@highstate/k8s 0.9.7 → 0.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-VJA6NM5Q.js → chunk-7R2VAXVL.js} +24 -4
- package/dist/chunk-7R2VAXVL.js.map +1 -0
- package/dist/{chunk-QOKAVPCM.js → chunk-L6G2IHDP.js} +29 -449
- package/dist/chunk-L6G2IHDP.js.map +1 -0
- package/dist/chunk-OP75IMU7.js +766 -0
- package/dist/chunk-OP75IMU7.js.map +1 -0
- package/dist/{chunk-LNNW53JJ.js → chunk-W72HEBHG.js} +2 -2
- package/dist/{chunk-SNSPQJ6A.js → chunk-WUJ7BFVE.js} +2 -2
- package/dist/deployment-A26RVQ73.js +10 -0
- package/dist/highstate.manifest.json +8 -8
- package/dist/index.js +6 -6
- package/dist/stateful-set-S5BHTDJY.js +10 -0
- package/dist/units/cert-manager/index.js +2 -2
- package/package.json +9 -9
- package/src/helm.ts +35 -2
- package/src/service.ts +3 -2
- package/dist/chunk-56QP4XW6.js +0 -347
- package/dist/chunk-56QP4XW6.js.map +0 -1
- package/dist/chunk-QOKAVPCM.js.map +0 -1
- package/dist/chunk-VJA6NM5Q.js.map +0 -1
- package/dist/deployment-NG62MEGK.js +0 -10
- package/dist/stateful-set-JXMHD6FH.js +0 -10
- /package/dist/{chunk-LNNW53JJ.js.map → chunk-W72HEBHG.js.map} +0 -0
- /package/dist/{chunk-SNSPQJ6A.js.map → chunk-WUJ7BFVE.js.map} +0 -0
- /package/dist/{deployment-NG62MEGK.js.map → deployment-A26RVQ73.js.map} +0 -0
- /package/dist/{stateful-set-JXMHD6FH.js.map → stateful-set-S5BHTDJY.js.map} +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/service.ts","../src/gateway/http-route.ts","../src/gateway/backend.ts","../src/network-policy.ts"],"sourcesContent":["import type { k8s, network } from \"@highstate/library\"\nimport { core, types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n normalize,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@highstate/pulumi\"\nimport { omit, uniqueBy } from \"remeda\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { filterEndpoints, l4EndpointToString, parseL3Endpoint } from \"@highstate/common\"\nimport {\n commonExtraArgs,\n mapMetadata,\n resourceIdToString,\n type CommonArgs,\n type ResourceId,\n type SelectorLike,\n} from \"./shared\"\n\nexport type ServiceArgs = CommonArgs & {\n /**\n * The port to expose the service on.\n */\n port?: Input<types.input.core.v1.ServicePort>\n\n /**\n * Whether the service should be exposed by `NodePort` or `LoadBalancer`.\n *\n * The type of the service will be determined automatically based on the cluster.\n */\n external?: boolean\n} & types.input.core.v1.ServiceSpec\n\nconst serviceExtraArgs = [...commonExtraArgs, \"port\", \"ports\", \"external\"] as const\n\nexport type ServiceEndpointMetadata = {\n clusterId: string\n name: string\n namespace: string\n selector: SelectorLike\n targetPort: string | number\n}\n\n/**\n * Checks if the endpoint has service metadata.\n *\n * Alters the type of the endpoint to include the service metadata if it exists.\n *\n * @param endpoint The endpoint to check.\n * @returns True if the endpoint has service metadata, false otherwise.\n */\nexport function hasServiceMetadata(\n endpoint: network.L3Endpoint,\n): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return endpoint.metadata?.k8sService !== undefined\n}\n\n/**\n * Returns the service metadata of the endpoint.\n *\n * @param endpoint The endpoint to get the service metadata from.\n * @returns The service metadata of the endpoint, or undefined if it doesn't exist.\n */\nexport function getServiceMetadata(\n endpoint: network.L3Endpoint,\n): ServiceEndpointMetadata | undefined {\n return endpoint.metadata?.k8sService as ServiceEndpointMetadata\n}\n\n/**\n * Adds service metadata to the endpoint.\n *\n * @param endpoint The endpoint to add the metadata to.\n * @param metadata The metadata to add.\n * @returns The endpoint with the added metadata.\n */\nexport function withServiceMetadata<TEdnpoint extends network.L34Endpoint>(\n endpoint: TEdnpoint,\n metadata: ServiceEndpointMetadata,\n): TEdnpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return {\n ...endpoint,\n metadata: {\n ...endpoint.metadata,\n k8sService: metadata,\n },\n }\n}\n\n/**\n * Checks if the endpoint is from the given cluster.\n *\n * @param endpoint The endpoint to check.\n * @param cluster The cluster to check against.\n * @returns True if the endpoint is from the cluster, false otherwise.\n */\nexport function isFromCluster(\n endpoint: network.L3Endpoint,\n cluster: k8s.Cluster,\n): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return getServiceMetadata(endpoint)?.clusterId === cluster.id\n}\n\nexport abstract class Service extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions,\n\n /**\n * The cluster info associated with the service.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes service.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes service.\n */\n readonly spec: Output<types.output.core.v1.ServiceSpec>,\n\n /**\n * The status of the underlying Kubernetes service.\n */\n readonly status: Output<types.output.core.v1.ServiceStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The Highstate service entity.\n */\n get entity(): Output<k8s.Service> {\n return output({\n type: \"k8s.service\",\n clusterId: this.cluster.id,\n metadata: this.metadata,\n endpoints: this.endpoints,\n })\n }\n\n static create(name: string, args: ServiceArgs, opts: ComponentResourceOptions): Service {\n return new CreatedService(name, args, opts)\n }\n\n static wrap(\n name: string,\n service: Input<core.v1.Service>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ): Service {\n return new WrappedService(name, service, cluster, opts)\n }\n\n static external(\n name: string,\n id: ResourceId,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ): Service {\n return new ExternalService(name, id, cluster, opts)\n }\n\n static of(\n name: string,\n entity: Input<k8s.Service>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ): Service {\n return new ExternalService(\n name,\n output(entity).metadata,\n output({ cluster, entity }).apply(({ cluster, entity }) => {\n if (cluster.id !== entity.clusterId) {\n throw new Error(\n `Cluster mismatch when wrapping service \"${name}\": \"${cluster.id}\" != \"${entity.clusterId}\"`,\n )\n }\n\n return cluster\n }),\n opts,\n )\n }\n\n /**\n * Returns the endpoints of the service applying the given filter.\n *\n * If no filter is specified, the default behavior of `filterEndpoints` is used.\n *\n * @param filter If specified, the endpoints are filtered based on the given filter.\n * @returns The endpoints of the service.\n */\n filterEndpoints(filter?: network.EndpointFilter): Output<network.L4Endpoint[]> {\n return output({ endpoints: this.endpoints }).apply(({ endpoints }) => {\n return filterEndpoints(endpoints, filter)\n })\n }\n\n /**\n * Returns the endpoints of the service including both internal and external endpoints.\n */\n get endpoints(): Output<network.L4Endpoint[]> {\n return output({\n cluster: this.cluster,\n metadata: this.metadata,\n spec: this.spec,\n status: this.status,\n }).apply(({ cluster, metadata, spec, status }) => {\n const endpointMetadata = {\n k8sService: {\n clusterId: cluster.id,\n name: metadata.name,\n namespace: metadata.namespace,\n selector: spec.selector,\n targetPort: spec.ports[0].targetPort ?? spec.ports[0].port,\n } satisfies ServiceEndpointMetadata,\n }\n\n const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({\n ...parseL3Endpoint(ip),\n visibility: \"internal\" as network.EndpointVisibility,\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n\n if (clusterIpEndpoints.length > 0) {\n clusterIpEndpoints.unshift({\n type: \"hostname\",\n visibility: \"internal\",\n hostname: `${metadata.name}.${metadata.namespace}.svc.cluster.local`,\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n })\n }\n\n const nodePortEndpoints =\n spec.type === \"NodePort\"\n ? cluster.endpoints.map(endpoint => ({\n ...(endpoint as network.L3Endpoint),\n port: spec.ports[0].nodePort,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n : []\n\n const loadBalancerEndpoints =\n spec.type === \"LoadBalancer\"\n ? status.loadBalancer?.ingress?.map(endpoint => ({\n ...parseL3Endpoint(endpoint.ip ?? endpoint.hostname),\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n : []\n\n return uniqueBy(\n [\n ...(clusterIpEndpoints ?? []),\n ...(loadBalancerEndpoints ?? []),\n ...(nodePortEndpoints ?? []),\n ],\n endpoint => l4EndpointToString(endpoint),\n )\n })\n }\n}\n\nclass CreatedService extends Service {\n constructor(name: string, args: ServiceArgs, opts: ComponentResourceOptions) {\n const service = output(args).apply(args => {\n return new core.v1.Service(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: deepmerge(\n {\n ports: normalize(args.port, args.ports),\n\n externalIPs: args.external\n ? (args.externalIPs ?? args.cluster.externalIps)\n : args.cluster.externalIps,\n\n type: getServiceType(args, args.cluster),\n },\n omit(args, serviceExtraArgs),\n ),\n },\n { parent: this, ...opts },\n )\n })\n\n super(\n \"highstate:k8s:Service\",\n name,\n args,\n opts,\n\n output(args.cluster),\n service.metadata,\n service.spec,\n service.status,\n )\n }\n}\n\nclass WrappedService extends Service {\n constructor(\n name: string,\n service: Input<core.v1.Service>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ) {\n super(\n \"highstate:k8s:WrappedService\",\n name,\n { service, clusterInfo: cluster },\n opts,\n\n output(cluster),\n output(service).metadata,\n output(service).spec,\n output(service).status,\n )\n }\n}\n\nclass ExternalService extends Service {\n constructor(\n name: string,\n id: Input<ResourceId>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ) {\n const service = output(id).apply(id => {\n return core.v1.Service.get(\n //\n name,\n resourceIdToString(id),\n { ...opts, parent: this },\n )\n })\n\n super(\n \"highstate:k8s:ExternalService\",\n name,\n { id, cluster },\n opts,\n\n output(cluster),\n service.metadata,\n service.spec,\n service.status,\n )\n }\n}\n\nexport function mapContainerPortToServicePort(\n port: types.input.core.v1.ContainerPort,\n): types.input.core.v1.ServicePort {\n return {\n name: port.name,\n port: port.containerPort,\n targetPort: port.containerPort,\n protocol: port.protocol,\n }\n}\n\nexport function mapServiceToLabelSelector(\n service: core.v1.Service,\n): types.input.meta.v1.LabelSelector {\n return {\n matchLabels: service.spec.selector,\n }\n}\n\nexport function getServiceType(\n service: Pick<ServiceArgs, \"type\" | \"external\"> | undefined,\n cluster: k8s.Cluster,\n): Input<string> {\n if (service?.type) {\n return service.type\n }\n\n if (!service?.external) {\n return \"ClusterIP\"\n }\n\n return cluster.quirks?.externalServiceType === \"LoadBalancer\" ? \"LoadBalancer\" : \"NodePort\"\n}\n","import {\n ComponentResource,\n normalize,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type InputArray,\n} from \"@highstate/pulumi\"\nimport { gateway, types } from \"@highstate/gateway-api\"\nimport { map, pipe } from \"remeda\"\nimport { getProvider, mapMetadata, type CommonArgs } from \"../shared\"\nimport { resolveBackendRef, type BackendRef } from \"./backend\"\n\nexport type HttpRouteArgs = Omit<CommonArgs, \"namespace\"> & {\n /**\n * The gateway to associate with the route.\n */\n gateway: Input<gateway.v1.Gateway>\n\n /**\n * The alias for `hostnames: [hostname]`.\n */\n hostname?: Input<string>\n\n /**\n * The rule of the route.\n */\n rule?: Input<HttpRouteRuleArgs>\n\n /**\n * The rules of the route.\n */\n rules?: InputArray<HttpRouteRuleArgs>\n} & Omit<Partial<types.input.gateway.v1.HTTPRouteSpec>, \"rules\">\n\nexport type HttpRouteRuleArgs = Omit<\n types.input.gateway.v1.HTTPRouteSpecRules,\n \"matches\" | \"filters\" | \"backendRefs\"\n> & {\n /**\n * The conditions of the rule.\n * Can be specified as string to match on the path.\n */\n matches?: InputArray<HttpRouteRuleMatchOptions>\n\n /**\n * The condition of the rule.\n * Can be specified as string to match on the path.\n */\n match?: Input<HttpRouteRuleMatchOptions>\n\n /**\n * The filters of the rule.\n */\n filters?: InputArray<types.input.gateway.v1.HTTPRouteSpecRulesFilters>\n\n /**\n * The filter of the rule.\n */\n filter?: Input<types.input.gateway.v1.HTTPRouteSpecRulesFilters>\n\n /**\n * The service to route to.\n */\n backend?: Input<BackendRef>\n}\n\nexport type HttpRouteRuleMatchOptions = types.input.gateway.v1.HTTPRouteSpecRulesMatches | string\n\nexport class HttpRoute extends ComponentResource {\n /**\n * The underlying Kubernetes resource.\n */\n public readonly route: Output<gateway.v1.HTTPRoute>\n\n constructor(name: string, args: HttpRouteArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:HttpRoute\", name, args, opts)\n\n this.route = output({\n args,\n gatewayNamespace: output(args.gateway).metadata.namespace,\n }).apply(async ({ args, gatewayNamespace }) => {\n return new gateway.v1.HTTPRoute(\n name,\n {\n metadata: mapMetadata(\n {\n ...args,\n namespace: gatewayNamespace as string,\n },\n name,\n ),\n spec: {\n hostnames: normalize(args.hostname, args.hostnames),\n\n parentRefs: [\n {\n name: args.gateway.metadata.name as Output<string>,\n },\n ],\n\n rules: normalize(args.rule, args.rules).map(rule => ({\n timeouts: rule.timeouts,\n\n matches: pipe(\n normalize(rule.match, rule.matches),\n map(mapHttpRouteRuleMatch),\n addDefaultPathMatch,\n ),\n\n filters: normalize(rule.filter, rule.filters),\n backendRefs: rule.backend ? [resolveBackendRef(rule.backend)] : undefined,\n })),\n } satisfies types.input.gateway.v1.HTTPRouteSpec,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n }\n}\n\nfunction addDefaultPathMatch(\n matches: types.input.gateway.v1.HTTPRouteSpecRulesMatches[],\n): types.input.gateway.v1.HTTPRouteSpecRulesMatches[] {\n return matches.length ? matches : [{ path: { type: \"PathPrefix\", value: \"/\" } }]\n}\n\nexport function mapHttpRouteRuleMatch(\n match: HttpRouteRuleMatchOptions,\n): types.input.gateway.v1.HTTPRouteSpecRulesMatches {\n if (typeof match === \"string\") {\n return { path: { type: \"PathPrefix\", value: match } }\n }\n\n return match\n}\n","import { core } from \"@pulumi/kubernetes\"\nimport { type Input, output, Output, type Unwrap } from \"@highstate/pulumi\"\nimport { Service } from \"../service\"\n\nexport interface FullBackendRef {\n /**\n * The name of the resource being referenced.\n */\n name: Input<string>\n\n /**\n * The namespace of the resource being referenced.\n * May be undefined if the resource is not in a namespace.\n */\n namespace?: Input<string | undefined>\n\n /**\n * The port of the resource being referenced.\n */\n port: Input<number>\n}\n\nexport interface ServiceBackendRef {\n /**\n * The name of the service being referenced.\n */\n service: Input<core.v1.Service>\n\n /**\n * The port of the service being referenced.\n */\n port: Input<number>\n}\n\nexport type BackendRef = FullBackendRef | ServiceBackendRef | Service\n\nexport function resolveBackendRef(ref: BackendRef): Output<Unwrap<FullBackendRef>> {\n if (Service.isInstance(ref)) {\n return output({\n name: ref.metadata.name,\n namespace: ref.metadata.namespace,\n port: ref.spec.ports[0].port,\n })\n }\n\n if (\"service\" in ref) {\n const service = output(ref.service)\n\n return output({\n name: service.metadata.name,\n namespace: service.metadata.namespace,\n port: ref.port,\n })\n }\n\n return output({\n name: ref.name,\n namespace: ref.namespace,\n port: ref.port,\n })\n}\n","import { networking, types, type core } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n interpolate,\n normalize,\n output,\n type Input,\n type InputArray,\n type Output,\n type Resource,\n type ResourceOptions,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { capitalize, flat, groupBy, merge, mergeDeep, uniqueBy } from \"remeda\"\nimport { k8s, network } from \"@highstate/library\"\nimport {\n l34EndpointToString,\n l3EndpointToCidr,\n parseL34Endpoint,\n type InputL34Endpoint,\n} from \"@highstate/common\"\nimport {\n getProvider,\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapNamespaceNameToSelector,\n mapSelectorLikeToSelector,\n type CommonArgs,\n type NamespaceLike,\n type SelectorLike,\n} from \"./shared\"\nimport { getServiceMetadata, isFromCluster, mapServiceToLabelSelector } from \"./service\"\n\nexport type NetworkPolicyPort = {\n /**\n * The protocol to match.\n *\n * If not provided, \"TCP\" will be used.\n */\n protocol?: string\n} & (\n | {\n /**\n * The single port to match.\n */\n port: number | string\n }\n | {\n /**\n * The range of ports to match.\n */\n range: [start: number, end: number]\n }\n)\n\nexport type IngressRuleArgs = {\n /**\n * Whether to allow all incoming traffic.\n *\n * If set to `true`, all other rules will be ignored for matched traffic.\n */\n fromAll?: Input<boolean>\n\n /**\n * The allowed cidr for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromCidr?: Input<string>\n\n /**\n * The list of allowed cidrs for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromCidrs?: InputArray<string>\n\n /**\n * The list of allowed L3 or L4 endpoints for outgoing traffic.\n *\n * Just a syntactic sugar for `fromFqdn` and `fromService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n fromEndpoint?: Input<InputL34Endpoint>\n\n /**\n * The list of allowed L3 or L4 endpoints for incoming traffic.\n *\n * Just a syntactic sugar for `fromFqdn` and `fromService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n fromEndpoints?: InputArray<InputL34Endpoint>\n\n /**\n * The service to allow traffic from.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromService?: Input<core.v1.Service>\n\n /**\n * The list of allowed services for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromServices?: InputArray<core.v1.Service>\n\n /**\n * The namespace to allow traffic from.\n *\n * If provided with `fromSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespace.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n fromNamespace?: Input<NamespaceLike>\n\n /**\n * The list of allowed namespaces for incoming traffic.\n *\n * If provided with `fromSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n fromNamespaces?: InputArray<NamespaceLike>\n\n /**\n * The selector for incoming traffic.\n *\n * If provided with `fromNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods in all namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and namespaces).\n */\n fromSelector?: Input<SelectorLike>\n\n /**\n * The list of selectors for incoming traffic.\n *\n * If provided with `fromNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods in all namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and namespaces).\n */\n fromSelectors?: InputArray<SelectorLike>\n\n /**\n * The port to allow incoming traffic on.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPort?: Input<NetworkPolicyPort>\n\n /**\n * The list of allowed ports for incoming traffic.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPorts?: InputArray<NetworkPolicyPort>\n}\n\nexport type EgressRuleArgs = {\n /**\n * Whether to allow all outgoing traffic.\n *\n * If set to `true`, all other rules will be ignored for matched traffic.\n */\n toAll?: Input<boolean>\n\n /**\n * The allowed cidr for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toCidr?: Input<string>\n\n /**\n * The list of allowed cidrs for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toCidrs?: InputArray<string>\n\n /**\n * The FQDN to allow outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toFqdn?: Input<string>\n\n /**\n * The list of allowed FQDNs for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toFqdns?: InputArray<string>\n\n /**\n * The L3 or L4 endpoint to allow outgoing traffic.\n *\n * Just a syntactic sugar for `toFqdn`, `toCidr` and `toService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n toEndpoint?: Input<InputL34Endpoint>\n\n /**\n * The list of allowed L3 or L4 endpoints for outgoing traffic.\n *\n * Just a syntactic sugar for `toFqdn`, `toCidr` and `toService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n toEndpoints?: InputArray<InputL34Endpoint>\n\n /**\n * The service to allow traffic to.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toService?: Input<core.v1.Service>\n\n /**\n * The list of allowed services for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toServices?: InputArray<core.v1.Service>\n\n /**\n * The namespace to allow traffic to.\n *\n * If provided with `toSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespace.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n toNamespace?: Input<NamespaceLike>\n\n /**\n * The list of allowed namespaces for outgoing traffic.\n *\n * If provided with `toSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n toNamespaces?: InputArray<NamespaceLike>\n\n /**\n * The selector for outgoing traffic.\n *\n * If provided with `toNamespace(s)`, it will be ANDe with them.\n *\n * Otherwise, it will match pods only in all namespaces.\n */\n toSelector?: Input<SelectorLike>\n\n /**\n * The list of selectors for outgoing traffic.\n *\n * If provided with `toNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods only in all namespaces.\n */\n toSelectors?: InputArray<SelectorLike>\n\n /**\n * The port to allow outgoing traffic on.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPort?: Input<NetworkPolicyPort>\n\n /**\n * The list of allowed ports for outgoing traffic.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPorts?: InputArray<NetworkPolicyPort>\n}\n\nexport type NetworkPolicyArgs = CommonArgs & {\n /**\n * The description of this network policy.\n */\n description?: Input<string>\n\n /**\n * The pod selector for this network policy.\n * If not provided, it will select all pods in the namespace.\n */\n selector?: SelectorLike\n\n /**\n * The rule for incoming traffic.\n */\n ingressRule?: Input<IngressRuleArgs>\n\n /**\n * The rules for incoming traffic.\n */\n ingressRules?: InputArray<IngressRuleArgs>\n\n /**\n * The rule for outgoing traffic.\n */\n egressRule?: Input<EgressRuleArgs>\n\n /**\n * The rules for outgoing traffic.\n */\n egressRules?: InputArray<EgressRuleArgs>\n\n /**\n * Enable the isolation of ingress traffic, so that only matched traffic can ingress.\n */\n isolateIngress?: Input<boolean>\n\n /**\n * Enable the isolation of egress traffic, so that only matched traffic can egress.\n */\n isolateEgress?: Input<boolean>\n\n /**\n * Allow the eggress traffic to the API server of the cluster.\n *\n * By default, `false`.\n */\n allowKubeApiServer?: Input<boolean>\n\n /**\n * Allow the eggress traffic to the DNS server of the cluster.\n *\n * By default, `false`.\n */\n allowKubeDns?: Input<boolean>\n\n /**\n * The cluster to create the network policy in.\n */\n cluster: Input<k8s.Cluster>\n}\n\nexport type NormalizedRuleArgs = {\n all: boolean\n cidrs: string[]\n fqdns: string[]\n services: core.v1.Service[]\n namespaces: NamespaceLike[]\n selectors: SelectorLike[]\n ports: NetworkPolicyPort[]\n}\n\nexport type NormalizedNetworkPolicyArgs = Omit<\n Unwrap<NetworkPolicyArgs>,\n | \"podSelector\"\n | \"ingressRule\"\n | \"ingressRules\"\n | \"egressRule\"\n | \"egressRules\"\n | \"isolateIngress\"\n | \"isolateEgress\"\n | \"allowKubeApiServer\"\n | \"allowKubeDNS\"\n> & {\n podSelector: Unwrap<types.input.meta.v1.LabelSelector>\n\n isolateIngress: boolean\n isolateEgress: boolean\n\n allowKubeApiServer: boolean\n\n ingressRules: NormalizedRuleArgs[]\n egressRules: NormalizedRuleArgs[]\n}\n\n/**\n * The abstract resource for creating network policies.\n * Will use different resources depending on the environment.\n *\n * Note: In the worst case, it will create native `NetworkPolicy` resources and ignore some features like L7 rules.\n */\nexport abstract class NetworkPolicy extends ComponentResource {\n /**\n * The underlying network policy resource.\n */\n public readonly networkPolicy: Output<Resource>\n\n protected constructor(name: string, args: Unwrap<NetworkPolicyArgs>, opts?: ResourceOptions) {\n super(\"k8s:network-policy\", name, args, opts)\n\n const normalizedArgs = output(args).apply(args => {\n const ingressRules = normalize(args.ingressRule, args.ingressRules)\n const egressRules = normalize(args.egressRule, args.egressRules)\n\n const extraEgressRules: NormalizedRuleArgs[] = []\n\n if (args.allowKubeDns) {\n extraEgressRules.push({\n namespaces: [\"kube-system\"],\n selectors: [{ matchLabels: { \"k8s-app\": \"kube-dns\" } }],\n ports: [{ port: 53, protocol: \"UDP\" }],\n all: false,\n cidrs: [],\n fqdns: [],\n services: [],\n })\n }\n\n return {\n ...args,\n\n podSelector: args.selector ? mapSelectorLikeToSelector(args.selector) : {},\n\n isolateEgress: args.isolateEgress ?? false,\n isolateIngress: args.isolateIngress ?? false,\n\n allowKubeApiServer: args.allowKubeApiServer ?? false,\n\n ingressRules: ingressRules.flatMap(rule => {\n const endpoints = normalize(\n args.ingressRule?.fromEndpoint,\n args.ingressRule?.fromEndpoints,\n )\n const parsedEndpoints = endpoints.map(parseL34Endpoint)\n\n const endpointsByPortsAndNamespaces = groupBy(parsedEndpoints, endpoint => {\n const namespace = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.namespace\n : \"\"\n\n const port = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.targetPort\n : endpoint.port\n\n return `${port ?? \"0\"}:${namespace}`\n })\n\n const l3OnlyRule = endpointsByPortsAndNamespaces[\"0:\"]\n ? NetworkPolicy.getRuleFromEndpoint(\n undefined,\n endpointsByPortsAndNamespaces[\"0:\"],\n args.cluster,\n )\n : undefined\n\n const otherRules = Object.entries(endpointsByPortsAndNamespaces)\n .filter(([key]) => key !== \"0:\")\n .map(([key, endpoints]) => {\n const [port] = key.split(\":\")\n const portNumber = parseInt(port, 10)\n const portValue = isNaN(portNumber) ? port : portNumber\n\n return NetworkPolicy.getRuleFromEndpoint(portValue, endpoints, args.cluster)\n })\n\n return [\n {\n all: rule.fromAll ?? false,\n cidrs: normalize(rule.fromCidr, rule.fromCidrs).concat(l3OnlyRule?.cidrs ?? []),\n fqdns: [],\n services: normalize(rule.fromService, rule.fromServices),\n namespaces: normalize(rule.fromNamespace, rule.fromNamespaces),\n selectors: normalize(rule.fromSelector, rule.fromSelectors),\n ports: normalize(rule.toPort, rule.toPorts),\n } as NormalizedRuleArgs,\n\n ...otherRules,\n ].filter(rule => !NetworkPolicy.isEmptyRule(rule))\n }),\n\n egressRules: egressRules\n .flatMap(rule => {\n const endpoints = normalize(args.egressRule?.toEndpoint, args.egressRule?.toEndpoints)\n const parsedEndpoints = endpoints.map(parseL34Endpoint)\n\n const endpointsByPortsAnsNamespaces = groupBy(parsedEndpoints, endpoint => {\n const namespace = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.namespace\n : \"\"\n\n const port = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.targetPort\n : endpoint.port\n\n return `${port ?? \"0\"}:${namespace}`\n })\n\n const l3OnlyRule = endpointsByPortsAnsNamespaces[\"0:\"]\n ? NetworkPolicy.getRuleFromEndpoint(\n undefined,\n endpointsByPortsAnsNamespaces[\"0:\"],\n args.cluster,\n )\n : undefined\n\n const otherRules = Object.entries(endpointsByPortsAnsNamespaces)\n .filter(([key]) => key !== \"0:\")\n .map(([key, endpoints]) => {\n const [port] = key.split(\":\")\n const portNumber = parseInt(port, 10)\n const portValue = isNaN(portNumber) ? port : portNumber\n\n return NetworkPolicy.getRuleFromEndpoint(portValue, endpoints, args.cluster)\n })\n\n return [\n {\n all: rule.toAll ?? false,\n cidrs: normalize(rule.toCidr, rule.toCidrs).concat(l3OnlyRule?.cidrs ?? []),\n fqdns: normalize(rule.toFqdn, rule.toFqdns).concat(l3OnlyRule?.fqdns ?? []),\n services: normalize(rule.toService, rule.toServices),\n namespaces: normalize(rule.toNamespace, rule.toNamespaces),\n selectors: normalize(rule.toSelector, rule.toSelectors),\n ports: normalize(rule.toPort, rule.toPorts),\n } as NormalizedRuleArgs,\n\n ...otherRules,\n ].filter(rule => !NetworkPolicy.isEmptyRule(rule))\n })\n .concat(extraEgressRules),\n }\n })\n\n this.networkPolicy = output(\n normalizedArgs.apply(async args => {\n return output(\n this.create(name, args as NormalizedNetworkPolicyArgs, {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n }),\n )\n }),\n )\n }\n\n private static mapCidrFromEndpoint(\n this: void,\n result: network.L3Endpoint & { type: \"ipv4\" | \"ipv6\" },\n ): string {\n if (result.type === \"ipv4\") {\n return `${result.address}/32`\n }\n\n return `${result.address}/128`\n }\n\n private static getRuleFromEndpoint(\n port: number | string | undefined,\n endpoints: network.L34Endpoint[],\n cluster: k8s.Cluster,\n ): NormalizedRuleArgs {\n const ports: NetworkPolicyPort[] = port\n ? [{ port, protocol: endpoints[0].protocol?.toUpperCase() }]\n : []\n\n const cidrs = endpoints\n .filter(endpoint => !isFromCluster(endpoint, cluster))\n .filter(endpoint => endpoint.type === \"ipv4\" || endpoint.type === \"ipv6\")\n .map(NetworkPolicy.mapCidrFromEndpoint)\n\n const fqdns = endpoints\n .filter(endpoint => endpoint.type === \"hostname\")\n .map(endpoint => endpoint.hostname)\n\n const selectors = endpoints\n .filter(endpoint => isFromCluster(endpoint, cluster))\n .map(endpoint => endpoint.metadata.k8sService.selector)\n\n const namespace = endpoints\n .filter(endpoint => isFromCluster(endpoint, cluster))\n .map(endpoint => getServiceMetadata(endpoint)?.namespace)[0]\n\n return {\n all: false,\n cidrs,\n fqdns,\n services: [],\n namespaces: namespace ? [namespace] : [],\n selectors,\n ports,\n }\n }\n\n private static isEmptyRule(rule: NormalizedRuleArgs): boolean {\n return (\n !rule.all &&\n rule.cidrs.length === 0 &&\n rule.fqdns.length === 0 &&\n rule.services.length === 0 &&\n rule.namespaces.length === 0 &&\n rule.selectors.length === 0 &&\n rule.ports.length === 0\n )\n }\n\n protected abstract create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Input<Resource>\n\n static create(\n name: string,\n args: NetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return output(args).apply(async args => {\n const cni = args.cluster.cni\n\n if (cni === \"other\") {\n return new NativeNetworkPolicy(name, args, opts)\n }\n\n const implName = `${capitalize(cni)}NetworkPolicy`\n const implModule = (await import(`@highstate/${cni}`)) as Record<string, unknown>\n\n type NetworkPolicyFactory = new (\n name: string,\n args: Unwrap<NetworkPolicyArgs>,\n opts?: ResourceOptions,\n ) => NetworkPolicy\n\n const implClass = implModule[implName] as NetworkPolicyFactory | undefined\n if (!implClass) {\n throw new Error(`No implementation found for ${cni}`)\n }\n\n return new implClass(name, args, opts)\n })\n }\n\n static isolate(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ) {\n return NetworkPolicy.create(\n \"isolate\",\n {\n namespace,\n cluster,\n\n description: \"By default, deny all traffic to/from the namespace.\",\n\n isolateEgress: true,\n isolateIngress: true,\n },\n opts,\n )\n }\n\n static allowInsideNamespace(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-inside-namespace\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic inside the namespace.\",\n selector: {},\n\n ingressRule: { fromNamespace: namespace },\n egressRule: { toNamespace: namespace },\n },\n opts,\n )\n }\n\n static allowKubeApiServer(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-kube-api-server\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic to the Kubernetes API server from the namespace.\",\n\n allowKubeApiServer: true,\n },\n opts,\n )\n }\n\n static allowKubeDns(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-kube-dns\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic to the Kubernetes DNS server from the namespace.\",\n\n allowKubeDns: true,\n },\n opts,\n )\n }\n\n static allowAllEgress(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-all-egress\",\n {\n namespace,\n cluster,\n\n description: \"Allow all egress traffic from the namespace.\",\n\n egressRule: { toAll: true },\n },\n opts,\n )\n }\n\n static allowAllIngress(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-all-ingress\",\n {\n namespace,\n cluster,\n\n description: \"Allow all ingress traffic to the namespace.\",\n\n ingressRule: { fromAll: true },\n },\n opts,\n )\n }\n\n static allowEgressToEndpoint(\n endpoint: InputL34Endpoint,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n const parsedEndpoint = parseL34Endpoint(endpoint)\n\n return NetworkPolicy.create(\n `allow-egress-to-${l34EndpointToString(parsedEndpoint)}`,\n {\n namespace,\n cluster,\n\n description: interpolate`Allow egress traffic to \"${l34EndpointToString(parsedEndpoint)}\" from the namespace.`,\n\n egressRule: { toEndpoint: endpoint },\n },\n opts,\n )\n }\n\n static allowIngressFromEndpoint(\n endpoint: InputL34Endpoint,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n const parsedEndpoint = parseL34Endpoint(endpoint)\n\n return NetworkPolicy.create(\n `allow-ingress-from-${l34EndpointToString(parsedEndpoint)}`,\n {\n namespace,\n cluster,\n\n description: interpolate`Allow ingress traffic from \"${l34EndpointToString(parsedEndpoint)}\" to the namespace.`,\n\n ingressRule: { fromEndpoint: endpoint },\n },\n opts,\n )\n }\n}\n\nexport class NativeNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n const ingress = NativeNetworkPolicy.createIngressRules(args)\n const egress = NativeNetworkPolicy.createEgressRules(args)\n\n const policyTypes: string[] = []\n\n if (ingress.length > 0 || args.isolateIngress) {\n policyTypes.push(\"Ingress\")\n }\n\n if (egress.length > 0 || args.isolateEgress) {\n policyTypes.push(\"Egress\")\n }\n\n return new networking.v1.NetworkPolicy(\n name,\n {\n metadata: mergeDeep(mapMetadata(args, name), {\n annotations: args.description\n ? { \"kubernetes.io/description\": args.description }\n : undefined,\n }),\n spec: {\n podSelector: args.podSelector,\n ingress,\n egress,\n policyTypes,\n },\n },\n opts,\n )\n }\n\n private static fallbackIpBlock: types.input.networking.v1.IPBlock = {\n cidr: \"0.0.0.0/0\",\n except: [\"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n }\n\n private static fallbackDnsRule: types.input.networking.v1.NetworkPolicyEgressRule = {\n to: [\n {\n namespaceSelector: { matchLabels: { \"kubernetes.io/metadata.name\": \"kube-system\" } },\n podSelector: { matchLabels: { \"k8s-app\": \"kube-dns\" } },\n },\n ],\n ports: [{ port: 53, protocol: \"UDP\" }],\n }\n\n private static createIngressRules(\n args: NormalizedNetworkPolicyArgs,\n ): types.input.networking.v1.NetworkPolicyIngressRule[] {\n return uniqueBy(\n args.ingressRules.map(rule => ({\n from: rule.all ? [] : NativeNetworkPolicy.createRulePeers(rule),\n ports: NativeNetworkPolicy.mapPorts(rule.ports),\n })),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(\n args: NormalizedNetworkPolicyArgs,\n ): types.input.networking.v1.NetworkPolicyEgressRule[] {\n const extraRules: types.input.networking.v1.NetworkPolicyEgressRule[] = []\n\n const needKubeDns = args.egressRules.some(rule => rule.fqdns.length > 0)\n if (needKubeDns) {\n extraRules.push(NativeNetworkPolicy.fallbackDnsRule)\n }\n\n // the native resource does not support FQDNs\n // to provide compatibility, we need to fallback to all except private CIDRs\n const needFallback = args.egressRules.some(rule =>\n rule.fqdns.some(fqdn => !fqdn.endsWith(\".cluster.local\")),\n )\n if (needFallback) {\n extraRules.push({ to: [{ ipBlock: NativeNetworkPolicy.fallbackIpBlock }] })\n }\n\n // apply fallback rules for kube-apiserver\n if (args.allowKubeApiServer) {\n const { quirks, apiEndpoints } = args.cluster\n\n if (quirks?.fallbackKubeApiAccess) {\n extraRules.push({\n to: [{ ipBlock: { cidr: `${quirks?.fallbackKubeApiAccess.serverIp}/32` } }],\n ports: [{ port: quirks?.fallbackKubeApiAccess.serverPort, protocol: \"TCP\" }],\n })\n } else {\n const rules = apiEndpoints\n .filter(endpoint => endpoint.type !== \"hostname\")\n .map(endpoint => ({\n to: [{ ipBlock: { cidr: l3EndpointToCidr(endpoint) } }],\n ports: [{ port: endpoint.port, protocol: \"TCP\" }],\n }))\n\n extraRules.push(...rules)\n }\n }\n\n return uniqueBy(\n args.egressRules\n .map(rule => {\n return {\n to: rule.all ? [] : NativeNetworkPolicy.createRulePeers(rule),\n ports: NativeNetworkPolicy.mapPorts(rule.ports),\n } as types.input.networking.v1.NetworkPolicyEgressRule\n })\n .filter(rule => rule.to !== undefined)\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRulePeers(\n this: void,\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] | undefined {\n const peers = uniqueBy(\n [\n ...NativeNetworkPolicy.createCidrPeers(args),\n ...NativeNetworkPolicy.createServicePeers(args),\n ...NativeNetworkPolicy.createSelectorPeers(args),\n ],\n peer => JSON.stringify(peer),\n )\n\n return peers.length > 0 ? peers : undefined\n }\n\n private static createCidrPeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n return args.cidrs.map(cidr => ({ ipBlock: { cidr } }))\n }\n\n private static createServicePeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n return args.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return {\n namespaceSelector: mapNamespaceNameToSelector(service.metadata.namespace),\n podSelector: selector,\n }\n })\n }\n\n private static createSelectorPeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n const selectorPeers = args.selectors.map(selector => ({\n podSelector: mapSelectorLikeToSelector(selector),\n }))\n\n const namespacePeers = args.namespaces.map(NativeNetworkPolicy.createNamespacePeer)\n\n if (namespacePeers.length === 0) {\n // if there are no namespaces, we can just return selector peers\n return selectorPeers\n }\n\n if (selectorPeers.length === 0) {\n // if there are no selectors, we can just return namespace peers\n return namespacePeers\n }\n\n // if there are both, we need to create a cartesian product\n return flat(\n selectorPeers.map(selectorPeer => {\n return namespacePeers.map(namespacePeer => merge(selectorPeer, namespacePeer))\n }),\n )\n }\n\n private static createNamespacePeer(\n this: void,\n namespace: NamespaceLike,\n ): types.input.networking.v1.NetworkPolicyPeer {\n const namespaceName = mapNamespaceLikeToNamespaceName(namespace)\n const namespaceSelector = mapNamespaceNameToSelector(namespaceName)\n\n return { namespaceSelector }\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.networking.v1.NetworkPolicyPort[] {\n return ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port,\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0],\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n })\n }\n}\n"],"mappings":";;;;;;;;;;;AACA,SAAS,YAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAKK;AACP,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAC1B,SAAS,iBAAiB,oBAAoB,uBAAuB;AAwBrE,IAAM,mBAAmB,CAAC,GAAG,iBAAiB,QAAQ,SAAS,UAAU;AAkBlE,SAAS,mBACd,UACwF;AACxF,SAAO,SAAS,UAAU,eAAe;AAC3C;AAQO,SAAS,mBACd,UACqC;AACrC,SAAO,SAAS,UAAU;AAC5B;AASO,SAAS,oBACd,UACA,UACmE;AACnE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ,YAAY;AAAA,IACd;AAAA,EACF;AACF;AASO,SAAS,cACd,UACA,SACwF;AACxF,SAAO,mBAAmB,QAAQ,GAAG,cAAc,QAAQ;AAC7D;AAEO,IAAe,UAAf,cAA+B,kBAAkB;AAAA,EAC5C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAA8B;AAChC,WAAO,OAAO;AAAA,MACZ,MAAM;AAAA,MACN,WAAW,KAAK,QAAQ;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,OAAO,MAAc,MAAmB,MAAyC;AACtF,WAAO,IAAI,eAAe,MAAM,MAAM,IAAI;AAAA,EAC5C;AAAA,EAEA,OAAO,KACL,MACA,SACA,SACA,MACS;AACT,WAAO,IAAI,eAAe,MAAM,SAAS,SAAS,IAAI;AAAA,EACxD;AAAA,EAEA,OAAO,SACL,MACA,IACA,SACA,MACS;AACT,WAAO,IAAI,gBAAgB,MAAM,IAAI,SAAS,IAAI;AAAA,EACpD;AAAA,EAEA,OAAO,GACL,MACA,QACA,SACA,MACS;AACT,WAAO,IAAI;AAAA,MACT;AAAA,MACA,OAAO,MAAM,EAAE;AAAA,MACf,OAAO,EAAE,SAAS,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,SAAAA,UAAS,QAAAC,QAAO,MAAM;AACzD,YAAID,SAAQ,OAAOC,QAAO,WAAW;AACnC,gBAAM,IAAI;AAAA,YACR,2CAA2C,IAAI,OAAOD,SAAQ,EAAE,SAASC,QAAO,SAAS;AAAA,UAC3F;AAAA,QACF;AAEA,eAAOD;AAAA,MACT,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,gBAAgB,QAA+D;AAC7E,WAAO,OAAO,EAAE,WAAW,KAAK,UAAU,CAAC,EAAE,MAAM,CAAC,EAAE,UAAU,MAAM;AACpE,aAAO,gBAAgB,WAAW,MAAM;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,YAA0C;AAC5C,WAAO,OAAO;AAAA,MACZ,SAAS,KAAK;AAAA,MACd,UAAU,KAAK;AAAA,MACf,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACf,CAAC,EAAE,MAAM,CAAC,EAAE,SAAS,UAAU,MAAM,OAAO,MAAM;AAChD,YAAM,mBAAmB;AAAA,QACvB,YAAY;AAAA,UACV,WAAW,QAAQ;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,WAAW,SAAS;AAAA,UACpB,UAAU,KAAK;AAAA,UACf,YAAY,KAAK,MAAM,CAAC,EAAE,cAAc,KAAK,MAAM,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,YAAY,IAAI,SAAO;AAAA,QACrD,GAAG,gBAAgB,EAAE;AAAA,QACrB,YAAY;AAAA,QACZ,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE;AAEF,UAAI,mBAAmB,SAAS,GAAG;AACjC,2BAAmB,QAAQ;AAAA,UACzB,MAAM;AAAA,UACN,YAAY;AAAA,UACZ,UAAU,GAAG,SAAS,IAAI,IAAI,SAAS,SAAS;AAAA,UAChD,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,UACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,UAC9C,UAAU;AAAA,QACZ,CAAC;AAAA,MACH;AAEA,YAAM,oBACJ,KAAK,SAAS,aACV,QAAQ,UAAU,IAAI,eAAa;AAAA,QACjC,GAAI;AAAA,QACJ,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE,IACF,CAAC;AAEP,YAAM,wBACJ,KAAK,SAAS,iBACV,OAAO,cAAc,SAAS,IAAI,eAAa;AAAA,QAC7C,GAAG,gBAAgB,SAAS,MAAM,SAAS,QAAQ;AAAA,QACnD,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE,IACF,CAAC;AAEP,aAAO;AAAA,QACL;AAAA,UACE,GAAI,sBAAsB,CAAC;AAAA,UAC3B,GAAI,yBAAyB,CAAC;AAAA,UAC9B,GAAI,qBAAqB,CAAC;AAAA,QAC5B;AAAA,QACA,cAAY,mBAAmB,QAAQ;AAAA,MACzC;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,IAAM,iBAAN,cAA6B,QAAQ;AAAA,EACnC,YAAY,MAAc,MAAmB,MAAgC;AAC3E,UAAM,UAAU,OAAO,IAAI,EAAE,MAAM,CAAAE,UAAQ;AACzC,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYA,OAAM,IAAI;AAAA,UAChC,MAAM;AAAA,YACJ;AAAA,cACE,OAAO,UAAUA,MAAK,MAAMA,MAAK,KAAK;AAAA,cAEtC,aAAaA,MAAK,WACbA,MAAK,eAAeA,MAAK,QAAQ,cAClCA,MAAK,QAAQ;AAAA,cAEjB,MAAM,eAAeA,OAAMA,MAAK,OAAO;AAAA,YACzC;AAAA,YACA,KAAKA,OAAM,gBAAgB;AAAA,UAC7B;AAAA,QACF;AAAA,QACA,EAAE,QAAQ,MAAM,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,OAAO,KAAK,OAAO;AAAA,MACnB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,QAAQ;AAAA,EACnC,YACE,MACA,SACA,SACA,MACA;AACA;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,SAAS,aAAa,QAAQ;AAAA,MAChC;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,OAAO,OAAO,EAAE;AAAA,MAChB,OAAO,OAAO,EAAE;AAAA,MAChB,OAAO,OAAO,EAAE;AAAA,IAClB;AAAA,EACF;AACF;AAEA,IAAM,kBAAN,cAA8B,QAAQ;AAAA,EACpC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,UAAU,OAAO,EAAE,EAAE,MAAM,CAAAC,QAAM;AACrC,aAAO,KAAK,GAAG,QAAQ;AAAA;AAAA,QAErB;AAAA,QACA,mBAAmBA,GAAE;AAAA,QACrB,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAEO,SAAS,8BACd,MACiC;AACjC,SAAO;AAAA,IACL,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,YAAY,KAAK;AAAA,IACjB,UAAU,KAAK;AAAA,EACjB;AACF;AAEO,SAAS,0BACd,SACmC;AACnC,SAAO;AAAA,IACL,aAAa,QAAQ,KAAK;AAAA,EAC5B;AACF;AAEO,SAAS,eACd,SACA,SACe;AACf,MAAI,SAAS,MAAM;AACjB,WAAO,QAAQ;AAAA,EACjB;AAEA,MAAI,CAAC,SAAS,UAAU;AACtB,WAAO;AAAA,EACT;AAEA,SAAO,QAAQ,QAAQ,wBAAwB,iBAAiB,iBAAiB;AACnF;;;AC/YA;AAAA,EACE,qBAAAC;AAAA,EACA,aAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AACP,SAAS,eAAsB;AAC/B,SAAS,KAAK,YAAY;;;ACV1B,OAAqB;AACrB,SAAqB,UAAAC,eAAmC;AAmCjD,SAAS,kBAAkB,KAAiD;AACjF,MAAI,QAAQ,WAAW,GAAG,GAAG;AAC3B,WAAOC,QAAO;AAAA,MACZ,MAAM,IAAI,SAAS;AAAA,MACnB,WAAW,IAAI,SAAS;AAAA,MACxB,MAAM,IAAI,KAAK,MAAM,CAAC,EAAE;AAAA,IAC1B,CAAC;AAAA,EACH;AAEA,MAAI,aAAa,KAAK;AACpB,UAAM,UAAUA,QAAO,IAAI,OAAO;AAElC,WAAOA,QAAO;AAAA,MACZ,MAAM,QAAQ,SAAS;AAAA,MACvB,WAAW,QAAQ,SAAS;AAAA,MAC5B,MAAM,IAAI;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAOA,QAAO;AAAA,IACZ,MAAM,IAAI;AAAA,IACV,WAAW,IAAI;AAAA,IACf,MAAM,IAAI;AAAA,EACZ,CAAC;AACH;;;ADUO,IAAM,YAAN,cAAwBC,mBAAkB;AAAA;AAAA;AAAA;AAAA,EAI/B;AAAA,EAEhB,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,2BAA2B,MAAM,MAAM,IAAI;AAEjD,SAAK,QAAQC,QAAO;AAAA,MAClB;AAAA,MACA,kBAAkBA,QAAO,KAAK,OAAO,EAAE,SAAS;AAAA,IAClD,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,iBAAiB,MAAM;AAC7C,aAAO,IAAI,QAAQ,GAAG;AAAA,QACpB;AAAA,QACA;AAAA,UACE,UAAU;AAAA,YACR;AAAA,cACE,GAAGA;AAAA,cACH,WAAW;AAAA,YACb;AAAA,YACA;AAAA,UACF;AAAA,UACA,MAAM;AAAA,YACJ,WAAWC,WAAUD,MAAK,UAAUA,MAAK,SAAS;AAAA,YAElD,YAAY;AAAA,cACV;AAAA,gBACE,MAAMA,MAAK,QAAQ,SAAS;AAAA,cAC9B;AAAA,YACF;AAAA,YAEA,OAAOC,WAAUD,MAAK,MAAMA,MAAK,KAAK,EAAE,IAAI,WAAS;AAAA,cACnD,UAAU,KAAK;AAAA,cAEf,SAAS;AAAA,gBACPC,WAAU,KAAK,OAAO,KAAK,OAAO;AAAA,gBAClC,IAAI,qBAAqB;AAAA,gBACzB;AAAA,cACF;AAAA,cAEA,SAASA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,cAC5C,aAAa,KAAK,UAAU,CAAC,kBAAkB,KAAK,OAAO,CAAC,IAAI;AAAA,YAClE,EAAE;AAAA,UACJ;AAAA,QACF;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYD,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,SAAS,oBACP,SACoD;AACpD,SAAO,QAAQ,SAAS,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,cAAc,OAAO,IAAI,EAAE,CAAC;AACjF;AAEO,SAAS,sBACd,OACkD;AAClD,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,EAAE,MAAM,EAAE,MAAM,cAAc,OAAO,MAAM,EAAE;AAAA,EACtD;AAEA,SAAO;AACT;;;AE5IA,SAAS,kBAAoC;AAC7C;AAAA,EACE,qBAAAE;AAAA,EACA;AAAA,EACA,aAAAC;AAAA,EACA,UAAAC;AAAA,OAOK;AACP,SAAS,YAAY,MAAM,SAAS,OAAO,WAAW,YAAAC,iBAAgB;AACtE,OAA6B;AAC7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AAyXA,IAAe,gBAAf,MAAe,uBAAsBC,mBAAkB;AAAA;AAAA;AAAA;AAAA,EAI5C;AAAA,EAEN,YAAY,MAAc,MAAiC,MAAwB;AAC3F,UAAM,sBAAsB,MAAM,MAAM,IAAI;AAE5C,UAAM,iBAAiBC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AAChD,YAAM,eAAeC,WAAUD,MAAK,aAAaA,MAAK,YAAY;AAClE,YAAM,cAAcC,WAAUD,MAAK,YAAYA,MAAK,WAAW;AAE/D,YAAM,mBAAyC,CAAC;AAEhD,UAAIA,MAAK,cAAc;AACrB,yBAAiB,KAAK;AAAA,UACpB,YAAY,CAAC,aAAa;AAAA,UAC1B,WAAW,CAAC,EAAE,aAAa,EAAE,WAAW,WAAW,EAAE,CAAC;AAAA,UACtD,OAAO,CAAC,EAAE,MAAM,IAAI,UAAU,MAAM,CAAC;AAAA,UACrC,KAAK;AAAA,UACL,OAAO,CAAC;AAAA,UACR,OAAO,CAAC;AAAA,UACR,UAAU,CAAC;AAAA,QACb,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,GAAGA;AAAA,QAEH,aAAaA,MAAK,WAAW,0BAA0BA,MAAK,QAAQ,IAAI,CAAC;AAAA,QAEzE,eAAeA,MAAK,iBAAiB;AAAA,QACrC,gBAAgBA,MAAK,kBAAkB;AAAA,QAEvC,oBAAoBA,MAAK,sBAAsB;AAAA,QAE/C,cAAc,aAAa,QAAQ,UAAQ;AACzC,gBAAM,YAAYC;AAAA,YAChBD,MAAK,aAAa;AAAA,YAClBA,MAAK,aAAa;AAAA,UACpB;AACA,gBAAM,kBAAkB,UAAU,IAAI,gBAAgB;AAEtD,gBAAM,gCAAgC,QAAQ,iBAAiB,cAAY;AACzE,kBAAM,YAAY,cAAc,UAAUA,MAAK,OAAO,IAClD,SAAS,SAAS,WAAW,YAC7B;AAEJ,kBAAM,OAAO,cAAc,UAAUA,MAAK,OAAO,IAC7C,SAAS,SAAS,WAAW,aAC7B,SAAS;AAEb,mBAAO,GAAG,QAAQ,GAAG,IAAI,SAAS;AAAA,UACpC,CAAC;AAED,gBAAM,aAAa,8BAA8B,IAAI,IACjD,eAAc;AAAA,YACZ;AAAA,YACA,8BAA8B,IAAI;AAAA,YAClCA,MAAK;AAAA,UACP,IACA;AAEJ,gBAAM,aAAa,OAAO,QAAQ,6BAA6B,EAC5D,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,IAAI,EAC9B,IAAI,CAAC,CAAC,KAAKE,UAAS,MAAM;AACzB,kBAAM,CAAC,IAAI,IAAI,IAAI,MAAM,GAAG;AAC5B,kBAAM,aAAa,SAAS,MAAM,EAAE;AACpC,kBAAM,YAAY,MAAM,UAAU,IAAI,OAAO;AAE7C,mBAAO,eAAc,oBAAoB,WAAWA,YAAWF,MAAK,OAAO;AAAA,UAC7E,CAAC;AAEH,iBAAO;AAAA,YACL;AAAA,cACE,KAAK,KAAK,WAAW;AAAA,cACrB,OAAOC,WAAU,KAAK,UAAU,KAAK,SAAS,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC9E,OAAO,CAAC;AAAA,cACR,UAAUA,WAAU,KAAK,aAAa,KAAK,YAAY;AAAA,cACvD,YAAYA,WAAU,KAAK,eAAe,KAAK,cAAc;AAAA,cAC7D,WAAWA,WAAU,KAAK,cAAc,KAAK,aAAa;AAAA,cAC1D,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,YAC5C;AAAA,YAEA,GAAG;AAAA,UACL,EAAE,OAAO,CAAAE,UAAQ,CAAC,eAAc,YAAYA,KAAI,CAAC;AAAA,QACnD,CAAC;AAAA,QAED,aAAa,YACV,QAAQ,UAAQ;AACf,gBAAM,YAAYF,WAAUD,MAAK,YAAY,YAAYA,MAAK,YAAY,WAAW;AACrF,gBAAM,kBAAkB,UAAU,IAAI,gBAAgB;AAEtD,gBAAM,gCAAgC,QAAQ,iBAAiB,cAAY;AACzE,kBAAM,YAAY,cAAc,UAAUA,MAAK,OAAO,IAClD,SAAS,SAAS,WAAW,YAC7B;AAEJ,kBAAM,OAAO,cAAc,UAAUA,MAAK,OAAO,IAC7C,SAAS,SAAS,WAAW,aAC7B,SAAS;AAEb,mBAAO,GAAG,QAAQ,GAAG,IAAI,SAAS;AAAA,UACpC,CAAC;AAED,gBAAM,aAAa,8BAA8B,IAAI,IACjD,eAAc;AAAA,YACZ;AAAA,YACA,8BAA8B,IAAI;AAAA,YAClCA,MAAK;AAAA,UACP,IACA;AAEJ,gBAAM,aAAa,OAAO,QAAQ,6BAA6B,EAC5D,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,IAAI,EAC9B,IAAI,CAAC,CAAC,KAAKE,UAAS,MAAM;AACzB,kBAAM,CAAC,IAAI,IAAI,IAAI,MAAM,GAAG;AAC5B,kBAAM,aAAa,SAAS,MAAM,EAAE;AACpC,kBAAM,YAAY,MAAM,UAAU,IAAI,OAAO;AAE7C,mBAAO,eAAc,oBAAoB,WAAWA,YAAWF,MAAK,OAAO;AAAA,UAC7E,CAAC;AAEH,iBAAO;AAAA,YACL;AAAA,cACE,KAAK,KAAK,SAAS;AAAA,cACnB,OAAOC,WAAU,KAAK,QAAQ,KAAK,OAAO,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC1E,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC1E,UAAUA,WAAU,KAAK,WAAW,KAAK,UAAU;AAAA,cACnD,YAAYA,WAAU,KAAK,aAAa,KAAK,YAAY;AAAA,cACzD,WAAWA,WAAU,KAAK,YAAY,KAAK,WAAW;AAAA,cACtD,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,YAC5C;AAAA,YAEA,GAAG;AAAA,UACL,EAAE,OAAO,CAAAE,UAAQ,CAAC,eAAc,YAAYA,KAAI,CAAC;AAAA,QACnD,CAAC,EACA,OAAO,gBAAgB;AAAA,MAC5B;AAAA,IACF,CAAC;AAED,SAAK,gBAAgBJ;AAAA,MACnB,eAAe,MAAM,OAAMC,UAAQ;AACjC,eAAOD;AAAA,UACL,KAAK,OAAO,MAAMC,OAAqC;AAAA,YACrD,GAAG;AAAA,YACH,QAAQ;AAAA,YACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,UAC1C,CAAC;AAAA,QACH;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,OAAe,oBAEb,QACQ;AACR,QAAI,OAAO,SAAS,QAAQ;AAC1B,aAAO,GAAG,OAAO,OAAO;AAAA,IAC1B;AAEA,WAAO,GAAG,OAAO,OAAO;AAAA,EAC1B;AAAA,EAEA,OAAe,oBACb,MACA,WACA,SACoB;AACpB,UAAM,QAA6B,OAC/B,CAAC,EAAE,MAAM,UAAU,UAAU,CAAC,EAAE,UAAU,YAAY,EAAE,CAAC,IACzD,CAAC;AAEL,UAAM,QAAQ,UACX,OAAO,cAAY,CAAC,cAAc,UAAU,OAAO,CAAC,EACpD,OAAO,cAAY,SAAS,SAAS,UAAU,SAAS,SAAS,MAAM,EACvE,IAAI,eAAc,mBAAmB;AAExC,UAAM,QAAQ,UACX,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,cAAY,SAAS,QAAQ;AAEpC,UAAM,YAAY,UACf,OAAO,cAAY,cAAc,UAAU,OAAO,CAAC,EACnD,IAAI,cAAY,SAAS,SAAS,WAAW,QAAQ;AAExD,UAAM,YAAY,UACf,OAAO,cAAY,cAAc,UAAU,OAAO,CAAC,EACnD,IAAI,cAAY,mBAAmB,QAAQ,GAAG,SAAS,EAAE,CAAC;AAE7D,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA;AAAA,MACA,UAAU,CAAC;AAAA,MACX,YAAY,YAAY,CAAC,SAAS,IAAI,CAAC;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,YAAY,MAAmC;AAC5D,WACE,CAAC,KAAK,OACN,KAAK,MAAM,WAAW,KACtB,KAAK,MAAM,WAAW,KACtB,KAAK,SAAS,WAAW,KACzB,KAAK,WAAW,WAAW,KAC3B,KAAK,UAAU,WAAW,KAC1B,KAAK,MAAM,WAAW;AAAA,EAE1B;AAAA,EAQA,OAAO,OACL,MACA,MACA,MACuB;AACvB,WAAOD,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACtC,YAAM,MAAMA,MAAK,QAAQ;AAEzB,UAAI,QAAQ,SAAS;AACnB,eAAO,IAAI,oBAAoB,MAAMA,OAAM,IAAI;AAAA,MACjD;AAEA,YAAM,WAAW,GAAG,WAAW,GAAG,CAAC;AACnC,YAAM,aAAc,MAAM,OAAO,cAAc,GAAG;AAQlD,YAAM,YAAY,WAAW,QAAQ;AACrC,UAAI,CAAC,WAAW;AACd,cAAM,IAAI,MAAM,+BAA+B,GAAG,EAAE;AAAA,MACtD;AAEA,aAAO,IAAI,UAAU,MAAMA,OAAM,IAAI;AAAA,IACvC,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,QACL,WACA,SACA,MACA;AACA,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,eAAe;AAAA,QACf,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,qBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QACb,UAAU,CAAC;AAAA,QAEX,aAAa,EAAE,eAAe,UAAU;AAAA,QACxC,YAAY,EAAE,aAAa,UAAU;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,mBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,oBAAoB;AAAA,MACtB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,aACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,cAAc;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,YAAY,EAAE,OAAO,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,gBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,aAAa,EAAE,SAAS,KAAK;AAAA,MAC/B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,sBACL,UACA,WACA,SACA,MACuB;AACvB,UAAM,iBAAiB,iBAAiB,QAAQ;AAEhD,WAAO,eAAc;AAAA,MACnB,mBAAmB,oBAAoB,cAAc,CAAC;AAAA,MACtD;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa,uCAAuC,oBAAoB,cAAc,CAAC;AAAA,QAEvF,YAAY,EAAE,YAAY,SAAS;AAAA,MACrC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,yBACL,UACA,WACA,SACA,MACuB;AACvB,UAAM,iBAAiB,iBAAiB,QAAQ;AAEhD,WAAO,eAAc;AAAA,MACnB,sBAAsB,oBAAoB,cAAc,CAAC;AAAA,MACzD;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa,0CAA0C,oBAAoB,cAAc,CAAC;AAAA,QAE1F,aAAa,EAAE,cAAc,SAAS;AAAA,MACxC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,sBAAN,MAAM,6BAA4B,cAAc;AAAA,EAC3C,OACR,MACA,MACA,MACU;AACV,UAAM,UAAU,qBAAoB,mBAAmB,IAAI;AAC3D,UAAM,SAAS,qBAAoB,kBAAkB,IAAI;AAEzD,UAAM,cAAwB,CAAC;AAE/B,QAAI,QAAQ,SAAS,KAAK,KAAK,gBAAgB;AAC7C,kBAAY,KAAK,SAAS;AAAA,IAC5B;AAEA,QAAI,OAAO,SAAS,KAAK,KAAK,eAAe;AAC3C,kBAAY,KAAK,QAAQ;AAAA,IAC3B;AAEA,WAAO,IAAI,WAAW,GAAG;AAAA,MACvB;AAAA,MACA;AAAA,QACE,UAAU,UAAU,YAAY,MAAM,IAAI,GAAG;AAAA,UAC3C,aAAa,KAAK,cACd,EAAE,6BAA6B,KAAK,YAAY,IAChD;AAAA,QACN,CAAC;AAAA,QACD,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,kBAAqD;AAAA,IAClE,MAAM;AAAA,IACN,QAAQ,CAAC,cAAc,iBAAiB,gBAAgB;AAAA,EAC1D;AAAA,EAEA,OAAe,kBAAqE;AAAA,IAClF,IAAI;AAAA,MACF;AAAA,QACE,mBAAmB,EAAE,aAAa,EAAE,+BAA+B,cAAc,EAAE;AAAA,QACnF,aAAa,EAAE,aAAa,EAAE,WAAW,WAAW,EAAE;AAAA,MACxD;AAAA,IACF;AAAA,IACA,OAAO,CAAC,EAAE,MAAM,IAAI,UAAU,MAAM,CAAC;AAAA,EACvC;AAAA,EAEA,OAAe,mBACb,MACsD;AACtD,WAAOI;AAAA,MACL,KAAK,aAAa,IAAI,WAAS;AAAA,QAC7B,MAAM,KAAK,MAAM,CAAC,IAAI,qBAAoB,gBAAgB,IAAI;AAAA,QAC9D,OAAO,qBAAoB,SAAS,KAAK,KAAK;AAAA,MAChD,EAAE;AAAA,MACF,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBACb,MACqD;AACrD,UAAM,aAAkE,CAAC;AAEzE,UAAM,cAAc,KAAK,YAAY,KAAK,UAAQ,KAAK,MAAM,SAAS,CAAC;AACvE,QAAI,aAAa;AACf,iBAAW,KAAK,qBAAoB,eAAe;AAAA,IACrD;AAIA,UAAM,eAAe,KAAK,YAAY;AAAA,MAAK,UACzC,KAAK,MAAM,KAAK,UAAQ,CAAC,KAAK,SAAS,gBAAgB,CAAC;AAAA,IAC1D;AACA,QAAI,cAAc;AAChB,iBAAW,KAAK,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAoB,gBAAgB,CAAC,EAAE,CAAC;AAAA,IAC5E;AAGA,QAAI,KAAK,oBAAoB;AAC3B,YAAM,EAAE,QAAQ,aAAa,IAAI,KAAK;AAEtC,UAAI,QAAQ,uBAAuB;AACjC,mBAAW,KAAK;AAAA,UACd,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,QAAQ,sBAAsB,QAAQ,MAAM,EAAE,CAAC;AAAA,UAC1E,OAAO,CAAC,EAAE,MAAM,QAAQ,sBAAsB,YAAY,UAAU,MAAM,CAAC;AAAA,QAC7E,CAAC;AAAA,MACH,OAAO;AACL,cAAM,QAAQ,aACX,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,eAAa;AAAA,UAChB,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,QAAQ,EAAE,EAAE,CAAC;AAAA,UACtD,OAAO,CAAC,EAAE,MAAM,SAAS,MAAM,UAAU,MAAM,CAAC;AAAA,QAClD,EAAE;AAEJ,mBAAW,KAAK,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF;AAEA,WAAOA;AAAA,MACL,KAAK,YACF,IAAI,UAAQ;AACX,eAAO;AAAA,UACL,IAAI,KAAK,MAAM,CAAC,IAAI,qBAAoB,gBAAgB,IAAI;AAAA,UAC5D,OAAO,qBAAoB,SAAS,KAAK,KAAK;AAAA,QAChD;AAAA,MACF,CAAC,EACA,OAAO,UAAQ,KAAK,OAAO,MAAS,EACpC,OAAO,UAAU;AAAA,MACpB,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,gBAEb,MAC2D;AAC3D,UAAM,QAAQA;AAAA,MACZ;AAAA,QACE,GAAG,qBAAoB,gBAAgB,IAAI;AAAA,QAC3C,GAAG,qBAAoB,mBAAmB,IAAI;AAAA,QAC9C,GAAG,qBAAoB,oBAAoB,IAAI;AAAA,MACjD;AAAA,MACA,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAEA,WAAO,MAAM,SAAS,IAAI,QAAQ;AAAA,EACpC;AAAA,EAEA,OAAe,gBACb,MAC+C;AAC/C,WAAO,KAAK,MAAM,IAAI,WAAS,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,OAAe,mBACb,MAC+C;AAC/C,WAAO,KAAK,SAAS,IAAI,aAAW;AAClC,YAAM,WAAW,0BAA0B,OAAO;AAElD,aAAO;AAAA,QACL,mBAAmB,2BAA2B,QAAQ,SAAS,SAAS;AAAA,QACxE,aAAa;AAAA,MACf;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,OAAe,oBACb,MAC+C;AAC/C,UAAM,gBAAgB,KAAK,UAAU,IAAI,eAAa;AAAA,MACpD,aAAa,0BAA0B,QAAQ;AAAA,IACjD,EAAE;AAEF,UAAM,iBAAiB,KAAK,WAAW,IAAI,qBAAoB,mBAAmB;AAElF,QAAI,eAAe,WAAW,GAAG;AAE/B,aAAO;AAAA,IACT;AAEA,QAAI,cAAc,WAAW,GAAG;AAE9B,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,MACL,cAAc,IAAI,kBAAgB;AAChC,eAAO,eAAe,IAAI,mBAAiB,MAAM,cAAc,aAAa,CAAC;AAAA,MAC/E,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,OAAe,oBAEb,WAC6C;AAC7C,UAAM,gBAAgB,gCAAgC,SAAS;AAC/D,UAAM,oBAAoB,2BAA2B,aAAa;AAElE,WAAO,EAAE,kBAAkB;AAAA,EAC7B;AAAA,EAEA,OAAe,SACb,OAC+C;AAC/C,WAAO,MAAM,IAAI,UAAQ;AACvB,UAAI,UAAU,MAAM;AAClB,eAAO;AAAA,UACL,MAAM,KAAK;AAAA,UACX,UAAU,KAAK,YAAY;AAAA,QAC7B;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM,KAAK,MAAM,CAAC;AAAA,QAClB,SAAS,KAAK,MAAM,CAAC;AAAA,QACrB,UAAU,KAAK,YAAY;AAAA,MAC7B;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":["cluster","entity","args","id","ComponentResource","normalize","output","output","output","ComponentResource","output","args","normalize","ComponentResource","normalize","output","uniqueBy","ComponentResource","output","args","normalize","endpoints","rule","uniqueBy"]}
|
|
@@ -2,7 +2,7 @@ import {
|
|
|
2
2
|
ExposableWorkload,
|
|
3
3
|
exposableWorkloadExtraArgs,
|
|
4
4
|
getExposableWorkloadComponents
|
|
5
|
-
} from "./chunk-
|
|
5
|
+
} from "./chunk-L6G2IHDP.js";
|
|
6
6
|
import {
|
|
7
7
|
getProvider,
|
|
8
8
|
mapMetadata,
|
|
@@ -180,4 +180,4 @@ var ExternalDeployment = class extends Deployment {
|
|
|
180
180
|
export {
|
|
181
181
|
Deployment
|
|
182
182
|
};
|
|
183
|
-
//# sourceMappingURL=chunk-
|
|
183
|
+
//# sourceMappingURL=chunk-W72HEBHG.js.map
|
|
@@ -2,7 +2,7 @@ import {
|
|
|
2
2
|
ExposableWorkload,
|
|
3
3
|
exposableWorkloadExtraArgs,
|
|
4
4
|
getExposableWorkloadComponents
|
|
5
|
-
} from "./chunk-
|
|
5
|
+
} from "./chunk-L6G2IHDP.js";
|
|
6
6
|
import {
|
|
7
7
|
getProvider,
|
|
8
8
|
mapMetadata,
|
|
@@ -190,4 +190,4 @@ var ExternalStatefulSet = class extends StatefulSet {
|
|
|
190
190
|
export {
|
|
191
191
|
StatefulSet
|
|
192
192
|
};
|
|
193
|
-
//# sourceMappingURL=chunk-
|
|
193
|
+
//# sourceMappingURL=chunk-WUJ7BFVE.js.map
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"sourceHashes": {
|
|
3
|
-
"./dist/index.js": "
|
|
4
|
-
"./dist/units/access-point/index.js": "
|
|
5
|
-
"./dist/units/cert-manager/index.js": "
|
|
6
|
-
"./dist/units/cluster-patch/index.js": "
|
|
7
|
-
"./dist/units/cluster-dns/index.js": "
|
|
8
|
-
"./dist/units/dns01-issuer/index.js": "
|
|
9
|
-
"./dist/units/existing-cluster/index.js": "
|
|
10
|
-
"./dist/units/gateway-api/index.js": "
|
|
3
|
+
"./dist/index.js": "652929ffa4d52acf30f62a458a40520a6505d540e35dadc3744e0a2b71dadf28",
|
|
4
|
+
"./dist/units/access-point/index.js": "adc060cfb60e26a6b96877e065200298a98ce1e1afd190dac1eb3b44be640365",
|
|
5
|
+
"./dist/units/cert-manager/index.js": "1699a82c59429ec1894b711201edc5a816910c58627432afb0cc97b9325b22b5",
|
|
6
|
+
"./dist/units/cluster-patch/index.js": "d79793e56de024ec6ada88d6ca3ffc2db65063dff375266c5ce35adf4bb7b49d",
|
|
7
|
+
"./dist/units/cluster-dns/index.js": "5c0d911743c2d6302ab931a64de0098e13445d4e532acfeca8a1f1466b52d032",
|
|
8
|
+
"./dist/units/dns01-issuer/index.js": "5cf83bddc2cc1f1a6b19940be20e883399471044df678cd275547237e23adf5e",
|
|
9
|
+
"./dist/units/existing-cluster/index.js": "52e0187ce02fe2505b325f68147782939aa53d252de3baab4255034486669dd6",
|
|
10
|
+
"./dist/units/gateway-api/index.js": "dfc16161f24ddd542fa3be44aacdde13c732b73c13068c4bcc6f58d21c98bfaa"
|
|
11
11
|
}
|
|
12
12
|
}
|
package/dist/index.js
CHANGED
|
@@ -1,26 +1,26 @@
|
|
|
1
1
|
import {
|
|
2
2
|
StatefulSet
|
|
3
|
-
} from "./chunk-
|
|
3
|
+
} from "./chunk-WUJ7BFVE.js";
|
|
4
4
|
import {
|
|
5
5
|
Deployment
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-W72HEBHG.js";
|
|
7
7
|
import {
|
|
8
8
|
ExposableWorkload,
|
|
9
|
-
NetworkPolicy,
|
|
10
9
|
PersistentVolumeClaim,
|
|
11
10
|
Secret,
|
|
12
11
|
Workload,
|
|
13
12
|
getWorkloadComponents
|
|
14
|
-
} from "./chunk-
|
|
13
|
+
} from "./chunk-L6G2IHDP.js";
|
|
15
14
|
import {
|
|
16
15
|
Chart,
|
|
17
16
|
RenderedChart,
|
|
18
17
|
getChartService,
|
|
19
18
|
getChartServiceOutput,
|
|
20
19
|
resolveHelmChart
|
|
21
|
-
} from "./chunk-
|
|
20
|
+
} from "./chunk-7R2VAXVL.js";
|
|
22
21
|
import {
|
|
23
22
|
HttpRoute,
|
|
23
|
+
NetworkPolicy,
|
|
24
24
|
Service,
|
|
25
25
|
getServiceMetadata,
|
|
26
26
|
hasServiceMetadata,
|
|
@@ -28,7 +28,7 @@ import {
|
|
|
28
28
|
mapContainerPortToServicePort,
|
|
29
29
|
mapServiceToLabelSelector,
|
|
30
30
|
withServiceMetadata
|
|
31
|
-
} from "./chunk-
|
|
31
|
+
} from "./chunk-OP75IMU7.js";
|
|
32
32
|
import {
|
|
33
33
|
createK8sTerminal,
|
|
34
34
|
detectExternalIps
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@highstate/k8s",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.9",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist",
|
|
@@ -28,12 +28,12 @@
|
|
|
28
28
|
"generate-crds": "./scripts/generate-crds.sh"
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"@highstate/cert-manager": "^0.9.
|
|
32
|
-
"@highstate/common": "^0.9.
|
|
33
|
-
"@highstate/contract": "^0.9.
|
|
34
|
-
"@highstate/gateway-api": "^0.9.
|
|
35
|
-
"@highstate/library": "^0.9.
|
|
36
|
-
"@highstate/pulumi": "^0.9.
|
|
31
|
+
"@highstate/cert-manager": "^0.9.9",
|
|
32
|
+
"@highstate/common": "^0.9.9",
|
|
33
|
+
"@highstate/contract": "^0.9.9",
|
|
34
|
+
"@highstate/gateway-api": "^0.9.9",
|
|
35
|
+
"@highstate/library": "^0.9.9",
|
|
36
|
+
"@highstate/pulumi": "^0.9.9",
|
|
37
37
|
"@kubernetes/client-node": "^1.1.0",
|
|
38
38
|
"@pulumi/command": "^1.0.2",
|
|
39
39
|
"@pulumi/kubernetes": "^4.18.0",
|
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
"remeda": "^2.21.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
-
"@highstate/cli": "^0.9.
|
|
49
|
+
"@highstate/cli": "^0.9.9"
|
|
50
50
|
},
|
|
51
|
-
"gitHead": "
|
|
51
|
+
"gitHead": "1c04a713fa1bb7c0231e5e6d0537709097bb0e8e"
|
|
52
52
|
}
|
package/src/helm.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { k8s } from "@highstate/library"
|
|
2
2
|
import { resolve } from "node:path"
|
|
3
3
|
import { mkdir, readFile, unlink } from "node:fs/promises"
|
|
4
|
-
import { toPromise, type InputMap } from "@highstate/pulumi"
|
|
4
|
+
import { normalize, toPromise, type InputMap } from "@highstate/pulumi"
|
|
5
5
|
import { core, helm, types } from "@pulumi/kubernetes"
|
|
6
6
|
import {
|
|
7
7
|
ComponentResource,
|
|
@@ -15,6 +15,7 @@ import { sha256 } from "crypto-hash"
|
|
|
15
15
|
import { omit } from "remeda"
|
|
16
16
|
import { local } from "@pulumi/command"
|
|
17
17
|
import { glob } from "glob"
|
|
18
|
+
import { NetworkPolicy, type NetworkPolicyArgs } from "./network-policy"
|
|
18
19
|
import { HttpRoute, type HttpRouteArgs } from "./gateway"
|
|
19
20
|
import { getProvider, mapNamespaceLikeToNamespaceName, type NamespaceLike } from "./shared"
|
|
20
21
|
import { getServiceType, Service, type ServiceArgs } from "./service"
|
|
@@ -56,6 +57,16 @@ export type ChartArgs = Omit<
|
|
|
56
57
|
* The http route args to bind the service to.
|
|
57
58
|
*/
|
|
58
59
|
httpRoute?: Input<HttpRouteArgs>
|
|
60
|
+
|
|
61
|
+
/**
|
|
62
|
+
* The network policy to apply to the chart.
|
|
63
|
+
*/
|
|
64
|
+
networkPolicy?: Input<Omit<NetworkPolicyArgs, "selector" | "cluster" | "namespace">>
|
|
65
|
+
|
|
66
|
+
/**
|
|
67
|
+
* The network policies to apply to the chart.
|
|
68
|
+
*/
|
|
69
|
+
networkPolicies?: Input<NetworkPolicyArgs[]>
|
|
59
70
|
}
|
|
60
71
|
|
|
61
72
|
export class Chart extends ComponentResource {
|
|
@@ -69,6 +80,11 @@ export class Chart extends ComponentResource {
|
|
|
69
80
|
*/
|
|
70
81
|
public readonly httpRoute: Output<HttpRoute | undefined>
|
|
71
82
|
|
|
83
|
+
/**
|
|
84
|
+
* The network policies applied to the chart.
|
|
85
|
+
*/
|
|
86
|
+
public readonly networkPolicies: Output<NetworkPolicy[]>
|
|
87
|
+
|
|
72
88
|
constructor(
|
|
73
89
|
private readonly name: string,
|
|
74
90
|
private readonly args: ChartArgs,
|
|
@@ -150,7 +166,24 @@ export class Chart extends ComponentResource {
|
|
|
150
166
|
)
|
|
151
167
|
})
|
|
152
168
|
|
|
153
|
-
this.
|
|
169
|
+
this.networkPolicies = output(args).apply(args => {
|
|
170
|
+
const policies = normalize(args.networkPolicy, args.networkPolicies)
|
|
171
|
+
|
|
172
|
+
return output(
|
|
173
|
+
policies.map(policy => {
|
|
174
|
+
return NetworkPolicy.create(
|
|
175
|
+
name,
|
|
176
|
+
{
|
|
177
|
+
...policy,
|
|
178
|
+
|
|
179
|
+
cluster: args.cluster,
|
|
180
|
+
namespace: args.namespace,
|
|
181
|
+
},
|
|
182
|
+
{ ...opts, parent: this },
|
|
183
|
+
)
|
|
184
|
+
}),
|
|
185
|
+
)
|
|
186
|
+
})
|
|
154
187
|
}
|
|
155
188
|
|
|
156
189
|
get service(): Output<Service> {
|
package/src/service.ts
CHANGED
|
@@ -227,6 +227,7 @@ export abstract class Service extends ComponentResource {
|
|
|
227
227
|
|
|
228
228
|
const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({
|
|
229
229
|
...parseL3Endpoint(ip),
|
|
230
|
+
visibility: "internal" as network.EndpointVisibility,
|
|
230
231
|
port: spec.ports[0].port,
|
|
231
232
|
protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
|
|
232
233
|
metadata: endpointMetadata,
|
|
@@ -245,8 +246,8 @@ export abstract class Service extends ComponentResource {
|
|
|
245
246
|
|
|
246
247
|
const nodePortEndpoints =
|
|
247
248
|
spec.type === "NodePort"
|
|
248
|
-
? cluster.endpoints.map(
|
|
249
|
-
...(
|
|
249
|
+
? cluster.endpoints.map(endpoint => ({
|
|
250
|
+
...(endpoint as network.L3Endpoint),
|
|
250
251
|
port: spec.ports[0].nodePort,
|
|
251
252
|
protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
|
|
252
253
|
metadata: endpointMetadata,
|