@highstate/talos 0.9.3 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/assets/tun-device-plugin.yaml +59 -0
  2. package/dist/cluster/index.js +54 -18
  3. package/dist/cluster/index.js.map +1 -1
  4. package/dist/highstate.manifest.json +1 -1
  5. package/package.json +12 -10
package/assets/tun-device-plugin.yaml ADDED
@@ -0,0 +1,59 @@
1
+ apiVersion: apps/v1
2
+ kind: DaemonSet
3
+ metadata:
4
+ name: tun-device-plugin
5
+ namespace: kube-system
6
+ labels:
7
+ app.kubernetes.io/name: tun-device-plugin
8
+ spec:
9
+ selector:
10
+ matchLabels:
11
+ app.kubernetes.io/name: tun-device-plugin
12
+ template:
13
+ metadata:
14
+ labels:
15
+ app.kubernetes.io/name: tun-device-plugin
16
+ spec:
17
+ priorityClassName: system-node-critical
18
+ tolerations:
19
+ - operator: "Exists"
20
+ effect: "NoExecute"
21
+ - operator: "Exists"
22
+ effect: "NoSchedule"
23
+ containers:
24
+ - image: squat/generic-device-plugin
25
+ args:
26
+ - --device
27
+ - |
28
+ name: tun
29
+ groups:
30
+ - count: 1000
31
+ paths:
32
+ - path: /dev/net/tun
33
+ name: tun-device-plugin
34
+ resources:
35
+ requests:
36
+ cpu: 50m
37
+ memory: 10Mi
38
+ limits:
39
+ cpu: 50m
40
+ memory: 20Mi
41
+ ports:
42
+ - containerPort: 8080
43
+ name: http
44
+ securityContext:
45
+ privileged: true
46
+ volumeMounts:
47
+ - name: device-plugin
48
+ mountPath: /var/lib/kubelet/device-plugins
49
+ - name: dev
50
+ mountPath: /dev
51
+ volumes:
52
+ - name: device-plugin
53
+ hostPath:
54
+ path: /var/lib/kubelet/device-plugins
55
+ - name: dev
56
+ hostPath:
57
+ path: /dev
58
+ updateStrategy:
59
+ type: RollingUpdate
package/dist/cluster/index.js CHANGED
@@ -1,12 +1,21 @@
1
1
  // src/cluster/index.ts
2
2
  import { readFile } from "node:fs/promises";
3
- import { all, forUnit, interpolate, output } from "@highstate/pulumi";
3
+ import { all, forUnit, output, toPromise } from "@highstate/pulumi";
4
4
  import { talos } from "@highstate/library";
5
5
  import { cluster, machine } from "@pulumiverse/talos";
6
6
  import { text } from "@highstate/contract";
7
7
  import { RenderedChart } from "@highstate/k8s";
8
8
  import { core, Provider } from "@pulumi/kubernetes";
9
+ import {
10
+ filterEndpoints,
11
+ l3EndpointToString,
12
+ l3ToL4Endpoint,
13
+ l4EndpointToString
14
+ } from "@highstate/common";
15
+ import { KubeConfig } from "@kubernetes/client-node";
16
+ import { uniqueBy } from "remeda";
9
17
  var { name, args, inputs, outputs } = forUnit(talos.cluster);
18
+ var { masters, workers } = await toPromise(inputs);
10
19
  var cni = args.cni ?? "cilium";
11
20
  var csi = args.csi ?? "local-path-provisioner";
12
21
  var inlineManifests = [];
@@ -26,10 +35,11 @@ if (cni === "cilium") {
26
35
  "securityContext.capabilities.ciliumAgent": "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}",
27
36
  "securityContext.capabilities.cleanCiliumState": "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}",
28
37
  "cgroup.autoMount.enabled": "false",
29
- "cgroup.hostRoot": "/sys/fs/cgroup"
38
+ "cgroup.hostRoot": "/sys/fs/cgroup",
30
39
  // "k8sServiceHost": "localhost",
31
40
  // "k8sServicePort": "7445",
32
41
  // "bpf.lbExternalClusterIP": "true",
42
+ "dnsProxy.dnsRejectResponseCode": "nameError"
33
43
  }
34
44
  });
35
45
  inlineManifests.push({
@@ -49,6 +59,12 @@ if (csi === "local-path-provisioner") {
49
59
  contents: await readFile("../../assets/local-path-provisioner.yaml", "utf-8")
50
60
  });
51
61
  }
62
+ if (args.enableTunDevicePlugin) {
63
+ inlineManifests.push({
64
+ name: "tun-device-plugin",
65
+ contents: await readFile("../../assets/tun-device-plugin.yaml", "utf-8")
66
+ });
67
+ }
52
68
  var clusterName = args.clusterName ?? name;
53
69
  var globalConfigPatch = output({
54
70
  machine: {
@@ -61,23 +77,21 @@ var globalConfigPatch = output({
61
77
  }
62
78
  },
63
79
  cluster: {
64
- allowSchedulingOnMasters: inputs.workers.length.apply(
65
- (length) => length === 0 || args.scheduleOnMasters
66
- ),
80
+ allowSchedulingOnMasters: args.scheduleOnMastersPolicy === "when-no-workers" ? workers.length === 0 : args.scheduleOnMastersPolicy === "always",
67
81
  inlineManifests,
68
82
  network: cni !== "flannel" ? { cni: { name: "none" } } : void 0
69
83
  // proxy: cni === "cilium" ? { disabled: true } : undefined,
70
84
  }
71
85
  }).apply(JSON.stringify);
72
86
  var secrets = new machine.Secrets("secrets", { talosVersion: "v1.8.3" });
73
- var clusterEndpoint = args.endpoint ?? interpolate`https://${inputs.masters[0].endpoint}:6443`;
87
+ var apiEndpoint = `https://${l3EndpointToString(masters[0].endpoints[0])}:6443`;
74
88
  var masterConfig = getConfiguration("controlplane");
75
89
  var workerConfig = getConfiguration("worker");
76
- var masterApplies = inputs.masters.apply((masters) => {
77
- if (!masters.length) {
90
+ var masterApplies = inputs.masters.apply((masters2) => {
91
+ if (!masters2.length) {
78
92
  throw new Error("At least one master node is required.");
79
93
  }
80
- return masters.map((master) => {
94
+ return masters2.map((master) => {
81
95
  return new machine.ConfigurationApply(
82
96
  master.hostname,
83
97
  getConfigurationApplyArgs(master, masterConfig.machineConfiguration)
@@ -92,8 +106,8 @@ var bootstrap = new machine.Bootstrap(
92
106
  },
93
107
  { dependsOn: masterApplies }
94
108
  );
95
- var workerApplies = inputs.workers.apply((workers) => {
96
- return workers.map((worker) => {
109
+ var workerApplies = inputs.workers.apply((workers2) => {
110
+ return workers2.map((worker) => {
97
111
  return new machine.ConfigurationApply(
98
112
  worker.hostname,
99
113
  getConfigurationApplyArgs(worker, workerConfig.machineConfiguration),
@@ -137,7 +151,7 @@ function getConfiguration(machineType) {
137
151
  configPatches.push(JSON.stringify(args.workerConfigPatch));
138
152
  }
139
153
  return machine.getConfigurationOutput({
140
- clusterEndpoint,
154
+ clusterEndpoint: apiEndpoint,
141
155
  machineSecrets: secrets.machineSecrets,
142
156
  clusterName,
143
157
  machineType,
@@ -146,10 +160,14 @@ function getConfiguration(machineType) {
146
160
  });
147
161
  }
148
162
  function getConfigurationApplyArgs(node, machineConfiguration) {
163
+ const ipEndpoint = node.endpoints.find((endpoint) => endpoint.type !== "hostname");
164
+ if (!ipEndpoint) {
165
+ throw new Error(`No IP endpoint found for node ${node.hostname}`);
166
+ }
149
167
  return {
150
168
  clientConfiguration: secrets.clientConfiguration,
151
169
  machineConfigurationInput: machineConfiguration,
152
- node: node.endpoint,
170
+ node: l3EndpointToString(ipEndpoint),
153
171
  configPatches: [
154
172
  JSON.stringify({
155
173
  machine: { network: { hostname: node.hostname } }
@@ -159,13 +177,25 @@ function getConfigurationApplyArgs(node, machineConfiguration) {
159
177
  }
160
178
  var provider = new Provider(name, { kubeconfig });
161
179
  var kubeSystem = core.v1.Namespace.get("kube-system", "kube-system", { provider });
180
+ var kubeConfig = new KubeConfig();
181
+ kubeConfig.loadFromString(await toPromise(kubeconfig));
182
+ var endpoints = uniqueBy(
183
+ [...workers, ...masters].flatMap((server) => server.endpoints),
184
+ l3EndpointToString
185
+ );
186
+ var apiEndpoints = uniqueBy(
187
+ masters.flatMap((server) => server.endpoints.map((endpoint) => l3ToL4Endpoint(endpoint, 6443))),
188
+ l4EndpointToString
189
+ );
162
190
  var cluster_default = outputs({
163
191
  k8sCluster: {
164
- info: {
165
- id: kubeSystem.metadata.uid,
166
- name: clusterName,
167
- cni: cni === "none" ? void 0 : cni,
168
- externalIps: [],
192
+ id: kubeSystem.metadata.uid,
193
+ name: clusterName,
194
+ cni: cni === "cilium" ? "cilium" : "other",
195
+ externalIps: filterEndpoints(endpoints, ["public", "external"]).filter((endpoint) => endpoint.type !== "hostname").map(l3EndpointToString),
196
+ endpoints,
197
+ apiEndpoints,
198
+ quirks: {
169
199
  tunDevicePolicy: {
170
200
  type: "plugin",
171
201
  resourceName: "squat.ai/tun",
@@ -178,6 +208,8 @@ var cluster_default = outputs({
178
208
  clientConfiguration,
179
209
  machineSecrets
180
210
  },
211
+ endpoints,
212
+ apiEndpoints,
181
213
  $terminals: {
182
214
  management: {
183
215
  title: "Cluster Management",
@@ -203,6 +235,10 @@ var cluster_default = outputs({
203
235
  TALOSCONFIG: "/talosconfig"
204
236
  }
205
237
  }
238
+ },
239
+ $status: {
240
+ endpoints: endpoints.map(l3EndpointToString),
241
+ apiEndpoints: apiEndpoints.map(l4EndpointToString)
206
242
  }
207
243
  });
208
244
  export {
package/dist/cluster/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/cluster/index.ts"],"sourcesContent":["import type { EntityValue, Input } from \"@highstate/pulumi\"\nimport { readFile } from \"node:fs/promises\"\nimport { all, forUnit, interpolate, output, Output } from \"@highstate/pulumi\"\nimport { common, talos } from \"@highstate/library\"\nimport { cluster, machine } from \"@pulumiverse/talos\"\nimport { text } from \"@highstate/contract\"\nimport { RenderedChart } from \"@highstate/k8s\"\nimport { core, Provider } from \"@pulumi/kubernetes\"\n\nconst { name, args, inputs, outputs } = forUnit(talos.cluster)\n\nconst cni = args.cni ?? \"cilium\"\nconst csi = args.csi ?? \"local-path-provisioner\"\n\ninterface InlineManifest {\n name: string\n contents: Input<string>\n}\n\ninterface ExtraMount {\n destination: string\n type: string\n source: string\n options: string[]\n}\n\nconst inlineManifests: InlineManifest[] = []\nconst extraMounts: ExtraMount[] = []\n\nif (cni === \"cilium\") {\n const { chart } = await import(\"@highstate/cilium\")\n\n const cilium = new RenderedChart(\"cilium\", {\n namespace: \"kube-system\",\n chart,\n\n values: {\n \"ipam.mode\": \"kubernetes\",\n // \"kubeProxyReplacement\": \"true\",\n kubeProxyReplacement: \"false\",\n \"operator.replicas\": \"1\",\n \"hubble.relay.enabled\": \"true\",\n \"hubble.ui.enabled\": \"true\",\n \"securityContext.capabilities.ciliumAgent\":\n \"{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}\",\n \"securityContext.capabilities.cleanCiliumState\": \"{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}\",\n \"cgroup.autoMount.enabled\": \"false\",\n \"cgroup.hostRoot\": \"/sys/fs/cgroup\",\n // \"k8sServiceHost\": \"localhost\",\n // \"k8sServicePort\": \"7445\",\n // \"bpf.lbExternalClusterIP\": \"true\",\n },\n })\n\n inlineManifests.push({\n name: \"cilium\",\n contents: cilium.manifest,\n })\n}\n\nif (csi === \"local-path-provisioner\") {\n extraMounts.push({\n destination: \"/var/lib/local-path-provisioner\",\n type: \"bind\",\n source: \"/var/lib/local-path-provisioner\",\n options: [\"bind\", \"rshared\", \"rw\"],\n })\n\n inlineManifests.push({\n name: \"local-path-provisioner\",\n contents: await readFile(\"../../assets/local-path-provisioner.yaml\", \"utf-8\"),\n })\n}\n\nconst clusterName = args.clusterName ?? name\n\nconst globalConfigPatch = output({\n machine: {\n install: {\n image: \"ghcr.io/siderolabs/installer:v1.8.3\",\n extensions: [{ image: \"ghcr.io/siderolabs/qemu-guest-agent:9.1.0\" }],\n },\n kubelet: {\n extraMounts,\n },\n },\n cluster: {\n allowSchedulingOnMasters: inputs.workers.length.apply(\n length => length === 0 || args.scheduleOnMasters,\n ),\n inlineManifests,\n network: cni !== \"flannel\" ? { cni: { name: \"none\" } } : undefined,\n // proxy: cni === \"cilium\" ? { disabled: true } : undefined,\n },\n}).apply(JSON.stringify)\n\nconst secrets = new machine.Secrets(\"secrets\", { talosVersion: \"v1.8.3\" })\n\nconst clusterEndpoint = args.endpoint ?? interpolate`https://${inputs.masters[0].endpoint}:6443`\n\nconst masterConfig = getConfiguration(\"controlplane\")\nconst workerConfig = getConfiguration(\"worker\")\n\nconst masterApplies = inputs.masters.apply(masters => {\n if (!masters.length) {\n throw new Error(\"At least one master node is required.\")\n }\n\n return masters.map(master => {\n return new machine.ConfigurationApply(\n master.hostname,\n getConfigurationApplyArgs(master, masterConfig.machineConfiguration),\n )\n })\n})\n\nconst bootstrap = new machine.Bootstrap(\n \"bootstrap\",\n {\n clientConfiguration: secrets.clientConfiguration,\n node: masterApplies[0].node,\n },\n { dependsOn: masterApplies },\n)\n\nconst workerApplies = inputs.workers.apply(workers => {\n return workers.map(worker => {\n return new machine.ConfigurationApply(\n worker.hostname,\n getConfigurationApplyArgs(worker, workerConfig.machineConfiguration),\n { dependsOn: bootstrap },\n )\n })\n})\n\n// Check the health of the cluster and export the kubeconfig\nconst kubeconfig = all([\n cluster.getKubeconfigOutput({\n clientConfiguration: secrets.clientConfiguration,\n node: masterApplies[0].node,\n }),\n cluster.getHealthOutput({\n clientConfiguration: secrets.clientConfiguration,\n endpoints: masterApplies.apply(masterApplies => masterApplies.map(x => x.node)),\n controlPlaneNodes: masterApplies.apply(masterApplies => masterApplies.map(x => x.node)),\n workerNodes: workerApplies.apply(workerApplies => workerApplies.map(x => x.node)),\n }),\n]).apply(([kubeconfig]) => kubeconfig.kubeconfigRaw)\n\nconst clientConfiguration = output({\n context: clusterName,\n contexts: {\n [clusterName]: {\n endpoints: masterApplies.apply(masterApplies => masterApplies.map(x => x.node)),\n ca: secrets.clientConfiguration.caCertificate,\n crt: secrets.clientConfiguration.clientCertificate,\n key: secrets.clientConfiguration.clientKey,\n },\n },\n}).apply(JSON.stringify)\n\nconst machineSecrets = secrets.machineSecrets.apply(JSON.stringify)\n\nfunction getConfiguration(machineType: string) {\n const configPatches: Input<string>[] = [globalConfigPatch]\n\n if (args.sharedConfigPatch && Object.keys(args.sharedConfigPatch).length > 0) {\n configPatches.push(JSON.stringify(args.sharedConfigPatch))\n }\n\n if (\n machineType === \"controlplane\" &&\n args.masterConfigPatch &&\n Object.keys(args.masterConfigPatch).length > 0\n ) {\n configPatches.push(JSON.stringify(args.masterConfigPatch))\n }\n\n if (\n machineType === \"worker\" &&\n args.workerConfigPatch &&\n Object.keys(args.workerConfigPatch).length > 0\n ) {\n configPatches.push(JSON.stringify(args.workerConfigPatch))\n }\n\n return machine.getConfigurationOutput({\n clusterEndpoint,\n machineSecrets: secrets.machineSecrets,\n clusterName,\n machineType,\n talosVersion: \"v1.8.3\",\n configPatches,\n })\n}\n\nfunction getConfigurationApplyArgs(\n node: EntityValue<typeof common.serverEntity>,\n machineConfiguration: Output<string>,\n): machine.ConfigurationApplyArgs {\n return {\n clientConfiguration: secrets.clientConfiguration,\n machineConfigurationInput: machineConfiguration,\n node: node.endpoint,\n configPatches: [\n JSON.stringify({\n machine: { network: { hostname: node.hostname } },\n }),\n ],\n }\n}\n\nconst provider = new Provider(name, { kubeconfig })\nconst kubeSystem = core.v1.Namespace.get(\"kube-system\", \"kube-system\", { provider })\n\nexport default outputs({\n k8sCluster: {\n info: {\n id: kubeSystem.metadata.uid,\n name: clusterName,\n cni: cni === \"none\" ? undefined : cni,\n externalIps: [],\n tunDevicePolicy: {\n type: \"plugin\",\n resourceName: \"squat.ai/tun\",\n resourceValue: \"1\",\n },\n },\n kubeconfig,\n },\n talosCluster: {\n clientConfiguration,\n machineSecrets,\n },\n\n $terminals: {\n management: {\n title: \"Cluster Management\",\n image: \"ghcr.io/exeteres/highstate/terminal-talosctl\",\n command: [\"bash\", \"/welcome.sh\"],\n files: {\n \"/kubeconfig\": kubeconfig,\n \"/talosconfig\": clientConfiguration,\n \"/secrets\": machineSecrets,\n\n \"/welcome.sh\": text`\n echo \"Connecting to the cluster...\"\n kubectl cluster-info\n\n echo \"Use 'kubectl' and 'helm' to manage the cluster.\"\n echo \"Use 'talosctl' to manage the Talos side of the cluster.\"\n echo\n\n exec bash\n `,\n },\n env: {\n KUBECONFIG: \"/kubeconfig\",\n TALOSCONFIG: \"/talosconfig\",\n },\n },\n },\n})\n"],"mappings":";AACA,SAAS,gBAAgB;AACzB,SAAS,KAAK,SAAS,aAAa,cAAsB;AAC1D,SAAiB,aAAa;AAC9B,SAAS,SAAS,eAAe;AACjC,SAAS,YAAY;AACrB,SAAS,qBAAqB;AAC9B,SAAS,MAAM,gBAAgB;AAE/B,IAAM,EAAE,MAAM,MAAM,QAAQ,QAAQ,IAAI,QAAQ,MAAM,OAAO;AAE7D,IAAM,MAAM,KAAK,OAAO;AACxB,IAAM,MAAM,KAAK,OAAO;AAcxB,IAAM,kBAAoC,CAAC;AAC3C,IAAM,cAA4B,CAAC;AAEnC,IAAI,QAAQ,UAAU;AACpB,QAAM,EAAE,MAAM,IAAI,MAAM,OAAO,mBAAmB;AAElD,QAAM,SAAS,IAAI,cAAc,UAAU;AAAA,IACzC,WAAW;AAAA,IACX;AAAA,IAEA,QAAQ;AAAA,MACN,aAAa;AAAA;AAAA,MAEb,sBAAsB;AAAA,MACtB,qBAAqB;AAAA,MACrB,wBAAwB;AAAA,MACxB,qBAAqB;AAAA,MACrB,4CACE;AAAA,MACF,iDAAiD;AAAA,MACjD,4BAA4B;AAAA,MAC5B,mBAAmB;AAAA;AAAA;AAAA;AAAA,IAIrB;AAAA,EACF,CAAC;AAED,kBAAgB,KAAK;AAAA,IACnB,MAAM;AAAA,IACN,UAAU,OAAO;AAAA,EACnB,CAAC;AACH;AAEA,IAAI,QAAQ,0BAA0B;AACpC,cAAY,KAAK;AAAA,IACf,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SAAS,CAAC,QAAQ,WAAW,IAAI;AAAA,EACnC,CAAC;AAED,kBAAgB,KAAK;AAAA,IACnB,MAAM;AAAA,IACN,UAAU,MAAM,SAAS,4CAA4C,OAAO;AAAA,EAC9E,CAAC;AACH;AAEA,IAAM,cAAc,KAAK,eAAe;AAExC,IAAM,oBAAoB,OAAO;AAAA,EAC/B,SAAS;AAAA,IACP,SAAS;AAAA,MACP,OAAO;AAAA,MACP,YAAY,CAAC,EAAE,OAAO,4CAA4C,CAAC;AAAA,IACrE;AAAA,IACA,SAAS;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EACA,SAAS;AAAA,IACP,0BAA0B,OAAO,QAAQ,OAAO;AAAA,MAC9C,YAAU,WAAW,KAAK,KAAK;AAAA,IACjC;AAAA,IACA;AAAA,IACA,SAAS,QAAQ,YAAY,EAAE,KAAK,EAAE,MAAM,OAAO,EAAE,IAAI;AAAA;AAAA,EAE3D;AACF,CAAC,EAAE,MAAM,KAAK,SAAS;AAEvB,IAAM,UAAU,IAAI,QAAQ,QAAQ,WAAW,EAAE,cAAc,SAAS,CAAC;AAEzE,IAAM,kBAAkB,KAAK,YAAY,sBAAsB,OAAO,QAAQ,CAAC,EAAE,QAAQ;AAEzF,IAAM,eAAe,iBAAiB,cAAc;AACpD,IAAM,eAAe,iBAAiB,QAAQ;AAE9C,IAAM,gBAAgB,OAAO,QAAQ,MAAM,aAAW;AACpD,MAAI,CAAC,QAAQ,QAAQ;AACnB,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACzD;AAEA,SAAO,QAAQ,IAAI,YAAU;AAC3B,WAAO,IAAI,QAAQ;AAAA,MACjB,OAAO;AAAA,MACP,0BAA0B,QAAQ,aAAa,oBAAoB;AAAA,IACrE;AAAA,EACF,CAAC;AACH,CAAC;AAED,IAAM,YAAY,IAAI,QAAQ;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,qBAAqB,QAAQ;AAAA,IAC7B,MAAM,cAAc,CAAC,EAAE;AAAA,EACzB;AAAA,EACA,EAAE,WAAW,cAAc;AAC7B;AAEA,IAAM,gBAAgB,OAAO,QAAQ,MAAM,aAAW;AACpD,SAAO,QAAQ,IAAI,YAAU;AAC3B,WAAO,IAAI,QAAQ;AAAA,MACjB,OAAO;AAAA,MACP,0BAA0B,QAAQ,aAAa,oBAAoB;AAAA,MACnE,EAAE,WAAW,UAAU;AAAA,IACzB;AAAA,EACF,CAAC;AACH,CAAC;AAGD,IAAM,aAAa,IAAI;AAAA,EACrB,QAAQ,oBAAoB;AAAA,IAC1B,qBAAqB,QAAQ;AAAA,IAC7B,MAAM,cAAc,CAAC,EAAE;AAAA,EACzB,CAAC;AAAA,EACD,QAAQ,gBAAgB;AAAA,IACtB,qBAAqB,QAAQ;AAAA,IAC7B,WAAW,cAAc,MAAM,CAAAA,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,IAC9E,mBAAmB,cAAc,MAAM,CAAAA,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,IACtF,aAAa,cAAc,MAAM,CAAAC,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,EAClF,CAAC;AACH,CAAC,EAAE,MAAM,CAAC,CAACC,WAAU,MAAMA,YAAW,aAAa;AAEnD,IAAM,sBAAsB,OAAO;AAAA,EACjC,SAAS;AAAA,EACT,UAAU;AAAA,IACR,CAAC,WAAW,GAAG;AAAA,MACb,WAAW,cAAc,MAAM,CAAAF,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,MAC9E,IAAI,QAAQ,oBAAoB;AAAA,MAChC,KAAK,QAAQ,oBAAoB;AAAA,MACjC,KAAK,QAAQ,oBAAoB;AAAA,IACnC;AAAA,EACF;AACF,CAAC,EAAE,MAAM,KAAK,SAAS;AAEvB,IAAM,iBAAiB,QAAQ,eAAe,MAAM,KAAK,SAAS;AAElE,SAAS,iBAAiB,aAAqB;AAC7C,QAAM,gBAAiC,CAAC,iBAAiB;AAEzD,MAAI,KAAK,qBAAqB,OAAO,KAAK,KAAK,iBAAiB,EAAE,SAAS,GAAG;AAC5E,kBAAc,KAAK,KAAK,UAAU,KAAK,iBAAiB,CAAC;AAAA,EAC3D;AAEA,MACE,gBAAgB,kBAChB,KAAK,qBACL,OAAO,KAAK,KAAK,iBAAiB,EAAE,SAAS,GAC7C;AACA,kBAAc,KAAK,KAAK,UAAU,KAAK,iBAAiB,CAAC;AAAA,EAC3D;AAEA,MACE,gBAAgB,YAChB,KAAK,qBACL,OAAO,KAAK,KAAK,iBAAiB,EAAE,SAAS,GAC7C;AACA,kBAAc,KAAK,KAAK,UAAU,KAAK,iBAAiB,CAAC;AAAA,EAC3D;AAEA,SAAO,QAAQ,uBAAuB;AAAA,IACpC;AAAA,IACA,gBAAgB,QAAQ;AAAA,IACxB;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd;AAAA,EACF,CAAC;AACH;AAEA,SAAS,0BACP,MACA,sBACgC;AAChC,SAAO;AAAA,IACL,qBAAqB,QAAQ;AAAA,IAC7B,2BAA2B;AAAA,IAC3B,MAAM,KAAK;AAAA,IACX,eAAe;AAAA,MACb,KAAK,UAAU;AAAA,QACb,SAAS,EAAE,SAAS,EAAE,UAAU,KAAK,SAAS,EAAE;AAAA,MAClD,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEA,IAAM,WAAW,IAAI,SAAS,MAAM,EAAE,WAAW,CAAC;AAClD,IAAM,aAAa,KAAK,GAAG,UAAU,IAAI,eAAe,eAAe,EAAE,SAAS,CAAC;AAEnF,IAAO,kBAAQ,QAAQ;AAAA,EACrB,YAAY;AAAA,IACV,MAAM;AAAA,MACJ,IAAI,WAAW,SAAS;AAAA,MACxB,MAAM;AAAA,MACN,KAAK,QAAQ,SAAS,SAAY;AAAA,MAClC,aAAa,CAAC;AAAA,MACd,iBAAiB;AAAA,QACf,MAAM;AAAA,QACN,cAAc;AAAA,QACd,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA;AAAA,EACF;AAAA,EACA,cAAc;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AAAA,EAEA,YAAY;AAAA,IACV,YAAY;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS,CAAC,QAAQ,aAAa;AAAA,MAC/B,OAAO;AAAA,QACL,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,YAAY;AAAA,QAEZ,eAAe;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAUjB;AAAA,MACA,KAAK;AAAA,QACH,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF,CAAC;","names":["masterApplies","workerApplies","kubeconfig"]}
1
+ {"version":3,"sources":["../../src/cluster/index.ts"],"sourcesContent":["import type { EntityValue, Input } from \"@highstate/pulumi\"\nimport { readFile } from \"node:fs/promises\"\nimport { all, forUnit, output, Output, toPromise } from \"@highstate/pulumi\"\nimport { common, talos } from \"@highstate/library\"\nimport { cluster, machine } from \"@pulumiverse/talos\"\nimport { text } from \"@highstate/contract\"\nimport { RenderedChart } from \"@highstate/k8s\"\nimport { core, Provider } from \"@pulumi/kubernetes\"\nimport {\n filterEndpoints,\n l3EndpointToString,\n l3ToL4Endpoint,\n l4EndpointToString,\n} from \"@highstate/common\"\nimport { KubeConfig } from \"@kubernetes/client-node\"\nimport { uniqueBy } from \"remeda\"\n\nconst { name, args, inputs, outputs } = forUnit(talos.cluster)\n\nconst { masters, workers } = await toPromise(inputs)\n\nconst cni = args.cni ?? \"cilium\"\nconst csi = args.csi ?? \"local-path-provisioner\"\n\ninterface InlineManifest {\n name: string\n contents: Input<string>\n}\n\ninterface ExtraMount {\n destination: string\n type: string\n source: string\n options: string[]\n}\n\nconst inlineManifests: InlineManifest[] = []\nconst extraMounts: ExtraMount[] = []\n\nif (cni === \"cilium\") {\n const { chart } = await import(\"@highstate/cilium\")\n\n const cilium = new RenderedChart(\"cilium\", {\n namespace: \"kube-system\",\n chart,\n\n values: {\n \"ipam.mode\": \"kubernetes\",\n // \"kubeProxyReplacement\": \"true\",\n kubeProxyReplacement: \"false\",\n \"operator.replicas\": \"1\",\n \"hubble.relay.enabled\": \"true\",\n \"hubble.ui.enabled\": \"true\",\n \"securityContext.capabilities.ciliumAgent\":\n \"{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}\",\n \"securityContext.capabilities.cleanCiliumState\": \"{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}\",\n \"cgroup.autoMount.enabled\": \"false\",\n \"cgroup.hostRoot\": \"/sys/fs/cgroup\",\n // \"k8sServiceHost\": \"localhost\",\n // \"k8sServicePort\": \"7445\",\n // \"bpf.lbExternalClusterIP\": \"true\",\n \"dnsProxy.dnsRejectResponseCode\": \"nameError\",\n },\n })\n\n inlineManifests.push({\n name: \"cilium\",\n contents: cilium.manifest,\n })\n}\n\nif (csi === \"local-path-provisioner\") {\n extraMounts.push({\n destination: \"/var/lib/local-path-provisioner\",\n type: \"bind\",\n source: \"/var/lib/local-path-provisioner\",\n options: [\"bind\", \"rshared\", \"rw\"],\n })\n\n inlineManifests.push({\n name: \"local-path-provisioner\",\n contents: await readFile(\"../../assets/local-path-provisioner.yaml\", \"utf-8\"),\n })\n}\n\nif (args.enableTunDevicePlugin) {\n inlineManifests.push({\n name: \"tun-device-plugin\",\n contents: await readFile(\"../../assets/tun-device-plugin.yaml\", \"utf-8\"),\n })\n}\n\nconst clusterName = args.clusterName ?? name\n\nconst globalConfigPatch = output({\n machine: {\n install: {\n image: \"ghcr.io/siderolabs/installer:v1.8.3\",\n extensions: [{ image: \"ghcr.io/siderolabs/qemu-guest-agent:9.1.0\" }],\n },\n kubelet: {\n extraMounts,\n },\n },\n cluster: {\n allowSchedulingOnMasters:\n args.scheduleOnMastersPolicy === \"when-no-workers\"\n ? workers.length === 0\n : args.scheduleOnMastersPolicy === \"always\",\n inlineManifests,\n network: cni !== \"flannel\" ? { cni: { name: \"none\" } } : undefined,\n // proxy: cni === \"cilium\" ? { disabled: true } : undefined,\n },\n}).apply(JSON.stringify)\n\nconst secrets = new machine.Secrets(\"secrets\", { talosVersion: \"v1.8.3\" })\n\nconst apiEndpoint = `https://${l3EndpointToString(masters[0].endpoints[0])}:6443`\n\nconst masterConfig = getConfiguration(\"controlplane\")\nconst workerConfig = getConfiguration(\"worker\")\n\nconst masterApplies = inputs.masters.apply(masters => {\n if (!masters.length) {\n throw new Error(\"At least one master node is required.\")\n }\n\n return masters.map(master => {\n return new machine.ConfigurationApply(\n master.hostname,\n getConfigurationApplyArgs(master, masterConfig.machineConfiguration),\n )\n })\n})\n\nconst bootstrap = new machine.Bootstrap(\n \"bootstrap\",\n {\n clientConfiguration: secrets.clientConfiguration,\n node: masterApplies[0].node,\n },\n { dependsOn: masterApplies },\n)\n\nconst workerApplies = inputs.workers.apply(workers => {\n return workers.map(worker => {\n return new machine.ConfigurationApply(\n worker.hostname,\n getConfigurationApplyArgs(worker, workerConfig.machineConfiguration),\n { dependsOn: bootstrap },\n )\n })\n})\n\n// Check the health of the cluster and export the kubeconfig\nconst kubeconfig = all([\n cluster.getKubeconfigOutput({\n clientConfiguration: secrets.clientConfiguration,\n node: masterApplies[0].node,\n }),\n cluster.getHealthOutput({\n clientConfiguration: secrets.clientConfiguration,\n endpoints: masterApplies.apply(masterApplies => masterApplies.map(x => x.node)),\n controlPlaneNodes: masterApplies.apply(masterApplies => masterApplies.map(x => x.node)),\n workerNodes: workerApplies.apply(workerApplies => workerApplies.map(x => x.node)),\n }),\n]).apply(([kubeconfig]) => kubeconfig.kubeconfigRaw)\n\nconst clientConfiguration = output({\n context: clusterName,\n contexts: {\n [clusterName]: {\n endpoints: masterApplies.apply(masterApplies => masterApplies.map(x => x.node)),\n ca: secrets.clientConfiguration.caCertificate,\n crt: secrets.clientConfiguration.clientCertificate,\n key: secrets.clientConfiguration.clientKey,\n },\n },\n}).apply(JSON.stringify)\n\nconst machineSecrets = secrets.machineSecrets.apply(JSON.stringify)\n\nfunction getConfiguration(machineType: string) {\n const configPatches: Input<string>[] = [globalConfigPatch]\n\n if (args.sharedConfigPatch && Object.keys(args.sharedConfigPatch).length > 0) {\n configPatches.push(JSON.stringify(args.sharedConfigPatch))\n }\n\n if (\n machineType === \"controlplane\" &&\n args.masterConfigPatch &&\n Object.keys(args.masterConfigPatch).length > 0\n ) {\n configPatches.push(JSON.stringify(args.masterConfigPatch))\n }\n\n if (\n machineType === \"worker\" &&\n args.workerConfigPatch &&\n Object.keys(args.workerConfigPatch).length > 0\n ) {\n configPatches.push(JSON.stringify(args.workerConfigPatch))\n }\n\n return machine.getConfigurationOutput({\n clusterEndpoint: apiEndpoint,\n machineSecrets: secrets.machineSecrets,\n clusterName,\n machineType,\n talosVersion: \"v1.8.3\",\n configPatches,\n })\n}\n\nfunction getConfigurationApplyArgs(\n node: EntityValue<typeof common.serverEntity>,\n machineConfiguration: Output<string>,\n): machine.ConfigurationApplyArgs {\n const ipEndpoint = node.endpoints.find(endpoint => endpoint.type !== \"hostname\")\n if (!ipEndpoint) {\n throw new Error(`No IP endpoint found for node ${node.hostname}`)\n }\n\n return {\n clientConfiguration: secrets.clientConfiguration,\n machineConfigurationInput: machineConfiguration,\n node: l3EndpointToString(ipEndpoint),\n configPatches: [\n JSON.stringify({\n machine: { network: { hostname: node.hostname } },\n }),\n ],\n }\n}\n\nconst provider = new Provider(name, { kubeconfig })\nconst kubeSystem = core.v1.Namespace.get(\"kube-system\", \"kube-system\", { provider })\n\nconst kubeConfig = new KubeConfig()\nkubeConfig.loadFromString(await toPromise(kubeconfig))\n\nconst endpoints = uniqueBy(\n [...workers, ...masters].flatMap(server => server.endpoints),\n l3EndpointToString,\n)\n\nconst apiEndpoints = uniqueBy(\n masters.flatMap(server => server.endpoints.map(endpoint => l3ToL4Endpoint(endpoint, 6443))),\n l4EndpointToString,\n)\n\nexport default outputs({\n k8sCluster: {\n id: kubeSystem.metadata.uid,\n name: clusterName,\n cni: cni === \"cilium\" ? \"cilium\" : \"other\",\n\n externalIps: filterEndpoints(endpoints, [\"public\", \"external\"])\n .filter(endpoint => endpoint.type !== \"hostname\")\n .map(l3EndpointToString),\n\n endpoints,\n apiEndpoints,\n\n quirks: {\n tunDevicePolicy: {\n type: \"plugin\",\n resourceName: \"squat.ai/tun\",\n resourceValue: \"1\",\n },\n },\n\n kubeconfig,\n },\n\n talosCluster: {\n clientConfiguration,\n machineSecrets,\n },\n\n endpoints,\n apiEndpoints,\n\n $terminals: {\n management: {\n title: \"Cluster Management\",\n image: \"ghcr.io/exeteres/highstate/terminal-talosctl\",\n command: [\"bash\", \"/welcome.sh\"],\n files: {\n \"/kubeconfig\": kubeconfig,\n \"/talosconfig\": clientConfiguration,\n \"/secrets\": machineSecrets,\n\n \"/welcome.sh\": text`\n echo \"Connecting to the cluster...\"\n kubectl cluster-info\n\n echo \"Use 'kubectl' and 'helm' to manage the cluster.\"\n echo \"Use 'talosctl' to manage the Talos side of the cluster.\"\n echo\n\n exec bash\n `,\n },\n env: {\n KUBECONFIG: \"/kubeconfig\",\n TALOSCONFIG: \"/talosconfig\",\n },\n },\n },\n\n $status: {\n endpoints: endpoints.map(l3EndpointToString),\n apiEndpoints: apiEndpoints.map(l4EndpointToString),\n },\n})\n"],"mappings":";AACA,SAAS,gBAAgB;AACzB,SAAS,KAAK,SAAS,QAAgB,iBAAiB;AACxD,SAAiB,aAAa;AAC9B,SAAS,SAAS,eAAe;AACjC,SAAS,YAAY;AACrB,SAAS,qBAAqB;AAC9B,SAAS,MAAM,gBAAgB;AAC/B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,kBAAkB;AAC3B,SAAS,gBAAgB;AAEzB,IAAM,EAAE,MAAM,MAAM,QAAQ,QAAQ,IAAI,QAAQ,MAAM,OAAO;AAE7D,IAAM,EAAE,SAAS,QAAQ,IAAI,MAAM,UAAU,MAAM;AAEnD,IAAM,MAAM,KAAK,OAAO;AACxB,IAAM,MAAM,KAAK,OAAO;AAcxB,IAAM,kBAAoC,CAAC;AAC3C,IAAM,cAA4B,CAAC;AAEnC,IAAI,QAAQ,UAAU;AACpB,QAAM,EAAE,MAAM,IAAI,MAAM,OAAO,mBAAmB;AAElD,QAAM,SAAS,IAAI,cAAc,UAAU;AAAA,IACzC,WAAW;AAAA,IACX;AAAA,IAEA,QAAQ;AAAA,MACN,aAAa;AAAA;AAAA,MAEb,sBAAsB;AAAA,MACtB,qBAAqB;AAAA,MACrB,wBAAwB;AAAA,MACxB,qBAAqB;AAAA,MACrB,4CACE;AAAA,MACF,iDAAiD;AAAA,MACjD,4BAA4B;AAAA,MAC5B,mBAAmB;AAAA;AAAA;AAAA;AAAA,MAInB,kCAAkC;AAAA,IACpC;AAAA,EACF,CAAC;AAED,kBAAgB,KAAK;AAAA,IACnB,MAAM;AAAA,IACN,UAAU,OAAO;AAAA,EACnB,CAAC;AACH;AAEA,IAAI,QAAQ,0BAA0B;AACpC,cAAY,KAAK;AAAA,IACf,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SAAS,CAAC,QAAQ,WAAW,IAAI;AAAA,EACnC,CAAC;AAED,kBAAgB,KAAK;AAAA,IACnB,MAAM;AAAA,IACN,UAAU,MAAM,SAAS,4CAA4C,OAAO;AAAA,EAC9E,CAAC;AACH;AAEA,IAAI,KAAK,uBAAuB;AAC9B,kBAAgB,KAAK;AAAA,IACnB,MAAM;AAAA,IACN,UAAU,MAAM,SAAS,uCAAuC,OAAO;AAAA,EACzE,CAAC;AACH;AAEA,IAAM,cAAc,KAAK,eAAe;AAExC,IAAM,oBAAoB,OAAO;AAAA,EAC/B,SAAS;AAAA,IACP,SAAS;AAAA,MACP,OAAO;AAAA,MACP,YAAY,CAAC,EAAE,OAAO,4CAA4C,CAAC;AAAA,IACrE;AAAA,IACA,SAAS;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EACA,SAAS;AAAA,IACP,0BACE,KAAK,4BAA4B,oBAC7B,QAAQ,WAAW,IACnB,KAAK,4BAA4B;AAAA,IACvC;AAAA,IACA,SAAS,QAAQ,YAAY,EAAE,KAAK,EAAE,MAAM,OAAO,EAAE,IAAI;AAAA;AAAA,EAE3D;AACF,CAAC,EAAE,MAAM,KAAK,SAAS;AAEvB,IAAM,UAAU,IAAI,QAAQ,QAAQ,WAAW,EAAE,cAAc,SAAS,CAAC;AAEzE,IAAM,cAAc,WAAW,mBAAmB,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;AAE1E,IAAM,eAAe,iBAAiB,cAAc;AACpD,IAAM,eAAe,iBAAiB,QAAQ;AAE9C,IAAM,gBAAgB,OAAO,QAAQ,MAAM,CAAAA,aAAW;AACpD,MAAI,CAACA,SAAQ,QAAQ;AACnB,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACzD;AAEA,SAAOA,SAAQ,IAAI,YAAU;AAC3B,WAAO,IAAI,QAAQ;AAAA,MACjB,OAAO;AAAA,MACP,0BAA0B,QAAQ,aAAa,oBAAoB;AAAA,IACrE;AAAA,EACF,CAAC;AACH,CAAC;AAED,IAAM,YAAY,IAAI,QAAQ;AAAA,EAC5B;AAAA,EACA;AAAA,IACE,qBAAqB,QAAQ;AAAA,IAC7B,MAAM,cAAc,CAAC,EAAE;AAAA,EACzB;AAAA,EACA,EAAE,WAAW,cAAc;AAC7B;AAEA,IAAM,gBAAgB,OAAO,QAAQ,MAAM,CAAAC,aAAW;AACpD,SAAOA,SAAQ,IAAI,YAAU;AAC3B,WAAO,IAAI,QAAQ;AAAA,MACjB,OAAO;AAAA,MACP,0BAA0B,QAAQ,aAAa,oBAAoB;AAAA,MACnE,EAAE,WAAW,UAAU;AAAA,IACzB;AAAA,EACF,CAAC;AACH,CAAC;AAGD,IAAM,aAAa,IAAI;AAAA,EACrB,QAAQ,oBAAoB;AAAA,IAC1B,qBAAqB,QAAQ;AAAA,IAC7B,MAAM,cAAc,CAAC,EAAE;AAAA,EACzB,CAAC;AAAA,EACD,QAAQ,gBAAgB;AAAA,IACtB,qBAAqB,QAAQ;AAAA,IAC7B,WAAW,cAAc,MAAM,CAAAC,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,IAC9E,mBAAmB,cAAc,MAAM,CAAAA,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,IACtF,aAAa,cAAc,MAAM,CAAAC,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,EAClF,CAAC;AACH,CAAC,EAAE,MAAM,CAAC,CAACC,WAAU,MAAMA,YAAW,aAAa;AAEnD,IAAM,sBAAsB,OAAO;AAAA,EACjC,SAAS;AAAA,EACT,UAAU;AAAA,IACR,CAAC,WAAW,GAAG;AAAA,MACb,WAAW,cAAc,MAAM,CAAAF,mBAAiBA,eAAc,IAAI,OAAK,EAAE,IAAI,CAAC;AAAA,MAC9E,IAAI,QAAQ,oBAAoB;AAAA,MAChC,KAAK,QAAQ,oBAAoB;AAAA,MACjC,KAAK,QAAQ,oBAAoB;AAAA,IACnC;AAAA,EACF;AACF,CAAC,EAAE,MAAM,KAAK,SAAS;AAEvB,IAAM,iBAAiB,QAAQ,eAAe,MAAM,KAAK,SAAS;AAElE,SAAS,iBAAiB,aAAqB;AAC7C,QAAM,gBAAiC,CAAC,iBAAiB;AAEzD,MAAI,KAAK,qBAAqB,OAAO,KAAK,KAAK,iBAAiB,EAAE,SAAS,GAAG;AAC5E,kBAAc,KAAK,KAAK,UAAU,KAAK,iBAAiB,CAAC;AAAA,EAC3D;AAEA,MACE,gBAAgB,kBAChB,KAAK,qBACL,OAAO,KAAK,KAAK,iBAAiB,EAAE,SAAS,GAC7C;AACA,kBAAc,KAAK,KAAK,UAAU,KAAK,iBAAiB,CAAC;AAAA,EAC3D;AAEA,MACE,gBAAgB,YAChB,KAAK,qBACL,OAAO,KAAK,KAAK,iBAAiB,EAAE,SAAS,GAC7C;AACA,kBAAc,KAAK,KAAK,UAAU,KAAK,iBAAiB,CAAC;AAAA,EAC3D;AAEA,SAAO,QAAQ,uBAAuB;AAAA,IACpC,iBAAiB;AAAA,IACjB,gBAAgB,QAAQ;AAAA,IACxB;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd;AAAA,EACF,CAAC;AACH;AAEA,SAAS,0BACP,MACA,sBACgC;AAChC,QAAM,aAAa,KAAK,UAAU,KAAK,cAAY,SAAS,SAAS,UAAU;AAC/E,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,iCAAiC,KAAK,QAAQ,EAAE;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,qBAAqB,QAAQ;AAAA,IAC7B,2BAA2B;AAAA,IAC3B,MAAM,mBAAmB,UAAU;AAAA,IACnC,eAAe;AAAA,MACb,KAAK,UAAU;AAAA,QACb,SAAS,EAAE,SAAS,EAAE,UAAU,KAAK,SAAS,EAAE;AAAA,MAClD,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEA,IAAM,WAAW,IAAI,SAAS,MAAM,EAAE,WAAW,CAAC;AAClD,IAAM,aAAa,KAAK,GAAG,UAAU,IAAI,eAAe,eAAe,EAAE,SAAS,CAAC;AAEnF,IAAM,aAAa,IAAI,WAAW;AAClC,WAAW,eAAe,MAAM,UAAU,UAAU,CAAC;AAErD,IAAM,YAAY;AAAA,EAChB,CAAC,GAAG,SAAS,GAAG,OAAO,EAAE,QAAQ,YAAU,OAAO,SAAS;AAAA,EAC3D;AACF;AAEA,IAAM,eAAe;AAAA,EACnB,QAAQ,QAAQ,YAAU,OAAO,UAAU,IAAI,cAAY,eAAe,UAAU,IAAI,CAAC,CAAC;AAAA,EAC1F;AACF;AAEA,IAAO,kBAAQ,QAAQ;AAAA,EACrB,YAAY;AAAA,IACV,IAAI,WAAW,SAAS;AAAA,IACxB,MAAM;AAAA,IACN,KAAK,QAAQ,WAAW,WAAW;AAAA,IAEnC,aAAa,gBAAgB,WAAW,CAAC,UAAU,UAAU,CAAC,EAC3D,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,kBAAkB;AAAA,IAEzB;AAAA,IACA;AAAA,IAEA,QAAQ;AAAA,MACN,iBAAiB;AAAA,QACf,MAAM;AAAA,QACN,cAAc;AAAA,QACd,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IAEA;AAAA,EACF;AAAA,EAEA,cAAc;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AAAA,EAEA;AAAA,EACA;AAAA,EAEA,YAAY;AAAA,IACV,YAAY;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS,CAAC,QAAQ,aAAa;AAAA,MAC/B,OAAO;AAAA,QACL,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,YAAY;AAAA,QAEZ,eAAe;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAUjB;AAAA,MACA,KAAK;AAAA,QACH,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AAAA,EAEA,SAAS;AAAA,IACP,WAAW,UAAU,IAAI,kBAAkB;AAAA,IAC3C,cAAc,aAAa,IAAI,kBAAkB;AAAA,EACnD;AACF,CAAC;","names":["masters","workers","masterApplies","workerApplies","kubeconfig"]}
package/dist/highstate.manifest.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "sourceHashes": {
3
- "./dist/cluster/index.js": "7715f1f4e71d53ddc5581edc8b3b42f775b0c321aa49c33ce4cd9a75457c0410"
3
+ "./dist/cluster/index.js": "de766020d5ab2db64b11e5cdb63fe4914658ab444ab5cd6f5590f398daa9f63a"
4
4
  }
5
5
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highstate/talos",
3
- "version": "0.9.3",
3
+ "version": "0.9.5",
4
4
  "type": "module",
5
5
  "files": [
6
6
  "assets",
@@ -17,18 +17,20 @@
17
17
  "update-assets": "./scripts/update-assets.sh"
18
18
  },
19
19
  "dependencies": {
20
- "@highstate/cilium": "^0.9.3",
21
- "@highstate/common": "^0.9.3",
22
- "@highstate/contract": "^0.9.3",
23
- "@highstate/k8s": "^0.9.3",
24
- "@highstate/library": "^0.9.3",
25
- "@highstate/pulumi": "^0.9.3",
20
+ "@highstate/cilium": "^0.9.5",
21
+ "@highstate/common": "^0.9.5",
22
+ "@highstate/contract": "^0.9.5",
23
+ "@highstate/k8s": "^0.9.5",
24
+ "@highstate/library": "^0.9.5",
25
+ "@highstate/pulumi": "^0.9.5",
26
+ "@kubernetes/client-node": "^1.1.0",
26
27
  "@pulumi/command": "^1.0.2",
27
28
  "@pulumi/kubernetes": "^4.18.0",
28
- "@pulumiverse/talos": "^0.4.1"
29
+ "@pulumiverse/talos": "^0.4.1",
30
+ "remeda": "^2.21.0"
29
31
  },
30
32
  "devDependencies": {
31
- "@highstate/cli": "^0.9.3"
33
+ "@highstate/cli": "^0.9.5"
32
34
  },
33
- "gitHead": "cdd2bb1d9001ba4a39f64087eb29af6f50d82bec"
35
+ "gitHead": "93fa1e8b1189a5232055c852fd79a684d8b80444"
34
36
  }