@intentius/chant-lexicon-k8s 0.0.13 → 0.0.14

package/src/composites/sidecar-app.ts

@@ -0,0 +1,201 @@
+/**
+ * SidecarApp composite — multi-container Deployment + Service.
+ *
+ * Sidecar and init container patterns (envoy proxy, log forwarder,
+ * DB migration init). Supports shared volumes between containers.
+ */
+
+export interface SidecarContainer {
+  /** Sidecar container name. */
+  name: string;
+  /** Container image. */
+  image: string;
+  /** Container ports. */
+  ports?: Array<{ containerPort: number; name?: string }>;
+  /** Resource limits and requests. */
+  resources?: {
+    limits?: { cpu?: string; memory?: string };
+    requests?: { cpu?: string; memory?: string };
+  };
+  /** Environment variables. */
+  env?: Array<{ name: string; value: string }>;
+}
+
+export interface InitContainer {
+  /** Init container name. */
+  name: string;
+  /** Container image. */
+  image: string;
+  /** Command to run. */
+  command?: string[];
+  /** Arguments to the command. */
+  args?: string[];
+}
+
+export interface SharedVolume {
+  /** Volume name. */
+  name: string;
+  /** Use emptyDir (default). */
+  emptyDir?: Record<string, unknown>;
+  /** Use a ConfigMap by name. */
+  configMapName?: string;
+}
+
+export interface SidecarAppProps {
+  /** Application name — used in metadata and labels. */
+  name: string;
+  /** Primary container image. */
+  image: string;
+  /** Primary container port (default: 80). */
+  port?: number;
+  /** Number of replicas (default: 2). */
+  replicas?: number;
+  /** Sidecar containers. */
+  sidecars: SidecarContainer[];
+  /** Init containers (run before main containers). */
+  initContainers?: InitContainer[];
+  /** Shared volumes between containers. */
+  sharedVolumes?: SharedVolume[];
+  /** Additional labels to apply to all resources. */
+  labels?: Record<string, string>;
+  /** CPU limit for the primary container (default: "500m"). */
+  cpuLimit?: string;
+  /** Memory limit for the primary container (default: "256Mi"). */
+  memoryLimit?: string;
+  /** CPU request for the primary container (default: "100m"). */
+  cpuRequest?: string;
+  /** Memory request for the primary container (default: "128Mi"). */
+  memoryRequest?: string;
+  /** Namespace for all resources. */
+  namespace?: string;
+  /** Environment variables for the primary container. */
+  env?: Array<{ name: string; value: string }>;
+}
+
+export interface SidecarAppResult {
+  deployment: Record<string, unknown>;
+  service: Record<string, unknown>;
+}
+
+/**
+ * Create a SidecarApp composite — returns prop objects for
+ * a multi-container Deployment and Service.
+ *
+ * @example
+ * ```ts
+ * import { SidecarApp } from "@intentius/chant-lexicon-k8s";
+ *
+ * const { deployment, service } = SidecarApp({
+ *   name: "api",
+ *   image: "api:1.0",
+ *   port: 8080,
+ *   sidecars: [
+ *     { name: "envoy", image: "envoyproxy/envoy:v1.28", ports: [{ containerPort: 9901 }] },
+ *   ],
+ *   initContainers: [
+ *     { name: "migrate", image: "api:1.0", command: ["python", "manage.py", "migrate"] },
+ *   ],
+ *   sharedVolumes: [{ name: "tmp", emptyDir: {} }],
+ * });
+ * ```
+ */
+export function SidecarApp(props: SidecarAppProps): SidecarAppResult {
+  const {
+    name,
+    image,
+    port = 80,
+    replicas = 2,
+    sidecars,
+    initContainers,
+    sharedVolumes,
+    labels: extraLabels = {},
+    cpuLimit = "500m",
+    memoryLimit = "256Mi",
+    cpuRequest = "100m",
+    memoryRequest = "128Mi",
+    namespace,
+    env,
+  } = props;
+
+  const commonLabels: Record<string, string> = {
+    "app.kubernetes.io/name": name,
+    "app.kubernetes.io/managed-by": "chant",
+    ...extraLabels,
+  };
+
+  // Primary container
+  const primaryContainer: Record<string, unknown> = {
+    name,
+    image,
+    ports: [{ containerPort: port, name: "http" }],
+    resources: {
+      limits: { cpu: cpuLimit, memory: memoryLimit },
+      requests: { cpu: cpuRequest, memory: memoryRequest },
+    },
+    ...(env && { env }),
+  };
+
+  // Sidecar containers
+  const sidecarContainers = sidecars.map((sc) => ({
+    name: sc.name,
+    image: sc.image,
+    ...(sc.ports && { ports: sc.ports }),
+    ...(sc.resources && { resources: sc.resources }),
+    ...(sc.env && { env: sc.env }),
+  }));
+
+  // Build volumes from sharedVolumes
+  const volumes: Array<Record<string, unknown>> | undefined = sharedVolumes?.map((sv) => {
+    if (sv.configMapName) {
+      return { name: sv.name, configMap: { name: sv.configMapName } };
+    }
+    return { name: sv.name, emptyDir: sv.emptyDir ?? {} };
+  });
+
+  const podSpec: Record<string, unknown> = {
+    containers: [primaryContainer, ...sidecarContainers],
+    ...(initContainers && {
+      initContainers: initContainers.map((ic) => ({
+        name: ic.name,
+        image: ic.image,
+        ...(ic.command && { command: ic.command }),
+        ...(ic.args && { args: ic.args }),
+      })),
+    }),
+    ...(volumes && volumes.length > 0 && { volumes }),
+  };
+
+  const deploymentProps: Record<string, unknown> = {
+    metadata: {
+      name,
+      ...(namespace && { namespace }),
+      labels: { ...commonLabels, "app.kubernetes.io/component": "server" },
+    },
+    spec: {
+      replicas,
+      selector: { matchLabels: { "app.kubernetes.io/name": name } },
+      template: {
+        metadata: { labels: { "app.kubernetes.io/name": name, ...extraLabels } },
+        spec: podSpec,
+      },
+    },
+  };
+
+  const serviceProps: Record<string, unknown> = {
+    metadata: {
+      name,
+      ...(namespace && { namespace }),
+      labels: { ...commonLabels, "app.kubernetes.io/component": "server" },
+    },
+    spec: {
+      selector: { "app.kubernetes.io/name": name },
+      ports: [{ port: 80, targetPort: port, protocol: "TCP", name: "http" }],
+      type: "ClusterIP",
+    },
+  };
+
+  return {
+    deployment: deploymentProps,
+    service: serviceProps,
+  };
+}

package/src/composites/stateful-app.ts

@@ -20,6 +20,26 @@ export interface StatefulAppProps {
   storageClassName?: string;
   /** Volume mount path inside the container (default: "/data"). */
   mountPath?: string;
+  /** PodDisruptionBudget minAvailable — if set, creates a PDB. */
+  minAvailable?: number | string;
+  /** Init containers (e.g., schema migrations, permission setup). */
+  initContainers?: Array<{
+    name: string;
+    image: string;
+    command?: string[];
+    args?: string[];
+  }>;
+  /** Pod security context. */
+  securityContext?: {
+    runAsNonRoot?: boolean;
+    readOnlyRootFilesystem?: boolean;
+    runAsUser?: number;
+    runAsGroup?: number;
+  };
+  /** Termination grace period in seconds. */
+  terminationGracePeriodSeconds?: number;
+  /** Priority class name for pod scheduling. */
+  priorityClassName?: string;
   /** Additional labels to apply to all resources. */
   labels?: Record<string, string>;
   /** CPU limit (e.g., "1"). */
@@ -35,6 +55,7 @@ export interface StatefulAppProps {
 export interface StatefulAppResult {
   statefulSet: Record<string, unknown>;
   service: Record<string, unknown>;
+  pdb?: Record<string, unknown>;
 }
 
 /**
@@ -63,6 +84,11 @@ export function StatefulApp(props: StatefulAppProps): StatefulAppResult {
     storageSize = "10Gi",
     storageClassName,
     mountPath = "/data",
+    minAvailable,
+    initContainers,
+    securityContext,
+    terminationGracePeriodSeconds,
+    priorityClassName,
     labels: extraLabels = {},
     cpuLimit = "1",
     memoryLimit = "1Gi",
@@ -76,6 +102,32 @@ export function StatefulApp(props: StatefulAppProps): StatefulAppResult {
     ...extraLabels,
   };
 
+  const container: Record<string, unknown> = {
+    name,
+    image,
+    ports: [{ containerPort: port, name: "app" }],
+    resources: {
+      limits: { cpu: cpuLimit, memory: memoryLimit },
+    },
+    volumeMounts: [{ name: "data", mountPath }],
+    ...(env && { env }),
+    ...(securityContext && { securityContext }),
+  };
+
+  const podSpec: Record<string, unknown> = {
+    containers: [container],
+    ...(initContainers && {
+      initContainers: initContainers.map((ic) => ({
+        name: ic.name,
+        image: ic.image,
+        ...(ic.command && { command: ic.command }),
+        ...(ic.args && { args: ic.args }),
+      })),
+    }),
+    ...(terminationGracePeriodSeconds !== undefined && { terminationGracePeriodSeconds }),
+    ...(priorityClassName && { priorityClassName }),
+  };
+
   const statefulSetProps: Record<string, unknown> = {
     metadata: {
       name,
@@ -88,20 +140,7 @@ export function StatefulApp(props: StatefulAppProps): StatefulAppResult {
       selector: { matchLabels: { "app.kubernetes.io/name": name } },
       template: {
         metadata: { labels: { "app.kubernetes.io/name": name, ...extraLabels } },
-        spec: {
-          containers: [
-            {
-              name,
-              image,
-              ports: [{ containerPort: port, name: "app" }],
-              resources: {
-                limits: { cpu: cpuLimit, memory: memoryLimit },
-              },
-              volumeMounts: [{ name: "data", mountPath }],
-              ...(env && { env }),
-            },
-          ],
-        },
+        spec: podSpec,
       },
       volumeClaimTemplates: [
         {
@@ -130,5 +169,21 @@ export function StatefulApp(props: StatefulAppProps): StatefulAppResult {
     },
   };
 
-  return { statefulSet: statefulSetProps, service: serviceProps };
+  const result: StatefulAppResult = { statefulSet: statefulSetProps, service: serviceProps };
+
+  if (minAvailable !== undefined) {
+    result.pdb = {
+      metadata: {
+        name,
+        ...(namespace && { namespace }),
+        labels: { ...commonLabels, "app.kubernetes.io/component": "disruption-budget" },
+      },
+      spec: {
+        minAvailable,
+        selector: { matchLabels: { "app.kubernetes.io/name": name } },
+      },
+    };
+  }
+
+  return result;
 }

package/src/composites/web-app.ts

@@ -18,6 +18,33 @@ export interface WebAppProps {
   ingressHost?: string;
   /** Ingress TLS secret name — if set, enables TLS on the Ingress. */
   ingressTlsSecret?: string;
+  /** Multi-path ingress rules — overrides the default single "/" path. */
+  ingressPaths?: Array<{
+    path: string;
+    pathType?: string;
+    serviceName?: string;
+    servicePort?: number;
+  }>;
+  /** PodDisruptionBudget minAvailable — if set, creates a PDB. */
+  minAvailable?: number | string;
+  /** Init containers (e.g., migrations, cert setup). */
+  initContainers?: Array<{
+    name: string;
+    image: string;
+    command?: string[];
+    args?: string[];
+  }>;
+  /** Pod security context — safe defaults when enabled. */
+  securityContext?: {
+    runAsNonRoot?: boolean;
+    readOnlyRootFilesystem?: boolean;
+    runAsUser?: number;
+    runAsGroup?: number;
+  };
+  /** Termination grace period in seconds. */
+  terminationGracePeriodSeconds?: number;
+  /** Priority class name for pod scheduling. */
+  priorityClassName?: string;
   /** Additional labels to apply to all resources. */
   labels?: Record<string, string>;
   /** CPU limit (e.g., "500m"). */
@@ -38,6 +65,7 @@ export interface WebAppResult {
   deployment: Record<string, unknown>;
   service: Record<string, unknown>;
   ingress?: Record<string, unknown>;
+  pdb?: Record<string, unknown>;
 }
 
 /**
@@ -72,6 +100,11 @@ export function WebApp(props: WebAppProps): WebAppResult {
     memoryRequest = "128Mi",
     namespace,
     env,
+    initContainers,
+    securityContext,
+    terminationGracePeriodSeconds,
+    priorityClassName,
+    minAvailable,
   } = props;
 
   const commonLabels: Record<string, string> = {
@@ -80,6 +113,42 @@ export function WebApp(props: WebAppProps): WebAppResult {
     ...extraLabels,
   };
 
+  const container: Record<string, unknown> = {
+    name,
+    image,
+    ports: [{ containerPort: port, name: "http" }],
+    resources: {
+      limits: { cpu: cpuLimit, memory: memoryLimit },
+      requests: { cpu: cpuRequest, memory: memoryRequest },
+    },
+    livenessProbe: {
+      httpGet: { path: "/", port },
+      initialDelaySeconds: 10,
+      periodSeconds: 10,
+    },
+    readinessProbe: {
+      httpGet: { path: "/", port },
+      initialDelaySeconds: 5,
+      periodSeconds: 5,
+    },
+    ...(env && { env }),
+    ...(securityContext && { securityContext }),
+  };
+
+  const podSpec: Record<string, unknown> = {
+    containers: [container],
+    ...(initContainers && {
+      initContainers: initContainers.map((ic) => ({
+        name: ic.name,
+        image: ic.image,
+        ...(ic.command && { command: ic.command }),
+        ...(ic.args && { args: ic.args }),
+      })),
+    }),
+    ...(terminationGracePeriodSeconds !== undefined && { terminationGracePeriodSeconds }),
+    ...(priorityClassName && { priorityClassName }),
+  };
+
   // We return plain objects that users pass to constructors.
   // The actual resource instantiation happens in user code with the generated classes.
   const deploymentProps: Record<string, unknown> = {
@@ -93,30 +162,7 @@ export function WebApp(props: WebAppProps): WebAppResult {
       selector: { matchLabels: { "app.kubernetes.io/name": name } },
       template: {
         metadata: { labels: { "app.kubernetes.io/name": name, ...extraLabels } },
-        spec: {
-          containers: [
-            {
-              name,
-              image,
-              ports: [{ containerPort: port, name: "http" }],
-              resources: {
-                limits: { cpu: cpuLimit, memory: memoryLimit },
-                requests: { cpu: cpuRequest, memory: memoryRequest },
-              },
-              livenessProbe: {
-                httpGet: { path: "/", port },
-                initialDelaySeconds: 10,
-                periodSeconds: 10,
-              },
-              readinessProbe: {
-                httpGet: { path: "/", port },
-                initialDelaySeconds: 5,
-                periodSeconds: 5,
-              },
-              ...(env && { env }),
-            },
-          ],
-        },
+        spec: podSpec,
       },
     },
   };
@@ -140,6 +186,28 @@ export function WebApp(props: WebAppProps): WebAppResult {
   };
 
   if (props.ingressHost) {
+    // Build paths — use ingressPaths if provided, otherwise default single "/"
+    const paths = props.ingressPaths
+      ? props.ingressPaths.map((p) => ({
+          path: p.path,
+          pathType: p.pathType ?? "Prefix",
+          backend: {
+            service: {
+              name: p.serviceName ?? name,
+              port: { number: p.servicePort ?? 80 },
+            },
+          },
+        }))
+      : [
+          {
+            path: "/",
+            pathType: "Prefix",
+            backend: {
+              service: { name, port: { number: 80 } },
+            },
+          },
+        ];
+
     const ingressProps: Record<string, unknown> = {
       metadata: {
         name,
@@ -150,17 +218,7 @@ export function WebApp(props: WebAppProps): WebAppResult {
         rules: [
           {
             host: props.ingressHost,
-            http: {
-              paths: [
-                {
-                  path: "/",
-                  pathType: "Prefix",
-                  backend: {
-                    service: { name, port: { number: 80 } },
-                  },
-                },
-              ],
-            },
+            http: { paths },
           },
         ],
         ...(props.ingressTlsSecret && {
@@ -176,5 +234,19 @@ export function WebApp(props: WebAppProps): WebAppResult {
     result.ingress = ingressProps;
   }
 
+  if (minAvailable !== undefined) {
+    result.pdb = {
+      metadata: {
+        name,
+        ...(namespace && { namespace }),
+        labels: { ...commonLabels, "app.kubernetes.io/component": "disruption-budget" },
+      },
+      spec: {
+        minAvailable,
+        selector: { matchLabels: { "app.kubernetes.io/name": name } },
+      },
+    };
+  }
+
   return result;
 }

package/src/composites/worker-pool.ts

@@ -30,6 +30,19 @@ export interface WorkerPoolProps {
     maxReplicas: number;
     targetCPUPercent?: number;
   };
+  /** PodDisruptionBudget minAvailable — if set, creates a PDB. */
+  minAvailable?: number | string;
+  /** Pod security context. */
+  securityContext?: {
+    runAsNonRoot?: boolean;
+    readOnlyRootFilesystem?: boolean;
+    runAsUser?: number;
+    runAsGroup?: number;
+  };
+  /** Termination grace period in seconds. */
+  terminationGracePeriodSeconds?: number;
+  /** Priority class name for pod scheduling. */
+  priorityClassName?: string;
   /** CPU request (default: "100m"). */
   cpuRequest?: string;
   /** Memory request (default: "128Mi"). */
@@ -53,6 +66,7 @@ export interface WorkerPoolResult {
   roleBinding?: Record<string, unknown>;
   configMap?: Record<string, unknown>;
   hpa?: Record<string, unknown>;
+  pdb?: Record<string, unknown>;
 }
 
 /**
@@ -81,6 +95,10 @@ export function WorkerPool(props: WorkerPoolProps): WorkerPoolResult {
     config,
     rbacRules,
     autoscaling,
+    minAvailable,
+    securityContext,
+    terminationGracePeriodSeconds,
+    priorityClassName,
     cpuRequest = "100m",
     memoryRequest = "128Mi",
     cpuLimit = "500m",
@@ -122,6 +140,14 @@ export function WorkerPool(props: WorkerPoolProps): WorkerPoolResult {
     ...(config && {
       envFrom: [{ configMapRef: { name: configMapName } }],
     }),
+    ...(securityContext && { securityContext }),
+  };
+
+  const podSpec: Record<string, unknown> = {
+    ...(createRbac && { serviceAccountName: saName }),
+    containers: [container],
+    ...(terminationGracePeriodSeconds !== undefined && { terminationGracePeriodSeconds }),
+    ...(priorityClassName && { priorityClassName }),
   };
 
   const deploymentProps: Record<string, unknown> = {
@@ -135,10 +161,7 @@ export function WorkerPool(props: WorkerPoolProps): WorkerPoolResult {
       selector: { matchLabels: { "app.kubernetes.io/name": name } },
       template: {
         metadata: { labels: { "app.kubernetes.io/name": name, ...extraLabels } },
-        spec: {
-          ...(createRbac && { serviceAccountName: saName }),
-          containers: [container],
-        },
+        spec: podSpec,
       },
     },
   };
@@ -197,6 +220,20 @@ export function WorkerPool(props: WorkerPoolProps): WorkerPoolResult {
     };
   }
 
+  if (minAvailable !== undefined) {
+    result.pdb = {
+      metadata: {
+        name,
+        ...(namespace && { namespace }),
+        labels: { ...commonLabels, "app.kubernetes.io/component": "disruption-budget" },
+      },
+      spec: {
+        minAvailable,
+        selector: { matchLabels: { "app.kubernetes.io/name": name } },
+      },
+    };
+  }
+
   if (autoscaling) {
     const targetCPUPercent = autoscaling.targetCPUPercent ?? 70;
     result.hpa = {

package/src/index.ts

@@ -16,8 +16,25 @@ export { K8sLabels, K8sAnnotations } from "./variables";
 export * from "./generated/index";
 
 // Composites
-export { WebApp, StatefulApp, CronWorkload, AutoscaledService, WorkerPool, NamespaceEnv, NodeAgent } from "./composites/index";
-export type { WebAppProps, WebAppResult, StatefulAppProps, StatefulAppResult, CronWorkloadProps, CronWorkloadResult, AutoscaledServiceProps, AutoscaledServiceResult, WorkerPoolProps, WorkerPoolResult, NamespaceEnvProps, NamespaceEnvResult, NodeAgentProps, NodeAgentResult } from "./composites/index";
+export {
+  WebApp, StatefulApp, CronWorkload, AutoscaledService, WorkerPool, NamespaceEnv, NodeAgent,
+  BatchJob, SecureIngress, ConfiguredApp, SidecarApp, MonitoredService, NetworkIsolatedApp,
+  IrsaServiceAccount, AlbIngress, EbsStorageClass, EfsStorageClass, FluentBitAgent, ExternalDnsAgent, AdotCollector,
+  MetricsServer,
+} from "./composites/index";
+export type {
+  WebAppProps, WebAppResult, StatefulAppProps, StatefulAppResult, CronWorkloadProps, CronWorkloadResult,
+  AutoscaledServiceProps, AutoscaledServiceResult, WorkerPoolProps, WorkerPoolResult,
+  NamespaceEnvProps, NamespaceEnvResult, NodeAgentProps, NodeAgentResult,
+  BatchJobProps, BatchJobResult, SecureIngressProps, SecureIngressResult,
+  ConfiguredAppProps, ConfiguredAppResult, SidecarAppProps, SidecarAppResult,
+  MonitoredServiceProps, MonitoredServiceResult, NetworkIsolatedAppProps, NetworkIsolatedAppResult,
+  IrsaServiceAccountProps, IrsaServiceAccountResult, AlbIngressProps, AlbIngressResult,
+  EbsStorageClassProps, EbsStorageClassResult, EfsStorageClassProps, EfsStorageClassResult,
+  FluentBitAgentProps, FluentBitAgentResult, ExternalDnsAgentProps, ExternalDnsAgentResult,
+  AdotCollectorProps, AdotCollectorResult,
+  MetricsServerProps, MetricsServerResult,
+} from "./composites/index";
 
 // RBAC verb constants
 export * from "./actions/index";