@highstate/k8s 0.9.7 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/dist/{chunk-VJA6NM5Q.js → chunk-7R2VAXVL.js} +24 -4
  2. package/dist/chunk-7R2VAXVL.js.map +1 -0
  3. package/dist/{chunk-QOKAVPCM.js → chunk-L6G2IHDP.js} +29 -449
  4. package/dist/chunk-L6G2IHDP.js.map +1 -0
  5. package/dist/chunk-OP75IMU7.js +766 -0
  6. package/dist/chunk-OP75IMU7.js.map +1 -0
  7. package/dist/{chunk-LNNW53JJ.js → chunk-W72HEBHG.js} +2 -2
  8. package/dist/{chunk-SNSPQJ6A.js → chunk-WUJ7BFVE.js} +2 -2
  9. package/dist/deployment-A26RVQ73.js +10 -0
  10. package/dist/highstate.manifest.json +8 -8
  11. package/dist/index.js +6 -6
  12. package/dist/stateful-set-S5BHTDJY.js +10 -0
  13. package/dist/units/cert-manager/index.js +2 -2
  14. package/package.json +9 -9
  15. package/src/helm.ts +35 -2
  16. package/src/service.ts +3 -2
  17. package/dist/chunk-56QP4XW6.js +0 -347
  18. package/dist/chunk-56QP4XW6.js.map +0 -1
  19. package/dist/chunk-QOKAVPCM.js.map +0 -1
  20. package/dist/chunk-VJA6NM5Q.js.map +0 -1
  21. package/dist/deployment-NG62MEGK.js +0 -10
  22. package/dist/stateful-set-JXMHD6FH.js +0 -10
  23. /package/dist/{chunk-LNNW53JJ.js.map → chunk-W72HEBHG.js.map} +0 -0
  24. /package/dist/{chunk-SNSPQJ6A.js.map → chunk-WUJ7BFVE.js.map} +0 -0
  25. /package/dist/{deployment-NG62MEGK.js.map → deployment-A26RVQ73.js.map} +0 -0
  26. /package/dist/{stateful-set-JXMHD6FH.js.map → stateful-set-S5BHTDJY.js.map} +0 -0
package/dist/{chunk-VJA6NM5Q.js → chunk-7R2VAXVL.js} RENAMED
@@ -1,8 +1,9 @@
1
1
  import {
2
2
  HttpRoute,
3
+ NetworkPolicy,
3
4
  Service,
4
5
  getServiceType
5
- } from "./chunk-56QP4XW6.js";
6
+ } from "./chunk-OP75IMU7.js";
6
7
  import {
7
8
  getProvider,
8
9
  mapNamespaceLikeToNamespaceName
@@ -11,7 +12,7 @@ import {
11
12
  // src/helm.ts
12
13
  import { resolve } from "node:path";
13
14
  import { mkdir, readFile, unlink } from "node:fs/promises";
14
- import { toPromise } from "@highstate/pulumi";
15
+ import { normalize, toPromise } from "@highstate/pulumi";
15
16
  import { core, helm } from "@pulumi/kubernetes";
16
17
  import {
17
18
  ComponentResource,
@@ -87,7 +88,22 @@ var Chart = class extends ComponentResource {
87
88
  { ...opts, parent: this }
88
89
  );
89
90
  });
90
- this.registerOutputs({ chart: this.chart });
91
+ this.networkPolicies = output(args).apply((args2) => {
92
+ const policies = normalize(args2.networkPolicy, args2.networkPolicies);
93
+ return output(
94
+ policies.map((policy) => {
95
+ return NetworkPolicy.create(
96
+ name,
97
+ {
98
+ ...policy,
99
+ cluster: args2.cluster,
100
+ namespace: args2.namespace
101
+ },
102
+ { ...opts, parent: this }
103
+ );
104
+ })
105
+ );
106
+ });
91
107
  }
92
108
  /**
93
109
  * The underlying Helm chart.
@@ -97,6 +113,10 @@ var Chart = class extends ComponentResource {
97
113
  * The HTTP route associated with the deployment.
98
114
  */
99
115
  httpRoute;
116
+ /**
117
+ * The network policies applied to the chart.
118
+ */
119
+ networkPolicies;
100
120
  get service() {
101
121
  return this.getServiceOutput(void 0);
102
122
  }
@@ -211,4 +231,4 @@ export {
211
231
  getChartServiceOutput,
212
232
  getChartService
213
233
  };
214
- //# sourceMappingURL=chunk-VJA6NM5Q.js.map
234
+ //# sourceMappingURL=chunk-7R2VAXVL.js.map
package/dist/chunk-7R2VAXVL.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/helm.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { resolve } from \"node:path\"\nimport { mkdir, readFile, unlink } from \"node:fs/promises\"\nimport { normalize, toPromise, type InputMap } from \"@highstate/pulumi\"\nimport { core, helm, types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n type ComponentResourceOptions,\n type Input,\n type Output,\n} from \"@pulumi/pulumi\"\nimport spawn from \"nano-spawn\"\nimport { sha256 } from \"crypto-hash\"\nimport { omit } from \"remeda\"\nimport { local } from \"@pulumi/command\"\nimport { glob } from \"glob\"\nimport { NetworkPolicy, type NetworkPolicyArgs } from \"./network-policy\"\nimport { HttpRoute, type HttpRouteArgs } from \"./gateway\"\nimport { getProvider, mapNamespaceLikeToNamespaceName, type NamespaceLike } from \"./shared\"\nimport { getServiceType, Service, type ServiceArgs } from \"./service\"\n\nexport type ChartArgs = Omit<\n helm.v4.ChartArgs,\n \"chart\" | \"version\" | \"repositoryOpts\" | \"namespace\"\n> & {\n /**\n * The namespace to deploy the chart into.\n */\n namespace?: Input<NamespaceLike>\n\n /**\n * The custom name of the primary service exposed by the chart.\n *\n * By default, it is the same as the chart name.\n */\n serviceName?: string\n\n /**\n * The extra args to pass to the main service of the chart.\n *\n * Will be patched via transformations.\n */\n service?: Partial<ServiceArgs>\n\n /**\n * The manifest of the chart to resolve.\n */\n chart: ChartManifest\n\n /**\n * The cluster to create the resource in.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * The http route args to bind the service to.\n */\n httpRoute?: Input<HttpRouteArgs>\n\n /**\n * The network policy to apply to the chart.\n */\n networkPolicy?: Input<Omit<NetworkPolicyArgs, \"selector\" | \"cluster\" | \"namespace\">>\n\n /**\n * The network policies to apply to the chart.\n */\n networkPolicies?: Input<NetworkPolicyArgs[]>\n}\n\nexport class Chart extends ComponentResource {\n /**\n * The underlying Helm chart.\n */\n public readonly chart: Output<helm.v4.Chart>\n\n /**\n * The HTTP route associated with the deployment.\n */\n public readonly httpRoute: Output<HttpRoute | undefined>\n\n /**\n * The network policies applied to the chart.\n */\n public readonly networkPolicies: Output<NetworkPolicy[]>\n\n constructor(\n private readonly name: string,\n private readonly args: ChartArgs,\n private readonly opts?: ComponentResourceOptions,\n ) {\n super(\"highstate:k8s:Chart\", name, args, opts)\n\n const namespace = output(args.namespace).apply(namespace =>\n output(namespace ? mapNamespaceLikeToNamespaceName(namespace) : \"default\"),\n )\n\n this.chart = output({ args, namespace }).apply(async ({ args, namespace }) => {\n return new helm.v4.Chart(\n name,\n omit(\n {\n ...args,\n chart: resolveHelmChart(args.chart),\n namespace,\n },\n [\"httpRoute\"],\n ),\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n\n transforms: [\n ...(opts?.transforms ?? []),\n\n resourceArgs => {\n const serviceName = args.serviceName ?? name\n const expectedName = `${name}:${namespace}/${serviceName}`\n\n if (\n resourceArgs.type === \"kubernetes:core/v1:Service\" &&\n resourceArgs.name === expectedName\n ) {\n const spec = resourceArgs.props.spec as types.input.core.v1.ServiceSpec\n\n return {\n props: {\n ...resourceArgs.props,\n spec: {\n ...spec,\n ...(args.service ?? {}),\n\n type: getServiceType(args.service, args.cluster),\n\n externalIPs:\n args.service?.externalIPs ?? args.cluster.externalIps ?? spec.externalIPs,\n },\n },\n opts: resourceArgs.opts,\n }\n }\n\n return undefined\n },\n ],\n },\n )\n })\n\n this.httpRoute = output(args.httpRoute).apply(httpRoute => {\n if (!httpRoute) {\n return undefined\n }\n\n return new HttpRoute(\n name,\n {\n ...httpRoute,\n rule: {\n backend: this.service,\n },\n },\n { ...opts, parent: this },\n )\n })\n\n this.networkPolicies = output(args).apply(args => {\n const policies = normalize(args.networkPolicy, args.networkPolicies)\n\n return output(\n policies.map(policy => {\n return NetworkPolicy.create(\n name,\n {\n ...policy,\n\n cluster: args.cluster,\n namespace: args.namespace,\n },\n { ...opts, parent: this },\n )\n }),\n )\n })\n }\n\n get service(): Output<Service> {\n return this.getServiceOutput(undefined)\n }\n\n private readonly services = new Map<string, Service>()\n\n getServiceOutput(name: string | undefined): Output<Service> {\n return output({ args: this.args, chart: this.chart }).apply(({ args, chart }) => {\n const resolvedName = name ?? args.serviceName ?? this.name\n const existingService = this.services.get(resolvedName)\n\n if (existingService) {\n return existingService\n }\n\n const service = getChartServiceOutput(chart, resolvedName)\n\n const wrappedService = Service.wrap(\n //\n resolvedName,\n service,\n args.cluster,\n { ...this.opts, parent: this },\n )\n\n this.services.set(resolvedName, wrappedService)\n return wrappedService\n })\n }\n\n getService(name?: string): Promise<Service> {\n return toPromise(this.getServiceOutput(name))\n }\n}\n\nexport type RenderedChartArgs = {\n /**\n * The namespace to deploy the chart into.\n */\n namespace?: Input<NamespaceLike>\n\n /**\n * The manifest of the chart to resolve.\n */\n chart: ChartManifest\n\n /**\n * The values to pass to the chart.\n */\n values?: InputMap<string>\n}\n\nexport class RenderedChart extends ComponentResource {\n /**\n * The rendered manifest of the Helm chart.\n */\n public readonly manifest: Output<string>\n\n /**\n * The underlying command used to render the chart.\n */\n public readonly command: Output<local.Command>\n\n constructor(name: string, args: RenderedChartArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:RenderedChart\", name, args, opts)\n\n this.command = output(args).apply(args => {\n const values = args.values\n ? Object.entries(args.values).flatMap(([key, value]) => [\"--set\", `${key}=\"${value}\"`])\n : []\n\n return new local.Command(\n name,\n {\n create: output([\n \"helm\",\n \"template\",\n resolveHelmChart(args.chart),\n\n ...(args.namespace\n ? [\"--namespace\", mapNamespaceLikeToNamespaceName(args.namespace)]\n : []),\n\n ...values,\n ]).apply(command => command.join(\" \")),\n\n logging: \"stderr\",\n },\n { parent: this, ...opts },\n )\n })\n\n this.manifest = this.command.stdout\n\n this.registerOutputs({ manifest: this.manifest, command: this.command })\n }\n}\n\nexport type ChartManifest = {\n repo: string\n name: string\n version: string\n sha256: string\n}\n\n/**\n * Downloads or reuses the Helm chart according to the charts.json file.\n * Returns the full path to the chart's .tgz file.\n *\n * @param manifest The manifest of the Helm chart.\n */\nexport async function resolveHelmChart(manifest: ChartManifest): Promise<string> {\n if (!process.env.HIGHSTATE_CACHE_DIR) {\n throw new Error(\"Environment variable HIGHSTATE_CACHE_DIR is not set\")\n }\n\n const chartsDir = resolve(process.env.HIGHSTATE_CACHE_DIR, \"charts\")\n await mkdir(chartsDir, { recursive: true })\n\n const globPattern = `${manifest.name}-*.tgz`\n const targetFileName = `${manifest.name}-${manifest.version}.tgz`\n\n // find all matching files\n const files = await glob(globPattern, { cwd: chartsDir })\n\n if (files.includes(targetFileName)) {\n return resolve(chartsDir, targetFileName)\n }\n\n // delete old versions\n for (const file of files) {\n await unlink(resolve(chartsDir, file))\n }\n\n // download the chart\n await spawn(\"helm\", [\n \"pull\",\n manifest.name,\n \"--version\",\n manifest.version,\n \"--repo\",\n manifest.repo,\n \"--destination\",\n chartsDir,\n ])\n\n // check the SHA256\n const content = await readFile(resolve(chartsDir, targetFileName))\n const actualSha256 = await sha256(content)\n\n if (actualSha256 !== manifest.sha256) {\n throw new Error(`SHA256 mismatch for chart '${manifest.name}'`)\n }\n\n return resolve(chartsDir, targetFileName)\n}\n\n/**\n * Extracts the service with the given name from the chart resources.\n * Throws an error if the service is not found.\n *\n * @param chart The Helm chart.\n * @param name The name of the service.\n */\nexport function getChartServiceOutput(chart: helm.v4.Chart, name: string): Output<core.v1.Service> {\n const services = chart.resources.apply(resources => {\n return resources\n .filter(r => core.v1.Service.isInstance(r))\n .map(service => ({ name: service.metadata.name, service }))\n })\n\n return output(services).apply(services => {\n const service = services.find(s => s.name === name)?.service\n\n if (!service) {\n throw new Error(`Service with name '${name}' not found in the chart resources`)\n }\n\n return service\n })\n}\n\n/**\n * Extracts the service with the given name from the chart resources.\n * Throws an error if the service is not found.\n *\n * @param chart The Helm chart.\n * @param name The name of the service.\n */\nexport function getChartService(chart: helm.v4.Chart, name: string): Promise<core.v1.Service> {\n return toPromise(getChartServiceOutput(chart, name))\n}\n"],"mappings":";;;;;;;;;;;;AACA,SAAS,eAAe;AACxB,SAAS,OAAO,UAAU,cAAc;AACxC,SAAS,WAAW,iBAAgC;AACpD,SAAS,MAAM,YAAmB;AAClC;AAAA,EACE;AAAA,EACA;AAAA,OAIK;AACP,OAAO,WAAW;AAClB,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,aAAa;AACtB,SAAS,YAAY;AAuDd,IAAM,QAAN,cAAoB,kBAAkB;AAAA,EAgB3C,YACmB,MACA,MACA,MACjB;AACA,UAAM,uBAAuB,MAAM,MAAM,IAAI;AAJ5B;AACA;AACA;AAIjB,UAAM,YAAY,OAAO,KAAK,SAAS,EAAE;AAAA,MAAM,CAAAA,eAC7C,OAAOA,aAAY,gCAAgCA,UAAS,IAAI,SAAS;AAAA,IAC3E;AAEA,SAAK,QAAQ,OAAO,EAAE,MAAM,UAAU,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,WAAAD,WAAU,MAAM;AAC5E,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE;AAAA,YACE,GAAGC;AAAA,YACH,OAAO,iBAAiBA,MAAK,KAAK;AAAA,YAClC,WAAAD;AAAA,UACF;AAAA,UACA,CAAC,WAAW;AAAA,QACd;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYC,MAAK,OAAO;AAAA,UAExC,YAAY;AAAA,YACV,GAAI,MAAM,cAAc,CAAC;AAAA,YAEzB,kBAAgB;AACd,oBAAM,cAAcA,MAAK,eAAe;AACxC,oBAAM,eAAe,GAAG,IAAI,IAAID,UAAS,IAAI,WAAW;AAExD,kBACE,aAAa,SAAS,gCACtB,aAAa,SAAS,cACtB;AACA,sBAAM,OAAO,aAAa,MAAM;AAEhC,uBAAO;AAAA,kBACL,OAAO;AAAA,oBACL,GAAG,aAAa;AAAA,oBAChB,MAAM;AAAA,sBACJ,GAAG;AAAA,sBACH,GAAIC,MAAK,WAAW,CAAC;AAAA,sBAErB,MAAM,eAAeA,MAAK,SAASA,MAAK,OAAO;AAAA,sBAE/C,aACEA,MAAK,SAAS,eAAeA,MAAK,QAAQ,eAAe,KAAK;AAAA,oBAClE;AAAA,kBACF;AAAA,kBACA,MAAM,aAAa;AAAA,gBACrB;AAAA,cACF;AAEA,qBAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,SAAK,YAAY,OAAO,KAAK,SAAS,EAAE,MAAM,eAAa;AACzD,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AAEA,aAAO,IAAI;AAAA,QACT;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,MAAM;AAAA,YACJ,SAAS,KAAK;AAAA,UAChB;AAAA,QACF;AAAA,QACA,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED,SAAK,kBAAkB,OAAO,IAAI,EAAE,MAAM,CAAAA,UAAQ;AAChD,YAAM,WAAW,UAAUA,MAAK,eAAeA,MAAK,eAAe;AAEnE,aAAO;AAAA,QACL,SAAS,IAAI,YAAU;AACrB,iBAAO,cAAc;AAAA,YACnB;AAAA,YACA;AAAA,cACE,GAAG;AAAA,cAEH,SAASA,MAAK;AAAA,cACd,WAAWA,MAAK;AAAA,YAClB;AAAA,YACA,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,UAC1B;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EA/GgB;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAuGhB,IAAI,UAA2B;AAC7B,WAAO,KAAK,iBAAiB,MAAS;AAAA,EACxC;AAAA,EAEiB,WAAW,oBAAI,IAAqB;AAAA,EAErD,iBAAiB,MAA2C;AAC1D,WAAO,OAAO,EAAE,MAAM,KAAK,MAAM,OAAO,KAAK,MAAM,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAM;AAC/E,YAAM,eAAe,QAAQ,KAAK,eAAe,KAAK;AACtD,YAAM,kBAAkB,KAAK,SAAS,IAAI,YAAY;AAEtD,UAAI,iBAAiB;AACnB,eAAO;AAAA,MACT;AAEA,YAAM,UAAU,sBAAsB,OAAO,YAAY;AAEzD,YAAM,iBAAiB,QAAQ;AAAA;AAAA,QAE7B;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,EAAE,GAAG,KAAK,MAAM,QAAQ,KAAK;AAAA,MAC/B;AAEA,WAAK,SAAS,IAAI,cAAc,cAAc;AAC9C,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,MAAiC;AAC1C,WAAO,UAAU,KAAK,iBAAiB,IAAI,CAAC;AAAA,EAC9C;AACF;AAmBO,IAAM,gBAAN,cAA4B,kBAAkB;AAAA;AAAA;AAAA;AAAA,EAInC;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEhB,YAAY,MAAc,MAAyB,MAAiC;AAClF,UAAM,+BAA+B,MAAM,MAAM,IAAI;AAErD,SAAK,UAAU,OAAO,IAAI,EAAE,MAAM,CAAAA,UAAQ;AACxC,YAAM,SAASA,MAAK,SAChB,OAAO,QAAQA,MAAK,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,SAAS,GAAG,GAAG,KAAK,KAAK,GAAG,CAAC,IACpF,CAAC;AAEL,aAAO,IAAI,MAAM;AAAA,QACf;AAAA,QACA;AAAA,UACE,QAAQ,OAAO;AAAA,YACb;AAAA,YACA;AAAA,YACA,iBAAiBA,MAAK,KAAK;AAAA,YAE3B,GAAIA,MAAK,YACL,CAAC,eAAe,gCAAgCA,MAAK,SAAS,CAAC,IAC/D,CAAC;AAAA,YAEL,GAAG;AAAA,UACL,CAAC,EAAE,MAAM,aAAW,QAAQ,KAAK,GAAG,CAAC;AAAA,UAErC,SAAS;AAAA,QACX;AAAA,QACA,EAAE,QAAQ,MAAM,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED,SAAK,WAAW,KAAK,QAAQ;AAE7B,SAAK,gBAAgB,EAAE,UAAU,KAAK,UAAU,SAAS,KAAK,QAAQ,CAAC;AAAA,EACzE;AACF;AAeA,eAAsB,iBAAiB,UAA0C;AAC/E,MAAI,CAAC,QAAQ,IAAI,qBAAqB;AACpC,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,QAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,QAAQ;AACnE,QAAM,MAAM,WAAW,EAAE,WAAW,KAAK,CAAC;AAE1C,QAAM,cAAc,GAAG,SAAS,IAAI;AACpC,QAAM,iBAAiB,GAAG,SAAS,IAAI,IAAI,SAAS,OAAO;AAG3D,QAAM,QAAQ,MAAM,KAAK,aAAa,EAAE,KAAK,UAAU,CAAC;AAExD,MAAI,MAAM,SAAS,cAAc,GAAG;AAClC,WAAO,QAAQ,WAAW,cAAc;AAAA,EAC1C;AAGA,aAAW,QAAQ,OAAO;AACxB,UAAM,OAAO,QAAQ,WAAW,IAAI,CAAC;AAAA,EACvC;AAGA,QAAM,MAAM,QAAQ;AAAA,IAClB;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF,CAAC;AAGD,QAAM,UAAU,MAAM,SAAS,QAAQ,WAAW,cAAc,CAAC;AACjE,QAAM,eAAe,MAAM,OAAO,OAAO;AAEzC,MAAI,iBAAiB,SAAS,QAAQ;AACpC,UAAM,IAAI,MAAM,8BAA8B,SAAS,IAAI,GAAG;AAAA,EAChE;AAEA,SAAO,QAAQ,WAAW,cAAc;AAC1C;AASO,SAAS,sBAAsB,OAAsB,MAAuC;AACjG,QAAM,WAAW,MAAM,UAAU,MAAM,eAAa;AAClD,WAAO,UACJ,OAAO,OAAK,KAAK,GAAG,QAAQ,WAAW,CAAC,CAAC,EACzC,IAAI,cAAY,EAAE,MAAM,QAAQ,SAAS,MAAM,QAAQ,EAAE;AAAA,EAC9D,CAAC;AAED,SAAO,OAAO,QAAQ,EAAE,MAAM,CAAAC,cAAY;AACxC,UAAM,UAAUA,UAAS,KAAK,OAAK,EAAE,SAAS,IAAI,GAAG;AAErD,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB,IAAI,oCAAoC;AAAA,IAChF;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AASO,SAAS,gBAAgB,OAAsB,MAAwC;AAC5F,SAAO,UAAU,sBAAsB,OAAO,IAAI,CAAC;AACrD;","names":["namespace","args","services"]}
package/dist/{chunk-QOKAVPCM.js → chunk-L6G2IHDP.js} RENAMED
@@ -1,18 +1,13 @@
1
1
  import {
2
2
  HttpRoute,
3
+ NetworkPolicy,
3
4
  Service,
4
- getServiceMetadata,
5
- isFromCluster,
6
- mapContainerPortToServicePort,
7
- mapServiceToLabelSelector
8
- } from "./chunk-56QP4XW6.js";
5
+ mapContainerPortToServicePort
6
+ } from "./chunk-OP75IMU7.js";
9
7
  import {
10
8
  commonExtraArgs,
11
9
  getProvider,
12
10
  mapMetadata,
13
- mapNamespaceLikeToNamespaceName,
14
- mapNamespaceNameToSelector,
15
- mapSelectorLikeToSelector,
16
11
  resourceIdToString,
17
12
  withPatchName
18
13
  } from "./chunk-HTQP2NB4.js";
@@ -424,430 +419,16 @@ function mapWorkloadVolume(volume) {
424
419
  return volume;
425
420
  }
426
421
 
427
- // src/network-policy.ts
428
- import { networking } from "@pulumi/kubernetes";
429
- import {
430
- ComponentResource as ComponentResource3,
431
- interpolate,
432
- normalize as normalize2,
433
- output as output4
434
- } from "@highstate/pulumi";
435
- import { capitalize, flat, groupBy, merge, mergeDeep, uniqueBy } from "remeda";
436
- import "@highstate/library";
437
- import {
438
- l34EndpointToString,
439
- l3EndpointToCidr,
440
- parseL34Endpoint
441
- } from "@highstate/common";
442
- var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
443
- /**
444
- * The underlying network policy resource.
445
- */
446
- networkPolicy;
447
- constructor(name, args, opts) {
448
- super("k8s:network-policy", name, args, opts);
449
- const normalizedArgs = output4(args).apply((args2) => {
450
- const ingressRules = normalize2(args2.ingressRule, args2.ingressRules);
451
- const egressRules = normalize2(args2.egressRule, args2.egressRules);
452
- const extraEgressRules = [];
453
- if (args2.allowKubeDns) {
454
- extraEgressRules.push({
455
- namespaces: ["kube-system"],
456
- selectors: [{ matchLabels: { "k8s-app": "kube-dns" } }],
457
- ports: [{ port: 53, protocol: "UDP" }],
458
- all: false,
459
- cidrs: [],
460
- fqdns: [],
461
- services: []
462
- });
463
- }
464
- return {
465
- ...args2,
466
- podSelector: args2.selector ? mapSelectorLikeToSelector(args2.selector) : {},
467
- isolateEgress: args2.isolateEgress ?? false,
468
- isolateIngress: args2.isolateIngress ?? false,
469
- allowKubeApiServer: args2.allowKubeApiServer ?? false,
470
- ingressRules: ingressRules.flatMap((rule) => {
471
- const endpoints = normalize2(
472
- args2.ingressRule?.fromEndpoint,
473
- args2.ingressRule?.fromEndpoints
474
- );
475
- const parsedEndpoints = endpoints.map(parseL34Endpoint);
476
- const endpointsByPortsAndNamespaces = groupBy(parsedEndpoints, (endpoint) => {
477
- const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
478
- const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
479
- return `${port ?? "0"}:${namespace}`;
480
- });
481
- const l3OnlyRule = endpointsByPortsAndNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
482
- void 0,
483
- endpointsByPortsAndNamespaces["0:"],
484
- args2.cluster
485
- ) : void 0;
486
- const otherRules = Object.entries(endpointsByPortsAndNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
487
- const [port] = key.split(":");
488
- const portNumber = parseInt(port, 10);
489
- const portValue = isNaN(portNumber) ? port : portNumber;
490
- return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
491
- });
492
- return [
493
- {
494
- all: rule.fromAll ?? false,
495
- cidrs: normalize2(rule.fromCidr, rule.fromCidrs).concat(l3OnlyRule?.cidrs ?? []),
496
- fqdns: [],
497
- services: normalize2(rule.fromService, rule.fromServices),
498
- namespaces: normalize2(rule.fromNamespace, rule.fromNamespaces),
499
- selectors: normalize2(rule.fromSelector, rule.fromSelectors),
500
- ports: normalize2(rule.toPort, rule.toPorts)
501
- },
502
- ...otherRules
503
- ].filter((rule2) => !_NetworkPolicy.isEmptyRule(rule2));
504
- }),
505
- egressRules: egressRules.flatMap((rule) => {
506
- const endpoints = normalize2(args2.egressRule?.toEndpoint, args2.egressRule?.toEndpoints);
507
- const parsedEndpoints = endpoints.map(parseL34Endpoint);
508
- const endpointsByPortsAnsNamespaces = groupBy(parsedEndpoints, (endpoint) => {
509
- const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
510
- const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
511
- return `${port ?? "0"}:${namespace}`;
512
- });
513
- const l3OnlyRule = endpointsByPortsAnsNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
514
- void 0,
515
- endpointsByPortsAnsNamespaces["0:"],
516
- args2.cluster
517
- ) : void 0;
518
- const otherRules = Object.entries(endpointsByPortsAnsNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
519
- const [port] = key.split(":");
520
- const portNumber = parseInt(port, 10);
521
- const portValue = isNaN(portNumber) ? port : portNumber;
522
- return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
523
- });
524
- return [
525
- {
526
- all: rule.toAll ?? false,
527
- cidrs: normalize2(rule.toCidr, rule.toCidrs).concat(l3OnlyRule?.cidrs ?? []),
528
- fqdns: normalize2(rule.toFqdn, rule.toFqdns).concat(l3OnlyRule?.fqdns ?? []),
529
- services: normalize2(rule.toService, rule.toServices),
530
- namespaces: normalize2(rule.toNamespace, rule.toNamespaces),
531
- selectors: normalize2(rule.toSelector, rule.toSelectors),
532
- ports: normalize2(rule.toPort, rule.toPorts)
533
- },
534
- ...otherRules
535
- ].filter((rule2) => !_NetworkPolicy.isEmptyRule(rule2));
536
- }).concat(extraEgressRules)
537
- };
538
- });
539
- this.networkPolicy = output4(
540
- normalizedArgs.apply(async (args2) => {
541
- return output4(
542
- this.create(name, args2, {
543
- ...opts,
544
- parent: this,
545
- provider: await getProvider(args2.cluster)
546
- })
547
- );
548
- })
549
- );
550
- }
551
- static mapCidrFromEndpoint(result) {
552
- if (result.type === "ipv4") {
553
- return `${result.address}/32`;
554
- }
555
- return `${result.address}/128`;
556
- }
557
- static getRuleFromEndpoint(port, endpoints, cluster) {
558
- const ports = port ? [{ port, protocol: endpoints[0].protocol?.toUpperCase() }] : [];
559
- const cidrs = endpoints.filter((endpoint) => !isFromCluster(endpoint, cluster)).filter((endpoint) => endpoint.type === "ipv4" || endpoint.type === "ipv6").map(_NetworkPolicy.mapCidrFromEndpoint);
560
- const fqdns = endpoints.filter((endpoint) => endpoint.type === "hostname").map((endpoint) => endpoint.hostname);
561
- const selectors = endpoints.filter((endpoint) => isFromCluster(endpoint, cluster)).map((endpoint) => endpoint.metadata.k8sService.selector);
562
- const namespace = endpoints.filter((endpoint) => isFromCluster(endpoint, cluster)).map((endpoint) => getServiceMetadata(endpoint)?.namespace)[0];
563
- return {
564
- all: false,
565
- cidrs,
566
- fqdns,
567
- services: [],
568
- namespaces: namespace ? [namespace] : [],
569
- selectors,
570
- ports
571
- };
572
- }
573
- static isEmptyRule(rule) {
574
- return !rule.all && rule.cidrs.length === 0 && rule.fqdns.length === 0 && rule.services.length === 0 && rule.namespaces.length === 0 && rule.selectors.length === 0 && rule.ports.length === 0;
575
- }
576
- static create(name, args, opts) {
577
- return output4(args).apply(async (args2) => {
578
- const cni = args2.cluster.cni;
579
- if (cni === "other") {
580
- return new NativeNetworkPolicy(name, args2, opts);
581
- }
582
- const implName = `${capitalize(cni)}NetworkPolicy`;
583
- const implModule = await import(`@highstate/${cni}`);
584
- const implClass = implModule[implName];
585
- if (!implClass) {
586
- throw new Error(`No implementation found for ${cni}`);
587
- }
588
- return new implClass(name, args2, opts);
589
- });
590
- }
591
- static isolate(namespace, cluster, opts) {
592
- return _NetworkPolicy.create(
593
- "isolate",
594
- {
595
- namespace,
596
- cluster,
597
- description: "By default, deny all traffic to/from the namespace.",
598
- isolateEgress: true,
599
- isolateIngress: true
600
- },
601
- opts
602
- );
603
- }
604
- static allowInsideNamespace(namespace, cluster, opts) {
605
- return _NetworkPolicy.create(
606
- "allow-inside-namespace",
607
- {
608
- namespace,
609
- cluster,
610
- description: "Allow all traffic inside the namespace.",
611
- selector: {},
612
- ingressRule: { fromNamespace: namespace },
613
- egressRule: { toNamespace: namespace }
614
- },
615
- opts
616
- );
617
- }
618
- static allowKubeApiServer(namespace, cluster, opts) {
619
- return _NetworkPolicy.create(
620
- "allow-kube-api-server",
621
- {
622
- namespace,
623
- cluster,
624
- description: "Allow all traffic to the Kubernetes API server from the namespace.",
625
- allowKubeApiServer: true
626
- },
627
- opts
628
- );
629
- }
630
- static allowKubeDns(namespace, cluster, opts) {
631
- return _NetworkPolicy.create(
632
- "allow-kube-dns",
633
- {
634
- namespace,
635
- cluster,
636
- description: "Allow all traffic to the Kubernetes DNS server from the namespace.",
637
- allowKubeDns: true
638
- },
639
- opts
640
- );
641
- }
642
- static allowAllEgress(namespace, cluster, opts) {
643
- return _NetworkPolicy.create(
644
- "allow-all-egress",
645
- {
646
- namespace,
647
- cluster,
648
- description: "Allow all egress traffic from the namespace.",
649
- egressRule: { toAll: true }
650
- },
651
- opts
652
- );
653
- }
654
- static allowAllIngress(namespace, cluster, opts) {
655
- return _NetworkPolicy.create(
656
- "allow-all-ingress",
657
- {
658
- namespace,
659
- cluster,
660
- description: "Allow all ingress traffic to the namespace.",
661
- ingressRule: { fromAll: true }
662
- },
663
- opts
664
- );
665
- }
666
- static allowEgressToEndpoint(endpoint, namespace, cluster, opts) {
667
- const parsedEndpoint = parseL34Endpoint(endpoint);
668
- return _NetworkPolicy.create(
669
- `allow-egress-to-${l34EndpointToString(parsedEndpoint)}`,
670
- {
671
- namespace,
672
- cluster,
673
- description: interpolate`Allow egress traffic to "${l34EndpointToString(parsedEndpoint)}" from the namespace.`,
674
- egressRule: { toEndpoint: endpoint }
675
- },
676
- opts
677
- );
678
- }
679
- static allowIngressFromEndpoint(endpoint, namespace, cluster, opts) {
680
- const parsedEndpoint = parseL34Endpoint(endpoint);
681
- return _NetworkPolicy.create(
682
- `allow-ingress-from-${l34EndpointToString(parsedEndpoint)}`,
683
- {
684
- namespace,
685
- cluster,
686
- description: interpolate`Allow ingress traffic from "${l34EndpointToString(parsedEndpoint)}" to the namespace.`,
687
- ingressRule: { fromEndpoint: endpoint }
688
- },
689
- opts
690
- );
691
- }
692
- };
693
- var NativeNetworkPolicy = class _NativeNetworkPolicy extends NetworkPolicy {
694
- create(name, args, opts) {
695
- const ingress = _NativeNetworkPolicy.createIngressRules(args);
696
- const egress = _NativeNetworkPolicy.createEgressRules(args);
697
- const policyTypes = [];
698
- if (ingress.length > 0 || args.isolateIngress) {
699
- policyTypes.push("Ingress");
700
- }
701
- if (egress.length > 0 || args.isolateEgress) {
702
- policyTypes.push("Egress");
703
- }
704
- return new networking.v1.NetworkPolicy(
705
- name,
706
- {
707
- metadata: mergeDeep(mapMetadata(args, name), {
708
- annotations: args.description ? { "kubernetes.io/description": args.description } : void 0
709
- }),
710
- spec: {
711
- podSelector: args.podSelector,
712
- ingress,
713
- egress,
714
- policyTypes
715
- }
716
- },
717
- opts
718
- );
719
- }
720
- static fallbackIpBlock = {
721
- cidr: "0.0.0.0/0",
722
- except: ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
723
- };
724
- static fallbackDnsRule = {
725
- to: [
726
- {
727
- namespaceSelector: { matchLabels: { "kubernetes.io/metadata.name": "kube-system" } },
728
- podSelector: { matchLabels: { "k8s-app": "kube-dns" } }
729
- }
730
- ],
731
- ports: [{ port: 53, protocol: "UDP" }]
732
- };
733
- static createIngressRules(args) {
734
- return uniqueBy(
735
- args.ingressRules.map((rule) => ({
736
- from: rule.all ? [] : _NativeNetworkPolicy.createRulePeers(rule),
737
- ports: _NativeNetworkPolicy.mapPorts(rule.ports)
738
- })),
739
- (rule) => JSON.stringify(rule)
740
- );
741
- }
742
- static createEgressRules(args) {
743
- const extraRules = [];
744
- const needKubeDns = args.egressRules.some((rule) => rule.fqdns.length > 0);
745
- if (needKubeDns) {
746
- extraRules.push(_NativeNetworkPolicy.fallbackDnsRule);
747
- }
748
- const needFallback = args.egressRules.some(
749
- (rule) => rule.fqdns.some((fqdn) => !fqdn.endsWith(".cluster.local"))
750
- );
751
- if (needFallback) {
752
- extraRules.push({ to: [{ ipBlock: _NativeNetworkPolicy.fallbackIpBlock }] });
753
- }
754
- if (args.allowKubeApiServer) {
755
- const { quirks, apiEndpoints } = args.cluster;
756
- if (quirks?.fallbackKubeApiAccess) {
757
- extraRules.push({
758
- to: [{ ipBlock: { cidr: `${quirks?.fallbackKubeApiAccess.serverIp}/32` } }],
759
- ports: [{ port: quirks?.fallbackKubeApiAccess.serverPort, protocol: "TCP" }]
760
- });
761
- } else {
762
- const rules = apiEndpoints.filter((endpoint) => endpoint.type !== "hostname").map((endpoint) => ({
763
- to: [{ ipBlock: { cidr: l3EndpointToCidr(endpoint) } }],
764
- ports: [{ port: endpoint.port, protocol: "TCP" }]
765
- }));
766
- extraRules.push(...rules);
767
- }
768
- }
769
- return uniqueBy(
770
- args.egressRules.map((rule) => {
771
- return {
772
- to: rule.all ? [] : _NativeNetworkPolicy.createRulePeers(rule),
773
- ports: _NativeNetworkPolicy.mapPorts(rule.ports)
774
- };
775
- }).filter((rule) => rule.to !== void 0).concat(extraRules),
776
- (rule) => JSON.stringify(rule)
777
- );
778
- }
779
- static createRulePeers(args) {
780
- const peers = uniqueBy(
781
- [
782
- ..._NativeNetworkPolicy.createCidrPeers(args),
783
- ..._NativeNetworkPolicy.createServicePeers(args),
784
- ..._NativeNetworkPolicy.createSelectorPeers(args)
785
- ],
786
- (peer) => JSON.stringify(peer)
787
- );
788
- return peers.length > 0 ? peers : void 0;
789
- }
790
- static createCidrPeers(args) {
791
- return args.cidrs.map((cidr) => ({ ipBlock: { cidr } }));
792
- }
793
- static createServicePeers(args) {
794
- return args.services.map((service) => {
795
- const selector = mapServiceToLabelSelector(service);
796
- return {
797
- namespaceSelector: mapNamespaceNameToSelector(service.metadata.namespace),
798
- podSelector: selector
799
- };
800
- });
801
- }
802
- static createSelectorPeers(args) {
803
- const selectorPeers = args.selectors.map((selector) => ({
804
- podSelector: mapSelectorLikeToSelector(selector)
805
- }));
806
- const namespacePeers = args.namespaces.map(_NativeNetworkPolicy.createNamespacePeer);
807
- if (namespacePeers.length === 0) {
808
- return selectorPeers;
809
- }
810
- if (selectorPeers.length === 0) {
811
- return namespacePeers;
812
- }
813
- return flat(
814
- selectorPeers.map((selectorPeer) => {
815
- return namespacePeers.map((namespacePeer) => merge(selectorPeer, namespacePeer));
816
- })
817
- );
818
- }
819
- static createNamespacePeer(namespace) {
820
- const namespaceName = mapNamespaceLikeToNamespaceName(namespace);
821
- const namespaceSelector = mapNamespaceNameToSelector(namespaceName);
822
- return { namespaceSelector };
823
- }
824
- static mapPorts(ports) {
825
- return ports.map((port) => {
826
- if ("port" in port) {
827
- return {
828
- port: port.port,
829
- protocol: port.protocol ?? "TCP"
830
- };
831
- }
832
- return {
833
- port: port.range[0],
834
- endPort: port.range[1],
835
- protocol: port.protocol ?? "TCP"
836
- };
837
- });
838
- }
839
- };
840
-
841
422
  // src/workload.ts
842
423
  import {
843
- normalize as normalize3
424
+ normalize as normalize2
844
425
  } from "@highstate/pulumi";
845
426
  import {
846
- ComponentResource as ComponentResource4,
847
- interpolate as interpolate2,
848
- output as output5
427
+ ComponentResource as ComponentResource3,
428
+ interpolate,
429
+ output as output4
849
430
  } from "@pulumi/pulumi";
850
- import { uniqueBy as uniqueBy2 } from "remeda";
431
+ import { uniqueBy } from "remeda";
851
432
  import { deepmerge as deepmerge2 } from "deepmerge-ts";
852
433
 
853
434
  // src/pod.ts
@@ -862,26 +443,26 @@ function getWorkloadComponents(name, args, parent, opts) {
862
443
  const labels = {
863
444
  "app.kubernetes.io/name": name
864
445
  };
865
- const containers = output5(args).apply((args2) => normalize3(args2.container, args2.containers));
446
+ const containers = output4(args).apply((args2) => normalize2(args2.container, args2.containers));
866
447
  const volumes = containers.apply((containers2) => {
867
- const containerVolumes = containers2.flatMap((container) => normalize3(container.volume, container.volumes)).map(mapWorkloadVolume);
448
+ const containerVolumes = containers2.flatMap((container) => normalize2(container.volume, container.volumes)).map(mapWorkloadVolume);
868
449
  const containerVolumeMounts = containers2.flatMap((container) => {
869
- return normalize3(container.volumeMount, container.volumeMounts).map((volumeMount) => {
450
+ return normalize2(container.volumeMount, container.volumeMounts).map((volumeMount) => {
870
451
  return "volume" in volumeMount ? volumeMount.volume : void 0;
871
452
  }).filter(Boolean);
872
453
  }).map(mapWorkloadVolume);
873
- return output5([...containerVolumes, ...containerVolumeMounts]).apply(
874
- uniqueBy2((volume) => volume.name)
454
+ return output4([...containerVolumes, ...containerVolumeMounts]).apply(
455
+ uniqueBy((volume) => volume.name)
875
456
  );
876
457
  });
877
- const podSpec = output5({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
458
+ const podSpec = output4({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
878
459
  const spec = {
879
460
  volumes: volumes2,
880
461
  containers: containers2.map((container) => mapContainerToRaw(container, args2.cluster, name)),
881
462
  ...podSpecDefaults
882
463
  };
883
464
  if (containers2.some((container) => container.enableTun) && args2.cluster.quirks?.tunDevicePolicy?.type !== "plugin") {
884
- spec.volumes = output5(spec.volumes).apply((volumes3) => [
465
+ spec.volumes = output4(spec.volumes).apply((volumes3) => [
885
466
  ...volumes3 ?? [],
886
467
  {
887
468
  name: "tun-device",
@@ -921,7 +502,7 @@ function getWorkloadComponents(name, args, parent, opts) {
921
502
  }
922
503
  function getExposableWorkloadComponents(name, args, parent, opts) {
923
504
  const { labels, containers, volumes, podSpec, podTemplate, networkPolicy } = getWorkloadComponents(name, args, parent, opts);
924
- const service = output5({ args, containers }).apply(async ({ args: args2, containers: containers2 }) => {
505
+ const service = output4({ args, containers }).apply(async ({ args: args2, containers: containers2 }) => {
925
506
  if (!args2.service && !args2.httpRoute) {
926
507
  return void 0;
927
508
  }
@@ -931,7 +512,7 @@ function getExposableWorkloadComponents(name, args, parent, opts) {
931
512
  if (args2.existing) {
932
513
  return void 0;
933
514
  }
934
- const ports = containers2.flatMap((container) => normalize3(container.port, container.ports));
515
+ const ports = containers2.flatMap((container) => normalize2(container.port, container.ports));
935
516
  return Service.create(
936
517
  name,
937
518
  {
@@ -951,7 +532,7 @@ function getExposableWorkloadComponents(name, args, parent, opts) {
951
532
  }
952
533
  );
953
534
  });
954
- const httpRoute = output5({
535
+ const httpRoute = output4({
955
536
  args,
956
537
  service
957
538
  }).apply(async ({ args: args2, service: service2 }) => {
@@ -979,7 +560,7 @@ function getExposableWorkloadComponents(name, args, parent, opts) {
979
560
  });
980
561
  return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, httpRoute };
981
562
  }
982
- var Workload = class extends ComponentResource4 {
563
+ var Workload = class extends ComponentResource3 {
983
564
  constructor(type, name, args, opts, resourceType, cluster, metadata, networkPolicy) {
984
565
  super(type, name, args, opts);
985
566
  this.name = name;
@@ -993,11 +574,11 @@ var Workload = class extends ComponentResource4 {
993
574
  * The instance terminal to interact with the deployment.
994
575
  */
995
576
  get terminal() {
996
- const containerName = output5(this.args).apply((args) => {
997
- const containers = normalize3(args.container, args.containers);
577
+ const containerName = output4(this.args).apply((args) => {
578
+ const containers = normalize2(args.container, args.containers);
998
579
  return containers[0]?.name ?? this.name;
999
580
  });
1000
- return output5({
581
+ return output4({
1001
582
  name: this.metadata.name,
1002
583
  title: this.metadata.name,
1003
584
  image: "ghcr.io/exeteres/highstate/terminal-kubectl",
@@ -1008,7 +589,7 @@ var Workload = class extends ComponentResource4 {
1008
589
  "-it",
1009
590
  "-n",
1010
591
  this.metadata.namespace,
1011
- interpolate2`${this.resourceType}/${this.metadata.name}`,
592
+ interpolate`${this.resourceType}/${this.metadata.name}`,
1012
593
  "-c",
1013
594
  containerName,
1014
595
  "--",
@@ -1072,9 +653,9 @@ var ExposableWorkload = class extends Workload {
1072
653
  * Creates a generic workload or patches the existing one.
1073
654
  */
1074
655
  static createOrPatchGeneric(name, args, opts) {
1075
- return output5(args).apply(async (args2) => {
656
+ return output4(args).apply(async (args2) => {
1076
657
  if (args2.existing?.type === "k8s.deployment") {
1077
- const { Deployment } = await import("./deployment-NG62MEGK.js");
658
+ const { Deployment } = await import("./deployment-A26RVQ73.js");
1078
659
  return Deployment.patch(
1079
660
  name,
1080
661
  {
@@ -1086,7 +667,7 @@ var ExposableWorkload = class extends Workload {
1086
667
  );
1087
668
  }
1088
669
  if (args2.existing?.type === "k8s.stateful-set") {
1089
- const { StatefulSet } = await import("./stateful-set-JXMHD6FH.js");
670
+ const { StatefulSet } = await import("./stateful-set-S5BHTDJY.js");
1090
671
  return StatefulSet.patch(
1091
672
  name,
1092
673
  {
@@ -1098,11 +679,11 @@ var ExposableWorkload = class extends Workload {
1098
679
  );
1099
680
  }
1100
681
  if (args2.type === "Deployment") {
1101
- const { Deployment } = await import("./deployment-NG62MEGK.js");
682
+ const { Deployment } = await import("./deployment-A26RVQ73.js");
1102
683
  return Deployment.create(name, deepmerge2(args2, args2.deployment), opts);
1103
684
  }
1104
685
  if (args2.type === "StatefulSet") {
1105
- const { StatefulSet } = await import("./stateful-set-JXMHD6FH.js");
686
+ const { StatefulSet } = await import("./stateful-set-S5BHTDJY.js");
1106
687
  return StatefulSet.create(name, deepmerge2(args2, args2.statefulSet), opts);
1107
688
  }
1108
689
  throw new Error(`Unknown workload type: ${args2.type}`);
@@ -1113,11 +694,10 @@ var ExposableWorkload = class extends Workload {
1113
694
  export {
1114
695
  PersistentVolumeClaim,
1115
696
  Secret,
1116
- NetworkPolicy,
1117
697
  exposableWorkloadExtraArgs,
1118
698
  getWorkloadComponents,
1119
699
  getExposableWorkloadComponents,
1120
700
  Workload,
1121
701
  ExposableWorkload
1122
702
  };
1123
- //# sourceMappingURL=chunk-QOKAVPCM.js.map
703
+ //# sourceMappingURL=chunk-L6G2IHDP.js.map