@highstate/k8s 0.9.8 → 0.9.10

package/src/config-map.ts

@@ -0,0 +1,180 @@
+import type { k8s } from "@highstate/library"
+import { core, type types } from "@pulumi/kubernetes"
+import {
+  ComponentResource,
+  output,
+  Output,
+  type ComponentResourceOptions,
+  type Input,
+  type Inputs,
+} from "@pulumi/pulumi"
+import { getProvider, mapMetadata, withPatchName, type CommonArgs } from "./shared"
+
+export type ConfigMapArgs = CommonArgs &
+  Omit<types.input.core.v1.ConfigMap, "kind" | "metadata" | "apiVersion">
+
+export type CreateOrPatchConfigMapArgs = ConfigMapArgs & {
+  /**
+   * The resource to use to determine the name of the config map.
+   *
+   * If not provided, the config map will be created, otherwise it will be retrieved/patched.
+   */
+  existing: Input<k8s.Resource> | undefined
+}
+
+export abstract class ConfigMap extends ComponentResource {
+  protected constructor(
+    type: string,
+    name: string,
+    args: Inputs,
+    opts: ComponentResourceOptions | undefined,
+
+    /**
+     * The cluster where the config map is created.
+     */
+    readonly cluster: Output<k8s.Cluster>,
+
+    /**
+     * The metadata of the underlying Kubernetes config map.
+     */
+    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+
+    /**
+     * The data of the underlying Kubernetes config map.
+     */
+    readonly data: Output<Record<string, string>>,
+  ) {
+    super(type, name, args, opts)
+  }
+
+  /**
+   * Creates a new config map.
+   */
+  static create(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions): ConfigMap {
+    return new CreatedConfigMap(name, args, opts)
+  }
+
+  /**
+   * Creates a new config map or patches an existing one.
+   *
+   * Will throw an error if the config map does not exist when `args.resource` is provided.
+   */
+  static createOrPatch(
+    name: string,
+    args: CreateOrPatchConfigMapArgs,
+    opts?: ComponentResourceOptions,
+  ): ConfigMap {
+    if (!args.existing) {
+      return new CreatedConfigMap(name, args, opts)
+    }
+
+    return new ConfigMapPatch(
+      name,
+      {
+        ...args,
+        name: withPatchName("configmap", args.existing, args.cluster),
+        namespace: output(args.existing).metadata.namespace,
+      },
+      opts,
+    )
+  }
+
+  /**
+   * Gets an existing config map.
+   *
+   * Will throw an error if the config map does not exist.
+   */
+  static get(
+    name: string,
+    id: Input<string>,
+    cluster: Input<k8s.Cluster>,
+    opts?: ComponentResourceOptions,
+  ): ConfigMap {
+    return new ExternalConfigMap(name, id, cluster, opts)
+  }
+}
+
+class CreatedConfigMap extends ConfigMap {
+  constructor(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions) {
+    const configMap = output(args).apply(async args => {
+      return new core.v1.ConfigMap(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          data: args.data,
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args.cluster),
+        },
+      )
+    })
+
+    super(
+      "highstate:k8s:ConfigMap",
+      name,
+      args,
+      opts,
+      output(args.cluster),
+      configMap.metadata,
+      configMap.data,
+    )
+  }
+}
+
+class ConfigMapPatch extends ConfigMap {
+  constructor(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions) {
+    const configMap = output(args).apply(async args => {
+      return new core.v1.ConfigMapPatch(
+        name,
+        {
+          metadata: mapMetadata(args, name),
+          data: args.data,
+        },
+        {
+          ...opts,
+          parent: this,
+          provider: await getProvider(args.cluster),
+        },
+      )
+    })
+
+    super(
+      "highstate:k8s:ConfigMapPatch",
+      name,
+      args,
+      opts,
+      output(args.cluster),
+      configMap.metadata,
+      configMap.data,
+    )
+  }
+}
+
+class ExternalConfigMap extends ConfigMap {
+  constructor(
+    name: string,
+    id: Input<string>,
+    cluster: Input<k8s.Cluster>,
+    opts?: ComponentResourceOptions,
+  ) {
+    const configMap = output(id).apply(async realName => {
+      return core.v1.ConfigMap.get(name, realName, {
+        ...opts,
+        parent: this,
+        provider: await getProvider(cluster),
+      })
+    })
+
+    super(
+      "highstate:k8s:ExternalConfigMap",
+      name,
+      { id, cluster },
+      opts,
+      output(cluster),
+      configMap.metadata,
+      configMap.data,
+    )
+  }
+}

package/src/container.ts

@@ -5,6 +5,7 @@ import { normalize, output, type Input, type InputArray, type Unwrap } from "@hi
 import { concat, map, omit } from "remeda"
 import { PersistentVolumeClaim } from "./pvc"
 import { Secret } from "./secret"
+import { ConfigMap } from "./config-map"
 
 export type Container = Omit<PartialKeys<types.input.core.v1.Container, "name">, "volumeMounts"> & {
   /**
@@ -126,9 +127,10 @@ export type WorkloadVolume =
   | types.input.core.v1.Volume
   | core.v1.PersistentVolumeClaim
   | PersistentVolumeClaim
-  | Secret
   | core.v1.ConfigMap
+  | ConfigMap
   | core.v1.Secret
+  | Secret
 
 export function mapContainerToRaw(
   container: Unwrap<Container>,
@@ -289,6 +291,15 @@ export function mapWorkloadVolume(volume: WorkloadVolume) {
     }
   }
 
+  if (volume instanceof ConfigMap) {
+    return {
+      name: volume.metadata.name,
+      configMap: {
+        name: volume.metadata.name,
+      },
+    }
+  }
+
   if (core.v1.PersistentVolumeClaim.isInstance(volume)) {
     return {
       name: volume.metadata.name,

package/src/cron-job.ts

@@ -41,7 +41,14 @@ export class CronJob extends ComponentResource {
             {
               jobTemplate: {
                 spec: {
-                  template: podTemplate,
+                  template: mergeDeep(
+                    {
+                      spec: {
+                        restartPolicy: "Never",
+                      },
+                    },
+                    podTemplate,
+                  ),
                 },
               },
 

package/src/helm.ts

@@ -1,7 +1,7 @@
 import type { k8s } from "@highstate/library"
 import { resolve } from "node:path"
 import { mkdir, readFile, unlink } from "node:fs/promises"
-import { toPromise, type InputMap } from "@highstate/pulumi"
+import { normalize, toPromise, type InputMap } from "@highstate/pulumi"
 import { core, helm, types } from "@pulumi/kubernetes"
 import {
   ComponentResource,
@@ -15,6 +15,7 @@ import { sha256 } from "crypto-hash"
 import { omit } from "remeda"
 import { local } from "@pulumi/command"
 import { glob } from "glob"
+import { NetworkPolicy, type NetworkPolicyArgs } from "./network-policy"
 import { HttpRoute, type HttpRouteArgs } from "./gateway"
 import { getProvider, mapNamespaceLikeToNamespaceName, type NamespaceLike } from "./shared"
 import { getServiceType, Service, type ServiceArgs } from "./service"
@@ -56,6 +57,16 @@ export type ChartArgs = Omit<
    * The http route args to bind the service to.
    */
   httpRoute?: Input<HttpRouteArgs>
+
+  /**
+   * The network policy to apply to the chart.
+   */
+  networkPolicy?: Input<Omit<NetworkPolicyArgs, "selector" | "cluster" | "namespace">>
+
+  /**
+   * The network policies to apply to the chart.
+   */
+  networkPolicies?: Input<NetworkPolicyArgs[]>
 }
 
 export class Chart extends ComponentResource {
@@ -69,6 +80,11 @@ export class Chart extends ComponentResource {
    */
   public readonly httpRoute: Output<HttpRoute | undefined>
 
+  /**
+   * The network policies applied to the chart.
+   */
+  public readonly networkPolicies: Output<NetworkPolicy[]>
+
   constructor(
     private readonly name: string,
     private readonly args: ChartArgs,
@@ -150,7 +166,24 @@ export class Chart extends ComponentResource {
       )
     })
 
-    this.registerOutputs({ chart: this.chart })
+    this.networkPolicies = output(args).apply(args => {
+      const policies = normalize(args.networkPolicy, args.networkPolicies)
+
+      return output(
+        policies.map(policy => {
+          return NetworkPolicy.create(
+            name,
+            {
+              ...policy,
+
+              cluster: args.cluster,
+              namespace: args.namespace,
+            },
+            { ...opts, parent: this },
+          )
+        }),
+      )
+    })
   }
 
   get service(): Output<Service> {

package/src/index.ts

@@ -23,6 +23,7 @@ export {
   isFromCluster,
 } from "./service"
 export { type SecretArgs, type CreateOrPatchSecretArgs, Secret } from "./secret"
+export { type ConfigMapArgs, type CreateOrPatchConfigMapArgs, ConfigMap } from "./config-map"
 export { type StatefulSetArgs, StatefulSet } from "./stateful-set"
 export {
   type NetworkPolicyArgs,

package/src/job.ts

@@ -32,7 +32,14 @@ export class Job extends ComponentResource {
           metadata: mapMetadata(args, name),
           spec: mergeDeep(
             {
-              template: podTemplate,
+              template: mergeDeep(
+                {
+                  spec: {
+                    restartPolicy: "Never",
+                  },
+                },
+                podTemplate,
+              ),
             } satisfies types.input.batch.v1.JobSpec,
             omit(args, jobExtraArgs) as types.input.batch.v1.JobSpec,
           ),

package/src/scripting/bundle.ts

@@ -1,6 +1,5 @@
 import type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from "../container"
 import type { network } from "@highstate/library"
-import { core } from "@pulumi/kubernetes"
 import { apply, normalize, type InputArray } from "@highstate/pulumi"
 import {
   ComponentResource,
@@ -16,7 +15,8 @@ import { readPackageJSON } from "pkg-types"
 import { text, trimIndentation } from "@highstate/contract"
 import { parseL34Endpoint } from "@highstate/common"
 import { serializeFunction } from "@pulumi/pulumi/runtime/index.js"
-import { mapMetadata, type CommonArgs } from "../shared"
+import { type CommonArgs } from "../shared"
+import { ConfigMap } from "../config-map"
 import {
   emptyScriptEnvironment,
   functionScriptImages,
@@ -46,7 +46,7 @@ export class ScriptBundle extends ComponentResource {
   /**
    * The config map containing the scripts.
    */
-  readonly configMap: Output<core.v1.ConfigMap>
+  readonly configMap: Output<ConfigMap>
 
   /**
    * The volumes that should be included in the workload.
@@ -118,10 +118,12 @@ export class ScriptBundle extends ComponentResource {
     )
 
     this.configMap = output({ scriptEnvironment, args }).apply(({ scriptEnvironment, args }) => {
-      return new core.v1.ConfigMap(
+      return ConfigMap.create(
         name,
         {
-          metadata: mapMetadata(args, name),
+          cluster: args.cluster,
+          namespace: args.namespace,
+
           data: createScriptData(this.distribution, scriptEnvironment),
         },
         { ...opts, parent: this },

package/src/secret.ts

@@ -108,6 +108,8 @@ class CreatedSecret extends Secret {
           metadata: mapMetadata(args, name),
           data: args.data,
           stringData: args.stringData,
+          type: args.type,
+          immutable: args.immutable,
         },
         {
           ...opts,
@@ -139,6 +141,8 @@ class SecretPatch extends Secret {
           metadata: mapMetadata(args, name),
           data: args.data,
           stringData: args.stringData,
+          type: args.type,
+          immutable: args.immutable,
         },
         {
           ...opts,

package/src/service.ts

@@ -227,6 +227,7 @@ export abstract class Service extends ComponentResource {
 
       const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({
         ...parseL3Endpoint(ip),
+        visibility: "internal" as network.EndpointVisibility,
         port: spec.ports[0].port,
         protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,
         metadata: endpointMetadata,