@highstate/k8s 0.9.4 → 0.9.6

package/src/secret.ts

@@ -0,0 +1,195 @@
+import type { k8s } from "@highstate/library"
+import { core, type types } from "@pulumi/kubernetes"
+import {
+  ComponentResource,
+  output,
+  Output,
+  type ComponentResourceOptions,
+  type Input,
+  type Inputs,
+} from "@pulumi/pulumi"
+import { getProvider, mapMetadata, withPatchName, type CommonArgs } from "./shared"
+
+export type SecretArgs = CommonArgs &
+  Omit<types.input.core.v1.Secret, "kind" | "metadata" | "apiVersion">
+
+export type CreateOrPatchSecretArgs = SecretArgs & {
+  /**
+   * The resource to use to determine the name of the secret.
+   *
+   * If not provided, the secret will be created, otherwise it will be retrieved/patched.
+   */
+  existing: Input<k8s.Resource> | undefined
+}
+
+export abstract class Secret extends ComponentResource {
+  protected constructor(
+    type: string,
+    name: string,
+    args: Inputs,
+    opts: ComponentResourceOptions | undefined,
+
+    /**
+     * The cluster where the secret is created.
+     */
+    readonly cluster: Output<k8s.Cluster>,
+
+    /**
+     * The metadata of the underlying Kubernetes secret.
+     */
+    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+
+    /**
+     * The data of the underlying Kubernetes secret.
+     */
+    readonly data: Output<Record<string, string>>,
+
+    /**
+     * The stringData of the underlying Kubernetes secret.
+     */
+    readonly stringData: Output<Record<string, string>>,
+  ) {
+    super(type, name, args, opts)
+  }
+
+  /**
+   * Creates a new secret.
+   */
+  static create(name: string, args: SecretArgs, opts?: ComponentResourceOptions): Secret {
+    return new CreatedSecret(name, args, opts)
+  }
+
+  /**
+   * Creates a new secret or patches an existing one.
+   *
+   * Will throw an error if the secret does not exist when `args.resource` is provided.
+   */
+  static createOrPatch(
+    name: string,
+    args: CreateOrPatchSecretArgs,
+    opts?: ComponentResourceOptions,
+  ): Secret {
+    if (!args.existing) {
+      return new CreatedSecret(name, args, opts)
+    }
+
+    return new SecretPatch(
+      name,
+      {
+        ...args,
+        name: withPatchName("secret", args.existing, args.cluster),
+        namespace: output(args.existing).metadata.namespace,
+      },
+      opts,
+    )
+  }
+
+  /**
+   * Gets an existing secret.
+   *
+   * Will throw an error if the secret does not exist.
+   */
+  static get(
+    name: string,
+    id: Input<string>,
+    cluster: Input<k8s.Cluster>,
+    opts?: ComponentResourceOptions,
+  ): Secret {
+    return new ExternalSecret(name, id, cluster, opts)
+  }
+}
+
+class CreatedSecret extends Secret {
+  constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {
+    const secret = output(args).apply(async args => {
+      return new core.v1.Secret(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          data: args.data,
+          stringData: args.stringData,
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args.cluster),
+        },
+      )
+    })
+
+    super(
+      "highstate:k8s:Secret",
+      name,
+      args,
+      opts,
+      output(args.cluster),
+      secret.metadata,
+      secret.data,
+      secret.stringData,
+    )
+  }
+}
+
+class SecretPatch extends Secret {
+  constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {
+    const secret = output(args).apply(async args => {
+      return new core.v1.SecretPatch(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          data: args.data,
+          stringData: args.stringData,
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args.cluster),
+        },
+      )
+    })
+
+    super(
+      "highstate:k8s:SecretPatch",
+      name,
+      args,
+      opts,
+      output(args.cluster),
+      secret.metadata,
+      secret.data,
+      secret.stringData,
+    )
+  }
+}
+
+class ExternalSecret extends Secret {
+  constructor(
+    name: string,
+    id: Input<string>,
+    cluster: Input<k8s.Cluster>,
+    opts?: ComponentResourceOptions,
+  ) {
+    const secret = output(id).apply(async realName => {
+      return core.v1.Secret.get(
+        //
+        name,
+        realName,
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(cluster),
+        },
+      )
+    })
+
+    super(
+      "highstate:k8s:ExternalSecret",
+      name,
+      { id, cluster },
+      opts,
+      output(cluster),
+      secret.metadata,
+      secret.data,
+      secret.stringData,
+    )
+  }
+}

package/src/service.ts

@@ -1,43 +1,109 @@
-import type { k8s } from "@highstate/library"
+import type { k8s, network } from "@highstate/library"
 import { core, types } from "@pulumi/kubernetes"
 import {
   ComponentResource,
-  interpolate,
   normalize,
   output,
   Output,
-  Resource,
   type ComponentResourceOptions,
   type Input,
-  type InputArray,
   type Inputs,
 } from "@highstate/pulumi"
-import { omit } from "remeda"
+import { omit, uniqueBy } from "remeda"
 import { deepmerge } from "deepmerge-ts"
+import { filterEndpoints, l4EndpointToString, parseL3Endpoint } from "@highstate/common"
 import {
   commonExtraArgs,
   mapMetadata,
   resourceIdToString,
-  verifyProvider,
   type CommonArgs,
   type ResourceId,
+  type SelectorLike,
 } from "./shared"
 
 export type ServiceArgs = CommonArgs & {
-  port?: Input<types.input.core.v1.ServicePort>
-
   /**
-   * The service to patch instead of creating a new one.
+   * The port to expose the service on.
    */
-  patch?: Input<k8s.Service>
+  port?: Input<types.input.core.v1.ServicePort>
 
   /**
-   * The cluster to create the resource in.
+   * Whether the service should be exposed by `NodePort` or `LoadBalancer`.
+   *
+   * The type of the service will be determined automatically based on the cluster.
    */
-  cluster: Input<k8s.Cluster>
+  external?: boolean
 } & types.input.core.v1.ServiceSpec
 
-const serviceExtraArgs = [...commonExtraArgs, "port", "ports", "patch"] as const
+const serviceExtraArgs = [...commonExtraArgs, "port", "ports", "external"] as const
+
+export type ServiceEndpointMetadata = {
+  clusterId: string
+  name: string
+  namespace: string
+  selector: SelectorLike
+  targetPort: string | number
+}
+
+/**
+ * Checks if the endpoint has service metadata.
+ *
+ * Alters the type of the endpoint to include the service metadata if it exists.
+ *
+ * @param endpoint The endpoint to check.
+ * @returns True if the endpoint has service metadata, false otherwise.
+ */
+export function hasServiceMetadata(
+  endpoint: network.L3Endpoint,
+): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {
+  return endpoint.metadata?.k8sService !== undefined
+}
+
+/**
+ * Returns the service metadata of the endpoint.
+ *
+ * @param endpoint The endpoint to get the service metadata from.
+ * @returns The service metadata of the endpoint, or undefined if it doesn't exist.
+ */
+export function getServiceMetadata(
+  endpoint: network.L3Endpoint,
+): ServiceEndpointMetadata | undefined {
+  return endpoint.metadata?.k8sService as ServiceEndpointMetadata
+}
+
+/**
+ * Adds service metadata to the endpoint.
+ *
+ * @param endpoint The endpoint to add the metadata to.
+ * @param metadata The metadata to add.
+ * @returns The endpoint with the added metadata.
+ */
+export function withServiceMetadata<TEdnpoint extends network.L34Endpoint>(
+  endpoint: TEdnpoint,
+  metadata: ServiceEndpointMetadata,
+): TEdnpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {
+  return {
+    ...endpoint,
+    metadata: {
+      ...endpoint.metadata,
+      k8sService: metadata,
+    },
+  }
+}
+
+/**
+ * Checks if the endpoint is from the given cluster.
+ *
+ * @param endpoint The endpoint to check.
+ * @param cluster The cluster to check against.
+ * @returns True if the endpoint is from the cluster, false otherwise.
+ */
+export function isFromCluster(
+  endpoint: network.L3Endpoint,
+  cluster: k8s.Cluster,
+): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {
+  return getServiceMetadata(endpoint)?.clusterId === cluster.id
+}
 
 export abstract class Service extends ComponentResource {
   protected constructor(
@@ -49,7 +115,7 @@ export abstract class Service extends ComponentResource {
     /**
      * The cluster info associated with the service.
      */
-    readonly clusterInfo: Output<k8s.ClusterInfo>,
+    readonly cluster: Output<k8s.Cluster>,
 
     /**
      * The metadata of the underlying Kubernetes service.
@@ -65,11 +131,6 @@ export abstract class Service extends ComponentResource {
      * The status of the underlying Kubernetes service.
      */
     readonly status: Output<types.output.core.v1.ServiceStatus>,
-
-    /**
-     * The resources associated with the service.
-     */
-    readonly resources: InputArray<Resource>,
   ) {
     super(type, name, args, opts)
   }
@@ -80,9 +141,9 @@ export abstract class Service extends ComponentResource {
   get entity(): Output<k8s.Service> {
     return output({
       type: "k8s.service",
-      clusterInfo: this.clusterInfo,
+      clusterId: this.cluster.id,
       metadata: this.metadata,
-      spec: this.spec,
+      endpoints: this.endpoints,
     })
   }
 
@@ -93,94 +154,143 @@ export abstract class Service extends ComponentResource {
   static wrap(
     name: string,
     service: Input<core.v1.Service>,
-    clusterInfo: Input<k8s.ClusterInfo>,
+    cluster: Input<k8s.Cluster>,
     opts: ComponentResourceOptions,
   ): Service {
-    return new WrappedService(name, service, clusterInfo, opts)
+    return new WrappedService(name, service, cluster, opts)
   }
 
   static external(
     name: string,
     id: ResourceId,
-    clusterInfo: Input<k8s.ClusterInfo>,
+    cluster: Input<k8s.Cluster>,
     opts: ComponentResourceOptions,
   ): Service {
-    return new ExternalService(name, id, clusterInfo, opts)
+    return new ExternalService(name, id, cluster, opts)
   }
 
-  static of(name: string, entity: Input<k8s.Service>, opts: ComponentResourceOptions): Service {
-    return new ExternalService(name, output(entity).metadata, output(entity).clusterInfo, opts)
-  }
+  static of(
+    name: string,
+    entity: Input<k8s.Service>,
+    cluster: Input<k8s.Cluster>,
+    opts: ComponentResourceOptions,
+  ): Service {
+    return new ExternalService(
+      name,
+      output(entity).metadata,
+      output({ cluster, entity }).apply(({ cluster, entity }) => {
+        if (cluster.id !== entity.clusterId) {
+          throw new Error(
+            `Cluster mismatch when wrapping service "${name}": "${cluster.id}" != "${entity.clusterId}"`,
+          )
+        }
 
-  /**
-   * Returns the host of the service accessible from the cluster.
-   *
-   * The format is `name.namespace.svc`.
-   */
-  get clusterHost(): Output<string> {
-    return interpolate`${this.metadata.name}.${this.metadata.namespace}.svc`
+        return cluster
+      }),
+      opts,
+    )
   }
 
   /**
-   * Returns the external IP of the service.
+   * Returns the endpoints of the service applying the given filter.
    *
-   * If the load balancer is available, the external IP is returned, otherwise the IP of the node.
+   * If no filter is specified, the default behavior of `filterEndpoints` is used.
    *
-   * If the service has no external IP, `undefined` is returned.
+   * @param filter If specified, the endpoints are filtered based on the given filter.
+   * @returns The endpoints of the service.
    */
-  get externalIp(): Output<string | undefined> {
-    return output({ spec: this.spec, status: this.status }).apply(({ spec, status }) => {
-      const loadBalancerIp = status.loadBalancer?.ingress?.[0]?.ip
-      if (loadBalancerIp) {
-        return loadBalancerIp
-      }
-
-      const nodeIp = spec.externalIPs?.[0]
-      if (nodeIp) {
-        return nodeIp
-      }
-
-      return undefined
+  filterEndpoints(filter?: network.EndpointFilter): Output<network.L4Endpoint[]> {
+    return output({ endpoints: this.endpoints }).apply(({ endpoints }) => {
+      return filterEndpoints(endpoints, filter)
     })
   }
 
   /**
-   * The "most public" IP of the service.
-   *
-   * Resolves to the external IP if available, otherwise the cluster IP.
-   *
-   * If the service is headless, an error is thrown.
+   * Returns the endpoints of the service including both internal and external endpoints.
    */
-  get ip(): Output<string> {
-    return output({ spec: this.spec, externalIp: this.externalIp }).apply(
-      ({ spec, externalIp }) => {
-        if (externalIp) {
-          return externalIp
-        }
+  get endpoints(): Output<network.L4Endpoint[]> {
+    return output({
+      clusterId: this.cluster.id,
+      metadata: this.metadata,
+      spec: this.spec,
+      status: this.status,
+    }).apply(({ clusterId, metadata, spec, status }) => {
+      const endpointMetadata = {
+        k8sService: {
+          clusterId,
+          name: metadata.name,
+          namespace: metadata.namespace,
+          selector: spec.selector,
+          targetPort: spec.ports[0].targetPort ?? spec.ports[0].port,
+        },
+      }
 
-        const clusterIp = spec.clusterIP
-        if (clusterIp && clusterIp !== "None") {
-          return clusterIp
-        }
+      const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({
+        ...parseL3Endpoint(ip),
+        port: spec.ports[0].port,
+        protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
+        metadata: endpointMetadata,
+      }))
+
+      if (clusterIpEndpoints.length > 0) {
+        clusterIpEndpoints.unshift({
+          type: "hostname",
+          visibility: "internal",
+          hostname: `${metadata.name}.${metadata.namespace}.svc.cluster.local`,
+          port: spec.ports[0].port,
+          protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
+          metadata: endpointMetadata,
+        })
+      }
 
-        throw new Error("The service does not have neither an external IP nor a cluster IP.")
-      },
-    )
+      const nodePortEndpoints =
+        spec.type === "NodePort"
+          ? spec.externalIPs?.map(ip => ({
+              ...parseL3Endpoint(ip),
+              port: spec.ports[0].nodePort,
+              protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
+              metadata: endpointMetadata,
+            }))
+          : []
+
+      const loadBalancerEndpoints =
+        spec.type === "LoadBalancer"
+          ? status.loadBalancer?.ingress?.map(endpoint => ({
+              ...parseL3Endpoint(endpoint.ip ?? endpoint.hostname),
+              port: spec.ports[0].port,
+              protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
+              metadata: endpointMetadata,
+            }))
+          : []
+
+      return uniqueBy(
+        [
+          ...(clusterIpEndpoints ?? []),
+          ...(loadBalancerEndpoints ?? []),
+          ...(nodePortEndpoints ?? []),
+        ],
+        endpoint => l4EndpointToString(endpoint),
+      )
+    })
   }
 }
 
 class CreatedService extends Service {
   constructor(name: string, args: ServiceArgs, opts: ComponentResourceOptions) {
-    const service = output(args).apply(async args => {
-      await verifyProvider(opts.provider, args.cluster.info)
-
-      return new (args.patch ? core.v1.ServicePatch : core.v1.Service)(
+    const service = output(args).apply(args => {
+      return new core.v1.Service(
         name,
         {
-          metadata: mapMetadata(args.patch?.metadata ?? args, name),
+          metadata: mapMetadata(args, name),
           spec: deepmerge(
             {
               ports: normalize(args.port, args.ports),
+
+              externalIPs: args.external
+                ? (args.externalIPs ?? args.cluster.externalIps)
+                : args.cluster.externalIps,
+
+              type: getServiceType(args, args.cluster),
             },
             omit(args, serviceExtraArgs),
           ),
@@ -195,11 +305,10 @@ class CreatedService extends Service {
       args,
       opts,
 
-      output(args.cluster).info,
+      output(args.cluster),
       service.metadata,
       service.spec,
       service.status,
-      [service],
     )
   }
 }
@@ -208,20 +317,19 @@ class WrappedService extends Service {
   constructor(
     name: string,
     service: Input<core.v1.Service>,
-    clusterInfo: Input<k8s.ClusterInfo>,
+    cluster: Input<k8s.Cluster>,
     opts: ComponentResourceOptions,
   ) {
     super(
       "highstate:k8s:WrappedService",
       name,
-      { service, clusterInfo },
+      { service, clusterInfo: cluster },
       opts,
 
-      output(clusterInfo),
+      output(cluster),
       output(service).metadata,
       output(service).spec,
       output(service).status,
-      [service],
     )
   }
 }
@@ -229,32 +337,29 @@ class WrappedService extends Service {
 class ExternalService extends Service {
   constructor(
     name: string,
-    id: ResourceId,
-    clusterInfo: Input<k8s.ClusterInfo>,
+    id: Input<ResourceId>,
+    cluster: Input<k8s.Cluster>,
     opts: ComponentResourceOptions,
   ) {
-    const service = output(id).apply(async id => {
-      await verifyProvider(opts.provider, this.clusterInfo)
-
+    const service = output(id).apply(id => {
       return core.v1.Service.get(
         //
         name,
         resourceIdToString(id),
-        { parent: this, provider: opts.provider },
+        { ...opts, parent: this },
       )
     })
 
     super(
       "highstate:k8s:ExternalService",
       name,
-      { id, clusterInfo },
+      { id, cluster },
       opts,
 
-      output(clusterInfo),
+      output(cluster),
       service.metadata,
       service.spec,
       service.status,
-      [service],
     )
   }
 }
@@ -277,3 +382,18 @@ export function mapServiceToLabelSelector(
     matchLabels: service.spec.selector,
   }
 }
+
+export function getServiceType(
+  service: Pick<ServiceArgs, "type" | "external"> | undefined,
+  cluster: k8s.Cluster,
+): Input<string> {
+  if (service?.type) {
+    return service.type
+  }
+
+  if (!service?.external) {
+    return "ClusterIP"
+  }
+
+  return cluster.quirks?.externalServiceType === "LoadBalancer" ? "LoadBalancer" : "NodePort"
+}