@intentius/chant-lexicon-helm 0.0.16

package/src/composites/helm-monitored-service.ts

@@ -0,0 +1,252 @@
+/**
+ * HelmMonitoredService composite — Deployment + Service + ServiceMonitor + optional PrometheusRule.
+ *
+ * Full observability pattern for services monitored by Prometheus Operator.
+ * Uses fallback GVK for CRD resources (ServiceMonitor, PrometheusRule).
+ */
+
+import { values, include, printf, toYaml, If, With, Capabilities } from "../intrinsics";
+
+export interface HelmMonitoredServiceProps {
+  /** Chart and release name. */
+  name: string;
+  /** Default container image repository. */
+  imageRepository?: string;
+  /** Default container image tag. */
+  imageTag?: string;
+  /** Application port. */
+  port?: number;
+  /** Metrics port. */
+  metricsPort?: number;
+  /** Metrics path. */
+  metricsPath?: string;
+  /** Scrape interval. */
+  scrapeInterval?: string;
+  /** Default replica count. */
+  replicas?: number;
+  /** Default service type. */
+  serviceType?: string;
+  /** Include ServiceAccount. Default: true. */
+  serviceAccount?: boolean;
+  /** Include PrometheusRule for alerting. Default: false. */
+  alertRules?: boolean;
+  /** Pod-level security context defaults. */
+  podSecurityContext?: Record<string, unknown>;
+  /** Container-level security context defaults. */
+  securityContext?: Record<string, unknown>;
+  /** Node selector defaults. */
+  nodeSelector?: Record<string, string>;
+  /** Tolerations defaults. */
+  tolerations?: Array<Record<string, unknown>>;
+  /** Affinity defaults. */
+  affinity?: Record<string, unknown>;
+  /** Chart appVersion. */
+  appVersion?: string;
+}
+
+export interface HelmMonitoredServiceResult {
+  chart: Record<string, unknown>;
+  values: Record<string, unknown>;
+  deployment: Record<string, unknown>;
+  service: Record<string, unknown>;
+  serviceAccount?: Record<string, unknown>;
+  serviceMonitor: Record<string, unknown>;
+  prometheusRule?: Record<string, unknown>;
+}
+
+export function HelmMonitoredService(props: HelmMonitoredServiceProps): HelmMonitoredServiceResult {
+  const {
+    name,
+    imageRepository = "nginx",
+    imageTag = "",
+    port = 8080,
+    metricsPort = 9090,
+    metricsPath = "/metrics",
+    scrapeInterval = "30s",
+    replicas = 2,
+    serviceType = "ClusterIP",
+    serviceAccount = true,
+    alertRules = false,
+    appVersion = "1.0.0",
+  } = props;
+
+  const chart = {
+    apiVersion: "v2",
+    name,
+    version: "0.1.0",
+    appVersion,
+    type: "application",
+    description: `A Helm chart for ${name} with monitoring`,
+  };
+
+  const valuesObj: Record<string, unknown> = {
+    replicaCount: replicas,
+    image: {
+      repository: imageRepository,
+      tag: imageTag,
+      pullPolicy: "IfNotPresent",
+    },
+    service: {
+      type: serviceType,
+      port,
+    },
+    resources: {},
+    monitoring: {
+      enabled: true,
+      metricsPort,
+      metricsPath,
+      scrapeInterval,
+    },
+  };
+
+  if (alertRules) {
+    valuesObj.alerting = {
+      enabled: false,
+      rules: [],
+    };
+  }
+
+  if (props.podSecurityContext) valuesObj.podSecurityContext = props.podSecurityContext;
+  if (props.securityContext) valuesObj.securityContext = props.securityContext;
+  if (props.nodeSelector) valuesObj.nodeSelector = props.nodeSelector;
+  if (props.tolerations) valuesObj.tolerations = props.tolerations;
+  if (props.affinity) valuesObj.affinity = props.affinity;
+
+  if (serviceAccount) {
+    valuesObj.serviceAccount = {
+      create: true,
+      name: "",
+      annotations: {},
+    };
+  }
+
+  const containerSpec: Record<string, unknown> = {
+    name,
+    image: printf("%s:%s", values.image.repository, values.image.tag),
+    imagePullPolicy: values.image.pullPolicy,
+    ports: [
+      { containerPort: values.service.port, name: "http" },
+      { containerPort: values.monitoring.metricsPort, name: "metrics" },
+    ],
+    resources: toYaml(values.resources),
+  };
+
+  if (props.securityContext) containerSpec.securityContext = toYaml(values.securityContext);
+
+  const podSpec: Record<string, unknown> = {
+    containers: [containerSpec],
+  };
+
+  if (props.podSecurityContext) podSpec.securityContext = toYaml(values.podSecurityContext);
+  if (props.nodeSelector) podSpec.nodeSelector = With(values.nodeSelector, toYaml(values.nodeSelector));
+  if (props.tolerations) podSpec.tolerations = With(values.tolerations, toYaml(values.tolerations));
+  if (props.affinity) podSpec.affinity = With(values.affinity, toYaml(values.affinity));
+  if (serviceAccount) podSpec.serviceAccountName = include(`${name}.serviceAccountName`);
+
+  const deployment = {
+    apiVersion: "apps/v1",
+    kind: "Deployment",
+    metadata: {
+      name: include(`${name}.fullname`),
+      labels: include(`${name}.labels`),
+    },
+    spec: {
+      replicas: values.replicaCount,
+      selector: {
+        matchLabels: include(`${name}.selectorLabels`),
+      },
+      template: {
+        metadata: {
+          labels: include(`${name}.selectorLabels`),
+        },
+        spec: podSpec,
+      },
+    },
+  };
+
+  const service = {
+    apiVersion: "v1",
+    kind: "Service",
+    metadata: {
+      name: include(`${name}.fullname`),
+      labels: include(`${name}.labels`),
+    },
+    spec: {
+      type: values.service.type,
+      ports: [
+        {
+          port: values.service.port,
+          targetPort: "http",
+          protocol: "TCP",
+          name: "http",
+        },
+        {
+          port: values.monitoring.metricsPort,
+          targetPort: "metrics",
+          protocol: "TCP",
+          name: "metrics",
+        },
+      ],
+      selector: include(`${name}.selectorLabels`),
+    },
+  };
+
+  // ServiceMonitor CRD (monitoring.coreos.com/v1) — gated on Capabilities check
+  const serviceMonitor = If(`and .Values.monitoring.enabled (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")`, {
+    apiVersion: "monitoring.coreos.com/v1",
+    kind: "ServiceMonitor",
+    metadata: {
+      name: include(`${name}.fullname`),
+      labels: include(`${name}.labels`),
+    },
+    spec: {
+      selector: {
+        matchLabels: include(`${name}.selectorLabels`),
+      },
+      endpoints: [{
+        port: "metrics",
+        path: values.monitoring.metricsPath,
+        interval: values.monitoring.scrapeInterval,
+      }],
+    },
+  });
+
+  const result: HelmMonitoredServiceResult = {
+    chart,
+    values: valuesObj,
+    deployment,
+    service,
+    serviceMonitor: serviceMonitor as unknown as Record<string, unknown>,
+  };
+
+  if (serviceAccount) {
+    result.serviceAccount = {
+      apiVersion: "v1",
+      kind: "ServiceAccount",
+      metadata: {
+        name: include(`${name}.serviceAccountName`),
+        labels: include(`${name}.labels`),
+        annotations: toYaml(values.serviceAccount.annotations),
+      },
+    };
+  }
+
+  if (alertRules) {
+    result.prometheusRule = If(`and .Values.alerting.enabled (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")`, {
+      apiVersion: "monitoring.coreos.com/v1",
+      kind: "PrometheusRule",
+      metadata: {
+        name: include(`${name}.fullname`),
+        labels: include(`${name}.labels`),
+      },
+      spec: {
+        groups: [{
+          name: printf("%s.rules", name),
+          rules: toYaml(values.alerting.rules),
+        }],
+      },
+    }) as unknown as Record<string, unknown>;
+  }
+
+  return result;
+}

package/src/composites/helm-namespace-env.ts

@@ -0,0 +1,154 @@
+/**
+ * HelmNamespaceEnv composite — Namespace + ResourceQuota + LimitRange + NetworkPolicy.
+ *
+ * Environment namespace pattern with optional resource governance and
+ * network isolation.
+ */
+
+import { values, include, toYaml, If } from "../intrinsics";
+
+export interface HelmNamespaceEnvProps {
+  /** Chart and release name. */
+  name: string;
+  /** Include ResourceQuota. Default: true. */
+  resourceQuota?: boolean;
+  /** Include LimitRange. Default: true. */
+  limitRange?: boolean;
+  /** Include NetworkPolicy. Default: true. */
+  networkPolicy?: boolean;
+  /** Chart appVersion. */
+  appVersion?: string;
+}
+
+export interface HelmNamespaceEnvResult {
+  chart: Record<string, unknown>;
+  values: Record<string, unknown>;
+  namespace: Record<string, unknown>;
+  resourceQuota?: Record<string, unknown>;
+  limitRange?: Record<string, unknown>;
+  networkPolicy?: Record<string, unknown>;
+}
+
+export function HelmNamespaceEnv(props: HelmNamespaceEnvProps): HelmNamespaceEnvResult {
+  const {
+    name,
+    resourceQuota = true,
+    limitRange = true,
+    networkPolicy = true,
+    appVersion = "1.0.0",
+  } = props;
+
+  const chart = {
+    apiVersion: "v2",
+    name,
+    version: "0.1.0",
+    appVersion,
+    type: "application",
+    description: `A Helm chart for ${name} namespace environment`,
+  };
+
+  const valuesObj: Record<string, unknown> = {
+    namespace: {
+      labels: {},
+      annotations: {},
+    },
+  };
+
+  if (resourceQuota) {
+    valuesObj.resourceQuota = {
+      enabled: true,
+      hard: {
+        cpu: "10",
+        memory: "20Gi",
+        pods: "50",
+      },
+    };
+  }
+
+  if (limitRange) {
+    valuesObj.limitRange = {
+      enabled: true,
+      default: {
+        cpu: "500m",
+        memory: "256Mi",
+      },
+      defaultRequest: {
+        cpu: "100m",
+        memory: "128Mi",
+      },
+    };
+  }
+
+  if (networkPolicy) {
+    valuesObj.networkPolicy = {
+      enabled: true,
+      denyIngress: true,
+      denyEgress: false,
+    };
+  }
+
+  const ns = {
+    apiVersion: "v1",
+    kind: "Namespace",
+    metadata: {
+      name: include(`${name}.fullname`),
+      labels: toYaml(values.namespace.labels),
+      annotations: toYaml(values.namespace.annotations),
+    },
+  };
+
+  const result: HelmNamespaceEnvResult = {
+    chart,
+    values: valuesObj,
+    namespace: ns,
+  };
+
+  if (resourceQuota) {
+    result.resourceQuota = If(values.resourceQuota.enabled, {
+      apiVersion: "v1",
+      kind: "ResourceQuota",
+      metadata: {
+        name: include(`${name}.fullname`),
+        labels: include(`${name}.labels`),
+      },
+      spec: {
+        hard: toYaml(values.resourceQuota.hard),
+      },
+    }) as unknown as Record<string, unknown>;
+  }
+
+  if (limitRange) {
+    result.limitRange = If(values.limitRange.enabled, {
+      apiVersion: "v1",
+      kind: "LimitRange",
+      metadata: {
+        name: include(`${name}.fullname`),
+        labels: include(`${name}.labels`),
+      },
+      spec: {
+        limits: [{
+          type: "Container",
+          default: toYaml(values.limitRange.default),
+          defaultRequest: toYaml(values.limitRange.defaultRequest),
+        }],
+      },
+    }) as unknown as Record<string, unknown>;
+  }
+
+  if (networkPolicy) {
+    result.networkPolicy = If(values.networkPolicy.enabled, {
+      apiVersion: "networking.k8s.io/v1",
+      kind: "NetworkPolicy",
+      metadata: {
+        name: include(`${name}.fullname`),
+        labels: include(`${name}.labels`),
+      },
+      spec: {
+        podSelector: {},
+        policyTypes: ["Ingress", "Egress"],
+      },
+    }) as unknown as Record<string, unknown>;
+  }
+
+  return result;
+}

package/src/composites/helm-secure-ingress.ts

@@ -0,0 +1,114 @@
+/**
+ * HelmSecureIngress composite — Ingress + optional cert-manager Certificate.
+ *
+ * TLS-enabled ingress pattern with optional cert-manager integration
+ * for automatic certificate provisioning.
+ */
+
+import { values, include, toYaml, If, Range } from "../intrinsics";
+
+export interface HelmSecureIngressProps {
+  /** Chart and release name. */
+  name: string;
+  /** Default ingress class name. */
+  ingressClassName?: string;
+  /** cert-manager ClusterIssuer name. */
+  clusterIssuer?: string;
+  /** Chart appVersion. */
+  appVersion?: string;
+}
+
+export interface HelmSecureIngressResult {
+  chart: Record<string, unknown>;
+  values: Record<string, unknown>;
+  ingress: Record<string, unknown>;
+  certificate?: Record<string, unknown>;
+}
+
+export function HelmSecureIngress(props: HelmSecureIngressProps): HelmSecureIngressResult {
+  const {
+    name,
+    ingressClassName = "",
+    clusterIssuer = "letsencrypt-prod",
+    appVersion = "1.0.0",
+  } = props;
+
+  const chart = {
+    apiVersion: "v2",
+    name,
+    version: "0.1.0",
+    appVersion,
+    type: "application",
+    description: `A Helm chart for ${name} secure ingress`,
+  };
+
+  const valuesObj: Record<string, unknown> = {
+    ingress: {
+      enabled: true,
+      className: ingressClassName,
+      annotations: {},
+      hosts: [
+        {
+          host: `${name}.example.com`,
+          paths: [{ path: "/", pathType: "Prefix" }],
+        },
+      ],
+      tls: {
+        enabled: true,
+        secretName: `${name}-tls`,
+      },
+    },
+    certManager: {
+      enabled: true,
+      clusterIssuer,
+    },
+  };
+
+  const ingress = If(values.ingress.enabled, {
+    apiVersion: "networking.k8s.io/v1",
+    kind: "Ingress",
+    metadata: {
+      name: include(`${name}.fullname`),
+      labels: include(`${name}.labels`),
+      annotations: toYaml(values.ingress.annotations),
+    },
+    spec: {
+      ingressClassName: values.ingress.className,
+      tls: [{
+        secretName: values.ingress.tls.secretName,
+        hosts: Range(values.ingress.hosts, values.ingress.hosts),
+      }],
+      rules: Range(values.ingress.hosts, {
+        host: values.ingress.hosts,
+        http: {
+          paths: values.ingress.hosts,
+        },
+      }),
+    },
+  });
+
+  // cert-manager Certificate CRD (cert-manager.io/v1)
+  const certificate = If(values.certManager.enabled, {
+    apiVersion: "cert-manager.io/v1",
+    kind: "Certificate",
+    metadata: {
+      name: include(`${name}.fullname`),
+      labels: include(`${name}.labels`),
+    },
+    spec: {
+      secretName: values.ingress.tls.secretName,
+      issuerRef: {
+        name: values.certManager.clusterIssuer,
+        kind: "ClusterIssuer",
+      },
+      dnsNames: values.ingress.hosts,
+    },
+  });
+
+  return {
+    chart,
+    values: valuesObj,
+    ingress: ingress as unknown as Record<string, unknown>,
+    certificate: certificate as unknown as Record<string, unknown>,
+  };
+}