@intentius/chant-lexicon-k8s 0.0.22 → 0.0.24

package/src/composites/config-connector-context.ts

@@ -5,6 +5,9 @@
  * Config Connector to manage GCP resources in a specific namespace.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Deployment } from "../generated";
+
 export interface ConfigConnectorContextProps {
   /** Context name (default: "configconnectorcontext.core.cnrm.cloud.google.com"). */
   name?: string;
@@ -14,10 +17,14 @@ export interface ConfigConnectorContextProps {
   namespace?: string;
   /** Whether to sync status into spec (default: "absent"). */
   stateIntoSpec?: "absent" | "merge";
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    context?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface ConfigConnectorContextResult {
-  context: Record<string, unknown>;
+  context: InstanceType<typeof Deployment>; // CRD — use Deployment as proxy Declarable
 }
 
 /**
@@ -35,17 +42,17 @@ export interface ConfigConnectorContextResult {
  * });
  * ```
  */
-export function ConfigConnectorContext(
-  props: ConfigConnectorContextProps,
-): ConfigConnectorContextResult {
+export const ConfigConnectorContext = Composite<ConfigConnectorContextProps>((props) => {
   const {
     name = "configconnectorcontext.core.cnrm.cloud.google.com",
     googleServiceAccountEmail,
     namespace = "default",
     stateIntoSpec = "absent",
+    defaults: defs,
   } = props;
 
-  const contextProps: Record<string, unknown> = {
+  // ConfigConnectorContext is a CRD — use Deployment constructor as a generic Declarable wrapper
+  const context = new Deployment(mergeDefaults({
     apiVersion: "core.cnrm.cloud.google.com/v1beta1",
     kind: "ConfigConnectorContext",
     metadata: {
@@ -56,7 +63,7 @@ export function ConfigConnectorContext(
       googleServiceAccount: googleServiceAccountEmail,
       stateIntoSpec,
     },
-  };
+  }, defs?.context));
 
-  return { context: contextProps };
-}
+  return { context };
+}, "ConfigConnectorContext");

package/src/composites/configured-app.ts

@@ -6,6 +6,8 @@
  * Volume.fromSecret(), and container.mount() patterns.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Deployment, Service, ConfigMap } from "../generated";
 import type { ContainerSecurityContext } from "./security-context";
 
 export interface ConfiguredAppProps {
@@ -53,12 +55,18 @@ export interface ConfiguredAppProps {
   env?: Array<{ name: string; value: string }>;
   /** Container security context (supports PSS restricted fields). */
   securityContext?: ContainerSecurityContext;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    deployment?: Partial<Record<string, unknown>>;
+    service?: Partial<Record<string, unknown>>;
+    configMap?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface ConfiguredAppResult {
-  deployment: Record<string, unknown>;
-  service: Record<string, unknown>;
-  configMap?: Record<string, unknown>;
+  deployment: InstanceType<typeof Deployment>;
+  service: InstanceType<typeof Service>;
+  configMap?: InstanceType<typeof ConfigMap>;
 }
 
 /**
@@ -81,7 +89,7 @@ export interface ConfiguredAppResult {
  * });
  * ```
  */
-export function ConfiguredApp(props: ConfiguredAppProps): ConfiguredAppResult {
+export const ConfiguredApp = Composite<ConfiguredAppProps>((props) => {
   const {
     name,
     image,
@@ -101,6 +109,7 @@ export function ConfiguredApp(props: ConfiguredAppProps): ConfiguredAppResult {
     namespace,
     env,
     securityContext,
+    defaults: defs,
   } = props;
 
   const configMapName = `${name}-config`;
@@ -175,7 +184,7 @@ export function ConfiguredApp(props: ConfiguredAppProps): ConfiguredAppResult {
     }),
   };
 
-  const deploymentProps: Record<string, unknown> = {
+  const deployment = new Deployment(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -189,9 +198,9 @@ export function ConfiguredApp(props: ConfiguredAppProps): ConfiguredAppResult {
         spec: podSpec,
       },
     },
-  };
+  }, defs?.deployment));
 
-  const serviceProps: Record<string, unknown> = {
+  const service = new Service(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -202,23 +211,20 @@ export function ConfiguredApp(props: ConfiguredAppProps): ConfiguredAppResult {
       ports: [{ port: 80, targetPort: port, protocol: "TCP", name: "http" }],
       type: "ClusterIP",
     },
-  };
+  }, defs?.service));
 
-  const result: ConfiguredAppResult = {
-    deployment: deploymentProps,
-    service: serviceProps,
-  };
+  const result: Record<string, any> = { deployment, service };
 
   if (configData) {
-    result.configMap = {
+    result.configMap = new ConfigMap(mergeDefaults({
       metadata: {
         name: configMapName,
         ...(namespace && { namespace }),
         labels: { ...commonLabels, "app.kubernetes.io/component": "config" },
       },
       data: configData,
-    };
+    }, defs?.configMap));
   }
 
   return result;
-}
+}, "ConfiguredApp");

package/src/composites/cron-workload.ts

@@ -5,6 +5,8 @@
  * proper RBAC permissions.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { CronJob, ServiceAccount, Role, RoleBinding } from "../generated";
 import type { ContainerSecurityContext } from "./security-context";
 
 export interface CronWorkloadProps {
@@ -37,13 +39,20 @@ export interface CronWorkloadProps {
   env?: Array<{ name: string; value: string }>;
   /** Container security context (supports PSS restricted fields). */
   securityContext?: ContainerSecurityContext;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    cronJob?: Partial<Record<string, unknown>>;
+    serviceAccount?: Partial<Record<string, unknown>>;
+    role?: Partial<Record<string, unknown>>;
+    roleBinding?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface CronWorkloadResult {
-  cronJob: Record<string, unknown>;
-  serviceAccount: Record<string, unknown>;
-  role: Record<string, unknown>;
-  roleBinding: Record<string, unknown>;
+  cronJob: InstanceType<typeof CronJob>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  role: InstanceType<typeof Role>;
+  roleBinding: InstanceType<typeof RoleBinding>;
 }
 
 /**
@@ -65,7 +74,7 @@ export interface CronWorkloadResult {
  * });
  * ```
  */
-export function CronWorkload(props: CronWorkloadProps): CronWorkloadResult {
+export const CronWorkload = Composite<CronWorkloadProps>((props) => {
   const {
     name,
     image,
@@ -80,6 +89,7 @@ export function CronWorkload(props: CronWorkloadProps): CronWorkloadResult {
     namespace,
     env,
     securityContext,
+    defaults: defs,
   } = props;
 
   const saName = `${name}-sa`;
@@ -92,7 +102,7 @@ export function CronWorkload(props: CronWorkloadProps): CronWorkloadResult {
     ...extraLabels,
   };
 
-  const cronJobProps: Record<string, unknown> = {
+  const cronJob = new CronJob(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -123,17 +133,17 @@ export function CronWorkload(props: CronWorkloadProps): CronWorkloadResult {
         },
       },
     },
-  };
+  }, defs?.cronJob));
 
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name: saName,
       ...(namespace && { namespace }),
       labels: { ...commonLabels, "app.kubernetes.io/component": "worker" },
     },
-  };
+  }, defs?.serviceAccount));
 
-  const roleProps: Record<string, unknown> = {
+  const role = new Role(mergeDefaults({
     metadata: {
       name: roleName,
       ...(namespace && { namespace }),
@@ -142,9 +152,9 @@ export function CronWorkload(props: CronWorkloadProps): CronWorkloadResult {
     rules: rbacRules.length > 0 ? rbacRules : [
       { apiGroups: [""], resources: ["pods"], verbs: ["get", "list"] },
     ],
-  };
+  }, defs?.role));
 
-  const roleBindingProps: Record<string, unknown> = {
+  const roleBinding = new RoleBinding(mergeDefaults({
     metadata: {
       name: bindingName,
       ...(namespace && { namespace }),
@@ -162,12 +172,7 @@ export function CronWorkload(props: CronWorkloadProps): CronWorkloadResult {
         ...(namespace && { namespace }),
       },
     ],
-  };
+  }, defs?.roleBinding));
 
-  return {
-    cronJob: cronJobProps,
-    serviceAccount: serviceAccountProps,
-    role: roleProps,
-    roleBinding: roleBindingProps,
-  };
-}
+  return { cronJob, serviceAccount, role, roleBinding };
+}, "CronWorkload");

package/src/composites/ebs-storage-class.ts

@@ -4,6 +4,9 @@
  * @eks Creates a StorageClass with the `ebs.csi.aws.com` provisioner.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { StorageClass } from "../generated";
+
 export interface EbsStorageClassProps {
   /** StorageClass name. */
   name: string;
@@ -27,10 +30,14 @@ export interface EbsStorageClassProps {
   allowVolumeExpansion?: boolean;
   /** Additional labels. */
   labels?: Record<string, string>;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    storageClass?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface EbsStorageClassResult {
-  storageClass: Record<string, unknown>;
+  storageClass: InstanceType<typeof StorageClass>;
 }
 
 /**
@@ -49,7 +56,7 @@ export interface EbsStorageClassResult {
  * });
  * ```
  */
-export function EbsStorageClass(props: EbsStorageClassProps): EbsStorageClassResult {
+export const EbsStorageClass = Composite<EbsStorageClassProps>((props) => {
   const {
     name,
     type = "gp3",
@@ -62,6 +69,7 @@ export function EbsStorageClass(props: EbsStorageClassProps): EbsStorageClassRes
     volumeBindingMode = "WaitForFirstConsumer",
     allowVolumeExpansion = true,
     labels: extraLabels = {},
+    defaults: defs,
   } = props;
 
   const commonLabels: Record<string, string> = {
@@ -80,7 +88,7 @@ export function EbsStorageClass(props: EbsStorageClassProps): EbsStorageClassRes
   if (throughput !== undefined) parameters.throughput = String(throughput);
   if (kmsKeyId) parameters.kmsKeyId = kmsKeyId;
 
-  const storageClassProps: Record<string, unknown> = {
+  const storageClass = new StorageClass(mergeDefaults({
     metadata: {
       name,
       labels: { ...commonLabels, "app.kubernetes.io/component": "storage" },
@@ -90,7 +98,7 @@ export function EbsStorageClass(props: EbsStorageClassProps): EbsStorageClassRes
     reclaimPolicy,
     volumeBindingMode,
     allowVolumeExpansion,
-  };
+  }, defs?.storageClass));
 
-  return { storageClass: storageClassProps };
-}
+  return { storageClass };
+}, "EbsStorageClass");

package/src/composites/efs-storage-class.ts

@@ -5,6 +5,9 @@
  * EFS provides ReadWriteMany access mode (shared across pods/nodes).
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { StorageClass } from "../generated";
+
 export interface EfsStorageClassProps {
   /** StorageClass name. */
   name: string;
@@ -20,10 +23,14 @@ export interface EfsStorageClassProps {
   provisioningMode?: string;
   /** Additional labels. */
   labels?: Record<string, string>;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    storageClass?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface EfsStorageClassResult {
-  storageClass: Record<string, unknown>;
+  storageClass: InstanceType<typeof StorageClass>;
 }
 
 /**
@@ -41,7 +48,7 @@ export interface EfsStorageClassResult {
  * });
  * ```
  */
-export function EfsStorageClass(props: EfsStorageClassProps): EfsStorageClassResult {
+export const EfsStorageClass = Composite<EfsStorageClassProps>((props) => {
   const {
     name,
     fileSystemId,
@@ -50,6 +57,7 @@ export function EfsStorageClass(props: EfsStorageClassProps): EfsStorageClassRes
     reclaimPolicy = "Delete",
     provisioningMode = "efs-ap",
     labels: extraLabels = {},
+    defaults: defs,
   } = props;
 
   const commonLabels: Record<string, string> = {
@@ -58,7 +66,7 @@ export function EfsStorageClass(props: EfsStorageClassProps): EfsStorageClassRes
     ...extraLabels,
   };
 
-  const storageClassProps: Record<string, unknown> = {
+  const storageClass = new StorageClass(mergeDefaults({
     metadata: {
       name,
       labels: { ...commonLabels, "app.kubernetes.io/component": "storage" },
@@ -71,7 +79,7 @@ export function EfsStorageClass(props: EfsStorageClassProps): EfsStorageClassRes
       basePath,
     },
     reclaimPolicy,
-  };
+  }, defs?.storageClass));
 
-  return { storageClass: storageClassProps };
-}
+  return { storageClass };
+}, "EfsStorageClass");

package/src/composites/external-dns-agent.ts

@@ -5,6 +5,9 @@
  * where Ingress/Service hostnames should automatically create DNS records.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Deployment, ServiceAccount, ClusterRole, ClusterRoleBinding } from "../generated";
+
 export interface ExternalDnsAgentProps {
   /** IAM Role ARN for IRSA (needs Route53 permissions). */
   iamRoleArn: string;
@@ -24,13 +27,20 @@ export interface ExternalDnsAgentProps {
   namespace?: string;
   /** Additional labels. */
   labels?: Record<string, string>;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    deployment?: Partial<Record<string, unknown>>;
+    serviceAccount?: Partial<Record<string, unknown>>;
+    clusterRole?: Partial<Record<string, unknown>>;
+    clusterRoleBinding?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface ExternalDnsAgentResult {
-  deployment: Record<string, unknown>;
-  serviceAccount: Record<string, unknown>;
-  clusterRole: Record<string, unknown>;
-  clusterRoleBinding: Record<string, unknown>;
+  deployment: InstanceType<typeof Deployment>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  clusterRole: InstanceType<typeof ClusterRole>;
+  clusterRoleBinding: InstanceType<typeof ClusterRoleBinding>;
 }
 
 /**
@@ -49,7 +59,7 @@ export interface ExternalDnsAgentResult {
  * });
  * ```
  */
-export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgentResult {
+export const ExternalDnsAgent = Composite<ExternalDnsAgentProps>((props) => {
   const {
     iamRoleArn,
     domainFilters,
@@ -60,6 +70,7 @@ export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgent
     image = "registry.k8s.io/external-dns/external-dns:v0.14.0",
     namespace = "kube-system",
     labels: extraLabels = {},
+    defaults: defs,
   } = props;
 
   const saName = `${name}-sa`;
@@ -88,7 +99,7 @@ export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgent
     args.push(`--txt-owner-id=${txtOwnerId}`);
   }
 
-  const deploymentProps: Record<string, unknown> = {
+  const deployment = new Deployment(mergeDefaults({
     metadata: {
       name,
       namespace,
@@ -121,9 +132,9 @@ export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgent
         },
       },
     },
-  };
+  }, defs?.deployment));
 
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name: saName,
       namespace,
@@ -132,9 +143,9 @@ export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgent
         "eks.amazonaws.com/role-arn": iamRoleArn,
       },
     },
-  };
+  }, defs?.serviceAccount));
 
-  const clusterRoleProps: Record<string, unknown> = {
+  const clusterRole = new ClusterRole(mergeDefaults({
     metadata: {
       name: clusterRoleName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -144,9 +155,9 @@ export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgent
       { apiGroups: ["extensions", "networking.k8s.io"], resources: ["ingresses"], verbs: ["get", "watch", "list"] },
       { apiGroups: [""], resources: ["nodes"], verbs: ["list", "watch"] },
     ],
-  };
+  }, defs?.clusterRole));
 
-  const clusterRoleBindingProps: Record<string, unknown> = {
+  const clusterRoleBinding = new ClusterRoleBinding(mergeDefaults({
     metadata: {
       name: bindingName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -163,12 +174,7 @@ export function ExternalDnsAgent(props: ExternalDnsAgentProps): ExternalDnsAgent
         namespace,
       },
     ],
-  };
+  }, defs?.clusterRoleBinding));
 
-  return {
-    deployment: deploymentProps,
-    serviceAccount: serviceAccountProps,
-    clusterRole: clusterRoleProps,
-    clusterRoleBinding: clusterRoleBindingProps,
-  };
-}
+  return { deployment, serviceAccount, clusterRole, clusterRoleBinding };
+}, "ExternalDnsAgent");

package/src/composites/filestore-storage-class.ts

@@ -5,6 +5,9 @@
  * Filestore provides ReadWriteMany access mode (shared across pods/nodes).
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { StorageClass } from "../generated";
+
 export interface FilestoreStorageClassProps {
   /** StorageClass name. */
   name: string;
@@ -18,10 +21,14 @@ export interface FilestoreStorageClassProps {
   volumeBindingMode?: string;
   /** Additional labels. */
   labels?: Record<string, string>;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    storageClass?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface FilestoreStorageClassResult {
-  storageClass: Record<string, unknown>;
+  storageClass: InstanceType<typeof StorageClass>;
 }
 
 /**
@@ -40,7 +47,7 @@ export interface FilestoreStorageClassResult {
  * });
  * ```
  */
-export function FilestoreStorageClass(props: FilestoreStorageClassProps): FilestoreStorageClassResult {
+export const FilestoreStorageClass = Composite<FilestoreStorageClassProps>((props) => {
   const {
     name,
     tier = "standard",
@@ -48,6 +55,7 @@ export function FilestoreStorageClass(props: FilestoreStorageClassProps): Filest
     reclaimPolicy = "Delete",
     volumeBindingMode = "WaitForFirstConsumer",
     labels: extraLabels = {},
+    defaults: defs,
   } = props;
 
   const commonLabels: Record<string, string> = {
@@ -64,7 +72,7 @@ export function FilestoreStorageClass(props: FilestoreStorageClassProps): Filest
     parameters.network = network;
   }
 
-  const storageClassProps: Record<string, unknown> = {
+  const storageClass = new StorageClass(mergeDefaults({
     metadata: {
       name,
       labels: { ...commonLabels, "app.kubernetes.io/component": "storage" },
@@ -73,7 +81,7 @@ export function FilestoreStorageClass(props: FilestoreStorageClassProps): Filest
     parameters,
     reclaimPolicy,
     volumeBindingMode,
-  };
+  }, defs?.storageClass));
 
-  return { storageClass: storageClassProps };
-}
+  return { storageClass };
+}, "FilestoreStorageClass");

package/src/composites/fluent-bit-agent.ts

@@ -5,6 +5,9 @@
  * (image, RBAC, CloudWatch output config).
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { DaemonSet, ServiceAccount, ClusterRole, ClusterRoleBinding, ConfigMap } from "../generated";
+
 export interface FluentBitAgentProps {
   /** Agent name (default: "fluent-bit"). */
   name?: string;
@@ -30,14 +33,22 @@ export interface FluentBitAgentProps {
   memoryLimit?: string;
   /** IAM Role ARN for IRSA (adds eks.amazonaws.com/role-arn annotation to ServiceAccount). */
   iamRoleArn?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    daemonSet?: Partial<Record<string, unknown>>;
+    serviceAccount?: Partial<Record<string, unknown>>;
+    clusterRole?: Partial<Record<string, unknown>>;
+    clusterRoleBinding?: Partial<Record<string, unknown>>;
+    configMap?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface FluentBitAgentResult {
-  daemonSet: Record<string, unknown>;
-  serviceAccount: Record<string, unknown>;
-  clusterRole: Record<string, unknown>;
-  clusterRoleBinding: Record<string, unknown>;
-  configMap: Record<string, unknown>;
+  daemonSet: InstanceType<typeof DaemonSet>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  clusterRole: InstanceType<typeof ClusterRole>;
+  clusterRoleBinding: InstanceType<typeof ClusterRoleBinding>;
+  configMap: InstanceType<typeof ConfigMap>;
 }
 
 /**
@@ -56,7 +67,7 @@ export interface FluentBitAgentResult {
  * });
  * ```
  */
-export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult {
+export const FluentBitAgent = Composite<FluentBitAgentProps>((props) => {
   const {
     name = "fluent-bit",
     image = "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable",
@@ -70,6 +81,7 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     cpuLimit = "200m",
     memoryLimit = "128Mi",
     iamRoleArn,
+    defaults: defs,
   } = props;
 
   const saName = `${name}-sa`;
@@ -137,7 +149,7 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     },
   };
 
-  const daemonSetProps: Record<string, unknown> = {
+  const daemonSet = new DaemonSet(mergeDefaults({
     metadata: {
       name,
       namespace,
@@ -159,18 +171,18 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
         },
       },
     },
-  };
+  }, defs?.daemonSet));
 
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name: saName,
       namespace,
       labels: { ...commonLabels, "app.kubernetes.io/component": "agent" },
       ...(iamRoleArn ? { annotations: { "eks.amazonaws.com/role-arn": iamRoleArn } } : {}),
     },
-  };
+  }, defs?.serviceAccount));
 
-  const clusterRoleProps: Record<string, unknown> = {
+  const clusterRole = new ClusterRole(mergeDefaults({
     metadata: {
       name: clusterRoleName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -178,9 +190,9 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     rules: [
       { apiGroups: [""], resources: ["namespaces", "pods"], verbs: ["get", "list", "watch"] },
     ],
-  };
+  }, defs?.clusterRole));
 
-  const clusterRoleBindingProps: Record<string, unknown> = {
+  const clusterRoleBinding = new ClusterRoleBinding(mergeDefaults({
     metadata: {
       name: bindingName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -197,9 +209,9 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
         namespace,
       },
     ],
-  };
+  }, defs?.clusterRoleBinding));
 
-  const configMapProps: Record<string, unknown> = {
+  const configMap = new ConfigMap(mergeDefaults({
     metadata: {
       name: configMapName,
       namespace,
@@ -208,13 +220,7 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     data: {
       "fluent-bit.conf": fluentBitConfig,
     },
-  };
+  }, defs?.configMap));
 
-  return {
-    daemonSet: daemonSetProps,
-    serviceAccount: serviceAccountProps,
-    clusterRole: clusterRoleProps,
-    clusterRoleBinding: clusterRoleBindingProps,
-    configMap: configMapProps,
-  };
-}
+  return { daemonSet, serviceAccount, clusterRole, clusterRoleBinding, configMap };
+}, "FluentBitAgent");