@highstate/k8s 0.9.4 → 0.9.5

package/src/shared.ts

@@ -2,19 +2,21 @@ import type { PartialKeys } from "@highstate/contract"
 import type { k8s } from "@highstate/library"
 import { Output, output, toPromise, type Input, type Unwrap } from "@highstate/pulumi"
 import { core, Provider, types } from "@pulumi/kubernetes"
-import { mergeDeep } from "remeda"
+import { Namespace } from "./namespace"
 
 const providers = new Map<string, Provider>()
 
 export function getProvider(cluster: Input<k8s.Cluster>): Promise<Provider> {
   const provider = output(cluster).apply(cluster => {
-    const existingProvider = providers.get(cluster.info.id)
+    const existingProvider = providers.get(cluster.id)
     if (existingProvider) {
       return existingProvider
     }
 
-    const provider = new Provider(cluster.info.id, { kubeconfig: cluster.kubeconfig })
-    providers.set(cluster.info.id, provider)
+    const provider = new Provider(`${cluster.name}-${cluster.id}`, {
+      kubeconfig: cluster.kubeconfig,
+    })
+    providers.set(cluster.id, provider)
 
     return provider
   })
@@ -22,69 +24,34 @@ export function getProvider(cluster: Input<k8s.Cluster>): Promise<Provider> {
   return toPromise(provider)
 }
 
-export async function verifyProvider(
-  provider: Provider | undefined,
-  clusterInfo: Input<k8s.ClusterInfo>,
-): Promise<void> {
-  if (!provider) {
-    throw new Error("The provider must be passed to the resource.")
-  }
-
-  const urn = await toPromise(provider.urn)
-  const [, , , resouceName] = urn.split("::")
-
-  const expectedId = await toPromise(output(clusterInfo).id)
-
-  if (resouceName !== expectedId) {
-    throw new Error(
-      "The Kubernetes cluster of the provider is different from the one where the resource is deployed.",
-    )
-  }
-}
-
-export function createNamespace(
-  name: string,
-  provider: Provider,
-  args: core.v1.NamespaceArgs = {},
-): core.v1.Namespace {
-  return new core.v1.Namespace(
-    name,
-    mergeDeep(args, {
-      metadata: {
-        name,
-      },
-    }),
-    { provider },
-  )
-}
-
-export function getNamespace(name = "default", provider: Provider): core.v1.Namespace {
-  return core.v1.Namespace.get(name, name, { provider })
-}
-
-export type NamespaceLike = core.v1.Namespace | string
+export type NamespaceLike = core.v1.Namespace | Namespace | string
 
 export type CommonArgs = {
   /**
    * The name of the resource.
    */
-  name?: string
+  name?: Input<string>
 
   /**
    * The namespace to create the resource in.
    */
   namespace: Input<NamespaceLike | undefined>
 
+  /**
+   * The cluster to create the resource in.
+   */
+  cluster: Input<k8s.Cluster>
+
   /**
    * The metadata to apply to the resource.
    */
   metadata?: Input<types.input.meta.v1.ObjectMeta>
 }
 
-export const commonExtraArgs = ["name", "namespace", "metadata"] as const
+export const commonExtraArgs = ["name", "namespace", "cluster", "metadata"] as const
 
 export function mapMetadata(
-  args: PartialKeys<Unwrap<CommonArgs>, "namespace">,
+  args: PartialKeys<Unwrap<CommonArgs>, "namespace" | "cluster">,
   fallbackName?: string,
 ): types.input.meta.v1.ObjectMeta {
   return {
@@ -109,7 +76,15 @@ export function mapSelectorLikeToSelector(
 }
 
 export function mapNamespaceLikeToNamespaceName(namespace: NamespaceLike): Output<string> {
-  return core.v1.Namespace.isInstance(namespace) ? namespace.metadata.name : output(namespace)
+  if (Namespace.isInstance(namespace)) {
+    return namespace.metadata.name
+  }
+
+  if (core.v1.Namespace.isInstance(namespace)) {
+    return namespace.metadata.name
+  }
+
+  return output(namespace)
 }
 
 export function mapNamespaceNameToSelector(
@@ -127,8 +102,8 @@ export type ResourceId = {
   namespace?: Input<string | undefined>
 }
 
-export function resourceIdToString(metadata: Input<ResourceId>): Output<string> {
-  return output(metadata).apply(metadata => {
+export function resourceIdToString(id: Input<ResourceId>): Output<string> {
+  return output(id).apply(metadata => {
     return metadata.namespace ? `${metadata.namespace}/${metadata.name}` : metadata.name
   })
 }
@@ -148,3 +123,19 @@ export function getAppDisplayName(resourceId: Unwrap<ResourceId>): string {
 
   return resourceId.name
 }
+
+export function withPatchName(
+  resourceType: string,
+  resource: Input<k8s.Resource>,
+  cluster: Input<k8s.Cluster>,
+): Output<string> {
+  return output({ resource, cluster }).apply(({ resource, cluster }) => {
+    if (resource.clusterId !== cluster.id) {
+      throw new Error(
+        `Cluster mismatch when patching ${resourceType} "${resource.metadata.name}": "${resource.clusterId}" != "${cluster.id}"`,
+      )
+    }
+
+    return resource.metadata.name
+  })
+}

package/src/stateful-set.ts

@@ -1,45 +1,49 @@
 import type { k8s } from "@highstate/library"
 import type { HttpRoute } from "./gateway"
 import type { Service } from "./service"
-import {
-  output,
-  type ComponentResourceOptions,
-  ComponentResource,
-  Output,
-  type Inputs,
-  type Input,
-} from "@highstate/pulumi"
-import { apps, type types } from "@pulumi/kubernetes"
+import type { NetworkPolicy } from "./network-policy"
+import { output, type ComponentResourceOptions, Output, type Input } from "@highstate/pulumi"
+import { apps, types } from "@pulumi/kubernetes"
 import { omit } from "remeda"
 import { deepmerge } from "deepmerge-ts"
 import {
-  getPublicWorkloadComponents,
-  publicWorkloadExtraArgs,
-  type PublicWorkloadArgs,
+  getProvider,
+  mapMetadata,
+  resourceIdToString,
+  withPatchName,
+  type ResourceId,
+} from "./shared"
+import {
+  exposableWorkloadExtraArgs,
+  ExposableWorkload,
+  type ExposableWorkloadArgs,
+  getExposableWorkloadComponents,
 } from "./workload"
-import { mapMetadata, verifyProvider } from "./shared"
-import { mapContainerToRaw } from "./container"
 
-export type StatefulSetArgs = Omit<PublicWorkloadArgs, "patch"> & {
-  patch?: Input<k8s.StatefulSet>
-} & Partial<types.input.apps.v1.StatefulSetSpec>
+export type StatefulSetArgs = Omit<ExposableWorkloadArgs, "existing"> &
+  Omit<Partial<types.input.apps.v1.StatefulSetSpec>, "template"> & {
+    template?: {
+      metadata?: types.input.meta.v1.ObjectMeta
+      spec?: Partial<types.input.core.v1.PodSpec>
+    }
+  }
+
+export type CreateOrGetStatefulSetArgs = StatefulSetArgs & {
+  /**
+   * The entity to use to determine the stateful set to patch.
+   */
+  existing: Input<k8s.StatefulSet> | undefined
+}
 
-export abstract class StatefulSet extends ComponentResource {
+export abstract class StatefulSet extends ExposableWorkload {
   protected constructor(
     type: string,
     name: string,
-    args: Inputs,
-    opts: ComponentResourceOptions,
+    args: ExposableWorkloadArgs,
+    opts: ComponentResourceOptions | undefined,
 
-    /**
-     * The cluster info associated with the stateful set.
-     */
-    readonly clusterInfo: Output<k8s.ClusterInfo>,
-
-    /**
-     * The metadata of the underlying Kubernetes stateful set.
-     */
-    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    cluster: Output<k8s.Cluster>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
 
     /**
      * The spec of the underlying Kubernetes stateful set.
@@ -51,10 +55,23 @@ export abstract class StatefulSet extends ComponentResource {
      */
     readonly status: Output<types.output.apps.v1.StatefulSetStatus>,
 
-    private readonly _service: Output<Service | undefined>,
-    private readonly _httpRoute: Output<HttpRoute | undefined>,
+    networkPolicy: Output<NetworkPolicy | undefined>,
+
+    service: Output<Service | undefined>,
+    httpRoute: Output<HttpRoute | undefined>,
   ) {
-    super(type, name, args, opts)
+    super(
+      type,
+      name,
+      args,
+      opts,
+      "statefulset",
+      cluster,
+      metadata,
+      networkPolicy,
+      service,
+      httpRoute,
+    )
   }
 
   /**
@@ -63,97 +80,185 @@ export abstract class StatefulSet extends ComponentResource {
   get entity(): Output<k8s.StatefulSet> {
     return output({
       type: "k8s.stateful-set",
-      clusterInfo: this.clusterInfo,
+      clusterId: this.cluster.id,
       metadata: this.metadata,
       service: this.service.entity,
     })
   }
 
-  get optionalService(): Output<Service | undefined> {
-    return this._service
+  static create(name: string, args: StatefulSetArgs, opts?: ComponentResourceOptions): StatefulSet {
+    return new CreatedStatefulSet(name, args, opts)
   }
 
-  /**
-   * The service associated with the stateful set.
-   */
-  get service(): Output<Service> {
-    return this._service.apply(service => {
-      if (!service) {
-        throw new Error("The service is not available.")
-      }
+  static createOrPatch(
+    name: string,
+    args: CreateOrGetStatefulSetArgs,
+    opts?: ComponentResourceOptions,
+  ): StatefulSet {
+    if (!args.existing) {
+      return new CreatedStatefulSet(name, args, opts)
+    }
 
-      return service
-    })
+    return new StatefulSetPatch(
+      name,
+      {
+        ...args,
+        name: withPatchName("stateful set", args.existing, args.cluster),
+        namespace: output(args.existing).metadata.namespace,
+      },
+      opts,
+    )
   }
 
-  /**
-   * The HTTP route associated with the stateful set.
-   */
-  get httpRoute(): Output<HttpRoute> {
-    return this._httpRoute.apply(httpRoute => {
-      if (!httpRoute) {
-        throw new Error("The HTTP route is not available.")
-      }
-
-      return httpRoute
-    })
+  static patch(name: string, args: StatefulSetArgs, opts?: ComponentResourceOptions): StatefulSet {
+    return new StatefulSetPatch(name, args, opts)
   }
 
-  static create(name: string, args: StatefulSetArgs, opts: ComponentResourceOptions): StatefulSet {
-    return new CreatedStatefulSet(name, args, opts)
+  static createOrGet(
+    name: string,
+    args: CreateOrGetStatefulSetArgs,
+    opts?: ComponentResourceOptions,
+  ): StatefulSet {
+    if (!args.existing) {
+      return new CreatedStatefulSet(name, args, opts)
+    }
+
+    return new ExternalStatefulSet(name, output(args.existing).metadata, args.cluster, opts)
   }
 }
 
 class CreatedStatefulSet extends StatefulSet {
-  constructor(name: string, args: StatefulSetArgs, opts: ComponentResourceOptions) {
-    const { containers, volumes, labels, service, httpRoute } = getPublicWorkloadComponents(
+  constructor(name: string, args: StatefulSetArgs, opts?: ComponentResourceOptions) {
+    const { labels, podTemplate, networkPolicy, service, httpRoute } =
+      getExposableWorkloadComponents(
+        name,
+        {
+          ...args,
+
+          // force create a service since it is required for stateful sets
+          service: output(args.service).apply(service => ({ ...service })),
+        },
+        () => this,
+        opts,
+      )
+
+    const statefulSet = output({ args, podTemplate }).apply(async ({ args, podTemplate }) => {
+      return new apps.v1.StatefulSet(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          spec: deepmerge(
+            {
+              serviceName: service.apply(service => service!.metadata.name),
+              template: podTemplate,
+              selector: { matchLabels: labels },
+            },
+            omit(args, exposableWorkloadExtraArgs),
+          ) as types.input.apps.v1.StatefulSetSpec,
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args.cluster),
+        },
+      )
+    })
+
+    super(
+      "highstate:k8s:StatefulSet",
+      name,
+      args,
+      opts,
+
+      output(args.cluster),
+      statefulSet.metadata,
+      statefulSet.spec,
+      statefulSet.status,
+
+      networkPolicy,
+      service,
+      httpRoute,
+    )
+  }
+}
+
+class StatefulSetPatch extends StatefulSet {
+  constructor(name: string, args: StatefulSetArgs, opts?: ComponentResourceOptions) {
+    const { podSpec, networkPolicy, service, httpRoute } = getExposableWorkloadComponents(
       name,
       args,
       () => this,
       opts,
     )
 
-    const statefulSet = output({ args, containers, volumes, service }).apply(
-      async ({ args, containers, volumes, service }) => {
-        await verifyProvider(opts.provider, args.cluster?.info)
-
-        return new (args.patch ? apps.v1.StatefulSetPatch : apps.v1.StatefulSet)(
-          name,
-          {
-            metadata: mapMetadata(args.patch?.metadata ?? args, name),
-            spec: deepmerge(
-              {
-                serviceName: service?.metadata.name || name,
-                template: {
-                  metadata: !args.patch ? { labels } : undefined,
-                  spec: {
-                    containers: containers.map(container => mapContainerToRaw(container, name)),
-                    volumes,
-                  },
-                },
-                selector: !args.patch ? { matchLabels: labels } : undefined,
+    const statefulSet = output({ args, podSpec }).apply(async ({ args, podSpec }) => {
+      return new apps.v1.StatefulSetPatch(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          spec: deepmerge(
+            {
+              template: {
+                spec: podSpec,
               },
-              omit(args, publicWorkloadExtraArgs),
-            ),
-          },
-          { parent: this, ...opts },
-        )
-      },
-    )
+            },
+            omit(args, exposableWorkloadExtraArgs),
+          ) as types.input.apps.v1.StatefulSetSpec,
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args.cluster),
+        },
+      )
+    })
 
     super(
-      "highstate:k8s:StatefulSet",
+      "highstate:k8s:StatefulSetPatch",
       name,
       args,
       opts,
 
-      output(args.cluster).info,
+      output(args.cluster),
       statefulSet.metadata,
       statefulSet.spec,
       statefulSet.status,
 
+      networkPolicy,
       service,
       httpRoute,
     )
   }
 }
+
+class ExternalStatefulSet extends StatefulSet {
+  constructor(
+    name: string,
+    id: Input<ResourceId>,
+    cluster: Input<k8s.Cluster>,
+    opts?: ComponentResourceOptions,
+  ) {
+    const statefulSet = output(id).apply(async id => {
+      return apps.v1.StatefulSet.get(name, resourceIdToString(id), {
+        ...opts,
+        parent: this,
+        provider: await getProvider(cluster),
+      })
+    })
+
+    super(
+      "highstate:k8s:ExternalStatefulSet",
+      name,
+      { namespace: output(id).namespace, cluster },
+      opts,
+      output(cluster),
+      statefulSet.metadata,
+      statefulSet.spec,
+      statefulSet.status,
+
+      output(undefined),
+      output(undefined),
+      output(undefined),
+    )
+  }
+}

package/src/units/access-point/index.ts

@@ -1,10 +1,17 @@
 import { k8s } from "@highstate/library"
-import { forUnit } from "@highstate/pulumi"
+import { forUnit, toPromise } from "@highstate/pulumi"
 
 const { inputs, outputs } = forUnit(k8s.accessPoint)
 
+const { gateway, tlsIssuer } = await toPromise(inputs)
+
+if (gateway.clusterId !== tlsIssuer.clusterId) {
+  throw new Error("Gateway and TLS issuer must be in the same cluster")
+}
+
 export default outputs({
   accessPoint: {
+    clusterId: gateway.clusterId,
     dnsProviders: inputs.dnsProviders,
     gateway: inputs.gateway,
     tlsIssuer: inputs.tlsIssuer,

package/src/units/cert-manager/index.ts

@@ -1,36 +1,31 @@
 import { k8s } from "@highstate/library"
 import { forUnit } from "@highstate/pulumi"
-import { createNamespace, getProvider } from "../../shared"
 import { Chart } from "../../helm"
 import charts from "../../../assets/charts.json"
+import { Namespace } from "../../namespace"
 
 const { inputs, outputs } = forUnit(k8s.certManager)
-const provider = await getProvider(inputs.k8sCluster)
 
-const namespace = createNamespace("cert-manager", provider)
+const namespace = Namespace.create("cert-manager", { cluster: inputs.k8sCluster })
 
-new Chart(
-  "cert-manager",
-  {
-    namespace: namespace.metadata.name,
-    cluster: inputs.k8sCluster,
+new Chart("cert-manager", {
+  cluster: inputs.k8sCluster,
+  namespace,
 
-    chart: charts["cert-manager"],
+  chart: charts["cert-manager"],
 
-    values: {
-      crds: {
-        enabled: true,
-      },
+  values: {
+    crds: {
+      enabled: true,
+    },
 
-      config: {
-        apiVersion: "controller.config.cert-manager.io/v1alpha1",
-        kind: "ControllerConfiguration",
-        enableGatewayAPI: true,
-      },
+    config: {
+      apiVersion: "controller.config.cert-manager.io/v1alpha1",
+      kind: "ControllerConfiguration",
+      enableGatewayAPI: true,
     },
   },
-  { provider },
-)
+})
 
 export default outputs({
   k8sCluster: inputs.k8sCluster,

package/src/units/cluster-dns/index.ts

@@ -0,0 +1,37 @@
+import { l3EndpointToString, l4EndpointToString, updateEndpointsWithFqdn } from "@highstate/common"
+import { k8s } from "@highstate/library"
+import { forUnit } from "@highstate/pulumi"
+
+const { args, inputs, outputs } = forUnit(k8s.clusterDns)
+
+const { endpoints } = await updateEndpointsWithFqdn(
+  inputs.k8sCluster.endpoints,
+  args.fqdn,
+  args.endpointFilter,
+  args.patchMode,
+  inputs.dnsProviders,
+)
+
+const { endpoints: apiEndpoints } = await updateEndpointsWithFqdn(
+  inputs.k8sCluster.apiEndpoints,
+  args.apiFqdn,
+  args.apiEndpointFilter,
+  args.apiPatchMode,
+  inputs.dnsProviders,
+)
+
+export default outputs({
+  k8sCluster: inputs.k8sCluster.apply(k8sCluster => ({
+    ...k8sCluster,
+    endpoints,
+    apiEndpoints,
+  })),
+
+  endpoints,
+  apiEndpoints,
+
+  $status: {
+    endpoints: endpoints.map(l3EndpointToString),
+    apiEndpoints: apiEndpoints.map(l4EndpointToString),
+  },
+})

package/src/units/cluster-patch/index.ts

@@ -0,0 +1,35 @@
+import { l3EndpointToString, l4EndpointToString, updateEndpoints } from "@highstate/common"
+import { k8s } from "@highstate/library"
+import { forUnit } from "@highstate/pulumi"
+
+const { args, inputs, outputs } = forUnit(k8s.clusterPatch)
+
+const endpoints = await updateEndpoints(
+  inputs.k8sCluster.endpoints,
+  args.endpoints,
+  inputs.endpoints,
+  args.endpointsPatchMode,
+)
+
+const apiEndpoints = await updateEndpoints(
+  inputs.k8sCluster.apiEndpoints,
+  args.apiEndpoints,
+  inputs.apiEndpoints,
+  args.apiEndpointsPatchMode,
+)
+
+export default outputs({
+  k8sCluster: inputs.k8sCluster.apply(k8sCluster => ({
+    ...k8sCluster,
+    endpoints,
+    apiEndpoints,
+  })),
+
+  endpoints,
+  apiEndpoints,
+
+  $status: {
+    endpoints: endpoints.map(l3EndpointToString),
+    apiEndpoints: apiEndpoints.map(l4EndpointToString),
+  },
+})

package/src/units/dns01-issuer/index.ts

@@ -36,7 +36,7 @@ new cert_manager.v1.ClusterIssuer(
 
 export default outputs({
   tlsIssuer: {
-    clusterInfo: unsecret(inputs.k8sCluster.info),
+    clusterId: unsecret(inputs.k8sCluster.id),
     clusterIssuerName: name,
   },
 })