@highstate/library 0.9.18 → 0.9.19

package/src/{k8s.ts → k8s/shared.ts}

@@ -1,8 +1,10 @@
 import { $args, defineEntity, defineUnit, z } from "@highstate/contract"
-import * as dns from "./dns"
-import { l3EndpointEntity, l4EndpointEntity } from "./network"
-import { serverEntity } from "./common"
-import { arrayPatchModeSchema } from "./utils"
+import { serverEntity } from "../common"
+import * as dns from "../dns"
+import { implementationReferenceSchema } from "../impl-ref"
+import { l3EndpointEntity, l4EndpointEntity } from "../network"
+import { arrayPatchModeSchema } from "../utils"
+import { scopedResourceSchema } from "./resources"
 
 export const fallbackKubeApiAccessSchema = z.object({
   serverIp: z.string(),
@@ -22,7 +24,6 @@ export const tunDevicePolicySchema = z.union([
 
 export const externalServiceTypeSchema = z.enum(["NodePort", "LoadBalancer"])
 export const scheduleOnMastersPolicySchema = z.enum(["always", "when-no-workers", "never"])
-export const cniSchema = z.enum(["cilium", "other"])
 
 export const clusterQuirksSchema = z.object({
   /**
@@ -53,23 +54,30 @@ export const clusterInfoProperties = {
   /**
    * The unique identifier of the cluster.
    *
-   * Should be defined as a UUID of the `kube-system` namespace which is always present in the cluster.
+   * Should be defined as a `uid` of the `kube-system` namespace which is always present in the cluster.
    */
   id: z.string(),
 
+  /**
+   * The ID of the connection to the cluster.
+   *
+   * If not explicitly set, should be the same as the cluster ID.
+   *
+   * When reducing cluster access, the `uid` of the service account should be used instead.
+   */
+  connectionId: z.string(),
+
   /**
    * The name of the cluster.
    */
   name: z.string(),
 
   /**
-   * The name of the CNI plugin used by the cluster.
+   * The optional reference to the network policy implementation.
    *
-   * Supported values are:
-   * - `cilium`
-   * - `other`
+   * If not provided, the native Kubernetes NetworkPolicy implementation will be used.
    */
-  cni: cniSchema,
+  networkPolicyImplRef: implementationReferenceSchema.optional(),
 
   /**
    * The endpoints of the cluster nodes.
@@ -105,36 +113,8 @@ export const clusterInfoProperties = {
   metadata: z.record(z.string(), z.unknown()).optional(),
 } as const
 
-export const serviceTypeSchema = z.enum(["NodePort", "LoadBalancer", "ClusterIP"])
-
-export const metadataSchema = z.object({
-  name: z.string(),
-  namespace: z.string(),
-  labels: z.record(z.string(), z.string()).optional(),
-  annotations: z.record(z.string(), z.string()).optional(),
-})
-
-export const resourceSchema = z.object({
-  clusterId: z.string(),
-  metadata: metadataSchema,
-})
-
-export const serviceEntity = defineEntity({
-  type: "k8s.service",
-
-  schema: z.object({
-    type: z.literal("k8s.service"),
-    ...resourceSchema.shape,
-    endpoints: l4EndpointEntity.schema.array(),
-  }),
-
-  meta: {
-    color: "#2196F3",
-  },
-})
-
 export const clusterEntity = defineEntity({
-  type: "k8s.cluster",
+  type: "k8s.cluster.v1",
 
   schema: z.object({
     ...clusterInfoProperties,
@@ -183,8 +163,11 @@ export const clusterOutputs = {
   },
 } as const
 
+/**
+ * The existing Kubernetes cluster created outside of the Highstate.
+ */
 export const existingCluster = defineUnit({
-  type: "k8s.existing-cluster",
+  type: "k8s.existing-cluster.v1",
 
   args: {
     /**
@@ -222,7 +205,6 @@ export const existingCluster = defineUnit({
 
   meta: {
     title: "Existing Cluster",
-    description: "An existing Kubernetes cluster.",
     icon: "devicon:kubernetes",
     category: "Kubernetes",
   },
@@ -233,8 +215,11 @@ export const existingCluster = defineUnit({
   },
 })
 
+/**
+ * Patches some properties of the cluster and outputs the updated cluster.
+ */
 export const clusterPatch = defineUnit({
-  type: "k8s.cluster-patch",
+  type: "k8s.cluster-patch.v1",
 
   args: {
     /**
@@ -290,7 +275,6 @@ export const clusterPatch = defineUnit({
 
   meta: {
     title: "Cluster Patch",
-    description: "Patches some properties of the cluster.",
     icon: "devicon:kubernetes",
     secondaryIcon: "fluent:patch-20-filled",
     category: "Kubernetes",
@@ -302,8 +286,11 @@ export const clusterPatch = defineUnit({
   },
 })
 
+/**
+ * Creates a set of DNS records for the cluster and updates the endpoints.
+ */
 export const clusterDns = defineUnit({
-  type: "k8s.cluster-dns",
+  type: "k8s.cluster-dns.v1",
 
   args: {
     ...dns.createArgs(),
@@ -319,7 +306,6 @@ export const clusterDns = defineUnit({
 
   meta: {
     title: "Cluster DNS",
-    description: "Creates DNS records for the cluster and updates endpoints.",
     icon: "devicon:kubernetes",
     secondaryIcon: "mdi:dns",
     category: "Kubernetes",
@@ -331,268 +317,6 @@ export const clusterDns = defineUnit({
   },
 })
 
-export const gatewayEntity = defineEntity({
-  type: "k8s.gateway",
-
-  schema: z.object({
-    clusterId: z.string(),
-    gatewayClassName: z.string(),
-    httpListenerPort: z.number(),
-    httpsListenerPort: z.number(),
-    endpoints: l3EndpointEntity.schema.array(),
-  }),
-
-  meta: {
-    color: "#4CAF50",
-  },
-})
-
-export const tlsIssuerEntity = defineEntity({
-  type: "k8s.tls-issuer",
-
-  schema: z.object({
-    clusterId: z.string(),
-    clusterIssuerName: z.string(),
-  }),
-
-  meta: {
-    color: "#f06292",
-  },
-})
-
-export const accessPointEntity = defineEntity({
-  type: "k8s.access-point",
-
-  schema: z.object({
-    clusterId: z.string(),
-    gateway: gatewayEntity.schema,
-    tlsIssuer: tlsIssuerEntity.schema,
-    dnsProviders: dns.providerEntity.schema.array(),
-  }),
-
-  meta: {
-    color: "#F57F17",
-  },
-})
-
-export const accessPoint = defineUnit({
-  type: "k8s.access-point",
-
-  inputs: {
-    gateway: gatewayEntity,
-    tlsIssuer: tlsIssuerEntity,
-    dnsProviders: {
-      entity: dns.providerEntity,
-      multiple: true,
-    },
-  },
-
-  outputs: {
-    accessPoint: accessPointEntity,
-  },
-
-  meta: {
-    title: "Access Point",
-    description: "An access point which can be used to connect to services.",
-    icon: "mdi:access-point",
-    category: "Kubernetes",
-  },
-
-  source: {
-    package: "@highstate/k8s",
-    path: "units/access-point",
-  },
-})
-
-export const certManager = defineUnit({
-  type: "k8s.cert-manager",
-
-  inputs: {
-    k8sCluster: clusterEntity,
-  },
-
-  outputs: {
-    k8sCluster: clusterEntity,
-  },
-
-  meta: {
-    title: "Cert Manager",
-    description: "A certificate manager for managing TLS certificates.",
-    icon: "simple-icons:letsencrypt",
-    category: "Kubernetes",
-  },
-
-  source: {
-    package: "@highstate/k8s",
-    path: "units/cert-manager",
-  },
-})
-
-export const dns01TlsIssuer = defineUnit({
-  type: "k8s.dns01-issuer",
-
-  args: {
-    /**
-     * The top-level domains to filter the DNS01 challenge for.
-     *
-     * If not provided, will use all domains passed to the DNS providers.
-     */
-    domains: z.string().array().optional(),
-  },
-
-  inputs: {
-    k8sCluster: clusterEntity,
-    dnsProviders: {
-      entity: dns.providerEntity,
-      multiple: true,
-    },
-  },
-
-  outputs: {
-    tlsIssuer: tlsIssuerEntity,
-  },
-
-  meta: {
-    title: "DNS01 Issuer",
-    description: "A TLS issuer for issuing certificate using DNS01 challenge.",
-    icon: "mdi:certificate",
-    category: "Kubernetes",
-  },
-
-  source: {
-    package: "@highstate/k8s",
-    path: "units/dns01-issuer",
-  },
-})
-
-export const deploymentEntity = defineEntity({
-  type: "k8s.deployment",
-
-  schema: z.object({
-    type: z.literal("k8s.deployment"),
-    ...resourceSchema.shape,
-    service: serviceEntity.schema.optional(),
-  }),
-
-  meta: {
-    color: "#4CAF50",
-  },
-})
-
-export const statefulSetEntity = defineEntity({
-  type: "k8s.stateful-set",
-
-  schema: z.object({
-    type: z.literal("k8s.stateful-set"),
-    ...resourceSchema.shape,
-    service: serviceEntity.schema,
-  }),
-
-  meta: {
-    color: "#FFC107",
-  },
-})
-
-export const exposableWorkloadEntity = defineEntity({
-  type: "k8s.exposable-workload",
-
-  schema: z.union([deploymentEntity.schema, statefulSetEntity.schema]),
-
-  meta: {
-    color: "#4CAF50",
-  },
-})
-
-export const persistentVolumeClaimEntity = defineEntity({
-  type: "k8s.persistent-volume-claim",
-
-  schema: z.object({
-    type: z.literal("k8s.persistent-volume-claim"),
-    ...resourceSchema.shape,
-  }),
-
-  meta: {
-    color: "#FFC107",
-  },
-})
-
-export const interfaceEntity = defineEntity({
-  type: "k8s.interface",
-
-  schema: z.object({
-    name: z.string(),
-    workload: exposableWorkloadEntity.schema,
-  }),
-
-  meta: {
-    color: "#2196F3",
-    description:
-      "The interface in a network space of pod kernel which can accept or transmit packets.",
-  },
-})
-
-export const gatewayApi = defineUnit({
-  type: "k8s.gateway-api",
-
-  inputs: {
-    k8sCluster: clusterEntity,
-  },
-
-  outputs: {
-    k8sCluster: clusterEntity,
-  },
-
-  meta: {
-    title: "Gateway API",
-    description: "Installs the Gateway API CRDs to the cluster.",
-    icon: "devicon:kubernetes",
-    secondaryIcon: "mdi:api",
-    secondaryIconColor: "#4CAF50",
-    category: "Kubernetes",
-  },
-
-  source: {
-    package: "@highstate/k8s",
-    path: "units/gateway-api",
-  },
-})
-
-export const cilium = defineUnit({
-  type: "k8s.cilium",
-
-  args: {
-    /**
-     * If set to `true`, the generated network policy will allow
-     * all DNS queries to be resolved, even if they are
-     * for forbidden (non-allowed) FQDNs.
-     *
-     * By default, is `false`.
-     */
-    allowForbiddenFqdnResolution: z.boolean().default(false),
-  },
-
-  inputs: {
-    k8sCluster: clusterEntity,
-  },
-
-  outputs: {
-    k8sCluster: clusterEntity,
-  },
-
-  meta: {
-    title: "Cilium",
-    description: "The Cilium CNI deployed on Kubernetes.",
-    icon: "simple-icons:cilium",
-    secondaryIcon: "devicon:kubernetes",
-    category: "Kubernetes",
-  },
-
-  source: {
-    package: "@highstate/cilium",
-    path: "unit",
-  },
-})
-
 export const monitorWorkerResourceGroupSchema = z.object({
   type: z.enum(["deployment", "statefulset", "pod", "service"]),
   namespace: z.string(),
@@ -601,36 +325,18 @@ export const monitorWorkerResourceGroupSchema = z.object({
 
 export const monitorWorkerParamsSchema = z.object({
   /**
-   * The ID of the secret containing the kubeconfig of the cluster.
+   * The content of the kubeconfig to use for monitoring.
    */
-  kubeconfigSecretId: z.string(),
+  kubeconfig: z.string(),
 
   /**
    * The resources to monitor in the cluster.
    */
-  resourceGroups: monitorWorkerResourceGroupSchema.array(),
+  resources: scopedResourceSchema.array(),
 })
 
-export type CNI = z.infer<typeof cniSchema>
 export type Cluster = z.infer<typeof clusterEntity.schema>
 
-export type Gateway = z.infer<typeof gatewayEntity.schema>
-export type TlsIssuer = z.infer<typeof tlsIssuerEntity.schema>
-export type AccessPoint = z.infer<typeof accessPointEntity.schema>
-
-export type Metadata = z.infer<typeof metadataSchema>
-export type Resource = z.infer<typeof resourceSchema>
-
-export type ServiceType = z.infer<typeof serviceTypeSchema>
-export type Service = z.infer<typeof serviceEntity.schema>
-
-export type Deployment = z.infer<typeof deploymentEntity.schema>
-export type ExposableWorkload = z.infer<typeof exposableWorkloadEntity.schema>
-
-export type PersistentVolumeClaim = z.infer<typeof persistentVolumeClaimEntity.schema>
-export type StatefulSet = z.infer<typeof statefulSetEntity.schema>
-
-export type Interface = z.infer<typeof interfaceEntity.schema>
 export type InternalIpsPolicy = z.infer<typeof internalIpsPolicySchema>
 
 export type MonitorWorkerParams = z.infer<typeof monitorWorkerParamsSchema>

package/src/k8s/workload.ts

@@ -0,0 +1,77 @@
+import { defineEntity, z } from "@highstate/contract"
+import { scopedResourceSchema } from "./resources"
+import { serviceEntity } from "./service"
+
+/**
+ * The entity which represents a Kubernetes deployment managed by Highstate.
+ *
+ * Also includes a service associated with the deployment.
+ */
+export const deploymentEntity = defineEntity({
+  type: "k8s.deployment.v1",
+
+  schema: z.object({
+    ...scopedResourceSchema.shape,
+    type: z.literal("deployment"),
+    service: serviceEntity.schema.optional(),
+  }),
+
+  meta: {
+    color: "#4CAF50",
+  },
+})
+
+/**
+ * The entity which represents a Kubernetes stateful set managed by Highstate.
+ *
+ * Also includes a service associated with the stateful set.
+ */
+export const statefulSetEntity = defineEntity({
+  type: "k8s.stateful-set.v1",
+
+  schema: z.object({
+    ...scopedResourceSchema.shape,
+    type: z.literal("stateful-set"),
+    service: serviceEntity.schema,
+  }),
+
+  meta: {
+    color: "#FFC107",
+  },
+})
+
+/**
+ * The entity which represents a Kubernetes workload exposed via a service.
+ *
+ * It can be either a deployment or a stateful set.
+ */
+export const exposableWorkloadEntity = defineEntity({
+  type: "k8s.exposable-workload.v1",
+
+  schema: z.union([deploymentEntity.schema, statefulSetEntity.schema]),
+
+  meta: {
+    color: "#4CAF50",
+  },
+})
+
+/**
+ * The network interface in a network namespace of the pod which can accept and transmit network traffic.
+ */
+export const networkInterfaceEntity = defineEntity({
+  type: "k8s.network-interface.v1",
+
+  schema: z.object({
+    name: z.string(),
+    workload: exposableWorkloadEntity.schema,
+  }),
+
+  meta: {
+    color: "#2196F3",
+  },
+})
+
+export type Deployment = z.infer<typeof deploymentEntity.schema>
+export type StatefulSet = z.infer<typeof statefulSetEntity.schema>
+export type ExposableWorkload = z.infer<typeof exposableWorkloadEntity.schema>
+export type NetworkInterface = z.infer<typeof networkInterfaceEntity.schema>