@intentius/chant-lexicon-k8s 0.0.22 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/integrity.json +9 -4
- package/dist/manifest.json +1 -1
- package/dist/skills/chant-k8s-aks.md +146 -0
- package/{src/skills/kubernetes-patterns.md → dist/skills/chant-k8s-deployment-strategies.md} +1 -1
- package/dist/skills/chant-k8s-eks.md +156 -0
- package/dist/skills/chant-k8s-gke.md +246 -0
- package/{src/skills/kubernetes-security.md → dist/skills/chant-k8s-security.md} +1 -1
- package/dist/skills/chant-k8s.md +65 -2
- package/package.json +5 -4
- package/src/composites/adot-collector.ts +34 -22
- package/src/composites/agic-ingress.ts +14 -6
- package/src/composites/aks-external-dns-agent.ts +29 -18
- package/src/composites/alb-ingress.ts +14 -6
- package/src/composites/autoscaled-service.ts +25 -20
- package/src/composites/azure-disk-storage-class.ts +14 -6
- package/src/composites/azure-file-storage-class.ts +14 -6
- package/src/composites/azure-monitor-collector.ts +34 -22
- package/src/composites/batch-job.ts +25 -17
- package/src/composites/cockroachdb-cluster.ts +164 -58
- package/src/composites/composites.test.ts +371 -365
- package/src/composites/config-connector-context.ts +18 -11
- package/src/composites/configured-app.ts +21 -15
- package/src/composites/cron-workload.ts +25 -20
- package/src/composites/ebs-storage-class.ts +14 -6
- package/src/composites/efs-storage-class.ts +14 -6
- package/src/composites/external-dns-agent.ts +26 -20
- package/src/composites/filestore-storage-class.ts +14 -6
- package/src/composites/fluent-bit-agent.ts +30 -24
- package/src/composites/gce-ingress.ts +14 -6
- package/src/composites/gce-pd-storage-class.ts +14 -6
- package/src/composites/gke-external-dns-agent.ts +34 -21
- package/src/composites/gke-fluent-bit-agent.ts +34 -22
- package/src/composites/gke-gateway.ts +19 -12
- package/src/composites/gke-otel-collector.ts +34 -22
- package/src/composites/irsa-service-account.ts +22 -14
- package/src/composites/metrics-server.ts +41 -26
- package/src/composites/monitored-service.ts +26 -19
- package/src/composites/namespace-env.ts +26 -17
- package/src/composites/network-isolated-app.ts +21 -16
- package/src/composites/node-agent.ts +33 -22
- package/src/composites/secure-ingress.ts +19 -11
- package/src/composites/sidecar-app.ts +17 -12
- package/src/composites/stateful-app.ts +21 -12
- package/src/composites/web-app.ts +25 -21
- package/src/composites/worker-pool.ts +40 -26
- package/src/composites/workload-identity-sa.ts +22 -14
- package/src/composites/workload-identity-service-account.ts +22 -16
- package/src/plugin.ts +40 -614
- package/src/serializer.ts +7 -0
- package/src/skills/chant-k8s-deployment-strategies.md +183 -0
- package/src/skills/chant-k8s-gke.md +56 -1
- package/src/skills/chant-k8s-patterns.md +245 -0
- package/src/skills/chant-k8s-security.md +237 -0
- package/src/skills/chant-k8s.md +305 -0
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
* Azure Files provides ReadWriteMany access mode (shared across pods/nodes).
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
+
import { Composite, mergeDefaults } from "@intentius/chant";
|
|
9
|
+
import { StorageClass } from "../generated";
|
|
10
|
+
|
|
8
11
|
export interface AzureFileStorageClassProps {
|
|
9
12
|
/** StorageClass name. */
|
|
10
13
|
name: string;
|
|
@@ -18,10 +21,14 @@ export interface AzureFileStorageClassProps {
|
|
|
18
21
|
reclaimPolicy?: string;
|
|
19
22
|
/** Additional labels. */
|
|
20
23
|
labels?: Record<string, string>;
|
|
24
|
+
/** Per-member defaults for fine-grained overrides. */
|
|
25
|
+
defaults?: {
|
|
26
|
+
storageClass?: Partial<Record<string, unknown>>;
|
|
27
|
+
};
|
|
21
28
|
}
|
|
22
29
|
|
|
23
30
|
export interface AzureFileStorageClassResult {
|
|
24
|
-
storageClass:
|
|
31
|
+
storageClass: InstanceType<typeof StorageClass>;
|
|
25
32
|
}
|
|
26
33
|
|
|
27
34
|
/**
|
|
@@ -40,7 +47,7 @@ export interface AzureFileStorageClassResult {
|
|
|
40
47
|
* });
|
|
41
48
|
* ```
|
|
42
49
|
*/
|
|
43
|
-
export
|
|
50
|
+
export const AzureFileStorageClass = Composite<AzureFileStorageClassProps>((props) => {
|
|
44
51
|
const {
|
|
45
52
|
name,
|
|
46
53
|
skuName = "Premium_LRS",
|
|
@@ -48,6 +55,7 @@ export function AzureFileStorageClass(props: AzureFileStorageClassProps): AzureF
|
|
|
48
55
|
shareName,
|
|
49
56
|
reclaimPolicy = "Delete",
|
|
50
57
|
labels: extraLabels = {},
|
|
58
|
+
defaults: defs,
|
|
51
59
|
} = props;
|
|
52
60
|
|
|
53
61
|
const commonLabels: Record<string, string> = {
|
|
@@ -63,7 +71,7 @@ export function AzureFileStorageClass(props: AzureFileStorageClassProps): AzureF
|
|
|
63
71
|
|
|
64
72
|
if (shareName) parameters.shareName = shareName;
|
|
65
73
|
|
|
66
|
-
const
|
|
74
|
+
const storageClass = new StorageClass(mergeDefaults({
|
|
67
75
|
metadata: {
|
|
68
76
|
name,
|
|
69
77
|
labels: { ...commonLabels, "app.kubernetes.io/component": "storage" },
|
|
@@ -71,7 +79,7 @@ export function AzureFileStorageClass(props: AzureFileStorageClassProps): AzureF
|
|
|
71
79
|
provisioner: "file.csi.azure.com",
|
|
72
80
|
parameters,
|
|
73
81
|
reclaimPolicy,
|
|
74
|
-
};
|
|
82
|
+
}, defs?.storageClass));
|
|
75
83
|
|
|
76
|
-
return { storageClass
|
|
77
|
-
}
|
|
84
|
+
return { storageClass };
|
|
85
|
+
}, "AzureFileStorageClass");
|
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
* Log Analytics workspace integration on AKS clusters.
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
+
import { Composite, mergeDefaults } from "@intentius/chant";
|
|
9
|
+
import { DaemonSet, ServiceAccount, ClusterRole, ClusterRoleBinding, ConfigMap } from "../generated";
|
|
10
|
+
|
|
8
11
|
export interface AzureMonitorCollectorProps {
|
|
9
12
|
/** Azure Log Analytics workspace ID. */
|
|
10
13
|
workspaceId: string;
|
|
@@ -28,14 +31,22 @@ export interface AzureMonitorCollectorProps {
|
|
|
28
31
|
memoryLimit?: string;
|
|
29
32
|
/** Azure AD client ID for Workload Identity (adds azure.workload.identity annotations to ServiceAccount). */
|
|
30
33
|
clientId?: string;
|
|
34
|
+
/** Per-member defaults for fine-grained overrides. */
|
|
35
|
+
defaults?: {
|
|
36
|
+
daemonSet?: Partial<Record<string, unknown>>;
|
|
37
|
+
serviceAccount?: Partial<Record<string, unknown>>;
|
|
38
|
+
clusterRole?: Partial<Record<string, unknown>>;
|
|
39
|
+
clusterRoleBinding?: Partial<Record<string, unknown>>;
|
|
40
|
+
configMap?: Partial<Record<string, unknown>>;
|
|
41
|
+
};
|
|
31
42
|
}
|
|
32
43
|
|
|
33
44
|
export interface AzureMonitorCollectorResult {
|
|
34
|
-
daemonSet:
|
|
35
|
-
serviceAccount:
|
|
36
|
-
clusterRole:
|
|
37
|
-
clusterRoleBinding:
|
|
38
|
-
configMap:
|
|
45
|
+
daemonSet: InstanceType<typeof DaemonSet>;
|
|
46
|
+
serviceAccount: InstanceType<typeof ServiceAccount>;
|
|
47
|
+
clusterRole: InstanceType<typeof ClusterRole>;
|
|
48
|
+
clusterRoleBinding: InstanceType<typeof ClusterRoleBinding>;
|
|
49
|
+
configMap: InstanceType<typeof ConfigMap>;
|
|
39
50
|
}
|
|
40
51
|
|
|
41
52
|
/**
|
|
@@ -53,7 +64,7 @@ export interface AzureMonitorCollectorResult {
|
|
|
53
64
|
* });
|
|
54
65
|
* ```
|
|
55
66
|
*/
|
|
56
|
-
export
|
|
67
|
+
export const AzureMonitorCollector = Composite<AzureMonitorCollectorProps>((props) => {
|
|
57
68
|
const {
|
|
58
69
|
workspaceId,
|
|
59
70
|
clusterName,
|
|
@@ -66,6 +77,7 @@ export function AzureMonitorCollector(props: AzureMonitorCollectorProps): AzureM
|
|
|
66
77
|
cpuLimit = "500m",
|
|
67
78
|
memoryLimit = "512Mi",
|
|
68
79
|
clientId,
|
|
80
|
+
defaults: defs,
|
|
69
81
|
} = props;
|
|
70
82
|
|
|
71
83
|
const saName = `${name}-sa`;
|
|
@@ -137,7 +149,7 @@ service:
|
|
|
137
149
|
],
|
|
138
150
|
};
|
|
139
151
|
|
|
140
|
-
const
|
|
152
|
+
const daemonSet = new DaemonSet(mergeDefaults({
|
|
141
153
|
metadata: {
|
|
142
154
|
name,
|
|
143
155
|
namespace,
|
|
@@ -157,7 +169,7 @@ service:
|
|
|
157
169
|
},
|
|
158
170
|
},
|
|
159
171
|
},
|
|
160
|
-
};
|
|
172
|
+
}, defs?.daemonSet));
|
|
161
173
|
|
|
162
174
|
const saLabels: Record<string, string> = {
|
|
163
175
|
...commonLabels,
|
|
@@ -168,16 +180,16 @@ service:
|
|
|
168
180
|
saLabels["azure.workload.identity/use"] = "true";
|
|
169
181
|
}
|
|
170
182
|
|
|
171
|
-
const
|
|
183
|
+
const serviceAccount = new ServiceAccount(mergeDefaults({
|
|
172
184
|
metadata: {
|
|
173
185
|
name: saName,
|
|
174
186
|
namespace,
|
|
175
187
|
labels: saLabels,
|
|
176
188
|
...(clientId ? { annotations: { "azure.workload.identity/client-id": clientId } } : {}),
|
|
177
189
|
},
|
|
178
|
-
};
|
|
190
|
+
}, defs?.serviceAccount));
|
|
179
191
|
|
|
180
|
-
const
|
|
192
|
+
const clusterRole = new ClusterRole(mergeDefaults({
|
|
181
193
|
metadata: {
|
|
182
194
|
name: clusterRoleName,
|
|
183
195
|
labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
|
|
@@ -190,9 +202,9 @@ service:
|
|
|
190
202
|
{ apiGroups: [""], resources: ["nodes/stats", "configmaps", "events"], verbs: ["create", "get"] },
|
|
191
203
|
{ apiGroups: [""], resources: ["configmaps"], verbs: ["get", "update", "create"], resourceNames: ["otel-container-insight-clusterleader"] },
|
|
192
204
|
],
|
|
193
|
-
};
|
|
205
|
+
}, defs?.clusterRole));
|
|
194
206
|
|
|
195
|
-
const
|
|
207
|
+
const clusterRoleBinding = new ClusterRoleBinding(mergeDefaults({
|
|
196
208
|
metadata: {
|
|
197
209
|
name: bindingName,
|
|
198
210
|
labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
|
|
@@ -209,9 +221,9 @@ service:
|
|
|
209
221
|
namespace,
|
|
210
222
|
},
|
|
211
223
|
],
|
|
212
|
-
};
|
|
224
|
+
}, defs?.clusterRoleBinding));
|
|
213
225
|
|
|
214
|
-
const
|
|
226
|
+
const configMap = new ConfigMap(mergeDefaults({
|
|
215
227
|
metadata: {
|
|
216
228
|
name: configMapName,
|
|
217
229
|
namespace,
|
|
@@ -220,13 +232,13 @@ service:
|
|
|
220
232
|
data: {
|
|
221
233
|
"config.yaml": collectorConfig,
|
|
222
234
|
},
|
|
223
|
-
};
|
|
235
|
+
}, defs?.configMap));
|
|
224
236
|
|
|
225
237
|
return {
|
|
226
|
-
daemonSet
|
|
227
|
-
serviceAccount
|
|
228
|
-
clusterRole
|
|
229
|
-
clusterRoleBinding
|
|
230
|
-
configMap
|
|
238
|
+
daemonSet,
|
|
239
|
+
serviceAccount,
|
|
240
|
+
clusterRole,
|
|
241
|
+
clusterRoleBinding,
|
|
242
|
+
configMap,
|
|
231
243
|
};
|
|
232
|
-
}
|
|
244
|
+
}, "AzureMonitorCollector");
|
|
@@ -5,6 +5,8 @@
|
|
|
5
5
|
* seed tasks, backups). For scheduled workloads, use CronWorkload instead.
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
+
import { Composite, mergeDefaults } from "@intentius/chant";
|
|
9
|
+
import { Job, ServiceAccount, Role, RoleBinding } from "../generated";
|
|
8
10
|
import type { ContainerSecurityContext } from "./security-context";
|
|
9
11
|
|
|
10
12
|
/** Parse a K8s memory string (e.g. "256Mi", "1Gi") to bytes for comparison. */
|
|
@@ -68,13 +70,20 @@ export interface BatchJobProps {
|
|
|
68
70
|
env?: Array<{ name: string; value: string }>;
|
|
69
71
|
/** Container security context (supports PSS restricted fields). */
|
|
70
72
|
securityContext?: ContainerSecurityContext;
|
|
73
|
+
/** Per-member defaults for fine-grained overrides. */
|
|
74
|
+
defaults?: {
|
|
75
|
+
job?: Partial<Record<string, unknown>>;
|
|
76
|
+
serviceAccount?: Partial<Record<string, unknown>>;
|
|
77
|
+
role?: Partial<Record<string, unknown>>;
|
|
78
|
+
roleBinding?: Partial<Record<string, unknown>>;
|
|
79
|
+
};
|
|
71
80
|
}
|
|
72
81
|
|
|
73
82
|
export interface BatchJobResult {
|
|
74
|
-
job:
|
|
75
|
-
serviceAccount?:
|
|
76
|
-
role?:
|
|
77
|
-
roleBinding?:
|
|
83
|
+
job: InstanceType<typeof Job>;
|
|
84
|
+
serviceAccount?: InstanceType<typeof ServiceAccount>;
|
|
85
|
+
role?: InstanceType<typeof Role>;
|
|
86
|
+
roleBinding?: InstanceType<typeof RoleBinding>;
|
|
78
87
|
}
|
|
79
88
|
|
|
80
89
|
/**
|
|
@@ -94,7 +103,7 @@ export interface BatchJobResult {
|
|
|
94
103
|
* });
|
|
95
104
|
* ```
|
|
96
105
|
*/
|
|
97
|
-
export
|
|
106
|
+
export const BatchJob = Composite<BatchJobProps>((props) => {
|
|
98
107
|
const {
|
|
99
108
|
name,
|
|
100
109
|
image,
|
|
@@ -114,6 +123,7 @@ export function BatchJob(props: BatchJobProps): BatchJobResult {
|
|
|
114
123
|
memoryLimit: rawMemoryLimit = "256Mi",
|
|
115
124
|
env,
|
|
116
125
|
securityContext,
|
|
126
|
+
defaults: defs,
|
|
117
127
|
} = props;
|
|
118
128
|
|
|
119
129
|
// Ensure limits >= requests (K8s rejects pods where request > limit).
|
|
@@ -152,7 +162,7 @@ export function BatchJob(props: BatchJobProps): BatchJobResult {
|
|
|
152
162
|
...(securityContext && { securityContext }),
|
|
153
163
|
};
|
|
154
164
|
|
|
155
|
-
const
|
|
165
|
+
const job = new Job(mergeDefaults({
|
|
156
166
|
metadata: {
|
|
157
167
|
name,
|
|
158
168
|
...(namespace && { namespace }),
|
|
@@ -172,31 +182,29 @@ export function BatchJob(props: BatchJobProps): BatchJobResult {
|
|
|
172
182
|
},
|
|
173
183
|
},
|
|
174
184
|
},
|
|
175
|
-
};
|
|
185
|
+
}, defs?.job));
|
|
176
186
|
|
|
177
|
-
const result:
|
|
178
|
-
job: jobProps,
|
|
179
|
-
};
|
|
187
|
+
const result: Record<string, any> = { job };
|
|
180
188
|
|
|
181
189
|
if (createRbac) {
|
|
182
|
-
result.serviceAccount = {
|
|
190
|
+
result.serviceAccount = new ServiceAccount(mergeDefaults({
|
|
183
191
|
metadata: {
|
|
184
192
|
name: saName,
|
|
185
193
|
...(namespace && { namespace }),
|
|
186
194
|
labels: { ...commonLabels, "app.kubernetes.io/component": "batch" },
|
|
187
195
|
},
|
|
188
|
-
};
|
|
196
|
+
}, defs?.serviceAccount));
|
|
189
197
|
|
|
190
|
-
result.role = {
|
|
198
|
+
result.role = new Role(mergeDefaults({
|
|
191
199
|
metadata: {
|
|
192
200
|
name: roleName,
|
|
193
201
|
...(namespace && { namespace }),
|
|
194
202
|
labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
|
|
195
203
|
},
|
|
196
204
|
rules: effectiveRbacRules,
|
|
197
|
-
};
|
|
205
|
+
}, defs?.role));
|
|
198
206
|
|
|
199
|
-
result.roleBinding = {
|
|
207
|
+
result.roleBinding = new RoleBinding(mergeDefaults({
|
|
200
208
|
metadata: {
|
|
201
209
|
name: bindingName,
|
|
202
210
|
...(namespace && { namespace }),
|
|
@@ -214,8 +222,8 @@ export function BatchJob(props: BatchJobProps): BatchJobResult {
|
|
|
214
222
|
...(namespace && { namespace }),
|
|
215
223
|
},
|
|
216
224
|
],
|
|
217
|
-
};
|
|
225
|
+
}, defs?.roleBinding));
|
|
218
226
|
}
|
|
219
227
|
|
|
220
228
|
return result;
|
|
221
|
-
}
|
|
229
|
+
}, "BatchJob");
|