@highstate/library 0.9.26 → 0.9.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/highstate.library.msgpack +0 -0
  2. package/dist/index.js +107 -1
  3. package/dist/index.js.map +1 -1
  4. package/package.json +4 -4
  5. package/src/k8s/apps/workload.ts +8 -1
  6. package/src/k8s/index.ts +1 -0
  7. package/src/k8s/reduced-access.ts +118 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highstate/library",
3
- "version": "0.9.26",
3
+ "version": "0.9.27",
4
4
  "type": "module",
5
5
  "highstate": {
6
6
  "type": "library"
@@ -25,14 +25,14 @@
25
25
  "biome:check": "biome check --error-on-warnings"
26
26
  },
27
27
  "dependencies": {
28
- "@highstate/contract": "^0.9.26",
28
+ "@highstate/contract": "^0.9.27",
29
29
  "remeda": "^2.21.0"
30
30
  },
31
31
  "devDependencies": {
32
32
  "@biomejs/biome": "2.2.0",
33
- "@highstate/cli": "^0.9.26",
33
+ "@highstate/cli": "^0.9.27",
34
34
  "@typescript/native-preview": "^7.0.0-dev.20250920.1",
35
35
  "type-fest": "^4.41.0"
36
36
  },
37
- "gitHead": "64e8a656a17dfcce88727c24969f9a3b73539ac9"
37
+ "gitHead": "e4dfdb6c1394a6739591f9881c4f5f11d9daa0ba"
38
38
  }
package/src/k8s/apps/workload.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { defineUnit, z } from "@highstate/contract"
2
2
  import { pick } from "remeda"
3
3
  import { portSchema } from "../../network"
4
+ import { namespaceEntity } from "../resources"
4
5
  import { serviceEntity, serviceTypeSchema } from "../service"
5
6
  import { deploymentEntity } from "../workload"
6
7
  import { optionalSharedInputs, sharedInputs, source } from "./shared"
@@ -71,6 +72,11 @@ export const workload = defineUnit({
71
72
  */
72
73
  image: z.string(),
73
74
 
75
+ /**
76
+ * The command to run in the container.
77
+ */
78
+ command: z.array(z.string()).default([]),
79
+
74
80
  /**
75
81
  * The port to expose for the workload.
76
82
  *
@@ -199,6 +205,7 @@ export const workload = defineUnit({
199
205
  },
200
206
 
201
207
  outputs: {
208
+ namespace: namespaceEntity,
202
209
  deployment: deploymentEntity,
203
210
  service: serviceEntity,
204
211
  },
@@ -210,5 +217,5 @@ export const workload = defineUnit({
210
217
  category: "Kubernetes",
211
218
  },
212
219
 
213
- source: source("deployment"),
220
+ source: source("workload"),
214
221
  })
package/src/k8s/index.ts CHANGED
@@ -3,6 +3,7 @@ export * from "./cert-manager"
3
3
  export * from "./cilium"
4
4
  export * from "./gateway"
5
5
  export * as obfuscators from "./obfuscators"
6
+ export * from "./reduced-access"
6
7
  export * from "./resources"
7
8
  export * from "./service"
8
9
  export * from "./shared"
package/src/k8s/reduced-access.ts ADDED
@@ -0,0 +1,118 @@
1
+ import { defineUnit, z } from "@highstate/contract"
2
+ import { certificateEntity, namespaceEntity, persistentVolumeClaimEntity } from "./resources"
3
+ import { serviceEntity } from "./service"
4
+ import { clusterEntity } from "./shared"
5
+ import { deploymentEntity, statefulSetEntity } from "./workload"
6
+
7
+ const k8sVerbsSchema = z.enum([
8
+ "get",
9
+ "list",
10
+ "watch",
11
+ "create",
12
+ "update",
13
+ "patch",
14
+ "delete",
15
+ "deletecollection",
16
+ ])
17
+
18
+ /**
19
+ * Creates a reduced access cluster with ServiceAccount-based authentication for specific Kubernetes resources.
20
+ */
21
+ export const reducedAccessCluster = defineUnit({
22
+ type: "k8s.reduced-access-cluster.v1",
23
+
24
+ args: {
25
+ /**
26
+ * The verbs to allow on the specified resources.
27
+ *
28
+ * Defaults to read-only access (get, list, watch).
29
+ */
30
+ verbs: k8sVerbsSchema.array().default(["get", "list", "watch"]),
31
+
32
+ /**
33
+ * The name of the ServiceAccount to create.
34
+ *
35
+ * If not provided, will be the same as the unit name.
36
+ */
37
+ serviceAccountName: z.string().optional(),
38
+ },
39
+
40
+ inputs: {
41
+ k8sCluster: clusterEntity,
42
+
43
+ /**
44
+ * The namespace where the ServiceAccount will be created.
45
+ */
46
+ namespace: namespaceEntity,
47
+
48
+ /**
49
+ * The deployments to grant access to.
50
+ */
51
+ deployments: {
52
+ entity: deploymentEntity,
53
+ multiple: true,
54
+ required: false,
55
+ },
56
+
57
+ /**
58
+ * The stateful sets to grant access to.
59
+ */
60
+ statefulSets: {
61
+ entity: statefulSetEntity,
62
+ multiple: true,
63
+ required: false,
64
+ },
65
+
66
+ /**
67
+ * The services to grant access to.
68
+ */
69
+ services: {
70
+ entity: serviceEntity,
71
+ multiple: true,
72
+ required: false,
73
+ },
74
+
75
+ /**
76
+ * The persistent volume claims to grant access to.
77
+ */
78
+ persistentVolumeClaims: {
79
+ entity: persistentVolumeClaimEntity,
80
+ multiple: true,
81
+ required: false,
82
+ },
83
+
84
+ /**
85
+ * The secrets to grant access to.
86
+ */
87
+ secrets: {
88
+ entity: certificateEntity,
89
+ multiple: true,
90
+ required: false,
91
+ },
92
+
93
+ /**
94
+ * The config maps to grant access to.
95
+ */
96
+ configMaps: {
97
+ entity: certificateEntity,
98
+ multiple: true,
99
+ required: false,
100
+ },
101
+ },
102
+
103
+ outputs: {
104
+ k8sCluster: clusterEntity,
105
+ },
106
+
107
+ meta: {
108
+ title: "Reduced Access Cluster",
109
+ icon: "devicon:kubernetes",
110
+ secondaryIcon: "mdi:shield-lock",
111
+ category: "Kubernetes",
112
+ },
113
+
114
+ source: {
115
+ package: "@highstate/k8s",
116
+ path: "units/reduced-access-cluster",
117
+ },
118
+ })