npm - @intentius/chant-lexicon-k8s - Versions diffs - 0.0.22 → 0.0.24 - Mend

@intentius/chant-lexicon-k8s 0.0.22 → 0.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/dist/integrity.json +9 -4
package/dist/manifest.json +1 -1
package/dist/skills/chant-k8s-aks.md +146 -0
package/{src/skills/kubernetes-patterns.md → dist/skills/chant-k8s-deployment-strategies.md} +1 -1
package/dist/skills/chant-k8s-eks.md +156 -0
package/dist/skills/chant-k8s-gke.md +246 -0
package/{src/skills/kubernetes-security.md → dist/skills/chant-k8s-security.md} +1 -1
package/dist/skills/chant-k8s.md +65 -2
package/package.json +1 -1
package/src/composites/adot-collector.ts +34 -22
package/src/composites/agic-ingress.ts +14 -6
package/src/composites/aks-external-dns-agent.ts +29 -18
package/src/composites/alb-ingress.ts +14 -6
package/src/composites/autoscaled-service.ts +25 -20
package/src/composites/azure-disk-storage-class.ts +14 -6
package/src/composites/azure-file-storage-class.ts +14 -6
package/src/composites/azure-monitor-collector.ts +34 -22
package/src/composites/batch-job.ts +25 -17
package/src/composites/cockroachdb-cluster.ts +148 -58
package/src/composites/composites.test.ts +369 -363
package/src/composites/config-connector-context.ts +15 -8
package/src/composites/configured-app.ts +21 -15
package/src/composites/cron-workload.ts +25 -20
package/src/composites/ebs-storage-class.ts +14 -6
package/src/composites/efs-storage-class.ts +14 -6
package/src/composites/external-dns-agent.ts +26 -20
package/src/composites/filestore-storage-class.ts +14 -6
package/src/composites/fluent-bit-agent.ts +30 -24
package/src/composites/gce-ingress.ts +14 -6
package/src/composites/gce-pd-storage-class.ts +14 -6
package/src/composites/gke-external-dns-agent.ts +34 -21
package/src/composites/gke-fluent-bit-agent.ts +34 -22
package/src/composites/gke-gateway.ts +19 -12
package/src/composites/gke-otel-collector.ts +34 -22
package/src/composites/irsa-service-account.ts +22 -14
package/src/composites/metrics-server.ts +41 -26
package/src/composites/monitored-service.ts +26 -19
package/src/composites/namespace-env.ts +26 -17
package/src/composites/network-isolated-app.ts +21 -16
package/src/composites/node-agent.ts +33 -22
package/src/composites/secure-ingress.ts +19 -11
package/src/composites/sidecar-app.ts +17 -12
package/src/composites/stateful-app.ts +21 -12
package/src/composites/web-app.ts +25 -21
package/src/composites/worker-pool.ts +40 -26
package/src/composites/workload-identity-sa.ts +22 -14
package/src/composites/workload-identity-service-account.ts +22 -16
package/src/plugin.ts +40 -614
package/src/serializer.ts +3 -0
package/src/skills/chant-k8s-deployment-strategies.md +183 -0
package/src/skills/chant-k8s-gke.md +55 -0
package/src/skills/chant-k8s-patterns.md +245 -0
package/src/skills/chant-k8s-security.md +237 -0
package/src/skills/chant-k8s.md +305 -0

package/src/composites/workload-identity-sa.ts CHANGED Viewed

@@ -5,6 +5,9 @@
  * annotation and `azure.workload.identity/use: "true"` label for AKS Workload Identity.
  */
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { ServiceAccount, Role, RoleBinding } from "../generated";
 export interface WorkloadIdentityServiceAccountProps {
   /** ServiceAccount name — used in metadata and labels. */
   name: string;
@@ -20,12 +23,18 @@ export interface WorkloadIdentityServiceAccountProps {
   labels?: Record<string, string>;
   /** Namespace for all resources. */
   namespace?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    serviceAccount?: Partial<Record<string, unknown>>;
+    role?: Partial<Record<string, unknown>>;
+    roleBinding?: Partial<Record<string, unknown>>;
+  };
 }
 export interface WorkloadIdentityServiceAccountResult {
-  serviceAccount: Record<string, unknown>;
-  role?: Record<string, unknown>;
-  roleBinding?: Record<string, unknown>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  role?: InstanceType<typeof Role>;
+  roleBinding?: InstanceType<typeof RoleBinding>;
 }
 /**
@@ -46,13 +55,14 @@ export interface WorkloadIdentityServiceAccountResult {
  * });
  * ```
  */
-export function WorkloadIdentityServiceAccount(props: WorkloadIdentityServiceAccountProps): WorkloadIdentityServiceAccountResult {
+export const WorkloadIdentityServiceAccount = Composite<WorkloadIdentityServiceAccountProps>((props) => {
   const {
     name,
     clientId,
     rbacRules,
     labels: extraLabels = {},
     namespace,
+    defaults: defs,
   } = props;
   const roleName = `${name}-role`;
@@ -64,7 +74,7 @@ export function WorkloadIdentityServiceAccount(props: WorkloadIdentityServiceAcc
     ...extraLabels,
   };
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -77,23 +87,21 @@ export function WorkloadIdentityServiceAccount(props: WorkloadIdentityServiceAcc
         "azure.workload.identity/client-id": clientId,
       },
     },
-  };
+  }, defs?.serviceAccount));
-  const result: WorkloadIdentityServiceAccountResult = {
-    serviceAccount: serviceAccountProps,
-  };
+  const result: Record<string, any> = { serviceAccount };
   if (rbacRules && rbacRules.length > 0) {
-    result.role = {
+    result.role = new Role(mergeDefaults({
       metadata: {
         name: roleName,
         ...(namespace && { namespace }),
         labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
       },
       rules: rbacRules,
-    };
+    }, defs?.role));
-    result.roleBinding = {
+    result.roleBinding = new RoleBinding(mergeDefaults({
       metadata: {
         name: bindingName,
         ...(namespace && { namespace }),
@@ -111,8 +119,8 @@ export function WorkloadIdentityServiceAccount(props: WorkloadIdentityServiceAcc
           ...(namespace && { namespace }),
         },
       ],
-    };
+    }, defs?.roleBinding));
   }
   return result;
-}
+}, "WorkloadIdentityServiceAccount");

package/src/composites/workload-identity-service-account.ts CHANGED Viewed

@@ -5,6 +5,9 @@
  * annotation for GKE Workload Identity Federation.
  */
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { ServiceAccount, Role, RoleBinding } from "../generated";
 export interface WorkloadIdentityServiceAccountProps {
   /** ServiceAccount name — used in metadata and labels. */
   name: string;
@@ -20,12 +23,18 @@ export interface WorkloadIdentityServiceAccountProps {
   labels?: Record<string, string>;
   /** Namespace for all resources. */
   namespace?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    serviceAccount?: Partial<Record<string, unknown>>;
+    role?: Partial<Record<string, unknown>>;
+    roleBinding?: Partial<Record<string, unknown>>;
+  };
 }
 export interface WorkloadIdentityServiceAccountResult {
-  serviceAccount: Record<string, unknown>;
-  role?: Record<string, unknown>;
-  roleBinding?: Record<string, unknown>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  role?: InstanceType<typeof Role>;
+  roleBinding?: InstanceType<typeof RoleBinding>;
 }
 /**
@@ -46,15 +55,14 @@ export interface WorkloadIdentityServiceAccountResult {
  * });
  * ```
  */
-export function WorkloadIdentityServiceAccount(
-  props: WorkloadIdentityServiceAccountProps,
-): WorkloadIdentityServiceAccountResult {
+export const WorkloadIdentityServiceAccount = Composite<WorkloadIdentityServiceAccountProps>((props) => {
   const {
     name,
     gcpServiceAccountEmail,
     rbacRules,
     labels: extraLabels = {},
     namespace,
+    defaults: defs,
   } = props;
   const roleName = `${name}-role`;
@@ -66,7 +74,7 @@ export function WorkloadIdentityServiceAccount(
     ...extraLabels,
   };
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -75,23 +83,21 @@ export function WorkloadIdentityServiceAccount(
         "iam.gke.io/gcp-service-account": gcpServiceAccountEmail,
       },
     },
-  };
+  }, defs?.serviceAccount));
-  const result: WorkloadIdentityServiceAccountResult = {
-    serviceAccount: serviceAccountProps,
-  };
+  const result: Record<string, any> = { serviceAccount };
   if (rbacRules && rbacRules.length > 0) {
-    result.role = {
+    result.role = new Role(mergeDefaults({
       metadata: {
         name: roleName,
         ...(namespace && { namespace }),
         labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
       },
       rules: rbacRules,
-    };
+    }, defs?.role));
-    result.roleBinding = {
+    result.roleBinding = new RoleBinding(mergeDefaults({
       metadata: {
         name: bindingName,
         ...(namespace && { namespace }),
@@ -109,8 +115,8 @@ export function WorkloadIdentityServiceAccount(
           ...(namespace && { namespace }),
         },
       ],
-    };
+    }, defs?.roleBinding));
   }
   return result;
-}
+}, "WorkloadIdentityServiceAccount");