConfigMap = class extends ConfigMap {
-  constructor(name, id, cluster, opts) {
-    const configMap = output$1(id).apply(async (realName) => {
-      return core.v1.ConfigMap.get(name, realName, {
-        ...opts,
-        parent: this,
-        provider: await getProvider(cluster)
-      });
-    });
-    super(
-      "highstate:k8s:ExternalConfigMap",
-      name,
-      { id, cluster },
-      opts,
-      output$1(cluster),
-      configMap.metadata,
-      configMap.data
-    );
-  }
-};
-var containerExtraArgs = [
-  "port",
-  "volumeMount",
-  "volume",
-  "environment",
-  "environmentSource",
-  "environmentSources"
-];
-function mapContainerToRaw(container, cluster, fallbackName) {
-  const containerName = container.name ?? fallbackName;
-  const spec = {
-    ...omit(container, containerExtraArgs),
-    name: containerName,
-    ports: normalize(container.port, container.ports),
-    volumeMounts: map(normalize(container.volumeMount, container.volumeMounts), mapVolumeMount),
-    env: concat(
-      container.environment ? mapContainerEnvironment(container.environment) : [],
-      container.env ?? []
-    ),
-    envFrom: concat(
-      map(
-        normalize(container.environmentSource, container.environmentSources),
-        mapEnvironmentSource
-      ),
-      container.envFrom ?? []
-    )
-  };
-  if (container.enableTun) {
-    spec.securityContext ??= {};
-    spec.securityContext.capabilities ??= {};
-    spec.securityContext.capabilities.add = ["NET_ADMIN"];
-    if (cluster.quirks?.tunDevicePolicy?.type === "plugin") {
-      spec.resources ??= {};
-      spec.resources.limits ??= {};
-      spec.resources.limits[cluster.quirks.tunDevicePolicy.resourceName] = cluster.quirks.tunDevicePolicy.resourceValue;
-    } else {
-      spec.volumeMounts ??= [];
-      spec.volumeMounts.push({
-        name: "tun-device",
-        mountPath: "/dev/net/tun",
-        readOnly: false
-      });
-    }
-  }
-  return spec;
-}
-function mapContainerEnvironment(environment) {
-  const envVars = [];
-  for (const [name, value] of Object.entries(environment)) {
-    if (!value) {
-      continue;
-    }
-    if (typeof value === "string") {
-      envVars.push({ name, value });
-      continue;
-    }
-    if ("secret" in value) {
-      envVars.push({
-        name,
-        valueFrom: {
-          secretKeyRef: {
-            name: value.secret.metadata.name,
-            key: value.key
-          }
-        }
-      });
-      continue;
-    }
-    if ("configMap" in value) {
-      envVars.push({
-        name,
-        valueFrom: {
-          configMapKeyRef: {
-            name: value.configMap.metadata.name,
-            key: value.key
-          }
-        }
-      });
-      continue;
-    }
-    envVars.push({ name, valueFrom: value });
-  }
-  return envVars;
-}
-function mapVolumeMount(volumeMount) {
-  if ("volume" in volumeMount) {
-    return omit(
-      {
-        ...volumeMount,
-        name: output(volumeMount.volume).apply(mapWorkloadVolume).apply((volume) => output(volume.name))
-      },
-      ["volume"]
-    );
-  }
-  return {
-    ...volumeMount,
-    name: volumeMount.name
-  };
-}
-function mapEnvironmentSource(envFrom) {
-  if (envFrom instanceof core.v1.ConfigMap) {
-    return {
-      configMapRef: {
-        name: envFrom.metadata.name
-      }
-    };
-  }
-  if (envFrom instanceof core.v1.Secret) {
-    return {
-      secretRef: {
-        name: envFrom.metadata.name
-      }
-    };
-  }
-  return envFrom;
-}
-function mapWorkloadVolume(volume) {
-  if (volume instanceof PersistentVolumeClaim) {
-    return {
-      name: volume.metadata.name,
-      persistentVolumeClaim: {
-        claimName: volume.metadata.name
-      }
-    };
-  }
-  if (volume instanceof Secret) {
-    return {
-      name: volume.metadata.name,
-      secret: {
-        secretName: volume.metadata.name
-      }
-    };
-  }
-  if (volume instanceof ConfigMap) {
-    return {
-      name: volume.metadata.name,
-      configMap: {
-        name: volume.metadata.name
-      }
-    };
-  }
-  if (core.v1.PersistentVolumeClaim.isInstance(volume)) {
-    return {
-      name: volume.metadata.name,
-      persistentVolumeClaim: {
-        claimName: volume.metadata.name
-      }
-    };
-  }
-  if (core.v1.ConfigMap.isInstance(volume)) {
-    return {
-      name: volume.metadata.name,
-      configMap: {
-        name: volume.metadata.name
-      }
-    };
-  }
-  if (core.v1.Secret.isInstance(volume)) {
-    return {
-      name: volume.metadata.name,
-      secret: {
-        secretName: volume.metadata.name
-      }
-    };
-  }
-  return volume;
-}
-function getWorkloadVolumeResourceUuid(volume) {
-  if (volume instanceof PersistentVolumeClaim) {
-    return volume.metadata.uid;
-  }
-  if (volume instanceof Secret) {
-    return volume.metadata.uid;
-  }
-  if (volume instanceof ConfigMap) {
-    return volume.metadata.uid;
-  }
-  if (core.v1.PersistentVolumeClaim.isInstance(volume)) {
-    return volume.metadata.uid;
-  }
-  if (core.v1.ConfigMap.isInstance(volume)) {
-    return volume.metadata.uid;
-  }
-  if (core.v1.Secret.isInstance(volume)) {
-    return volume.metadata.uid;
-  }
-  return output(void 0);
-}
-function getBestEndpoint(endpoints, cluster) {
-  if (!endpoints.length) {
-    return void 0;
-  }
-  if (endpoints.length === 1) {
-    return endpoints[0];
-  }
-  if (!cluster) {
-    return filterEndpoints(endpoints)[0];
-  }
-  const clusterEndpoint = endpoints.find((endpoint) => isFromCluster(endpoint, cluster));
-  if (clusterEndpoint) {
-    return clusterEndpoint;
-  }
-  return filterEndpoints(endpoints)[0];
-}
-function requireBestEndpoint(endpoints, cluster) {
-  const endpoint = getBestEndpoint(endpoints, cluster);
-  if (!endpoint) {
-    throw new Error(`No best endpoint found for cluster "${cluster.name}" (${cluster.id})`);
-  }
-  return endpoint;
-}
-var NetworkPolicy = class _NetworkPolicy extends ComponentResource {
-  /**
-   * The underlying network policy resource.
-   */
-  networkPolicy;
-  constructor(name, args, opts) {
-    super("k8s:network-policy", name, args, opts);
-    const normalizedArgs = output(args).apply((args2) => {
-      const ingressRules = normalize(args2.ingressRule, args2.ingressRules);
-      const egressRules = normalize(args2.egressRule, args2.egressRules);
-      const extraEgressRules = [];
-      if (args2.allowKubeDns) {
-        extraEgressRules.push({
-          namespaces: ["kube-system"],
-          selectors: [{ matchLabels: { "k8s-app": "kube-dns" } }],
-          ports: [{ port: 53, protocol: "UDP" }],
-          all: false,
-          cidrs: [],
-          fqdns: [],
-          services: []
-        });
-      }
-      return {
-        ...args2,
-        podSelector: args2.selector ? mapSelectorLikeToSelector(args2.selector) : {},
-        isolateEgress: args2.isolateEgress ?? false,
-        isolateIngress: args2.isolateIngress ?? false,
-        allowKubeApiServer: args2.allowKubeApiServer ?? false,
-        ingressRules: ingressRules.flatMap((rule) => {
-          const endpoints = normalize(rule?.fromEndpoint, rule?.fromEndpoints);
-          const parsedEndpoints = endpoints.map(parseL34Endpoint);
-          const endpointsNamespaces = groupBy(parsedEndpoints, (endpoint) => {
-            const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
-            return namespace;
-          });
-          const l3OnlyRule = endpointsNamespaces[""] ? _NetworkPolicy.getRuleFromEndpoint(void 0, endpointsNamespaces[""], args2.cluster) : void 0;
-          const otherRules = Object.entries(endpointsNamespaces).filter(([key]) => key !== "").map(([, endpoints2]) => {
-            return _NetworkPolicy.getRuleFromEndpoint(void 0, endpoints2, args2.cluster);
-          });
-          return [
-            {
-              all: rule.fromAll ?? false,
-              cidrs: normalize(rule.fromCidr, rule.fromCidrs).concat(l3OnlyRule?.cidrs ?? []),
-              fqdns: [],
-              services: normalize(rule.fromService, rule.fromServices),
-              namespaces: normalize(rule.fromNamespace, rule.fromNamespaces),
-              selectors: normalize(rule.fromSelector, rule.fromSelectors),
-              ports: normalize(rule.toPort, rule.toPorts)
-            },
-            ...otherRules
-          ].filter((rule2) => !_NetworkPolicy.isEmptyRule(rule2));
-        }),
-        egressRules: egressRules.flatMap((rule) => {
-          const endpoints = normalize(rule?.toEndpoint, rule?.toEndpoints);
-          const parsedEndpoints = endpoints.map(parseL34Endpoint);
-          const endpointsByPortsAnsNamespaces = groupBy(parsedEndpoints, (endpoint) => {
-            const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
-            const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
-            return `${port ?? "0"}:${namespace}`;
-          });
-          const l3OnlyRule = endpointsByPortsAnsNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
-            void 0,
-            endpointsByPortsAnsNamespaces["0:"],
-            args2.cluster
-          ) : void 0;
-          const otherRules = Object.entries(endpointsByPortsAnsNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
-            const [port] = key.split(":");
-            const portNumber = parseInt(port, 10);
-            const portValue = isNaN(portNumber) ? port : portNumber;
-            return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
-          });
-          return [
-            {
-              all: rule.toAll ?? false,
-              cidrs: normalize(rule.toCidr, rule.toCidrs).concat(l3OnlyRule?.cidrs ?? []),
-              fqdns: normalize(rule.toFqdn, rule.toFqdns).concat(l3OnlyRule?.fqdns ?? []),
-              services: normalize(rule.toService, rule.toServices),
-              namespaces: normalize(rule.toNamespace, rule.toNamespaces),
-              selectors: normalize(rule.toSelector, rule.toSelectors),
-              ports: normalize(rule.toPort, rule.toPorts)
-            },
-            ...otherRules
-          ].filter((rule2) => !_NetworkPolicy.isEmptyRule(rule2));
-        }).concat(extraEgressRules)
-      };
-    });
-    this.networkPolicy = output(
-      normalizedArgs.apply(async (args2) => {
-        return output(
-          this.create(name, args2, {
-            ...opts,
-            parent: this,
-            provider: await getProvider(args2.cluster)
-          })
-        );
-      })
-    );
-  }
-  static mapCidrFromEndpoint(result) {
-    if (result.type === "ipv4") {
-      return `${result.address}/32`;
-    }
-    return `${result.address}/128`;
-  }
-  static getRuleFromEndpoint(port, endpoints, cluster) {
-    const ports = port ? [{ port, protocol: endpoints[0].protocol?.toUpperCase() }] : [];
-    const cidrs = endpoints.filter((endpoint) => !isFromCluster(endpoint, cluster)).filter((endpoint) => endpoint.type === "ipv4" || endpoint.type === "ipv6").map(_NetworkPolicy.mapCidrFromEndpoint);
-    const fqdns = endpoints.filter((endpoint) => endpoint.type === "hostname").map((endpoint) => endpoint.hostname);
-    const selectors = endpoints.filter((endpoint) => isFromCluster(endpoint, cluster)).map((endpoint) => endpoint.metadata.k8sService.selector);
-    const namespace = endpoints.filter((endpoint) => isFromCluster(endpoint, cluster)).map((endpoint) => getServiceMetadata(endpoint)?.namespace)[0];
-    return {
-      all: false,
-      cidrs,
-      fqdns,
-      services: [],
-      namespaces: namespace ? [namespace] : [],
-      selectors,
-      ports
-    };
-  }
-  static isEmptyRule(rule) {
-    return !rule.all && rule.cidrs.length === 0 && rule.fqdns.length === 0 && rule.services.length === 0 && rule.namespaces.length === 0 && rule.selectors.length === 0 && rule.ports.length === 0;
-  }
-  static create(name, args, opts) {
-    return output(args).apply(async (args2) => {
-      const cni = args2.cluster.cni;
-      if (cni === "other") {
-        return new NativeNetworkPolicy(name, args2, opts);
-      }
-      const implName = `${capitalize(cni)}NetworkPolicy`;
-      const implModule = await import(`@highstate/${cni}`);
-      const implClass = implModule[implName];
-      if (!implClass) {
-        throw new Error(`No implementation found for ${cni}`);
-      }
-      return new implClass(name, args2, opts);
-    });
-  }
-  static isolate(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "isolate",
-      {
-        namespace,
-        cluster,
-        description: "By default, deny all traffic to/from the namespace.",
-        isolateEgress: true,
-        isolateIngress: true
-      },
-      opts
-    );
-  }
-  static allowInsideNamespace(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-inside-namespace",
-      {
-        namespace,
-        cluster,
-        description: "Allow all traffic inside the namespace.",
-        selector: {},
-        ingressRule: { fromNamespace: namespace },
-        egressRule: { toNamespace: namespace }
-      },
-      opts
-    );
-  }
-  static allowKubeApiServer(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-kube-api-server",
-      {
-        namespace,
-        cluster,
-        description: "Allow all traffic to the Kubernetes API server from the namespace.",
-        allowKubeApiServer: true
-      },
-      opts
-    );
-  }
-  static allowKubeDns(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-kube-dns",
-      {
-        namespace,
-        cluster,
-        description: "Allow all traffic to the Kubernetes DNS server from the namespace.",
-        allowKubeDns: true
-      },
-      opts
-    );
-  }
-  static allowAllEgress(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-all-egress",
-      {
-        namespace,
-        cluster,
-        description: "Allow all egress traffic from the namespace.",
-        egressRule: { toAll: true }
-      },
-      opts
-    );
-  }
-  static allowAllIngress(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-all-ingress",
-      {
-        namespace,
-        cluster,
-        description: "Allow all ingress traffic to the namespace.",
-        ingressRule: { fromAll: true }
-      },
-      opts
-    );
-  }
-  static allowEgressToEndpoint(endpoint, namespace, cluster, opts) {
-    const parsedEndpoint = parseL34Endpoint(endpoint);
-    return _NetworkPolicy.create(
-      `allow-egress-to-${l34EndpointToString(parsedEndpoint).replace(":", "-")}`,
-      {
-        namespace,
-        cluster,
-        description: interpolate`Allow egress traffic to "${l34EndpointToString(parsedEndpoint)}" from the namespace.`,
-        egressRule: { toEndpoint: endpoint }
-      },
-      opts
-    );
-  }
-  static allowEgressToBestEndpoint(endpoints, namespace, cluster, opts) {
-    return output({ endpoints, cluster }).apply(({ endpoints: endpoints2, cluster: cluster2 }) => {
-      const bestEndpoint = requireBestEndpoint(endpoints2.map(parseL34Endpoint), cluster2);
-      return _NetworkPolicy.allowEgressToEndpoint(bestEndpoint, namespace, cluster2, opts);
-    });
-  }
-  static allowIngressFromEndpoint(endpoint, namespace, cluster, opts) {
-    const parsedEndpoint = parseL34Endpoint(endpoint);
-    return _NetworkPolicy.create(
-      `allow-ingress-from-${l34EndpointToString(parsedEndpoint)}`,
-      {
-        namespace,
-        cluster,
-        description: interpolate`Allow ingress traffic from "${l34EndpointToString(parsedEndpoint)}" to the namespace.`,
-        ingressRule: { fromEndpoint: endpoint }
-      },
-      opts
-    );
-  }
-};
-var NativeNetworkPolicy = class _NativeNetworkPolicy extends NetworkPolicy {
-  create(name, args, opts) {
-    const ingress = _NativeNetworkPolicy.createIngressRules(args);
-    const egress = _NativeNetworkPolicy.createEgressRules(args);
-    const policyTypes = [];
-    if (ingress.length > 0 || args.isolateIngress) {
-      policyTypes.push("Ingress");
-    }
-    if (egress.length > 0 || args.isolateEgress) {
-      policyTypes.push("Egress");
-    }
-    return new networking.v1.NetworkPolicy(
-      name,
-      {
-        metadata: mergeDeep(mapMetadata(args, name), {
-          annotations: args.description ? { "kubernetes.io/description": args.description } : void 0
-        }),
-        spec: {
-          podSelector: args.podSelector,
-          ingress,
-          egress,
-          policyTypes
-        }
-      },
-      opts
-    );
-  }
-  static fallbackIpBlock = {
-    cidr: "0.0.0.0/0",
-    except: ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
-  };
-  static fallbackDnsRule = {
-    to: [
-      {
-        namespaceSelector: { matchLabels: { "kubernetes.io/metadata.name": "kube-system" } },
-        podSelector: { matchLabels: { "k8s-app": "kube-dns" } }
-      }
-    ],
-    ports: [{ port: 53, protocol: "UDP" }]
-  };
-  static createIngressRules(args) {
-    return uniqueBy(
-      args.ingressRules.map((rule) => ({
-        from: rule.all ? [] : _NativeNetworkPolicy.createRulePeers(rule),
-        ports: _NativeNetworkPolicy.mapPorts(rule.ports)
-      })),
-      (rule) => JSON.stringify(rule)
-    );
-  }
-  static createEgressRules(args) {
-    const extraRules = [];
-    const needKubeDns = args.egressRules.some((rule) => rule.fqdns.length > 0);
-    if (needKubeDns) {
-      extraRules.push(_NativeNetworkPolicy.fallbackDnsRule);
-    }
-    const needFallback = args.egressRules.some(
-      (rule) => rule.fqdns.some((fqdn) => !fqdn.endsWith(".cluster.local"))
-    );
-    if (needFallback) {
-      extraRules.push({ to: [{ ipBlock: _NativeNetworkPolicy.fallbackIpBlock }] });
-    }
-    if (args.allowKubeApiServer) {
-      const { quirks, apiEndpoints } = args.cluster;
-      if (quirks?.fallbackKubeApiAccess) {
-        extraRules.push({
-          to: [{ ipBlock: { cidr: `${quirks?.fallbackKubeApiAccess.serverIp}/32` } }],
-          ports: [{ port: quirks?.fallbackKubeApiAccess.serverPort, protocol: "TCP" }]
-        });
-      } else {
-        const rules = apiEndpoints.filter((endpoint) => endpoint.type !== "hostname").map((endpoint) => ({
-          to: [{ ipBlock: { cidr: l3EndpointToCidr(endpoint) } }],
-          ports: [{ port: endpoint.port, protocol: "TCP" }]
-        }));
-        extraRules.push(...rules);
-      }
-    }
-    return uniqueBy(
-      args.egressRules.map((rule) => {
-        return {
-          to: rule.all ? [] : _NativeNetworkPolicy.createRulePeers(rule),
-          ports: _NativeNetworkPolicy.mapPorts(rule.ports)
-        };
-      }).filter((rule) => rule.to !== void 0).concat(extraRules),
-      (rule) => JSON.stringify(rule)
-    );
-  }
-  static createRulePeers(args) {
-    const peers = uniqueBy(
-      [
-        ..._NativeNetworkPolicy.createCidrPeers(args),
-        ..._NativeNetworkPolicy.createServicePeers(args),
-        ..._NativeNetworkPolicy.createSelectorPeers(args)
-      ],
-      (peer) => JSON.stringify(peer)
-    );
-    return peers.length > 0 ? peers : void 0;
-  }
-  static createCidrPeers(args) {
-    return args.cidrs.map((cidr) => ({ ipBlock: { cidr } }));
-  }
-  static createServicePeers(args) {
-    return args.services.map((service) => {
-      const selector = mapServiceToLabelSelector(service);
-      return {
-        namespaceSelector: mapNamespaceNameToSelector(service.metadata.namespace),
-        podSelector: selector
-      };
-    });
-  }
-  static createSelectorPeers(args) {
-    const selectorPeers = args.selectors.map((selector) => ({
-      podSelector: mapSelectorLikeToSelector(selector)
-    }));
-    const namespacePeers = args.namespaces.map(_NativeNetworkPolicy.createNamespacePeer);
-    if (namespacePeers.length === 0) {
-      return selectorPeers;
-    }
-    if (selectorPeers.length === 0) {
-      return namespacePeers;
-    }
-    return flat(
-      selectorPeers.map((selectorPeer) => {
-        return namespacePeers.map((namespacePeer) => merge(selectorPeer, namespacePeer));
-      })
-    );
-  }
-  static createNamespacePeer(namespace) {
-    const namespaceName = mapNamespaceLikeToNamespaceName(namespace);
-    const namespaceSelector = mapNamespaceNameToSelector(namespaceName);
-    return { namespaceSelector };
-  }
-  static mapPorts(ports) {
-    return ports.map((port) => {
-      if ("port" in port) {
-        return {
-          port: port.port,
-          protocol: port.protocol ?? "TCP"
-        };
-      }
-      return {
-        port: port.range[0],
-        endPort: port.range[1],
-        protocol: port.protocol ?? "TCP"
-      };
-    });
-  }
-};
-
-// src/pod.ts
-var podSpecDefaults = {
-  automountServiceAccountToken: false
-};
-
-// src/workload.ts
-var workloadExtraArgs = [...commonExtraArgs, "container", "containers"];
-var exposableWorkloadExtraArgs = [...workloadExtraArgs, "service", "httpRoute"];
-function getWorkloadComponents(name, args, parent, opts) {
-  const labels = {
-    "app.kubernetes.io/name": name
-  };
-  const containers = output$1(args).apply((args2) => normalize(args2.container, args2.containers));
-  const rawVolumes = containers.apply((containers2) => {
-    const containerVolumes = containers2.flatMap(
-      (container) => normalize(container.volume, container.volumes)
-    );
-    const containerVolumeMounts = containers2.flatMap((container) => {
-      return normalize(container.volumeMount, container.volumeMounts).map((volumeMount) => {
-        return "volume" in volumeMount ? volumeMount.volume : void 0;
-      }).filter(Boolean);
-    });
-    return output$1([...containerVolumes, ...containerVolumeMounts]);
-  });
-  const volumes = rawVolumes.apply((rawVolumes2) => {
-    return output$1(rawVolumes2.map(mapWorkloadVolume)).apply(uniqueBy((volume) => volume.name));
-  });
-  const podSpec = output$1({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
-    const spec = {
-      volumes: volumes2,
-      containers: containers2.map((container) => mapContainerToRaw(container, args2.cluster, name)),
-      ...podSpecDefaults
-    };
-    if (containers2.some((container) => container.enableTun) && args2.cluster.quirks?.tunDevicePolicy?.type !== "plugin") {
-      spec.volumes = output$1(spec.volumes).apply((volumes3) => [
-        ...volumes3 ?? [],
-        {
-          name: "tun-device",
-          hostPath: {
-            path: "/dev/net/tun"
-          }
-        }
-      ]);
-    }
-    return spec;
-  });
-  const dependencyHash = rawVolumes.apply((rawVolumes2) => {
-    return output$1(rawVolumes2.map(getWorkloadVolumeResourceUuid)).apply(filter(isNonNullish)).apply(unique()).apply((ids) => sha256(ids.join(",")));
-  });
-  const podTemplate = output$1({ podSpec, dependencyHash }).apply(({ podSpec: podSpec2, dependencyHash: dependencyHash2 }) => {
-    return {
-      metadata: {
-        labels,
-        annotations: {
-          "highstate.io/dependency-hash": dependencyHash2
-        }
-      },
-      spec: podSpec2
-    };
-  });
-  const networkPolicy = output$1({ args, containers }).apply(({ args: args2, containers: containers2 }) => {
-    const allowedEndpoints = containers2.flatMap((container) => container.allowedEndpoints ?? []);
-    if (allowedEndpoints.length === 0 && !args2.networkPolicy) {
-      return output$1(void 0);
-    }
-    return NetworkPolicy.create(
-      name,
-      {
-        cluster: args2.cluster,
-        namespace: args2.namespace,
-        selector: labels,
-        ...args2.networkPolicy,
-        egressRules: [
-          ...args2.networkPolicy?.egressRules ?? [],
-          ...allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []
-        ]
-      },
-      { ...opts, parent: parent() }
-    );
-  });
-  return { labels, containers, volumes, podSpec, podTemplate, networkPolicy };
-}
-function getExposableWorkloadComponents(name, args, parent, opts) {
-  const { labels, containers, volumes, podSpec, podTemplate, networkPolicy } = getWorkloadComponents(name, args, parent, opts);
-  const service = output$1({ args, containers }).apply(async ({ args: args2, containers: containers2 }) => {
-    if (!args2.service && !args2.httpRoute) {
-      return void 0;
-    }
-    if (args2.existing?.service) {
-      return Service.of(name, args2.existing.service, args2.cluster, { ...opts, parent: parent() });
-    }
-    if (args2.existing) {
-      return void 0;
-    }
-    const ports = containers2.flatMap((container) => normalize(container.port, container.ports));
-    return Service.create(
-      name,
-      {
-        ...args2.service,
-        selector: labels,
-        cluster: args2.cluster,
-        namespace: args2.namespace,
-        ports: (
-          // allow to completely override the ports
-          !args2.service?.port && !args2.service?.ports ? ports.map(mapContainerPortToServicePort) : args2.service?.ports
-        )
-      },
-      {
-        ...opts,
-        parent: parent(),
-        provider: await getProvider(args2.cluster)
-      }
-    );
-  });
-  const httpRoute = output$1({
-    args,
-    service
-  }).apply(async ({ args: args2, service: service2 }) => {
-    if (!args2.httpRoute || !service2) {
-      return void 0;
-    }
-    if (args2.existing) {
-      return void 0;
-    }
-    return new HttpRoute(
-      name,
-      {
-        ...args2.httpRoute,
-        cluster: args2.cluster,
-        rule: {
-          backend: service2
-        }
-      },
-      {
-        ...opts,
-        parent: parent(),
-        provider: await getProvider(args2.cluster)
-      }
-    );
-  });
-  return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, httpRoute };
-}
-var Workload = class _Workload extends ComponentResource$1 {
-  constructor(type, name, args, opts, resourceType, cluster, metadata, networkPolicy) {
-    super(type, name, args, opts);
-    this.name = name;
-    this.args = args;
-    this.resourceType = resourceType;
-    this.cluster = cluster;
-    this.metadata = metadata;
-    this.networkPolicy = networkPolicy;
-  }
-  /**
-   * The instance terminal to interact with the deployment.
-   */
-  get terminal() {
-    const containerName = output$1(this.args).apply((args) => {
-      const containers = normalize(args.container, args.containers);
-      return containers[0]?.name ?? this.name;
-    });
-    return output$1({
-      name: this.metadata.name,
-      title: interpolate$1`${_Workload.getResourceDisplayType(this.resourceType)} (${this.metadata.name})`,
-      description: "Connect to the container of the workload",
-      icon: "devicon:kubernetes",
-      image: images_exports["terminal-kubectl"].image,
-      command: [
-        "exec",
-        "kubectl",
-        "exec",
-        "-it",
-        "-n",
-        this.metadata.namespace,
-        interpolate$1`${this.resourceType}/${this.metadata.name}`,
-        "-c",
-        containerName,
-        "--",
-        this.args.terminalShell ?? "bash"
-      ],
-      files: {
-        "/kubeconfig": this.cluster.kubeconfig
-      },
-      env: {
-        KUBECONFIG: "/kubeconfig"
-      }
-    });
-  }
-  static getResourceDisplayType(resourceType) {
-    switch (resourceType) {
-      case "deployment":
-        return "Deployment";
-      case "statefulset":
-        return "StatefulSet";
-      case "daemonset":
-        return "DaemonSet";
-      default:
-        return resourceType.charAt(0).toUpperCase() + resourceType.slice(1);
-    }
-  }
-};
-var ExposableWorkload = class extends Workload {
-  constructor(type, name, args, opts, resourceType, cluster, metadata, networkPolicy, _service, _httpRoute) {
-    super(type, name, args, opts, resourceType, cluster, metadata, networkPolicy);
-    this.name = name;
-    this._service = _service;
-    this._httpRoute = _httpRoute;
-  }
-  /**
-   * The service associated with the workload.
-   */
-  get optionalService() {
-    return this._service;
-  }
-  /**
-   * The HTTP route associated with the workload.
-   */
-  get optionalHttpRoute() {
-    return this._httpRoute;
-  }
-  /**
-   * The service associated with the workload.
-   *
-   * Will throw an error if the service is not available.
-   */
-  get service() {
-    return this._service.apply((service) => {
-      if (!service) {
-        throw new Error(`The service of the workload "${this.name}" is not available.`);
-      }
-      return service;
-    });
-  }
-  /**
-   * The HTTP route associated with the workload.
-   *
-   * Will throw an error if the HTTP route is not available.
-   */
-  get httpRoute() {
-    return this._httpRoute.apply((httpRoute) => {
-      if (!httpRoute) {
-        throw new Error(`The HTTP route of the workload "${this.name}" is not available.`);
-      }
-      return httpRoute;
-    });
-  }
-  /**
-   * Creates a generic workload or patches the existing one.
-   */
-  static createOrPatchGeneric(name, args, opts) {
-    return output$1(args).apply(async (args2) => {
-      if (args2.existing?.type === "k8s.deployment") {
-        const { Deployment } = await import('./deployment-XK3CDJOE.js');
-        return Deployment.patch(
-          name,
-          {
-            ...deepmerge(args2, args2.deployment),
-            name: args2.existing.metadata.name,
-            namespace: args2.existing.metadata.namespace
-          },
-          opts
-        );
-      }
-      if (args2.existing?.type === "k8s.stateful-set") {
-        const { StatefulSet } = await import('./stateful-set-7CAQWTV2.js');
-        return StatefulSet.patch(
-          name,
-          {
-            ...deepmerge(args2, args2.statefulSet),
-            name: args2.existing.metadata.name,
-            namespace: args2.existing.metadata.namespace
-          },
-          opts
-        );
-      }
-      if (args2.type === "Deployment") {
-        const { Deployment } = await import('./deployment-XK3CDJOE.js');
-        return Deployment.create(name, deepmerge(args2, args2.deployment), opts);
-      }
-      if (args2.type === "StatefulSet") {
-        const { StatefulSet } = await import('./stateful-set-7CAQWTV2.js');
-        return StatefulSet.create(name, deepmerge(args2, args2.statefulSet), opts);
-      }
-      throw new Error(`Unknown workload type: ${args2.type}`);
-    });
-  }
-};
-
-export { ConfigMap, ExposableWorkload, HttpRoute, NetworkPolicy, PersistentVolumeClaim, Secret, Service, Workload, exposableWorkloadExtraArgs, getBestEndpoint, getExposableWorkloadComponents, getServiceMetadata, getServiceType, getWorkloadComponents, hasServiceMetadata, isFromCluster, mapContainerPortToServicePort, mapServiceToLabelSelector, requireBestEndpoint, withServiceMetadata };
-//# sourceMappingURL=chunk-BBIY3KUN.js.map
-//# sourceMappingURL=chunk-BBIY3KUN.js.map