@highstate/k8s 0.9.9 → 0.9.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/dist/{chunk-7R2VAXVL.js → chunk-5S4JPM4M.js} +4 -3
  2. package/dist/chunk-5S4JPM4M.js.map +1 -0
  3. package/dist/{chunk-W72HEBHG.js → chunk-6L67WIZW.js} +3 -3
  4. package/dist/{chunk-L6G2IHDP.js → chunk-SARVLQZY.js} +218 -45
  5. package/dist/chunk-SARVLQZY.js.map +1 -0
  6. package/dist/{chunk-WUJ7BFVE.js → chunk-VL7Z5FJQ.js} +3 -3
  7. package/dist/{chunk-OP75IMU7.js → chunk-WEKIQRCZ.js} +43 -17
  8. package/dist/chunk-WEKIQRCZ.js.map +1 -0
  9. package/dist/{chunk-HTQP2NB4.js → chunk-Y3LZSX7I.js} +4 -17
  10. package/dist/chunk-Y3LZSX7I.js.map +1 -0
  11. package/dist/deployment-QTPBNKO5.js +10 -0
  12. package/dist/highstate.manifest.json +8 -8
  13. package/dist/index.js +29 -41
  14. package/dist/index.js.map +1 -1
  15. package/dist/stateful-set-K4GV7ZTK.js +10 -0
  16. package/dist/units/cert-manager/index.js +3 -3
  17. package/dist/units/dns01-issuer/index.js +1 -1
  18. package/dist/units/gateway-api/index.js +1 -1
  19. package/package.json +9 -9
  20. package/src/config-map.ts +180 -0
  21. package/src/container.ts +48 -2
  22. package/src/cron-job.ts +8 -1
  23. package/src/custom.ts +104 -0
  24. package/src/helm.ts +2 -1
  25. package/src/index.ts +1 -2
  26. package/src/job.ts +8 -1
  27. package/src/network-policy.ts +23 -21
  28. package/src/network.ts +6 -6
  29. package/src/scripting/bundle.ts +7 -5
  30. package/src/secret.ts +4 -0
  31. package/src/service.ts +8 -8
  32. package/src/shared.ts +7 -19
  33. package/src/workload.ts +50 -28
  34. package/dist/chunk-7R2VAXVL.js.map +0 -1
  35. package/dist/chunk-HTQP2NB4.js.map +0 -1
  36. package/dist/chunk-L6G2IHDP.js.map +0 -1
  37. package/dist/chunk-OP75IMU7.js.map +0 -1
  38. package/dist/deployment-A26RVQ73.js +0 -10
  39. package/dist/stateful-set-S5BHTDJY.js +0 -10
  40. /package/dist/{chunk-W72HEBHG.js.map → chunk-6L67WIZW.js.map} +0 -0
  41. /package/dist/{chunk-WUJ7BFVE.js.map → chunk-VL7Z5FJQ.js.map} +0 -0
  42. /package/dist/{deployment-A26RVQ73.js.map → deployment-QTPBNKO5.js.map} +0 -0
  43. /package/dist/{stateful-set-S5BHTDJY.js.map → stateful-set-K4GV7ZTK.js.map} +0 -0
package/dist/{chunk-7R2VAXVL.js → chunk-5S4JPM4M.js} RENAMED
@@ -3,11 +3,11 @@ import {
3
3
  NetworkPolicy,
4
4
  Service,
5
5
  getServiceType
6
- } from "./chunk-OP75IMU7.js";
6
+ } from "./chunk-WEKIQRCZ.js";
7
7
  import {
8
8
  getProvider,
9
9
  mapNamespaceLikeToNamespaceName
10
- } from "./chunk-HTQP2NB4.js";
10
+ } from "./chunk-Y3LZSX7I.js";
11
11
 
12
12
  // src/helm.ts
13
13
  import { resolve } from "node:path";
@@ -81,6 +81,7 @@ var Chart = class extends ComponentResource {
81
81
  name,
82
82
  {
83
83
  ...httpRoute,
84
+ cluster: args.cluster,
84
85
  rule: {
85
86
  backend: this.service
86
87
  }
@@ -231,4 +232,4 @@ export {
231
232
  getChartServiceOutput,
232
233
  getChartService
233
234
  };
234
- //# sourceMappingURL=chunk-7R2VAXVL.js.map
235
+ //# sourceMappingURL=chunk-5S4JPM4M.js.map
package/dist/chunk-5S4JPM4M.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/helm.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { resolve } from \"node:path\"\nimport { mkdir, readFile, unlink } from \"node:fs/promises\"\nimport { normalize, toPromise, type InputMap } from \"@highstate/pulumi\"\nimport { core, helm, types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n type ComponentResourceOptions,\n type Input,\n type Output,\n} from \"@pulumi/pulumi\"\nimport spawn from \"nano-spawn\"\nimport { sha256 } from \"crypto-hash\"\nimport { omit } from \"remeda\"\nimport { local } from \"@pulumi/command\"\nimport { glob } from \"glob\"\nimport { NetworkPolicy, type NetworkPolicyArgs } from \"./network-policy\"\nimport { HttpRoute, type HttpRouteArgs } from \"./gateway\"\nimport { getProvider, mapNamespaceLikeToNamespaceName, type NamespaceLike } from \"./shared\"\nimport { getServiceType, Service, type ServiceArgs } from \"./service\"\n\nexport type ChartArgs = Omit<\n helm.v4.ChartArgs,\n \"chart\" | \"version\" | \"repositoryOpts\" | \"namespace\"\n> & {\n /**\n * The namespace to deploy the chart into.\n */\n namespace?: Input<NamespaceLike>\n\n /**\n * The custom name of the primary service exposed by the chart.\n *\n * By default, it is the same as the chart name.\n */\n serviceName?: string\n\n /**\n * The extra args to pass to the main service of the chart.\n *\n * Will be patched via transformations.\n */\n service?: Partial<ServiceArgs>\n\n /**\n * The manifest of the chart to resolve.\n */\n chart: ChartManifest\n\n /**\n * The cluster to create the resource in.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * The http route args to bind the service to.\n */\n httpRoute?: Input<Omit<HttpRouteArgs, \"cluster\">>\n\n /**\n * The network policy to apply to the chart.\n */\n networkPolicy?: Input<Omit<NetworkPolicyArgs, \"selector\" | \"cluster\" | \"namespace\">>\n\n /**\n * The network policies to apply to the chart.\n */\n networkPolicies?: Input<NetworkPolicyArgs[]>\n}\n\nexport class Chart extends ComponentResource {\n /**\n * The underlying Helm chart.\n */\n public readonly chart: Output<helm.v4.Chart>\n\n /**\n * The HTTP route associated with the deployment.\n */\n public readonly httpRoute: Output<HttpRoute | undefined>\n\n /**\n * The network policies applied to the chart.\n */\n public readonly networkPolicies: Output<NetworkPolicy[]>\n\n constructor(\n private readonly name: string,\n private readonly args: ChartArgs,\n private readonly opts?: ComponentResourceOptions,\n ) {\n super(\"highstate:k8s:Chart\", name, args, opts)\n\n const namespace = output(args.namespace).apply(namespace =>\n output(namespace ? mapNamespaceLikeToNamespaceName(namespace) : \"default\"),\n )\n\n this.chart = output({ args, namespace }).apply(async ({ args, namespace }) => {\n return new helm.v4.Chart(\n name,\n omit(\n {\n ...args,\n chart: resolveHelmChart(args.chart),\n namespace,\n },\n [\"httpRoute\"],\n ),\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n\n transforms: [\n ...(opts?.transforms ?? []),\n\n resourceArgs => {\n const serviceName = args.serviceName ?? name\n const expectedName = `${name}:${namespace}/${serviceName}`\n\n if (\n resourceArgs.type === \"kubernetes:core/v1:Service\" &&\n resourceArgs.name === expectedName\n ) {\n const spec = resourceArgs.props.spec as types.input.core.v1.ServiceSpec\n\n return {\n props: {\n ...resourceArgs.props,\n spec: {\n ...spec,\n ...(args.service ?? {}),\n\n type: getServiceType(args.service, args.cluster),\n\n externalIPs:\n args.service?.externalIPs ?? args.cluster.externalIps ?? spec.externalIPs,\n },\n },\n opts: resourceArgs.opts,\n }\n }\n\n return undefined\n },\n ],\n },\n )\n })\n\n this.httpRoute = output(args.httpRoute).apply(httpRoute => {\n if (!httpRoute) {\n return undefined\n }\n\n return new HttpRoute(\n name,\n {\n ...httpRoute,\n cluster: args.cluster,\n rule: {\n backend: this.service,\n },\n },\n { ...opts, parent: this },\n )\n })\n\n this.networkPolicies = output(args).apply(args => {\n const policies = normalize(args.networkPolicy, args.networkPolicies)\n\n return output(\n policies.map(policy => {\n return NetworkPolicy.create(\n name,\n {\n ...policy,\n\n cluster: args.cluster,\n namespace: args.namespace,\n },\n { ...opts, parent: this },\n )\n }),\n )\n })\n }\n\n get service(): Output<Service> {\n return this.getServiceOutput(undefined)\n }\n\n private readonly services = new Map<string, Service>()\n\n getServiceOutput(name: string | undefined): Output<Service> {\n return output({ args: this.args, chart: this.chart }).apply(({ args, chart }) => {\n const resolvedName = name ?? args.serviceName ?? this.name\n const existingService = this.services.get(resolvedName)\n\n if (existingService) {\n return existingService\n }\n\n const service = getChartServiceOutput(chart, resolvedName)\n\n const wrappedService = Service.wrap(\n //\n resolvedName,\n service,\n args.cluster,\n { ...this.opts, parent: this },\n )\n\n this.services.set(resolvedName, wrappedService)\n return wrappedService\n })\n }\n\n getService(name?: string): Promise<Service> {\n return toPromise(this.getServiceOutput(name))\n }\n}\n\nexport type RenderedChartArgs = {\n /**\n * The namespace to deploy the chart into.\n */\n namespace?: Input<NamespaceLike>\n\n /**\n * The manifest of the chart to resolve.\n */\n chart: ChartManifest\n\n /**\n * The values to pass to the chart.\n */\n values?: InputMap<string>\n}\n\nexport class RenderedChart extends ComponentResource {\n /**\n * The rendered manifest of the Helm chart.\n */\n public readonly manifest: Output<string>\n\n /**\n * The underlying command used to render the chart.\n */\n public readonly command: Output<local.Command>\n\n constructor(name: string, args: RenderedChartArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:RenderedChart\", name, args, opts)\n\n this.command = output(args).apply(args => {\n const values = args.values\n ? Object.entries(args.values).flatMap(([key, value]) => [\"--set\", `${key}=\"${value}\"`])\n : []\n\n return new local.Command(\n name,\n {\n create: output([\n \"helm\",\n \"template\",\n resolveHelmChart(args.chart),\n\n ...(args.namespace\n ? [\"--namespace\", mapNamespaceLikeToNamespaceName(args.namespace)]\n : []),\n\n ...values,\n ]).apply(command => command.join(\" \")),\n\n logging: \"stderr\",\n },\n { parent: this, ...opts },\n )\n })\n\n this.manifest = this.command.stdout\n\n this.registerOutputs({ manifest: this.manifest, command: this.command })\n }\n}\n\nexport type ChartManifest = {\n repo: string\n name: string\n version: string\n sha256: string\n}\n\n/**\n * Downloads or reuses the Helm chart according to the charts.json file.\n * Returns the full path to the chart's .tgz file.\n *\n * @param manifest The manifest of the Helm chart.\n */\nexport async function resolveHelmChart(manifest: ChartManifest): Promise<string> {\n if (!process.env.HIGHSTATE_CACHE_DIR) {\n throw new Error(\"Environment variable HIGHSTATE_CACHE_DIR is not set\")\n }\n\n const chartsDir = resolve(process.env.HIGHSTATE_CACHE_DIR, \"charts\")\n await mkdir(chartsDir, { recursive: true })\n\n const globPattern = `${manifest.name}-*.tgz`\n const targetFileName = `${manifest.name}-${manifest.version}.tgz`\n\n // find all matching files\n const files = await glob(globPattern, { cwd: chartsDir })\n\n if (files.includes(targetFileName)) {\n return resolve(chartsDir, targetFileName)\n }\n\n // delete old versions\n for (const file of files) {\n await unlink(resolve(chartsDir, file))\n }\n\n // download the chart\n await spawn(\"helm\", [\n \"pull\",\n manifest.name,\n \"--version\",\n manifest.version,\n \"--repo\",\n manifest.repo,\n \"--destination\",\n chartsDir,\n ])\n\n // check the SHA256\n const content = await readFile(resolve(chartsDir, targetFileName))\n const actualSha256 = await sha256(content)\n\n if (actualSha256 !== manifest.sha256) {\n throw new Error(`SHA256 mismatch for chart '${manifest.name}'`)\n }\n\n return resolve(chartsDir, targetFileName)\n}\n\n/**\n * Extracts the service with the given name from the chart resources.\n * Throws an error if the service is not found.\n *\n * @param chart The Helm chart.\n * @param name The name of the service.\n */\nexport function getChartServiceOutput(chart: helm.v4.Chart, name: string): Output<core.v1.Service> {\n const services = chart.resources.apply(resources => {\n return resources\n .filter(r => core.v1.Service.isInstance(r))\n .map(service => ({ name: service.metadata.name, service }))\n })\n\n return output(services).apply(services => {\n const service = services.find(s => s.name === name)?.service\n\n if (!service) {\n throw new Error(`Service with name '${name}' not found in the chart resources`)\n }\n\n return service\n })\n}\n\n/**\n * Extracts the service with the given name from the chart resources.\n * Throws an error if the service is not found.\n *\n * @param chart The Helm chart.\n * @param name The name of the service.\n */\nexport function getChartService(chart: helm.v4.Chart, name: string): Promise<core.v1.Service> {\n return toPromise(getChartServiceOutput(chart, name))\n}\n"],"mappings":";;;;;;;;;;;;AACA,SAAS,eAAe;AACxB,SAAS,OAAO,UAAU,cAAc;AACxC,SAAS,WAAW,iBAAgC;AACpD,SAAS,MAAM,YAAmB;AAClC;AAAA,EACE;AAAA,EACA;AAAA,OAIK;AACP,OAAO,WAAW;AAClB,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,aAAa;AACtB,SAAS,YAAY;AAuDd,IAAM,QAAN,cAAoB,kBAAkB;AAAA,EAgB3C,YACmB,MACA,MACA,MACjB;AACA,UAAM,uBAAuB,MAAM,MAAM,IAAI;AAJ5B;AACA;AACA;AAIjB,UAAM,YAAY,OAAO,KAAK,SAAS,EAAE;AAAA,MAAM,CAAAA,eAC7C,OAAOA,aAAY,gCAAgCA,UAAS,IAAI,SAAS;AAAA,IAC3E;AAEA,SAAK,QAAQ,OAAO,EAAE,MAAM,UAAU,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,WAAAD,WAAU,MAAM;AAC5E,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE;AAAA,YACE,GAAGC;AAAA,YACH,OAAO,iBAAiBA,MAAK,KAAK;AAAA,YAClC,WAAAD;AAAA,UACF;AAAA,UACA,CAAC,WAAW;AAAA,QACd;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYC,MAAK,OAAO;AAAA,UAExC,YAAY;AAAA,YACV,GAAI,MAAM,cAAc,CAAC;AAAA,YAEzB,kBAAgB;AACd,oBAAM,cAAcA,MAAK,eAAe;AACxC,oBAAM,eAAe,GAAG,IAAI,IAAID,UAAS,IAAI,WAAW;AAExD,kBACE,aAAa,SAAS,gCACtB,aAAa,SAAS,cACtB;AACA,sBAAM,OAAO,aAAa,MAAM;AAEhC,uBAAO;AAAA,kBACL,OAAO;AAAA,oBACL,GAAG,aAAa;AAAA,oBAChB,MAAM;AAAA,sBACJ,GAAG;AAAA,sBACH,GAAIC,MAAK,WAAW,CAAC;AAAA,sBAErB,MAAM,eAAeA,MAAK,SAASA,MAAK,OAAO;AAAA,sBAE/C,aACEA,MAAK,SAAS,eAAeA,MAAK,QAAQ,eAAe,KAAK;AAAA,oBAClE;AAAA,kBACF;AAAA,kBACA,MAAM,aAAa;AAAA,gBACrB;AAAA,cACF;AAEA,qBAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,SAAK,YAAY,OAAO,KAAK,SAAS,EAAE,MAAM,eAAa;AACzD,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AAEA,aAAO,IAAI;AAAA,QACT;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,SAAS,KAAK;AAAA,UACd,MAAM;AAAA,YACJ,SAAS,KAAK;AAAA,UAChB;AAAA,QACF;AAAA,QACA,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED,SAAK,kBAAkB,OAAO,IAAI,EAAE,MAAM,CAAAA,UAAQ;AAChD,YAAM,WAAW,UAAUA,MAAK,eAAeA,MAAK,eAAe;AAEnE,aAAO;AAAA,QACL,SAAS,IAAI,YAAU;AACrB,iBAAO,cAAc;AAAA,YACnB;AAAA,YACA;AAAA,cACE,GAAG;AAAA,cAEH,SAASA,MAAK;AAAA,cACd,WAAWA,MAAK;AAAA,YAClB;AAAA,YACA,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,UAC1B;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAhHgB;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAwGhB,IAAI,UAA2B;AAC7B,WAAO,KAAK,iBAAiB,MAAS;AAAA,EACxC;AAAA,EAEiB,WAAW,oBAAI,IAAqB;AAAA,EAErD,iBAAiB,MAA2C;AAC1D,WAAO,OAAO,EAAE,MAAM,KAAK,MAAM,OAAO,KAAK,MAAM,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAM;AAC/E,YAAM,eAAe,QAAQ,KAAK,eAAe,KAAK;AACtD,YAAM,kBAAkB,KAAK,SAAS,IAAI,YAAY;AAEtD,UAAI,iBAAiB;AACnB,eAAO;AAAA,MACT;AAEA,YAAM,UAAU,sBAAsB,OAAO,YAAY;AAEzD,YAAM,iBAAiB,QAAQ;AAAA;AAAA,QAE7B;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,EAAE,GAAG,KAAK,MAAM,QAAQ,KAAK;AAAA,MAC/B;AAEA,WAAK,SAAS,IAAI,cAAc,cAAc;AAC9C,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,MAAiC;AAC1C,WAAO,UAAU,KAAK,iBAAiB,IAAI,CAAC;AAAA,EAC9C;AACF;AAmBO,IAAM,gBAAN,cAA4B,kBAAkB;AAAA;AAAA;AAAA;AAAA,EAInC;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEhB,YAAY,MAAc,MAAyB,MAAiC;AAClF,UAAM,+BAA+B,MAAM,MAAM,IAAI;AAErD,SAAK,UAAU,OAAO,IAAI,EAAE,MAAM,CAAAA,UAAQ;AACxC,YAAM,SAASA,MAAK,SAChB,OAAO,QAAQA,MAAK,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,SAAS,GAAG,GAAG,KAAK,KAAK,GAAG,CAAC,IACpF,CAAC;AAEL,aAAO,IAAI,MAAM;AAAA,QACf;AAAA,QACA;AAAA,UACE,QAAQ,OAAO;AAAA,YACb;AAAA,YACA;AAAA,YACA,iBAAiBA,MAAK,KAAK;AAAA,YAE3B,GAAIA,MAAK,YACL,CAAC,eAAe,gCAAgCA,MAAK,SAAS,CAAC,IAC/D,CAAC;AAAA,YAEL,GAAG;AAAA,UACL,CAAC,EAAE,MAAM,aAAW,QAAQ,KAAK,GAAG,CAAC;AAAA,UAErC,SAAS;AAAA,QACX;AAAA,QACA,EAAE,QAAQ,MAAM,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED,SAAK,WAAW,KAAK,QAAQ;AAE7B,SAAK,gBAAgB,EAAE,UAAU,KAAK,UAAU,SAAS,KAAK,QAAQ,CAAC;AAAA,EACzE;AACF;AAeA,eAAsB,iBAAiB,UAA0C;AAC/E,MAAI,CAAC,QAAQ,IAAI,qBAAqB;AACpC,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,QAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,QAAQ;AACnE,QAAM,MAAM,WAAW,EAAE,WAAW,KAAK,CAAC;AAE1C,QAAM,cAAc,GAAG,SAAS,IAAI;AACpC,QAAM,iBAAiB,GAAG,SAAS,IAAI,IAAI,SAAS,OAAO;AAG3D,QAAM,QAAQ,MAAM,KAAK,aAAa,EAAE,KAAK,UAAU,CAAC;AAExD,MAAI,MAAM,SAAS,cAAc,GAAG;AAClC,WAAO,QAAQ,WAAW,cAAc;AAAA,EAC1C;AAGA,aAAW,QAAQ,OAAO;AACxB,UAAM,OAAO,QAAQ,WAAW,IAAI,CAAC;AAAA,EACvC;AAGA,QAAM,MAAM,QAAQ;AAAA,IAClB;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF,CAAC;AAGD,QAAM,UAAU,MAAM,SAAS,QAAQ,WAAW,cAAc,CAAC;AACjE,QAAM,eAAe,MAAM,OAAO,OAAO;AAEzC,MAAI,iBAAiB,SAAS,QAAQ;AACpC,UAAM,IAAI,MAAM,8BAA8B,SAAS,IAAI,GAAG;AAAA,EAChE;AAEA,SAAO,QAAQ,WAAW,cAAc;AAC1C;AASO,SAAS,sBAAsB,OAAsB,MAAuC;AACjG,QAAM,WAAW,MAAM,UAAU,MAAM,eAAa;AAClD,WAAO,UACJ,OAAO,OAAK,KAAK,GAAG,QAAQ,WAAW,CAAC,CAAC,EACzC,IAAI,cAAY,EAAE,MAAM,QAAQ,SAAS,MAAM,QAAQ,EAAE;AAAA,EAC9D,CAAC;AAED,SAAO,OAAO,QAAQ,EAAE,MAAM,CAAAC,cAAY;AACxC,UAAM,UAAUA,UAAS,KAAK,OAAK,EAAE,SAAS,IAAI,GAAG;AAErD,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB,IAAI,oCAAoC;AAAA,IAChF;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AASO,SAAS,gBAAgB,OAAsB,MAAwC;AAC5F,SAAO,UAAU,sBAAsB,OAAO,IAAI,CAAC;AACrD;","names":["namespace","args","services"]}
package/dist/{chunk-W72HEBHG.js → chunk-6L67WIZW.js} RENAMED
@@ -2,13 +2,13 @@ import {
2
2
  ExposableWorkload,
3
3
  exposableWorkloadExtraArgs,
4
4
  getExposableWorkloadComponents
5
- } from "./chunk-L6G2IHDP.js";
5
+ } from "./chunk-SARVLQZY.js";
6
6
  import {
7
7
  getProvider,
8
8
  mapMetadata,
9
9
  resourceIdToString,
10
10
  withPatchName
11
- } from "./chunk-HTQP2NB4.js";
11
+ } from "./chunk-Y3LZSX7I.js";
12
12
 
13
13
  // src/deployment.ts
14
14
  import { output } from "@highstate/pulumi";
@@ -180,4 +180,4 @@ var ExternalDeployment = class extends Deployment {
180
180
  export {
181
181
  Deployment
182
182
  };
183
- //# sourceMappingURL=chunk-W72HEBHG.js.map
183
+ //# sourceMappingURL=chunk-6L67WIZW.js.map
package/dist/{chunk-L6G2IHDP.js → chunk-SARVLQZY.js} RENAMED
@@ -3,14 +3,14 @@ import {
3
3
  NetworkPolicy,
4
4
  Service,
5
5
  mapContainerPortToServicePort
6
- } from "./chunk-OP75IMU7.js";
6
+ } from "./chunk-WEKIQRCZ.js";
7
7
  import {
8
8
  commonExtraArgs,
9
9
  getProvider,
10
10
  mapMetadata,
11
11
  resourceIdToString,
12
12
  withPatchName
13
- } from "./chunk-HTQP2NB4.js";
13
+ } from "./chunk-Y3LZSX7I.js";
14
14
 
15
15
  // src/pvc.ts
16
16
  import { core } from "@pulumi/kubernetes";
@@ -178,7 +178,9 @@ var CreatedSecret = class extends Secret {
178
178
  {
179
179
  metadata: mapMetadata(args2, name),
180
180
  data: args2.data,
181
- stringData: args2.stringData
181
+ stringData: args2.stringData,
182
+ type: args2.type,
183
+ immutable: args2.immutable
182
184
  },
183
185
  {
184
186
  ...opts,
@@ -207,7 +209,9 @@ var SecretPatch = class extends Secret {
207
209
  {
208
210
  metadata: mapMetadata(args2, name),
209
211
  data: args2.data,
210
- stringData: args2.stringData
212
+ stringData: args2.stringData,
213
+ type: args2.type,
214
+ immutable: args2.immutable
211
215
  },
212
216
  {
213
217
  ...opts,
@@ -255,9 +259,134 @@ var ExternalSecret = class extends Secret {
255
259
  }
256
260
  };
257
261
 
258
- // src/container.ts
262
+ // src/config-map.ts
259
263
  import { core as core3 } from "@pulumi/kubernetes";
260
- import { normalize, output as output3 } from "@highstate/pulumi";
264
+ import {
265
+ ComponentResource as ComponentResource3,
266
+ output as output3
267
+ } from "@pulumi/pulumi";
268
+ var ConfigMap = class extends ComponentResource3 {
269
+ constructor(type, name, args, opts, cluster, metadata, data) {
270
+ super(type, name, args, opts);
271
+ this.cluster = cluster;
272
+ this.metadata = metadata;
273
+ this.data = data;
274
+ }
275
+ /**
276
+ * Creates a new config map.
277
+ */
278
+ static create(name, args, opts) {
279
+ return new CreatedConfigMap(name, args, opts);
280
+ }
281
+ /**
282
+ * Creates a new config map or patches an existing one.
283
+ *
284
+ * Will throw an error if the config map does not exist when `args.resource` is provided.
285
+ */
286
+ static createOrPatch(name, args, opts) {
287
+ if (!args.existing) {
288
+ return new CreatedConfigMap(name, args, opts);
289
+ }
290
+ return new ConfigMapPatch(
291
+ name,
292
+ {
293
+ ...args,
294
+ name: withPatchName("configmap", args.existing, args.cluster),
295
+ namespace: output3(args.existing).metadata.namespace
296
+ },
297
+ opts
298
+ );
299
+ }
300
+ /**
301
+ * Gets an existing config map.
302
+ *
303
+ * Will throw an error if the config map does not exist.
304
+ */
305
+ static get(name, id, cluster, opts) {
306
+ return new ExternalConfigMap(name, id, cluster, opts);
307
+ }
308
+ };
309
+ var CreatedConfigMap = class extends ConfigMap {
310
+ constructor(name, args, opts) {
311
+ const configMap = output3(args).apply(async (args2) => {
312
+ return new core3.v1.ConfigMap(
313
+ name,
314
+ {
315
+ metadata: mapMetadata(args2, name),
316
+ data: args2.data
317
+ },
318
+ {
319
+ ...opts,
320
+ parent: this,
321
+ provider: await getProvider(args2.cluster)
322
+ }
323
+ );
324
+ });
325
+ super(
326
+ "highstate:k8s:ConfigMap",
327
+ name,
328
+ args,
329
+ opts,
330
+ output3(args.cluster),
331
+ configMap.metadata,
332
+ configMap.data
333
+ );
334
+ }
335
+ };
336
+ var ConfigMapPatch = class extends ConfigMap {
337
+ constructor(name, args, opts) {
338
+ const configMap = output3(args).apply(async (args2) => {
339
+ return new core3.v1.ConfigMapPatch(
340
+ name,
341
+ {
342
+ metadata: mapMetadata(args2, name),
343
+ data: args2.data
344
+ },
345
+ {
346
+ ...opts,
347
+ parent: this,
348
+ provider: await getProvider(args2.cluster)
349
+ }
350
+ );
351
+ });
352
+ super(
353
+ "highstate:k8s:ConfigMapPatch",
354
+ name,
355
+ args,
356
+ opts,
357
+ output3(args.cluster),
358
+ configMap.metadata,
359
+ configMap.data
360
+ );
361
+ }
362
+ };
363
+ var ExternalConfigMap = class extends ConfigMap {
364
+ constructor(name, id, cluster, opts) {
365
+ const configMap = output3(id).apply(async (realName) => {
366
+ return core3.v1.ConfigMap.get(name, realName, {
367
+ ...opts,
368
+ parent: this,
369
+ provider: await getProvider(cluster)
370
+ });
371
+ });
372
+ super(
373
+ "highstate:k8s:ExternalConfigMap",
374
+ name,
375
+ { id, cluster },
376
+ opts,
377
+ output3(cluster),
378
+ configMap.metadata,
379
+ configMap.data
380
+ );
381
+ }
382
+ };
383
+
384
+ // src/container.ts
385
+ import { core as core4 } from "@pulumi/kubernetes";
386
+ import {
387
+ normalize,
388
+ output as output4
389
+ } from "@highstate/pulumi";
261
390
  import { concat, map, omit as omit2 } from "remeda";
262
391
  var containerExtraArgs = [
263
392
  "port",
@@ -348,7 +477,7 @@ function mapVolumeMount(volumeMount) {
348
477
  return omit2(
349
478
  {
350
479
  ...volumeMount,
351
- name: output3(volumeMount.volume).apply(mapWorkloadVolume).apply((volume) => output3(volume.name))
480
+ name: output4(volumeMount.volume).apply(mapWorkloadVolume).apply((volume) => output4(volume.name))
352
481
  },
353
482
  ["volume"]
354
483
  );
@@ -359,14 +488,14 @@ function mapVolumeMount(volumeMount) {
359
488
  };
360
489
  }
361
490
  function mapEnvironmentSource(envFrom) {
362
- if (envFrom instanceof core3.v1.ConfigMap) {
491
+ if (envFrom instanceof core4.v1.ConfigMap) {
363
492
  return {
364
493
  configMapRef: {
365
494
  name: envFrom.metadata.name
366
495
  }
367
496
  };
368
497
  }
369
- if (envFrom instanceof core3.v1.Secret) {
498
+ if (envFrom instanceof core4.v1.Secret) {
370
499
  return {
371
500
  secretRef: {
372
501
  name: envFrom.metadata.name
@@ -392,7 +521,15 @@ function mapWorkloadVolume(volume) {
392
521
  }
393
522
  };
394
523
  }
395
- if (core3.v1.PersistentVolumeClaim.isInstance(volume)) {
524
+ if (volume instanceof ConfigMap) {
525
+ return {
526
+ name: volume.metadata.name,
527
+ configMap: {
528
+ name: volume.metadata.name
529
+ }
530
+ };
531
+ }
532
+ if (core4.v1.PersistentVolumeClaim.isInstance(volume)) {
396
533
  return {
397
534
  name: volume.metadata.name,
398
535
  persistentVolumeClaim: {
@@ -400,7 +537,7 @@ function mapWorkloadVolume(volume) {
400
537
  }
401
538
  };
402
539
  }
403
- if (core3.v1.ConfigMap.isInstance(volume)) {
540
+ if (core4.v1.ConfigMap.isInstance(volume)) {
404
541
  return {
405
542
  name: volume.metadata.name,
406
543
  configMap: {
@@ -408,7 +545,7 @@ function mapWorkloadVolume(volume) {
408
545
  }
409
546
  };
410
547
  }
411
- if (core3.v1.Secret.isInstance(volume)) {
548
+ if (core4.v1.Secret.isInstance(volume)) {
412
549
  return {
413
550
  name: volume.metadata.name,
414
551
  secret: {
@@ -418,18 +555,40 @@ function mapWorkloadVolume(volume) {
418
555
  }
419
556
  return volume;
420
557
  }
558
+ function getWorkloadVolumeResourceUuid(volume) {
559
+ if (volume instanceof PersistentVolumeClaim) {
560
+ return volume.metadata.uid;
561
+ }
562
+ if (volume instanceof Secret) {
563
+ return volume.metadata.uid;
564
+ }
565
+ if (volume instanceof ConfigMap) {
566
+ return volume.metadata.uid;
567
+ }
568
+ if (core4.v1.PersistentVolumeClaim.isInstance(volume)) {
569
+ return volume.metadata.uid;
570
+ }
571
+ if (core4.v1.ConfigMap.isInstance(volume)) {
572
+ return volume.metadata.uid;
573
+ }
574
+ if (core4.v1.Secret.isInstance(volume)) {
575
+ return volume.metadata.uid;
576
+ }
577
+ return output4(void 0);
578
+ }
421
579
 
422
580
  // src/workload.ts
423
581
  import {
424
582
  normalize as normalize2
425
583
  } from "@highstate/pulumi";
426
584
  import {
427
- ComponentResource as ComponentResource3,
585
+ ComponentResource as ComponentResource4,
428
586
  interpolate,
429
- output as output4
587
+ output as output5
430
588
  } from "@pulumi/pulumi";
431
- import { uniqueBy } from "remeda";
589
+ import { filter, isNonNullish, unique, uniqueBy } from "remeda";
432
590
  import { deepmerge as deepmerge2 } from "deepmerge-ts";
591
+ import { sha256 } from "crypto-hash";
433
592
 
434
593
  // src/pod.ts
435
594
  var podSpecDefaults = {
@@ -443,26 +602,29 @@ function getWorkloadComponents(name, args, parent, opts) {
443
602
  const labels = {
444
603
  "app.kubernetes.io/name": name
445
604
  };
446
- const containers = output4(args).apply((args2) => normalize2(args2.container, args2.containers));
447
- const volumes = containers.apply((containers2) => {
448
- const containerVolumes = containers2.flatMap((container) => normalize2(container.volume, container.volumes)).map(mapWorkloadVolume);
605
+ const containers = output5(args).apply((args2) => normalize2(args2.container, args2.containers));
606
+ const rawVolumes = containers.apply((containers2) => {
607
+ const containerVolumes = containers2.flatMap(
608
+ (container) => normalize2(container.volume, container.volumes)
609
+ );
449
610
  const containerVolumeMounts = containers2.flatMap((container) => {
450
611
  return normalize2(container.volumeMount, container.volumeMounts).map((volumeMount) => {
451
612
  return "volume" in volumeMount ? volumeMount.volume : void 0;
452
613
  }).filter(Boolean);
453
- }).map(mapWorkloadVolume);
454
- return output4([...containerVolumes, ...containerVolumeMounts]).apply(
455
- uniqueBy((volume) => volume.name)
456
- );
614
+ });
615
+ return output5([...containerVolumes, ...containerVolumeMounts]);
616
+ });
617
+ const volumes = rawVolumes.apply((rawVolumes2) => {
618
+ return output5(rawVolumes2.map(mapWorkloadVolume)).apply(uniqueBy((volume) => volume.name));
457
619
  });
458
- const podSpec = output4({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
620
+ const podSpec = output5({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
459
621
  const spec = {
460
622
  volumes: volumes2,
461
623
  containers: containers2.map((container) => mapContainerToRaw(container, args2.cluster, name)),
462
624
  ...podSpecDefaults
463
625
  };
464
626
  if (containers2.some((container) => container.enableTun) && args2.cluster.quirks?.tunDevicePolicy?.type !== "plugin") {
465
- spec.volumes = output4(spec.volumes).apply((volumes3) => [
627
+ spec.volumes = output5(spec.volumes).apply((volumes3) => [
466
628
  ...volumes3 ?? [],
467
629
  {
468
630
  name: "tun-device",
@@ -474,26 +636,36 @@ function getWorkloadComponents(name, args, parent, opts) {
474
636
  }
475
637
  return spec;
476
638
  });
477
- const podTemplate = podSpec.apply((podSpec2) => {
639
+ const dependencyHash = rawVolumes.apply((rawVolumes2) => {
640
+ return output5(rawVolumes2.map(getWorkloadVolumeResourceUuid)).apply(filter(isNonNullish)).apply(unique()).apply((ids) => sha256(ids.join(",")));
641
+ });
642
+ const podTemplate = output5({ podSpec, dependencyHash }).apply(({ podSpec: podSpec2, dependencyHash: dependencyHash2 }) => {
478
643
  return {
479
- metadata: { labels },
644
+ metadata: {
645
+ labels,
646
+ annotations: {
647
+ "highstate.io/dependency-hash": dependencyHash2
648
+ }
649
+ },
480
650
  spec: podSpec2
481
651
  };
482
652
  });
483
- const networkPolicy = containers.apply((containers2) => {
653
+ const networkPolicy = output5({ args, containers }).apply(({ args: args2, containers: containers2 }) => {
484
654
  const allowedEndpoints = containers2.flatMap((container) => container.allowedEndpoints ?? []);
485
- if (allowedEndpoints.length === 0) {
486
- return void 0;
655
+ if (allowedEndpoints.length === 0 && !args2.networkPolicy) {
656
+ return output5(void 0);
487
657
  }
488
658
  return NetworkPolicy.create(
489
659
  name,
490
660
  {
491
- cluster: args.cluster,
492
- namespace: args.namespace,
661
+ cluster: args2.cluster,
662
+ namespace: args2.namespace,
493
663
  selector: labels,
494
- egressRule: {
495
- toEndpoints: allowedEndpoints
496
- }
664
+ ...args2.networkPolicy,
665
+ egressRules: [
666
+ ...args2.networkPolicy?.egressRules ?? [],
667
+ ...allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []
668
+ ]
497
669
  },
498
670
  { ...opts, parent: parent() }
499
671
  );
@@ -502,7 +674,7 @@ function getWorkloadComponents(name, args, parent, opts) {
502
674
  }
503
675
  function getExposableWorkloadComponents(name, args, parent, opts) {
504
676
  const { labels, containers, volumes, podSpec, podTemplate, networkPolicy } = getWorkloadComponents(name, args, parent, opts);
505
- const service = output4({ args, containers }).apply(async ({ args: args2, containers: containers2 }) => {
677
+ const service = output5({ args, containers }).apply(async ({ args: args2, containers: containers2 }) => {
506
678
  if (!args2.service && !args2.httpRoute) {
507
679
  return void 0;
508
680
  }
@@ -532,7 +704,7 @@ function getExposableWorkloadComponents(name, args, parent, opts) {
532
704
  }
533
705
  );
534
706
  });
535
- const httpRoute = output4({
707
+ const httpRoute = output5({
536
708
  args,
537
709
  service
538
710
  }).apply(async ({ args: args2, service: service2 }) => {
@@ -560,7 +732,7 @@ function getExposableWorkloadComponents(name, args, parent, opts) {
560
732
  });
561
733
  return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, httpRoute };
562
734
  }
563
- var Workload = class extends ComponentResource3 {
735
+ var Workload = class extends ComponentResource4 {
564
736
  constructor(type, name, args, opts, resourceType, cluster, metadata, networkPolicy) {
565
737
  super(type, name, args, opts);
566
738
  this.name = name;
@@ -574,11 +746,11 @@ var Workload = class extends ComponentResource3 {
574
746
  * The instance terminal to interact with the deployment.
575
747
  */
576
748
  get terminal() {
577
- const containerName = output4(this.args).apply((args) => {
749
+ const containerName = output5(this.args).apply((args) => {
578
750
  const containers = normalize2(args.container, args.containers);
579
751
  return containers[0]?.name ?? this.name;
580
752
  });
581
- return output4({
753
+ return output5({
582
754
  name: this.metadata.name,
583
755
  title: this.metadata.name,
584
756
  image: "ghcr.io/exeteres/highstate/terminal-kubectl",
@@ -653,9 +825,9 @@ var ExposableWorkload = class extends Workload {
653
825
  * Creates a generic workload or patches the existing one.
654
826
  */
655
827
  static createOrPatchGeneric(name, args, opts) {
656
- return output4(args).apply(async (args2) => {
828
+ return output5(args).apply(async (args2) => {
657
829
  if (args2.existing?.type === "k8s.deployment") {
658
- const { Deployment } = await import("./deployment-A26RVQ73.js");
830
+ const { Deployment } = await import("./deployment-QTPBNKO5.js");
659
831
  return Deployment.patch(
660
832
  name,
661
833
  {
@@ -667,7 +839,7 @@ var ExposableWorkload = class extends Workload {
667
839
  );
668
840
  }
669
841
  if (args2.existing?.type === "k8s.stateful-set") {
670
- const { StatefulSet } = await import("./stateful-set-S5BHTDJY.js");
842
+ const { StatefulSet } = await import("./stateful-set-K4GV7ZTK.js");
671
843
  return StatefulSet.patch(
672
844
  name,
673
845
  {
@@ -679,11 +851,11 @@ var ExposableWorkload = class extends Workload {
679
851
  );
680
852
  }
681
853
  if (args2.type === "Deployment") {
682
- const { Deployment } = await import("./deployment-A26RVQ73.js");
854
+ const { Deployment } = await import("./deployment-QTPBNKO5.js");
683
855
  return Deployment.create(name, deepmerge2(args2, args2.deployment), opts);
684
856
  }
685
857
  if (args2.type === "StatefulSet") {
686
- const { StatefulSet } = await import("./stateful-set-S5BHTDJY.js");
858
+ const { StatefulSet } = await import("./stateful-set-K4GV7ZTK.js");
687
859
  return StatefulSet.create(name, deepmerge2(args2, args2.statefulSet), opts);
688
860
  }
689
861
  throw new Error(`Unknown workload type: ${args2.type}`);
@@ -694,10 +866,11 @@ var ExposableWorkload = class extends Workload {
694
866
  export {
695
867
  PersistentVolumeClaim,
696
868
  Secret,
869
+ ConfigMap,
697
870
  exposableWorkloadExtraArgs,
698
871
  getWorkloadComponents,
699
872
  getExposableWorkloadComponents,
700
873
  Workload,
701
874
  ExposableWorkload
702
875
  };
703
- //# sourceMappingURL=chunk-L6G2IHDP.js.map
876
+ //# sourceMappingURL=chunk-SARVLQZY.js.map
package/dist/chunk-SARVLQZY.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/pvc.ts","../src/secret.ts","../src/config-map.ts","../src/container.ts","../src/workload.ts","../src/pod.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n Output,\n output,\n type ComponentResourceOptions,\n type CustomResourceOptions,\n type Input,\n type Inputs,\n} from \"@highstate/pulumi\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { omit } from \"remeda\"\nimport {\n commonExtraArgs,\n getProvider,\n mapMetadata,\n resourceIdToString,\n type CommonArgs,\n type ResourceId,\n} from \"./shared\"\n\nexport type PersistentVolumeClaimArgs = CommonArgs &\n types.input.core.v1.PersistentVolumeClaimSpec & {\n /**\n * The size of the volume to request.\n *\n * By default, the size is set to \"100Mi\".\n */\n size?: string\n }\n\nexport type CreateOrGetPersistentVolumeClaimArgs = PersistentVolumeClaimArgs & {\n existing: Input<k8s.PersistentVolumeClaim> | undefined\n}\n\nconst extraPersistentVolumeClaimArgs = [...commonExtraArgs, \"size\"] as const\n\nexport abstract class PersistentVolumeClaim extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions,\n\n /**\n * The cluster where the PVC is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes PVC.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes PVC.\n */\n readonly spec: Output<types.output.core.v1.PersistentVolumeClaimSpec>,\n\n /**\n * The status of the underlying Kubernetes PVC.\n */\n readonly status: Output<types.output.core.v1.PersistentVolumeClaimStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The Highstate PVC entity.\n */\n get entity(): Output<k8s.PersistentVolumeClaim> {\n return output({\n type: \"k8s.persistent-volume-claim\",\n clusterId: this.cluster.id,\n metadata: this.metadata,\n })\n }\n\n static create(\n name: string,\n args: PersistentVolumeClaimArgs,\n opts: ComponentResourceOptions,\n ): PersistentVolumeClaim {\n return new CreatedPersistentVolumeClaim(name, args, opts)\n }\n\n static of(\n name: string,\n entity: Input<k8s.PersistentVolumeClaim>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ): PersistentVolumeClaim {\n return new ExternalPersistentVolumeClaim(name, output(entity).metadata, cluster, opts)\n }\n\n static createOrGet(\n name: string,\n args: CreateOrGetPersistentVolumeClaimArgs,\n opts: ComponentResourceOptions,\n ): PersistentVolumeClaim {\n if (!args.existing) {\n return new CreatedPersistentVolumeClaim(name, args, opts)\n }\n\n return new ExternalPersistentVolumeClaim(\n name,\n output(args.existing).metadata,\n args.cluster,\n opts,\n )\n }\n}\n\nexport class CreatedPersistentVolumeClaim extends PersistentVolumeClaim {\n constructor(name: string, args: PersistentVolumeClaimArgs, opts: CustomResourceOptions) {\n const pvc = output(args).apply(async args => {\n return new core.v1.PersistentVolumeClaim(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: deepmerge(\n {\n accessModes: [\"ReadWriteOnce\"],\n resources: {\n requests: {\n storage: args.size ?? \"100Mi\",\n },\n },\n } satisfies types.input.core.v1.PersistentVolumeClaimSpec,\n omit(args, extraPersistentVolumeClaimArgs),\n ),\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"k8s:PersistentVolumeClaim\",\n name,\n args,\n opts,\n\n output(args.cluster),\n pvc.metadata,\n pvc.spec,\n pvc.status,\n )\n }\n}\n\nexport class ExternalPersistentVolumeClaim extends PersistentVolumeClaim {\n constructor(\n name: string,\n id: Input<ResourceId>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ) {\n const pvc = output(id).apply(async id => {\n return core.v1.PersistentVolumeClaim.get(\n //\n name,\n resourceIdToString(id),\n {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ExternalPersistentVolumeClaim\",\n name,\n { id, cluster },\n opts,\n\n output(cluster),\n pvc.metadata,\n pvc.spec,\n pvc.status,\n )\n }\n}\n\nexport function getAutoVolumeName(workloadName: string, index: number): string {\n if (index === 0) {\n return `${workloadName}-data`\n }\n\n return `${workloadName}-data-${index}`\n}\n","import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@pulumi/pulumi\"\nimport { getProvider, mapMetadata, withPatchName, type CommonArgs } from \"./shared\"\n\nexport type SecretArgs = CommonArgs &\n Omit<types.input.core.v1.Secret, \"kind\" | \"metadata\" | \"apiVersion\">\n\nexport type CreateOrPatchSecretArgs = SecretArgs & {\n /**\n * The resource to use to determine the name of the secret.\n *\n * If not provided, the secret will be created, otherwise it will be retrieved/patched.\n */\n existing: Input<k8s.Resource> | undefined\n}\n\nexport abstract class Secret extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the secret is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes secret.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The data of the underlying Kubernetes secret.\n */\n readonly data: Output<Record<string, string>>,\n\n /**\n * The stringData of the underlying Kubernetes secret.\n */\n readonly stringData: Output<Record<string, string>>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * Creates a new secret.\n */\n static create(name: string, args: SecretArgs, opts?: ComponentResourceOptions): Secret {\n return new CreatedSecret(name, args, opts)\n }\n\n /**\n * Creates a new secret or patches an existing one.\n *\n * Will throw an error if the secret does not exist when `args.resource` is provided.\n */\n static createOrPatch(\n name: string,\n args: CreateOrPatchSecretArgs,\n opts?: ComponentResourceOptions,\n ): Secret {\n if (!args.existing) {\n return new CreatedSecret(name, args, opts)\n }\n\n return new SecretPatch(\n name,\n {\n ...args,\n name: withPatchName(\"secret\", args.existing, args.cluster),\n namespace: output(args.existing).metadata.namespace,\n },\n opts,\n )\n }\n\n /**\n * Gets an existing secret.\n *\n * Will throw an error if the secret does not exist.\n */\n static get(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Secret {\n return new ExternalSecret(name, id, cluster, opts)\n }\n}\n\nclass CreatedSecret extends Secret {\n constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args).apply(async args => {\n return new core.v1.Secret(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n stringData: args.stringData,\n type: args.type,\n immutable: args.immutable,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:Secret\",\n name,\n args,\n opts,\n output(args.cluster),\n secret.metadata,\n secret.data,\n secret.stringData,\n )\n }\n}\n\nclass SecretPatch extends Secret {\n constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args).apply(async args => {\n return new core.v1.SecretPatch(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n stringData: args.stringData,\n type: args.type,\n immutable: args.immutable,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:SecretPatch\",\n name,\n args,\n opts,\n output(args.cluster),\n secret.metadata,\n secret.data,\n secret.stringData,\n )\n }\n}\n\nclass ExternalSecret extends Secret {\n constructor(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const secret = output(id).apply(async realName => {\n return core.v1.Secret.get(\n //\n name,\n realName,\n {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ExternalSecret\",\n name,\n { id, cluster },\n opts,\n output(cluster),\n secret.metadata,\n secret.data,\n secret.stringData,\n )\n }\n}\n","import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@pulumi/pulumi\"\nimport { getProvider, mapMetadata, withPatchName, type CommonArgs } from \"./shared\"\n\nexport type ConfigMapArgs = CommonArgs &\n Omit<types.input.core.v1.ConfigMap, \"kind\" | \"metadata\" | \"apiVersion\">\n\nexport type CreateOrPatchConfigMapArgs = ConfigMapArgs & {\n /**\n * The resource to use to determine the name of the config map.\n *\n * If not provided, the config map will be created, otherwise it will be retrieved/patched.\n */\n existing: Input<k8s.Resource> | undefined\n}\n\nexport abstract class ConfigMap extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the config map is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes config map.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The data of the underlying Kubernetes config map.\n */\n readonly data: Output<Record<string, string>>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * Creates a new config map.\n */\n static create(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions): ConfigMap {\n return new CreatedConfigMap(name, args, opts)\n }\n\n /**\n * Creates a new config map or patches an existing one.\n *\n * Will throw an error if the config map does not exist when `args.resource` is provided.\n */\n static createOrPatch(\n name: string,\n args: CreateOrPatchConfigMapArgs,\n opts?: ComponentResourceOptions,\n ): ConfigMap {\n if (!args.existing) {\n return new CreatedConfigMap(name, args, opts)\n }\n\n return new ConfigMapPatch(\n name,\n {\n ...args,\n name: withPatchName(\"configmap\", args.existing, args.cluster),\n namespace: output(args.existing).metadata.namespace,\n },\n opts,\n )\n }\n\n /**\n * Gets an existing config map.\n *\n * Will throw an error if the config map does not exist.\n */\n static get(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): ConfigMap {\n return new ExternalConfigMap(name, id, cluster, opts)\n }\n}\n\nclass CreatedConfigMap extends ConfigMap {\n constructor(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions) {\n const configMap = output(args).apply(async args => {\n return new core.v1.ConfigMap(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ConfigMap\",\n name,\n args,\n opts,\n output(args.cluster),\n configMap.metadata,\n configMap.data,\n )\n }\n}\n\nclass ConfigMapPatch extends ConfigMap {\n constructor(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions) {\n const configMap = output(args).apply(async args => {\n return new core.v1.ConfigMapPatch(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ConfigMapPatch\",\n name,\n args,\n opts,\n output(args.cluster),\n configMap.metadata,\n configMap.data,\n )\n }\n}\n\nclass ExternalConfigMap extends ConfigMap {\n constructor(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const configMap = output(id).apply(async realName => {\n return core.v1.ConfigMap.get(name, realName, {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n })\n })\n\n super(\n \"highstate:k8s:ExternalConfigMap\",\n name,\n { id, cluster },\n opts,\n output(cluster),\n configMap.metadata,\n configMap.data,\n )\n }\n}\n","import type { PartialKeys } from \"@highstate/contract\"\nimport type { k8s, network } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n normalize,\n Output,\n output,\n type Input,\n type InputArray,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { concat, map, omit } from \"remeda\"\nimport { PersistentVolumeClaim } from \"./pvc\"\nimport { Secret } from \"./secret\"\nimport { ConfigMap } from \"./config-map\"\n\nexport type Container = Omit<PartialKeys<types.input.core.v1.Container, \"name\">, \"volumeMounts\"> & {\n /**\n * The single port to add to the container.\n */\n port?: Input<types.input.core.v1.ContainerPort>\n\n /**\n * The volume mount to attach to the container.\n */\n volumeMount?: Input<ContainerVolumeMount>\n\n /**\n * The volume mounts to attach to the container.\n */\n volumeMounts?: InputArray<ContainerVolumeMount>\n\n /**\n * The volume to include in the parent workload.\n * It is like the `volumes` property, but defined at the container level.\n * It will be defined as a volume mount in the parent workload automatically.\n */\n volume?: Input<WorkloadVolume>\n\n /**\n * The volumes to include in the parent workload.\n * It is like the `volumes` property, but defined at the container level.\n * It will be defined as a volume mount in the parent workload automatically.\n */\n volumes?: InputArray<WorkloadVolume>\n\n /**\n * The map of environment variables to set in the container.\n * It is like the `env` property, but more convenient to use.\n */\n environment?: Input<ContainerEnvironment>\n\n /**\n * The source of environment variables to set in the container.\n * It is like the `envFrom` property, but more convenient to use.\n */\n environmentSource?: Input<ContainerEnvironmentSource>\n\n /**\n * The sources of environment variables to set in the container.\n * It is like the `envFrom` property, but more convenient to use.\n */\n environmentSources?: InputArray<ContainerEnvironmentSource>\n\n /**\n * The list of endpoints that the container is allowed to access.\n *\n * This is used to generate a network policy.\n */\n allowedEndpoints?: InputArray<network.L34Endpoint>\n\n /**\n * Enable the TUN device in the container.\n *\n * All necessary security context settings will be applied to the container.\n */\n enableTun?: Input<boolean>\n}\n\nconst containerExtraArgs = [\n \"port\",\n \"volumeMount\",\n \"volume\",\n \"environment\",\n \"environmentSource\",\n \"environmentSources\",\n] as const\n\nexport type ContainerEnvironment = Record<\n string,\n Input<string | undefined | null | ContainerEnvironmentVariable>\n>\n\nexport type ContainerEnvironmentVariable =\n | types.input.core.v1.EnvVarSource\n | {\n /**\n * The secret to select from.\n */\n secret: Input<core.v1.Secret | Secret>\n\n /**\n * The key of the secret to select from.\n */\n key: string\n }\n | {\n /**\n * The config map to select from.\n */\n configMap: Input<core.v1.ConfigMap>\n\n /**\n * The key of the config map to select from.\n */\n key: string\n }\n\nexport type ContainerEnvironmentSource =\n | types.input.core.v1.EnvFromSource\n | core.v1.ConfigMap\n | core.v1.Secret\n\nexport type ContainerVolumeMount =\n | types.input.core.v1.VolumeMount\n | (Omit<types.input.core.v1.VolumeMount, \"name\"> & {\n /**\n * The volume to mount.\n */\n volume: Input<WorkloadVolume>\n })\n\nexport type WorkloadVolume =\n | types.input.core.v1.Volume\n | core.v1.PersistentVolumeClaim\n | PersistentVolumeClaim\n | core.v1.ConfigMap\n | ConfigMap\n | core.v1.Secret\n | Secret\n\nexport function mapContainerToRaw(\n container: Unwrap<Container>,\n cluster: k8s.Cluster,\n fallbackName: string,\n): types.input.core.v1.Container {\n const containerName = container.name ?? fallbackName\n\n const spec = {\n ...omit(container, containerExtraArgs),\n\n name: containerName,\n ports: normalize(container.port, container.ports),\n\n volumeMounts: map(normalize(container.volumeMount, container.volumeMounts), mapVolumeMount),\n\n env: concat(\n container.environment ? mapContainerEnvironment(container.environment) : [],\n container.env ?? [],\n ),\n\n envFrom: concat(\n map(\n normalize(container.environmentSource, container.environmentSources),\n mapEnvironmentSource,\n ),\n container.envFrom ?? [],\n ),\n } as Unwrap<types.input.core.v1.Container>\n\n if (container.enableTun) {\n spec.securityContext ??= {}\n spec.securityContext.capabilities ??= {}\n spec.securityContext.capabilities.add = [\"NET_ADMIN\"]\n\n if (cluster.quirks?.tunDevicePolicy?.type === \"plugin\") {\n spec.resources ??= {}\n spec.resources.limits ??= {}\n spec.resources.limits[cluster.quirks.tunDevicePolicy.resourceName] =\n cluster.quirks.tunDevicePolicy.resourceValue\n } else {\n spec.volumeMounts ??= []\n spec.volumeMounts.push({\n name: \"tun-device\",\n mountPath: \"/dev/net/tun\",\n readOnly: false,\n })\n }\n }\n\n return spec\n}\n\nexport function mapContainerEnvironment(\n environment: Unwrap<ContainerEnvironment>,\n): types.input.core.v1.EnvVar[] {\n const envVars: types.input.core.v1.EnvVar[] = []\n\n for (const [name, value] of Object.entries(environment)) {\n if (!value) {\n continue\n }\n\n if (typeof value === \"string\") {\n envVars.push({ name, value })\n continue\n }\n\n if (\"secret\" in value) {\n envVars.push({\n name,\n valueFrom: {\n secretKeyRef: {\n name: value.secret.metadata.name,\n key: value.key,\n },\n },\n })\n continue\n }\n\n if (\"configMap\" in value) {\n envVars.push({\n name,\n valueFrom: {\n configMapKeyRef: {\n name: value.configMap.metadata.name,\n key: value.key,\n },\n },\n })\n continue\n }\n\n envVars.push({ name, valueFrom: value })\n }\n\n return envVars\n}\n\nexport function mapVolumeMount(volumeMount: ContainerVolumeMount): types.input.core.v1.VolumeMount {\n if (\"volume\" in volumeMount) {\n return omit(\n {\n ...volumeMount,\n name: output(volumeMount.volume)\n .apply(mapWorkloadVolume)\n .apply(volume => output(volume.name)),\n },\n [\"volume\"],\n )\n }\n\n return {\n ...volumeMount,\n name: volumeMount.name,\n }\n}\n\nexport function mapEnvironmentSource(\n envFrom: ContainerEnvironmentSource,\n): types.input.core.v1.EnvFromSource {\n if (envFrom instanceof core.v1.ConfigMap) {\n return {\n configMapRef: {\n name: envFrom.metadata.name,\n },\n }\n }\n\n if (envFrom instanceof core.v1.Secret) {\n return {\n secretRef: {\n name: envFrom.metadata.name,\n },\n }\n }\n\n return envFrom\n}\n\nexport function mapWorkloadVolume(volume: WorkloadVolume) {\n if (volume instanceof PersistentVolumeClaim) {\n return {\n name: volume.metadata.name,\n persistentVolumeClaim: {\n claimName: volume.metadata.name,\n },\n }\n }\n\n if (volume instanceof Secret) {\n return {\n name: volume.metadata.name,\n secret: {\n secretName: volume.metadata.name,\n },\n }\n }\n\n if (volume instanceof ConfigMap) {\n return {\n name: volume.metadata.name,\n configMap: {\n name: volume.metadata.name,\n },\n }\n }\n\n if (core.v1.PersistentVolumeClaim.isInstance(volume)) {\n return {\n name: volume.metadata.name,\n persistentVolumeClaim: {\n claimName: volume.metadata.name,\n },\n }\n }\n\n if (core.v1.ConfigMap.isInstance(volume)) {\n return {\n name: volume.metadata.name,\n configMap: {\n name: volume.metadata.name,\n },\n }\n }\n\n if (core.v1.Secret.isInstance(volume)) {\n return {\n name: volume.metadata.name,\n secret: {\n secretName: volume.metadata.name,\n },\n }\n }\n\n return volume\n}\n\nexport function getWorkloadVolumeResourceUuid(volume: WorkloadVolume): Output<string | undefined> {\n if (volume instanceof PersistentVolumeClaim) {\n return volume.metadata.uid\n }\n\n if (volume instanceof Secret) {\n return volume.metadata.uid\n }\n\n if (volume instanceof ConfigMap) {\n return volume.metadata.uid\n }\n\n if (core.v1.PersistentVolumeClaim.isInstance(volume)) {\n return volume.metadata.uid\n }\n\n if (core.v1.ConfigMap.isInstance(volume)) {\n return volume.metadata.uid\n }\n\n if (core.v1.Secret.isInstance(volume)) {\n return volume.metadata.uid\n }\n\n return output(undefined)\n}\n","import type { k8s } from \"@highstate/library\"\nimport type { DeploymentArgs } from \"./deployment\"\nimport type { StatefulSetArgs } from \"./stateful-set\"\nimport type { types } from \"@pulumi/kubernetes\"\nimport {\n normalize,\n type ComponentResourceOptions,\n type InputArray,\n type InstanceTerminal,\n} from \"@highstate/pulumi\"\nimport {\n ComponentResource,\n interpolate,\n Output,\n output,\n type CustomResourceOptions,\n type Input,\n} from \"@pulumi/pulumi\"\nimport { filter, isNonNullish, unique, uniqueBy } from \"remeda\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { sha256 } from \"crypto-hash\"\nimport { commonExtraArgs, getProvider, type CommonArgs } from \"./shared\"\nimport { mapContainerPortToServicePort, Service, type ServiceArgs } from \"./service\"\nimport { HttpRoute, type HttpRouteArgs } from \"./gateway\"\nimport {\n getWorkloadVolumeResourceUuid,\n mapContainerToRaw,\n mapWorkloadVolume,\n type Container,\n type WorkloadVolume,\n} from \"./container\"\nimport { NetworkPolicy, type NetworkPolicyArgs } from \"./network-policy\"\nimport { podSpecDefaults } from \"./pod\"\n\nexport type WorkloadArgs = CommonArgs & {\n container?: Input<Container>\n containers?: InputArray<Container>\n\n /**\n * The shell to use in the terminal.\n *\n * By default, `bash` is used.\n */\n terminalShell?: string\n\n /**\n * The network policy to apply to the deployment.\n */\n networkPolicy?: Input<Omit<NetworkPolicyArgs, \"selector\" | \"cluster\" | \"namespace\">>\n}\n\nexport const workloadExtraArgs = [...commonExtraArgs, \"container\", \"containers\"] as const\n\nexport type ExposableWorkloadArgs = WorkloadArgs & {\n service?: Input<Omit<ServiceArgs, \"cluster\" | \"namespace\">>\n httpRoute?: Input<Omit<HttpRouteArgs, \"cluster\" | \"namespace\">>\n\n /**\n * The existing workload to patch.\n */\n existing?: Input<k8s.ExposableWorkload>\n}\n\nexport const exposableWorkloadExtraArgs = [...workloadExtraArgs, \"service\", \"httpRoute\"] as const\n\nexport type ExposableWorkloadType = \"Deployment\" | \"StatefulSet\"\n\nexport type GenericExposableWorkloadArgs = Omit<ExposableWorkloadArgs, \"existing\"> & {\n /**\n * The type of workload to create.\n *\n * Will be ignored if the `existing` argument is provided.\n */\n type: ExposableWorkloadType\n\n /**\n * The existing workload to patch.\n */\n existing: Input<k8s.ExposableWorkload | undefined>\n\n /**\n * The args specific to the \"Deployment\" workload type.\n *\n * Will be ignored for other workload types.\n */\n deployment?: Input<DeploymentArgs>\n\n /**\n * The args specific to the \"StatefulSet\" workload type.\n *\n * Will be ignored for other workload types.\n */\n statefulSet?: Input<StatefulSetArgs>\n}\n\nexport function getWorkloadComponents(\n name: string,\n args: WorkloadArgs,\n parent: () => ComponentResource,\n opts: ComponentResourceOptions | undefined,\n) {\n const labels = {\n \"app.kubernetes.io/name\": name,\n }\n\n const containers = output(args).apply(args => normalize(args.container, args.containers))\n\n const rawVolumes = containers.apply(containers => {\n const containerVolumes = containers.flatMap(container =>\n normalize(container.volume, container.volumes),\n )\n\n const containerVolumeMounts = containers.flatMap(container => {\n return normalize(container.volumeMount, container.volumeMounts)\n .map(volumeMount => {\n return \"volume\" in volumeMount ? volumeMount.volume : undefined\n })\n .filter(Boolean) as WorkloadVolume[]\n })\n\n return output([...containerVolumes, ...containerVolumeMounts])\n })\n\n const volumes = rawVolumes.apply(rawVolumes => {\n return output(rawVolumes.map(mapWorkloadVolume)).apply(uniqueBy(volume => volume.name))\n })\n\n const podSpec = output({ args, containers, volumes }).apply(({ args, containers, volumes }) => {\n const spec = {\n volumes,\n containers: containers.map(container => mapContainerToRaw(container, args.cluster, name)),\n ...podSpecDefaults,\n } satisfies types.input.core.v1.PodSpec\n\n if (\n containers.some(container => container.enableTun) &&\n args.cluster.quirks?.tunDevicePolicy?.type !== \"plugin\"\n ) {\n spec.volumes = output(spec.volumes).apply(volumes => [\n ...(volumes ?? []),\n {\n name: \"tun-device\",\n hostPath: {\n path: \"/dev/net/tun\",\n },\n },\n ])\n }\n\n return spec\n })\n\n const dependencyHash = rawVolumes.apply(rawVolumes => {\n return output(rawVolumes.map(getWorkloadVolumeResourceUuid))\n .apply(filter(isNonNullish))\n .apply(unique())\n .apply(ids => sha256(ids.join(\",\")))\n })\n\n const podTemplate = output({ podSpec, dependencyHash }).apply(({ podSpec, dependencyHash }) => {\n return {\n metadata: {\n labels,\n annotations: {\n \"highstate.io/dependency-hash\": dependencyHash,\n },\n },\n spec: podSpec,\n } satisfies types.input.core.v1.PodTemplateSpec\n })\n\n const networkPolicy = output({ args, containers }).apply(({ args, containers }) => {\n const allowedEndpoints = containers.flatMap(container => container.allowedEndpoints ?? [])\n\n if (allowedEndpoints.length === 0 && !args.networkPolicy) {\n return output(undefined)\n }\n\n return NetworkPolicy.create(\n name,\n {\n cluster: args.cluster,\n namespace: args.namespace,\n selector: labels,\n\n ...args.networkPolicy,\n\n egressRules: [\n ...(args.networkPolicy?.egressRules ?? []),\n ...(allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []),\n ],\n },\n { ...opts, parent: parent() },\n )\n })\n\n return { labels, containers, volumes, podSpec, podTemplate, networkPolicy }\n}\n\nexport function getExposableWorkloadComponents(\n name: string,\n args: ExposableWorkloadArgs,\n parent: () => ComponentResource,\n opts: ComponentResourceOptions | undefined,\n) {\n const { labels, containers, volumes, podSpec, podTemplate, networkPolicy } =\n getWorkloadComponents(name, args, parent, opts)\n\n const service = output({ args, containers }).apply(async ({ args, containers }) => {\n if (!args.service && !args.httpRoute) {\n return undefined\n }\n\n if (args.existing?.service) {\n return Service.of(name, args.existing.service, args.cluster, { ...opts, parent: parent() })\n }\n\n if (args.existing) {\n return undefined\n }\n\n const ports = containers.flatMap(container => normalize(container.port, container.ports))\n\n return Service.create(\n name,\n {\n ...args.service,\n selector: labels,\n cluster: args.cluster,\n namespace: args.namespace,\n\n ports:\n // allow to completely override the ports\n !args.service?.port && !args.service?.ports\n ? ports.map(mapContainerPortToServicePort)\n : args.service?.ports,\n },\n {\n ...opts,\n parent: parent(),\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n const httpRoute = output({\n args,\n service,\n }).apply(async ({ args, service }) => {\n if (!args.httpRoute || !service) {\n return undefined\n }\n\n if (args.existing) {\n return undefined\n }\n\n return new HttpRoute(\n name,\n {\n ...args.httpRoute,\n cluster: args.cluster,\n rule: {\n backend: service,\n },\n },\n {\n ...opts,\n parent: parent(),\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, httpRoute }\n}\n\nexport abstract class Workload extends ComponentResource {\n protected constructor(\n type: string,\n protected readonly name: string,\n private readonly args: WorkloadArgs,\n opts: ComponentResourceOptions | undefined,\n\n protected readonly resourceType: string,\n\n /**\n * The cluster where the workload is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes workload.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The network policy associated with the workload.\n *\n * Will be created if one or more containers have `allowedEndpoints` defined.\n */\n readonly networkPolicy: Output<NetworkPolicy | undefined>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The instance terminal to interact with the deployment.\n */\n get terminal(): Output<InstanceTerminal> {\n const containerName = output(this.args).apply(args => {\n const containers = normalize(args.container, args.containers)\n\n return containers[0]?.name ?? this.name\n })\n\n return output({\n name: this.metadata.name,\n title: this.metadata.name,\n image: \"ghcr.io/exeteres/highstate/terminal-kubectl\",\n command: [\n \"exec\",\n \"kubectl\",\n \"exec\",\n \"-it\",\n \"-n\",\n this.metadata.namespace,\n interpolate`${this.resourceType}/${this.metadata.name}`,\n \"-c\",\n containerName,\n \"--\",\n this.args.terminalShell ?? \"bash\",\n ],\n files: {\n \"/kubeconfig\": this.cluster.kubeconfig,\n },\n env: {\n KUBECONFIG: \"/kubeconfig\",\n },\n })\n }\n}\n\nexport abstract class ExposableWorkload extends Workload {\n protected constructor(\n type: string,\n protected readonly name: string,\n args: ExposableWorkloadArgs,\n opts: ComponentResourceOptions | undefined,\n\n resourceType: string,\n cluster: Output<k8s.Cluster>,\n metadata: Output<types.output.meta.v1.ObjectMeta>,\n networkPolicy: Output<NetworkPolicy | undefined>,\n\n protected readonly _service: Output<Service | undefined>,\n protected readonly _httpRoute: Output<HttpRoute | undefined>,\n ) {\n super(type, name, args, opts, resourceType, cluster, metadata, networkPolicy)\n }\n\n /**\n * The service associated with the workload.\n */\n get optionalService(): Output<Service | undefined> {\n return this._service\n }\n\n /**\n * The HTTP route associated with the workload.\n */\n get optionalHttpRoute(): Output<HttpRoute | undefined> {\n return this._httpRoute\n }\n\n /**\n * The service associated with the workload.\n *\n * Will throw an error if the service is not available.\n */\n get service(): Output<Service> {\n return this._service.apply(service => {\n if (!service) {\n throw new Error(`The service of the workload \"${this.name}\" is not available.`)\n }\n\n return service\n })\n }\n\n /**\n * The HTTP route associated with the workload.\n *\n * Will throw an error if the HTTP route is not available.\n */\n get httpRoute(): Output<HttpRoute> {\n return this._httpRoute.apply(httpRoute => {\n if (!httpRoute) {\n throw new Error(`The HTTP route of the workload \"${this.name}\" is not available.`)\n }\n\n return httpRoute\n })\n }\n\n /**\n * The entity of the workload.\n */\n abstract get entity(): Output<k8s.ExposableWorkload>\n\n /**\n * The sped of the underlying Kubernetes workload.\n */\n abstract get spec(): Output<\n types.output.apps.v1.DeploymentSpec | types.output.apps.v1.StatefulSetSpec\n >\n\n /**\n * Creates a generic workload or patches the existing one.\n */\n static createOrPatchGeneric(\n name: string,\n args: GenericExposableWorkloadArgs,\n opts?: CustomResourceOptions,\n ): Output<ExposableWorkload> {\n return output(args).apply(async args => {\n if (args.existing?.type === \"k8s.deployment\") {\n const { Deployment } = await import(\"./deployment\")\n\n return Deployment.patch(\n name,\n {\n ...deepmerge(args, args.deployment),\n name: args.existing.metadata.name,\n namespace: args.existing.metadata.namespace,\n },\n opts,\n )\n }\n\n if (args.existing?.type === \"k8s.stateful-set\") {\n const { StatefulSet } = await import(\"./stateful-set\")\n\n return StatefulSet.patch(\n name,\n {\n ...deepmerge(args, args.statefulSet),\n name: args.existing.metadata.name,\n namespace: args.existing.metadata.namespace,\n },\n opts,\n )\n }\n\n if (args.type === \"Deployment\") {\n const { Deployment } = await import(\"./deployment\")\n\n return Deployment.create(name, deepmerge(args, args.deployment), opts)\n }\n\n if (args.type === \"StatefulSet\") {\n const { StatefulSet } = await import(\"./stateful-set\")\n\n return StatefulSet.create(name, deepmerge(args, args.statefulSet), opts)\n }\n\n throw new Error(`Unknown workload type: ${args.type as string}`)\n })\n }\n}\n","import type { types } from \"@pulumi/kubernetes\"\n\nexport const podSpecDefaults: Partial<types.input.core.v1.PodSpec> = {\n automountServiceAccountToken: false,\n}\n"],"mappings":";;;;;;;;;;;;;;;AACA,SAAS,YAAwB;AACjC;AAAA,EACE;AAAA,EAEA;AAAA,OAKK;AACP,SAAS,iBAAiB;AAC1B,SAAS,YAAY;AAwBrB,IAAM,iCAAiC,CAAC,GAAG,iBAAiB,MAAM;AAE3D,IAAe,wBAAf,cAA6C,kBAAkB;AAAA,EAC1D,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAA4C;AAC9C,WAAO,OAAO;AAAA,MACZ,MAAM;AAAA,MACN,WAAW,KAAK,QAAQ;AAAA,MACxB,UAAU,KAAK;AAAA,IACjB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,OACL,MACA,MACA,MACuB;AACvB,WAAO,IAAI,6BAA6B,MAAM,MAAM,IAAI;AAAA,EAC1D;AAAA,EAEA,OAAO,GACL,MACA,QACA,SACA,MACuB;AACvB,WAAO,IAAI,8BAA8B,MAAM,OAAO,MAAM,EAAE,UAAU,SAAS,IAAI;AAAA,EACvF;AAAA,EAEA,OAAO,YACL,MACA,MACA,MACuB;AACvB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,6BAA6B,MAAM,MAAM,IAAI;AAAA,IAC1D;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA,OAAO,KAAK,QAAQ,EAAE;AAAA,MACtB,KAAK;AAAA,MACL;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,+BAAN,cAA2C,sBAAsB;AAAA,EACtE,YAAY,MAAc,MAAiC,MAA6B;AACtF,UAAM,MAAM,OAAO,IAAI,EAAE,MAAM,OAAMA,UAAQ;AAC3C,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYA,OAAM,IAAI;AAAA,UAChC,MAAM;AAAA,YACJ;AAAA,cACE,aAAa,CAAC,eAAe;AAAA,cAC7B,WAAW;AAAA,gBACT,UAAU;AAAA,kBACR,SAASA,MAAK,QAAQ;AAAA,gBACxB;AAAA,cACF;AAAA,YACF;AAAA,YACA,KAAKA,OAAM,8BAA8B;AAAA,UAC3C;AAAA,QACF;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,OAAO,KAAK,OAAO;AAAA,MACnB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACN;AAAA,EACF;AACF;AAEO,IAAM,gCAAN,cAA4C,sBAAsB;AAAA,EACvE,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,MAAM,OAAO,EAAE,EAAE,MAAM,OAAMC,QAAM;AACvC,aAAO,KAAK,GAAG,sBAAsB;AAAA;AAAA,QAEnC;AAAA,QACA,mBAAmBA,GAAE;AAAA,QACrB;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAY,OAAO;AAAA,QACrC;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACN;AAAA,EACF;AACF;;;AC1LA,SAAS,QAAAC,aAAwB;AACjC;AAAA,EACE,qBAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AAeA,IAAe,SAAf,cAA8BC,mBAAkB;AAAA,EAC3C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,YACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAc,MAAkB,MAAyC;AACrF,WAAO,IAAI,cAAc,MAAM,MAAM,IAAI;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cACL,MACA,MACA,MACQ;AACR,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,cAAc,MAAM,MAAM,IAAI;AAAA,IAC3C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,MAAM,cAAc,UAAU,KAAK,UAAU,KAAK,OAAO;AAAA,QACzD,WAAWC,QAAO,KAAK,QAAQ,EAAE,SAAS;AAAA,MAC5C;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,IACL,MACA,IACA,SACA,MACQ;AACR,WAAO,IAAI,eAAe,MAAM,IAAI,SAAS,IAAI;AAAA,EACnD;AACF;AAEA,IAAM,gBAAN,cAA4B,OAAO;AAAA,EACjC,YAAY,MAAc,MAAkB,MAAiC;AAC3E,UAAM,SAASA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AAC9C,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,UACX,YAAYA,MAAK;AAAA,UACjB,MAAMA,MAAK;AAAA,UACX,WAAWA,MAAK;AAAA,QAClB;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,IAAM,cAAN,cAA0B,OAAO;AAAA,EAC/B,YAAY,MAAc,MAAkB,MAAiC;AAC3E,UAAM,SAASA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AAC9C,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,UACX,YAAYA,MAAK;AAAA,UACjB,MAAMA,MAAK;AAAA,UACX,WAAWA,MAAK;AAAA,QAClB;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,OAAO;AAAA,EAClC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,SAASA,QAAO,EAAE,EAAE,MAAM,OAAM,aAAY;AAChD,aAAOE,MAAK,GAAG,OAAO;AAAA;AAAA,QAEpB;AAAA,QACA;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAY,OAAO;AAAA,QACrC;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MACAF,QAAO,OAAO;AAAA,MACd,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrMA,SAAS,QAAAG,aAAwB;AACjC;AAAA,EACE,qBAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AAeA,IAAe,YAAf,cAAiCC,mBAAkB;AAAA,EAC9C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAZnB;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAc,MAAqB,MAA4C;AAC3F,WAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cACL,MACA,MACA,MACW;AACX,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,IAC9C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,MAAM,cAAc,aAAa,KAAK,UAAU,KAAK,OAAO;AAAA,QAC5D,WAAWC,QAAO,KAAK,QAAQ,EAAE,SAAS;AAAA,MAC5C;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,IACL,MACA,IACA,SACA,MACW;AACX,WAAO,IAAI,kBAAkB,MAAM,IAAI,SAAS,IAAI;AAAA,EACtD;AACF;AAEA,IAAM,mBAAN,cAA+B,UAAU;AAAA,EACvC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,QACb;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,UAAU;AAAA,EACrC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,QACb;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,oBAAN,cAAgC,UAAU;AAAA,EACxC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,YAAYA,QAAO,EAAE,EAAE,MAAM,OAAM,aAAY;AACnD,aAAOE,MAAK,GAAG,UAAU,IAAI,MAAM,UAAU;AAAA,QAC3C,GAAG;AAAA,QACH,QAAQ;AAAA,QACR,UAAU,MAAM,YAAY,OAAO;AAAA,MACrC,CAAC;AAAA,IACH,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MACAF,QAAO,OAAO;AAAA,MACd,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;;;ACjLA,SAAS,QAAAG,aAAwB;AACjC;AAAA,EACE;AAAA,EAEA,UAAAC;AAAA,OAIK;AACP,SAAS,QAAQ,KAAK,QAAAC,aAAY;AAoElC,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAuDO,SAAS,kBACd,WACA,SACA,cAC+B;AAC/B,QAAM,gBAAgB,UAAU,QAAQ;AAExC,QAAM,OAAO;AAAA,IACX,GAAGC,MAAK,WAAW,kBAAkB;AAAA,IAErC,MAAM;AAAA,IACN,OAAO,UAAU,UAAU,MAAM,UAAU,KAAK;AAAA,IAEhD,cAAc,IAAI,UAAU,UAAU,aAAa,UAAU,YAAY,GAAG,cAAc;AAAA,IAE1F,KAAK;AAAA,MACH,UAAU,cAAc,wBAAwB,UAAU,WAAW,IAAI,CAAC;AAAA,MAC1E,UAAU,OAAO,CAAC;AAAA,IACpB;AAAA,IAEA,SAAS;AAAA,MACP;AAAA,QACE,UAAU,UAAU,mBAAmB,UAAU,kBAAkB;AAAA,QACnE;AAAA,MACF;AAAA,MACA,UAAU,WAAW,CAAC;AAAA,IACxB;AAAA,EACF;AAEA,MAAI,UAAU,WAAW;AACvB,SAAK,oBAAoB,CAAC;AAC1B,SAAK,gBAAgB,iBAAiB,CAAC;AACvC,SAAK,gBAAgB,aAAa,MAAM,CAAC,WAAW;AAEpD,QAAI,QAAQ,QAAQ,iBAAiB,SAAS,UAAU;AACtD,WAAK,cAAc,CAAC;AACpB,WAAK,UAAU,WAAW,CAAC;AAC3B,WAAK,UAAU,OAAO,QAAQ,OAAO,gBAAgB,YAAY,IAC/D,QAAQ,OAAO,gBAAgB;AAAA,IACnC,OAAO;AACL,WAAK,iBAAiB,CAAC;AACvB,WAAK,aAAa,KAAK;AAAA,QACrB,MAAM;AAAA,QACN,WAAW;AAAA,QACX,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,wBACd,aAC8B;AAC9B,QAAM,UAAwC,CAAC;AAE/C,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,WAAW,GAAG;AACvD,QAAI,CAAC,OAAO;AACV;AAAA,IACF;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,cAAQ,KAAK,EAAE,MAAM,MAAM,CAAC;AAC5B;AAAA,IACF;AAEA,QAAI,YAAY,OAAO;AACrB,cAAQ,KAAK;AAAA,QACX;AAAA,QACA,WAAW;AAAA,UACT,cAAc;AAAA,YACZ,MAAM,MAAM,OAAO,SAAS;AAAA,YAC5B,KAAK,MAAM;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AACD;AAAA,IACF;AAEA,QAAI,eAAe,OAAO;AACxB,cAAQ,KAAK;AAAA,QACX;AAAA,QACA,WAAW;AAAA,UACT,iBAAiB;AAAA,YACf,MAAM,MAAM,UAAU,SAAS;AAAA,YAC/B,KAAK,MAAM;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AACD;AAAA,IACF;AAEA,YAAQ,KAAK,EAAE,MAAM,WAAW,MAAM,CAAC;AAAA,EACzC;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,aAAoE;AACjG,MAAI,YAAY,aAAa;AAC3B,WAAOA;AAAA,MACL;AAAA,QACE,GAAG;AAAA,QACH,MAAMC,QAAO,YAAY,MAAM,EAC5B,MAAM,iBAAiB,EACvB,MAAM,YAAUA,QAAO,OAAO,IAAI,CAAC;AAAA,MACxC;AAAA,MACA,CAAC,QAAQ;AAAA,IACX;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,MAAM,YAAY;AAAA,EACpB;AACF;AAEO,SAAS,qBACd,SACmC;AACnC,MAAI,mBAAmBC,MAAK,GAAG,WAAW;AACxC,WAAO;AAAA,MACL,cAAc;AAAA,QACZ,MAAM,QAAQ,SAAS;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,MAAI,mBAAmBA,MAAK,GAAG,QAAQ;AACrC,WAAO;AAAA,MACL,WAAW;AAAA,QACT,MAAM,QAAQ,SAAS;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,kBAAkB,QAAwB;AACxD,MAAI,kBAAkB,uBAAuB;AAC3C,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,uBAAuB;AAAA,QACrB,WAAW,OAAO,SAAS;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAEA,MAAI,kBAAkB,QAAQ;AAC5B,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,QAAQ;AAAA,QACN,YAAY,OAAO,SAAS;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,MAAI,kBAAkB,WAAW;AAC/B,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,WAAW;AAAA,QACT,MAAM,OAAO,SAAS;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,MAAK,GAAG,sBAAsB,WAAW,MAAM,GAAG;AACpD,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,uBAAuB;AAAA,QACrB,WAAW,OAAO,SAAS;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,MAAK,GAAG,UAAU,WAAW,MAAM,GAAG;AACxC,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,WAAW;AAAA,QACT,MAAM,OAAO,SAAS;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,MAAK,GAAG,OAAO,WAAW,MAAM,GAAG;AACrC,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,QAAQ;AAAA,QACN,YAAY,OAAO,SAAS;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,8BAA8B,QAAoD;AAChG,MAAI,kBAAkB,uBAAuB;AAC3C,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,kBAAkB,QAAQ;AAC5B,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,kBAAkB,WAAW;AAC/B,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAIA,MAAK,GAAG,sBAAsB,WAAW,MAAM,GAAG;AACpD,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAIA,MAAK,GAAG,UAAU,WAAW,MAAM,GAAG;AACxC,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAIA,MAAK,GAAG,OAAO,WAAW,MAAM,GAAG;AACrC,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,SAAOD,QAAO,MAAS;AACzB;;;ACzWA;AAAA,EACE,aAAAE;AAAA,OAIK;AACP;AAAA,EACE,qBAAAC;AAAA,EACA;AAAA,EAEA,UAAAC;AAAA,OAGK;AACP,SAAS,QAAQ,cAAc,QAAQ,gBAAgB;AACvD,SAAS,aAAAC,kBAAiB;AAC1B,SAAS,cAAc;;;AClBhB,IAAM,kBAAwD;AAAA,EACnE,8BAA8B;AAChC;;;AD+CO,IAAM,oBAAoB,CAAC,GAAG,iBAAiB,aAAa,YAAY;AAYxE,IAAM,6BAA6B,CAAC,GAAG,mBAAmB,WAAW,WAAW;AAgChF,SAAS,sBACd,MACA,MACA,QACA,MACA;AACA,QAAM,SAAS;AAAA,IACb,0BAA0B;AAAA,EAC5B;AAEA,QAAM,aAAaC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQC,WAAUD,MAAK,WAAWA,MAAK,UAAU,CAAC;AAExF,QAAM,aAAa,WAAW,MAAM,CAAAE,gBAAc;AAChD,UAAM,mBAAmBA,YAAW;AAAA,MAAQ,eAC1CD,WAAU,UAAU,QAAQ,UAAU,OAAO;AAAA,IAC/C;AAEA,UAAM,wBAAwBC,YAAW,QAAQ,eAAa;AAC5D,aAAOD,WAAU,UAAU,aAAa,UAAU,YAAY,EAC3D,IAAI,iBAAe;AAClB,eAAO,YAAY,cAAc,YAAY,SAAS;AAAA,MACxD,CAAC,EACA,OAAO,OAAO;AAAA,IACnB,CAAC;AAED,WAAOF,QAAO,CAAC,GAAG,kBAAkB,GAAG,qBAAqB,CAAC;AAAA,EAC/D,CAAC;AAED,QAAM,UAAU,WAAW,MAAM,CAAAI,gBAAc;AAC7C,WAAOJ,QAAOI,YAAW,IAAI,iBAAiB,CAAC,EAAE,MAAM,SAAS,YAAU,OAAO,IAAI,CAAC;AAAA,EACxF,CAAC;AAED,QAAM,UAAUJ,QAAO,EAAE,MAAM,YAAY,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,MAAAC,OAAM,YAAAE,aAAY,SAAAE,SAAQ,MAAM;AAC7F,UAAM,OAAO;AAAA,MACX,SAAAA;AAAA,MACA,YAAYF,YAAW,IAAI,eAAa,kBAAkB,WAAWF,MAAK,SAAS,IAAI,CAAC;AAAA,MACxF,GAAG;AAAA,IACL;AAEA,QACEE,YAAW,KAAK,eAAa,UAAU,SAAS,KAChDF,MAAK,QAAQ,QAAQ,iBAAiB,SAAS,UAC/C;AACA,WAAK,UAAUD,QAAO,KAAK,OAAO,EAAE,MAAM,CAAAK,aAAW;AAAA,QACnD,GAAIA,YAAW,CAAC;AAAA,QAChB;AAAA,UACE,MAAM;AAAA,UACN,UAAU;AAAA,YACR,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT,CAAC;AAED,QAAM,iBAAiB,WAAW,MAAM,CAAAD,gBAAc;AACpD,WAAOJ,QAAOI,YAAW,IAAI,6BAA6B,CAAC,EACxD,MAAM,OAAO,YAAY,CAAC,EAC1B,MAAM,OAAO,CAAC,EACd,MAAM,SAAO,OAAO,IAAI,KAAK,GAAG,CAAC,CAAC;AAAA,EACvC,CAAC;AAED,QAAM,cAAcJ,QAAO,EAAE,SAAS,eAAe,CAAC,EAAE,MAAM,CAAC,EAAE,SAAAM,UAAS,gBAAAC,gBAAe,MAAM;AAC7F,WAAO;AAAA,MACL,UAAU;AAAA,QACR;AAAA,QACA,aAAa;AAAA,UACX,gCAAgCA;AAAA,QAClC;AAAA,MACF;AAAA,MACA,MAAMD;AAAA,IACR;AAAA,EACF,CAAC;AAED,QAAM,gBAAgBN,QAAO,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM,CAAC,EAAE,MAAAC,OAAM,YAAAE,YAAW,MAAM;AACjF,UAAM,mBAAmBA,YAAW,QAAQ,eAAa,UAAU,oBAAoB,CAAC,CAAC;AAEzF,QAAI,iBAAiB,WAAW,KAAK,CAACF,MAAK,eAAe;AACxD,aAAOD,QAAO,MAAS;AAAA,IACzB;AAEA,WAAO,cAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE,SAASC,MAAK;AAAA,QACd,WAAWA,MAAK;AAAA,QAChB,UAAU;AAAA,QAEV,GAAGA,MAAK;AAAA,QAER,aAAa;AAAA,UACX,GAAIA,MAAK,eAAe,eAAe,CAAC;AAAA,UACxC,GAAI,iBAAiB,SAAS,IAAI,CAAC,EAAE,aAAa,iBAAiB,CAAC,IAAI,CAAC;AAAA,QAC3E;AAAA,MACF;AAAA,MACA,EAAE,GAAG,MAAM,QAAQ,OAAO,EAAE;AAAA,IAC9B;AAAA,EACF,CAAC;AAED,SAAO,EAAE,QAAQ,YAAY,SAAS,SAAS,aAAa,cAAc;AAC5E;AAEO,SAAS,+BACd,MACA,MACA,QACA,MACA;AACA,QAAM,EAAE,QAAQ,YAAY,SAAS,SAAS,aAAa,cAAc,IACvE,sBAAsB,MAAM,MAAM,QAAQ,IAAI;AAEhD,QAAM,UAAUD,QAAO,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,YAAAE,YAAW,MAAM;AACjF,QAAI,CAACF,MAAK,WAAW,CAACA,MAAK,WAAW;AACpC,aAAO;AAAA,IACT;AAEA,QAAIA,MAAK,UAAU,SAAS;AAC1B,aAAO,QAAQ,GAAG,MAAMA,MAAK,SAAS,SAASA,MAAK,SAAS,EAAE,GAAG,MAAM,QAAQ,OAAO,EAAE,CAAC;AAAA,IAC5F;AAEA,QAAIA,MAAK,UAAU;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,QAAQE,YAAW,QAAQ,eAAaD,WAAU,UAAU,MAAM,UAAU,KAAK,CAAC;AAExF,WAAO,QAAQ;AAAA,MACb;AAAA,MACA;AAAA,QACE,GAAGD,MAAK;AAAA,QACR,UAAU;AAAA,QACV,SAASA,MAAK;AAAA,QACd,WAAWA,MAAK;AAAA,QAEhB;AAAA;AAAA,UAEE,CAACA,MAAK,SAAS,QAAQ,CAACA,MAAK,SAAS,QAClC,MAAM,IAAI,6BAA6B,IACvCA,MAAK,SAAS;AAAA;AAAA,MACtB;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,QAAQ,OAAO;AAAA,QACf,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,MAC1C;AAAA,IACF;AAAA,EACF,CAAC;AAED,QAAM,YAAYD,QAAO;AAAA,IACvB;AAAA,IACA;AAAA,EACF,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,SAAAO,SAAQ,MAAM;AACpC,QAAI,CAACP,MAAK,aAAa,CAACO,UAAS;AAC/B,aAAO;AAAA,IACT;AAEA,QAAIP,MAAK,UAAU;AACjB,aAAO;AAAA,IACT;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAGA,MAAK;AAAA,QACR,SAASA,MAAK;AAAA,QACd,MAAM;AAAA,UACJ,SAASO;AAAA,QACX;AAAA,MACF;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,QAAQ,OAAO;AAAA,QACf,UAAU,MAAM,YAAYP,MAAK,OAAO;AAAA,MAC1C;AAAA,IACF;AAAA,EACF,CAAC;AAED,SAAO,EAAE,QAAQ,YAAY,SAAS,SAAS,aAAa,eAAe,SAAS,UAAU;AAChG;AAEO,IAAe,WAAf,cAAgCQ,mBAAkB;AAAA,EAC7C,YACR,MACmB,MACF,MACjB,MAEmB,cAKV,SAKA,UAOA,eACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAvBT;AACF;AAGE;AAKV;AAKA;AAOA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,WAAqC;AACvC,UAAM,gBAAgBT,QAAO,KAAK,IAAI,EAAE,MAAM,UAAQ;AACpD,YAAM,aAAaE,WAAU,KAAK,WAAW,KAAK,UAAU;AAE5D,aAAO,WAAW,CAAC,GAAG,QAAQ,KAAK;AAAA,IACrC,CAAC;AAED,WAAOF,QAAO;AAAA,MACZ,MAAM,KAAK,SAAS;AAAA,MACpB,OAAO,KAAK,SAAS;AAAA,MACrB,OAAO;AAAA,MACP,SAAS;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,KAAK,SAAS;AAAA,QACd,cAAc,KAAK,YAAY,IAAI,KAAK,SAAS,IAAI;AAAA,QACrD;AAAA,QACA;AAAA,QACA;AAAA,QACA,KAAK,KAAK,iBAAiB;AAAA,MAC7B;AAAA,MACA,OAAO;AAAA,QACL,eAAe,KAAK,QAAQ;AAAA,MAC9B;AAAA,MACA,KAAK;AAAA,QACH,YAAY;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEO,IAAe,oBAAf,cAAyC,SAAS;AAAA,EAC7C,YACR,MACmB,MACnB,MACA,MAEA,cACA,SACA,UACA,eAEmB,UACA,YACnB;AACA,UAAM,MAAM,MAAM,MAAM,MAAM,cAAc,SAAS,UAAU,aAAa;AAZzD;AASA;AACA;AAAA,EAGrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,kBAA+C;AACjD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,oBAAmD;AACrD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,UAA2B;AAC7B,WAAO,KAAK,SAAS,MAAM,aAAW;AACpC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,gCAAgC,KAAK,IAAI,qBAAqB;AAAA,MAChF;AAEA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,YAA+B;AACjC,WAAO,KAAK,WAAW,MAAM,eAAa;AACxC,UAAI,CAAC,WAAW;AACd,cAAM,IAAI,MAAM,mCAAmC,KAAK,IAAI,qBAAqB;AAAA,MACnF;AAEA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAiBA,OAAO,qBACL,MACA,MACA,MAC2B;AAC3B,WAAOA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACtC,UAAIA,MAAK,UAAU,SAAS,kBAAkB;AAC5C,cAAM,EAAE,WAAW,IAAI,MAAM,OAAO,0BAAc;AAElD,eAAO,WAAW;AAAA,UAChB;AAAA,UACA;AAAA,YACE,GAAGS,WAAUT,OAAMA,MAAK,UAAU;AAAA,YAClC,MAAMA,MAAK,SAAS,SAAS;AAAA,YAC7B,WAAWA,MAAK,SAAS,SAAS;AAAA,UACpC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAIA,MAAK,UAAU,SAAS,oBAAoB;AAC9C,cAAM,EAAE,YAAY,IAAI,MAAM,OAAO,4BAAgB;AAErD,eAAO,YAAY;AAAA,UACjB;AAAA,UACA;AAAA,YACE,GAAGS,WAAUT,OAAMA,MAAK,WAAW;AAAA,YACnC,MAAMA,MAAK,SAAS,SAAS;AAAA,YAC7B,WAAWA,MAAK,SAAS,SAAS;AAAA,UACpC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAIA,MAAK,SAAS,cAAc;AAC9B,cAAM,EAAE,WAAW,IAAI,MAAM,OAAO,0BAAc;AAElD,eAAO,WAAW,OAAO,MAAMS,WAAUT,OAAMA,MAAK,UAAU,GAAG,IAAI;AAAA,MACvE;AAEA,UAAIA,MAAK,SAAS,eAAe;AAC/B,cAAM,EAAE,YAAY,IAAI,MAAM,OAAO,4BAAgB;AAErD,eAAO,YAAY,OAAO,MAAMS,WAAUT,OAAMA,MAAK,WAAW,GAAG,IAAI;AAAA,MACzE;AAEA,YAAM,IAAI,MAAM,0BAA0BA,MAAK,IAAc,EAAE;AAAA,IACjE,CAAC;AAAA,EACH;AACF;","names":["args","id","core","ComponentResource","output","ComponentResource","output","args","core","core","ComponentResource","output","ComponentResource","output","args","core","core","output","omit","omit","output","core","normalize","ComponentResource","output","deepmerge","output","args","normalize","containers","rawVolumes","volumes","podSpec","dependencyHash","service","ComponentResource","deepmerge"]}