npm - @highstate/k8s - Versions diffs - 0.9.8 → 0.9.10 - Mend

@highstate/k8s 0.9.8 → 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/{chunk-YEH2UAPS.js → chunk-3B5DTLGG.js} +2 -2
package/dist/{chunk-JBGQQVTZ.js → chunk-7R2VAXVL.js} +24 -4
package/dist/chunk-7R2VAXVL.js.map +1 -0
package/dist/{chunk-YTCZBMAL.js → chunk-FF3GFWG3.js} +2 -2
package/dist/chunk-OP75IMU7.js +766 -0
package/dist/chunk-OP75IMU7.js.map +1 -0
package/dist/{chunk-UNVUOHHB.js → chunk-R43VRICF.js} +163 -448
package/dist/chunk-R43VRICF.js.map +1 -0
package/dist/deployment-E3ZTF2IS.js +10 -0
package/dist/highstate.manifest.json +8 -8
package/dist/index.js +27 -11
package/dist/index.js.map +1 -1
package/dist/stateful-set-NTU7QKC7.js +10 -0
package/dist/units/cert-manager/index.js +2 -2
package/package.json +9 -9
package/src/config-map.ts +180 -0
package/src/container.ts +12 -1
package/src/cron-job.ts +8 -1
package/src/helm.ts +35 -2
package/src/index.ts +1 -0
package/src/job.ts +8 -1
package/src/scripting/bundle.ts +7 -5
package/src/secret.ts +4 -0
package/src/service.ts +1 -0
package/dist/chunk-J6O3TE56.js +0 -347
package/dist/chunk-J6O3TE56.js.map +0 -1
package/dist/chunk-JBGQQVTZ.js.map +0 -1
package/dist/chunk-UNVUOHHB.js.map +0 -1
package/dist/deployment-TFCMSEGW.js +0 -10
package/dist/stateful-set-2OEPSK44.js +0 -10
/package/dist/{chunk-YEH2UAPS.js.map → chunk-3B5DTLGG.js.map} +0 -0
/package/dist/{chunk-YTCZBMAL.js.map → chunk-FF3GFWG3.js.map} +0 -0
/package/dist/{deployment-TFCMSEGW.js.map → deployment-E3ZTF2IS.js.map} +0 -0
/package/dist/{stateful-set-2OEPSK44.js.map → stateful-set-NTU7QKC7.js.map} +0 -0

package/dist/{chunk-UNVUOHHB.js → chunk-R43VRICF.js} RENAMED Viewed

@@ -1,18 +1,13 @@
 import {
   HttpRoute,
+  NetworkPolicy,
   Service,
-  getServiceMetadata,
-  isFromCluster,
-  mapContainerPortToServicePort,
-  mapServiceToLabelSelector
-} from "./chunk-J6O3TE56.js";
+  mapContainerPortToServicePort
+} from "./chunk-OP75IMU7.js";
 import {
   commonExtraArgs,
   getProvider,
   mapMetadata,
-  mapNamespaceLikeToNamespaceName,
-  mapNamespaceNameToSelector,
-  mapSelectorLikeToSelector,
   resourceIdToString,
   withPatchName
 } from "./chunk-HTQP2NB4.js";
@@ -183,7 +178,9 @@ var CreatedSecret = class extends Secret {
         {
           metadata: mapMetadata(args2, name),
           data: args2.data,
-          stringData: args2.stringData
+          stringData: args2.stringData,
+          type: args2.type,
+          immutable: args2.immutable
         },
         {
           ...opts,
@@ -212,7 +209,9 @@ var SecretPatch = class extends Secret {
         {
           metadata: mapMetadata(args2, name),
           data: args2.data,
-          stringData: args2.stringData
+          stringData: args2.stringData,
+          type: args2.type,
+          immutable: args2.immutable
         },
         {
           ...opts,
@@ -260,9 +259,131 @@ var ExternalSecret = class extends Secret {
   }
 };
-// src/container.ts
+// src/config-map.ts
 import { core as core3 } from "@pulumi/kubernetes";
-import { normalize, output as output3 } from "@highstate/pulumi";
+import {
+  ComponentResource as ComponentResource3,
+  output as output3
+} from "@pulumi/pulumi";
+var ConfigMap = class extends ComponentResource3 {
+  constructor(type, name, args, opts, cluster, metadata, data) {
+    super(type, name, args, opts);
+    this.cluster = cluster;
+    this.metadata = metadata;
+    this.data = data;
+  }
+  /**
+   * Creates a new config map.
+   */
+  static create(name, args, opts) {
+    return new CreatedConfigMap(name, args, opts);
+  }
+  /**
+   * Creates a new config map or patches an existing one.
+   *
+   * Will throw an error if the config map does not exist when `args.resource` is provided.
+   */
+  static createOrPatch(name, args, opts) {
+    if (!args.existing) {
+      return new CreatedConfigMap(name, args, opts);
+    }
+    return new ConfigMapPatch(
+      name,
+      {
+        ...args,
+        name: withPatchName("configmap", args.existing, args.cluster),
+        namespace: output3(args.existing).metadata.namespace
+      },
+      opts
+    );
+  }
+  /**
+   * Gets an existing config map.
+   *
+   * Will throw an error if the config map does not exist.
+   */
+  static get(name, id, cluster, opts) {
+    return new ExternalConfigMap(name, id, cluster, opts);
+  }
+};
+var CreatedConfigMap = class extends ConfigMap {
+  constructor(name, args, opts) {
+    const configMap = output3(args).apply(async (args2) => {
+      return new core3.v1.ConfigMap(
+        name,
+        {
+          metadata: mapMetadata(args2, name),
+          data: args2.data
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args2.cluster)
+        }
+      );
+    });
+    super(
+      "highstate:k8s:ConfigMap",
+      name,
+      args,
+      opts,
+      output3(args.cluster),
+      configMap.metadata,
+      configMap.data
+    );
+  }
+};
+var ConfigMapPatch = class extends ConfigMap {
+  constructor(name, args, opts) {
+    const configMap = output3(args).apply(async (args2) => {
+      return new core3.v1.ConfigMapPatch(
+        name,
+        {
+          metadata: mapMetadata(args2, name),
+          data: args2.data
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args2.cluster)
+        }
+      );
+    });
+    super(
+      "highstate:k8s:ConfigMapPatch",
+      name,
+      args,
+      opts,
+      output3(args.cluster),
+      configMap.metadata,
+      configMap.data
+    );
+  }
+};
+var ExternalConfigMap = class extends ConfigMap {
+  constructor(name, id, cluster, opts) {
+    const configMap = output3(id).apply(async (realName) => {
+      return core3.v1.ConfigMap.get(name, realName, {
+        ...opts,
+        parent: this,
+        provider: await getProvider(cluster)
+      });
+    });
+    super(
+      "highstate:k8s:ExternalConfigMap",
+      name,
+      { id, cluster },
+      opts,
+      output3(cluster),
+      configMap.metadata,
+      configMap.data
+    );
+  }
+};
+// src/container.ts
+import { core as core4 } from "@pulumi/kubernetes";
+import { normalize, output as output4 } from "@highstate/pulumi";
 import { concat, map, omit as omit2 } from "remeda";
 var containerExtraArgs = [
   "port",
@@ -353,7 +474,7 @@ function mapVolumeMount(volumeMount) {
     return omit2(
       {
         ...volumeMount,
-        name: output3(volumeMount.volume).apply(mapWorkloadVolume).apply((volume) => output3(volume.name))
+        name: output4(volumeMount.volume).apply(mapWorkloadVolume).apply((volume) => output4(volume.name))
       },
       ["volume"]
     );
@@ -364,14 +485,14 @@ function mapVolumeMount(volumeMount) {
   };
 }
 function mapEnvironmentSource(envFrom) {
-  if (envFrom instanceof core3.v1.ConfigMap) {
+  if (envFrom instanceof core4.v1.ConfigMap) {
     return {
       configMapRef: {
         name: envFrom.metadata.name
       }
     };
   }
-  if (envFrom instanceof core3.v1.Secret) {
+  if (envFrom instanceof core4.v1.Secret) {
     return {
       secretRef: {
         name: envFrom.metadata.name
@@ -397,7 +518,15 @@ function mapWorkloadVolume(volume) {
       }
     };
   }
-  if (core3.v1.PersistentVolumeClaim.isInstance(volume)) {
+  if (volume instanceof ConfigMap) {
+    return {
+      name: volume.metadata.name,
+      configMap: {
+        name: volume.metadata.name
+      }
+    };
+  }
+  if (core4.v1.PersistentVolumeClaim.isInstance(volume)) {
     return {
       name: volume.metadata.name,
       persistentVolumeClaim: {
@@ -405,7 +534,7 @@ function mapWorkloadVolume(volume) {
       }
     };
   }
-  if (core3.v1.ConfigMap.isInstance(volume)) {
+  if (core4.v1.ConfigMap.isInstance(volume)) {
     return {
       name: volume.metadata.name,
       configMap: {
@@ -413,7 +542,7 @@ function mapWorkloadVolume(volume) {
       }
     };
   }
-  if (core3.v1.Secret.isInstance(volume)) {
+  if (core4.v1.Secret.isInstance(volume)) {
     return {
       name: volume.metadata.name,
       secret: {
@@ -424,430 +553,16 @@ function mapWorkloadVolume(volume) {
   return volume;
 }
-// src/network-policy.ts
-import { networking } from "@pulumi/kubernetes";
-import {
-  ComponentResource as ComponentResource3,
-  interpolate,
-  normalize as normalize2,
-  output as output4
-} from "@highstate/pulumi";
-import { capitalize, flat, groupBy, merge, mergeDeep, uniqueBy } from "remeda";
-import "@highstate/library";
-import {
-  l34EndpointToString,
-  l3EndpointToCidr,
-  parseL34Endpoint
-} from "@highstate/common";
-var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
-  /**
-   * The underlying network policy resource.
-   */
-  networkPolicy;
-  constructor(name, args, opts) {
-    super("k8s:network-policy", name, args, opts);
-    const normalizedArgs = output4(args).apply((args2) => {
-      const ingressRules = normalize2(args2.ingressRule, args2.ingressRules);
-      const egressRules = normalize2(args2.egressRule, args2.egressRules);
-      const extraEgressRules = [];
-      if (args2.allowKubeDns) {
-        extraEgressRules.push({
-          namespaces: ["kube-system"],
-          selectors: [{ matchLabels: { "k8s-app": "kube-dns" } }],
-          ports: [{ port: 53, protocol: "UDP" }],
-          all: false,
-          cidrs: [],
-          fqdns: [],
-          services: []
-        });
-      }
-      return {
-        ...args2,
-        podSelector: args2.selector ? mapSelectorLikeToSelector(args2.selector) : {},
-        isolateEgress: args2.isolateEgress ?? false,
-        isolateIngress: args2.isolateIngress ?? false,
-        allowKubeApiServer: args2.allowKubeApiServer ?? false,
-        ingressRules: ingressRules.flatMap((rule) => {
-          const endpoints = normalize2(
-            args2.ingressRule?.fromEndpoint,
-            args2.ingressRule?.fromEndpoints
-          );
-          const parsedEndpoints = endpoints.map(parseL34Endpoint);
-          const endpointsByPortsAndNamespaces = groupBy(parsedEndpoints, (endpoint) => {
-            const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
-            const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
-            return `${port ?? "0"}:${namespace}`;
-          });
-          const l3OnlyRule = endpointsByPortsAndNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
-            void 0,
-            endpointsByPortsAndNamespaces["0:"],
-            args2.cluster
-          ) : void 0;
-          const otherRules = Object.entries(endpointsByPortsAndNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
-            const [port] = key.split(":");
-            const portNumber = parseInt(port, 10);
-            const portValue = isNaN(portNumber) ? port : portNumber;
-            return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
-          });
-          return [
-            {
-              all: rule.fromAll ?? false,
-              cidrs: normalize2(rule.fromCidr, rule.fromCidrs).concat(l3OnlyRule?.cidrs ?? []),
-              fqdns: [],
-              services: normalize2(rule.fromService, rule.fromServices),
-              namespaces: normalize2(rule.fromNamespace, rule.fromNamespaces),
-              selectors: normalize2(rule.fromSelector, rule.fromSelectors),
-              ports: normalize2(rule.toPort, rule.toPorts)
-            },
-            ...otherRules
-          ].filter((rule2) => !_NetworkPolicy.isEmptyRule(rule2));
-        }),
-        egressRules: egressRules.flatMap((rule) => {
-          const endpoints = normalize2(args2.egressRule?.toEndpoint, args2.egressRule?.toEndpoints);
-          const parsedEndpoints = endpoints.map(parseL34Endpoint);
-          const endpointsByPortsAnsNamespaces = groupBy(parsedEndpoints, (endpoint) => {
-            const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
-            const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
-            return `${port ?? "0"}:${namespace}`;
-          });
-          const l3OnlyRule = endpointsByPortsAnsNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
-            void 0,
-            endpointsByPortsAnsNamespaces["0:"],
-            args2.cluster
-          ) : void 0;
-          const otherRules = Object.entries(endpointsByPortsAnsNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
-            const [port] = key.split(":");
-            const portNumber = parseInt(port, 10);
-            const portValue = isNaN(portNumber) ? port : portNumber;
-            return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
-          });
-          return [
-            {
-              all: rule.toAll ?? false,
-              cidrs: normalize2(rule.toCidr, rule.toCidrs).concat(l3OnlyRule?.cidrs ?? []),
-              fqdns: normalize2(rule.toFqdn, rule.toFqdns).concat(l3OnlyRule?.fqdns ?? []),
-              services: normalize2(rule.toService, rule.toServices),
-              namespaces: normalize2(rule.toNamespace, rule.toNamespaces),
-              selectors: normalize2(rule.toSelector, rule.toSelectors),
-              ports: normalize2(rule.toPort, rule.toPorts)
-            },
-            ...otherRules
-          ].filter((rule2) => !_NetworkPolicy.isEmptyRule(rule2));
-        }).concat(extraEgressRules)
-      };
-    });
-    this.networkPolicy = output4(
-      normalizedArgs.apply(async (args2) => {
-        return output4(
-          this.create(name, args2, {
-            ...opts,
-            parent: this,
-            provider: await getProvider(args2.cluster)
-          })
-        );
-      })
-    );
-  }
-  static mapCidrFromEndpoint(result) {
-    if (result.type === "ipv4") {
-      return `${result.address}/32`;
-    }
-    return `${result.address}/128`;
-  }
-  static getRuleFromEndpoint(port, endpoints, cluster) {
-    const ports = port ? [{ port, protocol: endpoints[0].protocol?.toUpperCase() }] : [];
-    const cidrs = endpoints.filter((endpoint) => !isFromCluster(endpoint, cluster)).filter((endpoint) => endpoint.type === "ipv4" || endpoint.type === "ipv6").map(_NetworkPolicy.mapCidrFromEndpoint);
-    const fqdns = endpoints.filter((endpoint) => endpoint.type === "hostname").map((endpoint) => endpoint.hostname);
-    const selectors = endpoints.filter((endpoint) => isFromCluster(endpoint, cluster)).map((endpoint) => endpoint.metadata.k8sService.selector);
-    const namespace = endpoints.filter((endpoint) => isFromCluster(endpoint, cluster)).map((endpoint) => getServiceMetadata(endpoint)?.namespace)[0];
-    return {
-      all: false,
-      cidrs,
-      fqdns,
-      services: [],
-      namespaces: namespace ? [namespace] : [],
-      selectors,
-      ports
-    };
-  }
-  static isEmptyRule(rule) {
-    return !rule.all && rule.cidrs.length === 0 && rule.fqdns.length === 0 && rule.services.length === 0 && rule.namespaces.length === 0 && rule.selectors.length === 0 && rule.ports.length === 0;
-  }
-  static create(name, args, opts) {
-    return output4(args).apply(async (args2) => {
-      const cni = args2.cluster.cni;
-      if (cni === "other") {
-        return new NativeNetworkPolicy(name, args2, opts);
-      }
-      const implName = `${capitalize(cni)}NetworkPolicy`;
-      const implModule = await import(`@highstate/${cni}`);
-      const implClass = implModule[implName];
-      if (!implClass) {
-        throw new Error(`No implementation found for ${cni}`);
-      }
-      return new implClass(name, args2, opts);
-    });
-  }
-  static isolate(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "isolate",
-      {
-        namespace,
-        cluster,
-        description: "By default, deny all traffic to/from the namespace.",
-        isolateEgress: true,
-        isolateIngress: true
-      },
-      opts
-    );
-  }
-  static allowInsideNamespace(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-inside-namespace",
-      {
-        namespace,
-        cluster,
-        description: "Allow all traffic inside the namespace.",
-        selector: {},
-        ingressRule: { fromNamespace: namespace },
-        egressRule: { toNamespace: namespace }
-      },
-      opts
-    );
-  }
-  static allowKubeApiServer(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-kube-api-server",
-      {
-        namespace,
-        cluster,
-        description: "Allow all traffic to the Kubernetes API server from the namespace.",
-        allowKubeApiServer: true
-      },
-      opts
-    );
-  }
-  static allowKubeDns(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-kube-dns",
-      {
-        namespace,
-        cluster,
-        description: "Allow all traffic to the Kubernetes DNS server from the namespace.",
-        allowKubeDns: true
-      },
-      opts
-    );
-  }
-  static allowAllEgress(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-all-egress",
-      {
-        namespace,
-        cluster,
-        description: "Allow all egress traffic from the namespace.",
-        egressRule: { toAll: true }
-      },
-      opts
-    );
-  }
-  static allowAllIngress(namespace, cluster, opts) {
-    return _NetworkPolicy.create(
-      "allow-all-ingress",
-      {
-        namespace,
-        cluster,
-        description: "Allow all ingress traffic to the namespace.",
-        ingressRule: { fromAll: true }
-      },
-      opts
-    );
-  }
-  static allowEgressToEndpoint(endpoint, namespace, cluster, opts) {
-    const parsedEndpoint = parseL34Endpoint(endpoint);
-    return _NetworkPolicy.create(
-      `allow-egress-to-${l34EndpointToString(parsedEndpoint)}`,
-      {
-        namespace,
-        cluster,
-        description: interpolate`Allow egress traffic to "${l34EndpointToString(parsedEndpoint)}" from the namespace.`,
-        egressRule: { toEndpoint: endpoint }
-      },
-      opts
-    );
-  }
-  static allowIngressFromEndpoint(endpoint, namespace, cluster, opts) {
-    const parsedEndpoint = parseL34Endpoint(endpoint);
-    return _NetworkPolicy.create(
-      `allow-ingress-from-${l34EndpointToString(parsedEndpoint)}`,
-      {
-        namespace,
-        cluster,
-        description: interpolate`Allow ingress traffic from "${l34EndpointToString(parsedEndpoint)}" to the namespace.`,
-        ingressRule: { fromEndpoint: endpoint }
-      },
-      opts
-    );
-  }
-};
-var NativeNetworkPolicy = class _NativeNetworkPolicy extends NetworkPolicy {
-  create(name, args, opts) {
-    const ingress = _NativeNetworkPolicy.createIngressRules(args);
-    const egress = _NativeNetworkPolicy.createEgressRules(args);
-    const policyTypes = [];
-    if (ingress.length > 0 || args.isolateIngress) {
-      policyTypes.push("Ingress");
-    }
-    if (egress.length > 0 || args.isolateEgress) {
-      policyTypes.push("Egress");
-    }
-    return new networking.v1.NetworkPolicy(
-      name,
-      {
-        metadata: mergeDeep(mapMetadata(args, name), {
-          annotations: args.description ? { "kubernetes.io/description": args.description } : void 0
-        }),
-        spec: {
-          podSelector: args.podSelector,
-          ingress,
-          egress,
-          policyTypes
-        }
-      },
-      opts
-    );
-  }
-  static fallbackIpBlock = {
-    cidr: "0.0.0.0/0",
-    except: ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
-  };
-  static fallbackDnsRule = {
-    to: [
-      {
-        namespaceSelector: { matchLabels: { "kubernetes.io/metadata.name": "kube-system" } },
-        podSelector: { matchLabels: { "k8s-app": "kube-dns" } }
-      }
-    ],
-    ports: [{ port: 53, protocol: "UDP" }]
-  };
-  static createIngressRules(args) {
-    return uniqueBy(
-      args.ingressRules.map((rule) => ({
-        from: rule.all ? [] : _NativeNetworkPolicy.createRulePeers(rule),
-        ports: _NativeNetworkPolicy.mapPorts(rule.ports)
-      })),
-      (rule) => JSON.stringify(rule)
-    );
-  }
-  static createEgressRules(args) {
-    const extraRules = [];
-    const needKubeDns = args.egressRules.some((rule) => rule.fqdns.length > 0);
-    if (needKubeDns) {
-      extraRules.push(_NativeNetworkPolicy.fallbackDnsRule);
-    }
-    const needFallback = args.egressRules.some(
-      (rule) => rule.fqdns.some((fqdn) => !fqdn.endsWith(".cluster.local"))
-    );
-    if (needFallback) {
-      extraRules.push({ to: [{ ipBlock: _NativeNetworkPolicy.fallbackIpBlock }] });
-    }
-    if (args.allowKubeApiServer) {
-      const { quirks, apiEndpoints } = args.cluster;
-      if (quirks?.fallbackKubeApiAccess) {
-        extraRules.push({
-          to: [{ ipBlock: { cidr: `${quirks?.fallbackKubeApiAccess.serverIp}/32` } }],
-          ports: [{ port: quirks?.fallbackKubeApiAccess.serverPort, protocol: "TCP" }]
-        });
-      } else {
-        const rules = apiEndpoints.filter((endpoint) => endpoint.type !== "hostname").map((endpoint) => ({
-          to: [{ ipBlock: { cidr: l3EndpointToCidr(endpoint) } }],
-          ports: [{ port: endpoint.port, protocol: "TCP" }]
-        }));
-        extraRules.push(...rules);
-      }
-    }
-    return uniqueBy(
-      args.egressRules.map((rule) => {
-        return {
-          to: rule.all ? [] : _NativeNetworkPolicy.createRulePeers(rule),
-          ports: _NativeNetworkPolicy.mapPorts(rule.ports)
-        };
-      }).filter((rule) => rule.to !== void 0).concat(extraRules),
-      (rule) => JSON.stringify(rule)
-    );
-  }
-  static createRulePeers(args) {
-    const peers = uniqueBy(
-      [
-        ..._NativeNetworkPolicy.createCidrPeers(args),
-        ..._NativeNetworkPolicy.createServicePeers(args),
-        ..._NativeNetworkPolicy.createSelectorPeers(args)
-      ],
-      (peer) => JSON.stringify(peer)
-    );
-    return peers.length > 0 ? peers : void 0;
-  }
-  static createCidrPeers(args) {
-    return args.cidrs.map((cidr) => ({ ipBlock: { cidr } }));
-  }
-  static createServicePeers(args) {
-    return args.services.map((service) => {
-      const selector = mapServiceToLabelSelector(service);
-      return {
-        namespaceSelector: mapNamespaceNameToSelector(service.metadata.namespace),
-        podSelector: selector
-      };
-    });
-  }
-  static createSelectorPeers(args) {
-    const selectorPeers = args.selectors.map((selector) => ({
-      podSelector: mapSelectorLikeToSelector(selector)
-    }));
-    const namespacePeers = args.namespaces.map(_NativeNetworkPolicy.createNamespacePeer);
-    if (namespacePeers.length === 0) {
-      return selectorPeers;
-    }
-    if (selectorPeers.length === 0) {
-      return namespacePeers;
-    }
-    return flat(
-      selectorPeers.map((selectorPeer) => {
-        return namespacePeers.map((namespacePeer) => merge(selectorPeer, namespacePeer));
-      })
-    );
-  }
-  static createNamespacePeer(namespace) {
-    const namespaceName = mapNamespaceLikeToNamespaceName(namespace);
-    const namespaceSelector = mapNamespaceNameToSelector(namespaceName);
-    return { namespaceSelector };
-  }
-  static mapPorts(ports) {
-    return ports.map((port) => {
-      if ("port" in port) {
-        return {
-          port: port.port,
-          protocol: port.protocol ?? "TCP"
-        };
-      }
-      return {
-        port: port.range[0],
-        endPort: port.range[1],
-        protocol: port.protocol ?? "TCP"
-      };
-    });
-  }
-};
 // src/workload.ts
 import {
-  normalize as normalize3
+  normalize as normalize2
 } from "@highstate/pulumi";
 import {
   ComponentResource as ComponentResource4,
-  interpolate as interpolate2,
+  interpolate,
   output as output5
 } from "@pulumi/pulumi";
-import { uniqueBy as uniqueBy2 } from "remeda";
+import { uniqueBy } from "remeda";
 import { deepmerge as deepmerge2 } from "deepmerge-ts";
 // src/pod.ts
@@ -862,16 +577,16 @@ function getWorkloadComponents(name, args, parent, opts) {
   const labels = {
     "app.kubernetes.io/name": name
   };
-  const containers = output5(args).apply((args2) => normalize3(args2.container, args2.containers));
+  const containers = output5(args).apply((args2) => normalize2(args2.container, args2.containers));
   const volumes = containers.apply((containers2) => {
-    const containerVolumes = containers2.flatMap((container) => normalize3(container.volume, container.volumes)).map(mapWorkloadVolume);
+    const containerVolumes = containers2.flatMap((container) => normalize2(container.volume, container.volumes)).map(mapWorkloadVolume);
     const containerVolumeMounts = containers2.flatMap((container) => {
-      return normalize3(container.volumeMount, container.volumeMounts).map((volumeMount) => {
+      return normalize2(container.volumeMount, container.volumeMounts).map((volumeMount) => {
         return "volume" in volumeMount ? volumeMount.volume : void 0;
       }).filter(Boolean);
     }).map(mapWorkloadVolume);
     return output5([...containerVolumes, ...containerVolumeMounts]).apply(
-      uniqueBy2((volume) => volume.name)
+      uniqueBy((volume) => volume.name)
     );
   });
   const podSpec = output5({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
@@ -931,7 +646,7 @@ function getExposableWorkloadComponents(name, args, parent, opts) {
     if (args2.existing) {
       return void 0;
     }
-    const ports = containers2.flatMap((container) => normalize3(container.port, container.ports));
+    const ports = containers2.flatMap((container) => normalize2(container.port, container.ports));
     return Service.create(
       name,
       {
@@ -994,7 +709,7 @@ var Workload = class extends ComponentResource4 {
    */
   get terminal() {
     const containerName = output5(this.args).apply((args) => {
-      const containers = normalize3(args.container, args.containers);
+      const containers = normalize2(args.container, args.containers);
       return containers[0]?.name ?? this.name;
     });
     return output5({
@@ -1008,7 +723,7 @@ var Workload = class extends ComponentResource4 {
         "-it",
         "-n",
         this.metadata.namespace,
-        interpolate2`${this.resourceType}/${this.metadata.name}`,
+        interpolate`${this.resourceType}/${this.metadata.name}`,
         "-c",
         containerName,
         "--",
@@ -1074,7 +789,7 @@ var ExposableWorkload = class extends Workload {
   static createOrPatchGeneric(name, args, opts) {
     return output5(args).apply(async (args2) => {
       if (args2.existing?.type === "k8s.deployment") {
-        const { Deployment } = await import("./deployment-TFCMSEGW.js");
+        const { Deployment } = await import("./deployment-E3ZTF2IS.js");
         return Deployment.patch(
           name,
           {
@@ -1086,7 +801,7 @@ var ExposableWorkload = class extends Workload {
         );
       }
       if (args2.existing?.type === "k8s.stateful-set") {
-        const { StatefulSet } = await import("./stateful-set-2OEPSK44.js");
+        const { StatefulSet } = await import("./stateful-set-NTU7QKC7.js");
         return StatefulSet.patch(
           name,
           {
@@ -1098,11 +813,11 @@ var ExposableWorkload = class extends Workload {
         );
       }
       if (args2.type === "Deployment") {
-        const { Deployment } = await import("./deployment-TFCMSEGW.js");
+        const { Deployment } = await import("./deployment-E3ZTF2IS.js");
         return Deployment.create(name, deepmerge2(args2, args2.deployment), opts);
       }
       if (args2.type === "StatefulSet") {
-        const { StatefulSet } = await import("./stateful-set-2OEPSK44.js");
+        const { StatefulSet } = await import("./stateful-set-NTU7QKC7.js");
         return StatefulSet.create(name, deepmerge2(args2, args2.statefulSet), opts);
       }
       throw new Error(`Unknown workload type: ${args2.type}`);
@@ -1113,11 +828,11 @@ var ExposableWorkload = class extends Workload {
 export {
   PersistentVolumeClaim,
   Secret,
-  NetworkPolicy,
+  ConfigMap,
   exposableWorkloadExtraArgs,
   getWorkloadComponents,
   getExposableWorkloadComponents,
   Workload,
   ExposableWorkload
 };
-//# sourceMappingURL=chunk-UNVUOHHB.js.map
+//# sourceMappingURL=chunk-R43VRICF.js.map