@intentius/chant-lexicon-k8s 0.0.22 → 0.1.0

package/src/composites/fluent-bit-agent.ts

@@ -5,6 +5,9 @@
  * (image, RBAC, CloudWatch output config).
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { DaemonSet, ServiceAccount, ClusterRole, ClusterRoleBinding, ConfigMap } from "../generated";
+
 export interface FluentBitAgentProps {
   /** Agent name (default: "fluent-bit"). */
   name?: string;
@@ -30,14 +33,22 @@ export interface FluentBitAgentProps {
   memoryLimit?: string;
   /** IAM Role ARN for IRSA (adds eks.amazonaws.com/role-arn annotation to ServiceAccount). */
   iamRoleArn?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    daemonSet?: Partial<Record<string, unknown>>;
+    serviceAccount?: Partial<Record<string, unknown>>;
+    clusterRole?: Partial<Record<string, unknown>>;
+    clusterRoleBinding?: Partial<Record<string, unknown>>;
+    configMap?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface FluentBitAgentResult {
-  daemonSet: Record<string, unknown>;
-  serviceAccount: Record<string, unknown>;
-  clusterRole: Record<string, unknown>;
-  clusterRoleBinding: Record<string, unknown>;
-  configMap: Record<string, unknown>;
+  daemonSet: InstanceType<typeof DaemonSet>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  clusterRole: InstanceType<typeof ClusterRole>;
+  clusterRoleBinding: InstanceType<typeof ClusterRoleBinding>;
+  configMap: InstanceType<typeof ConfigMap>;
 }
 
 /**
@@ -56,7 +67,7 @@ export interface FluentBitAgentResult {
  * });
  * ```
  */
-export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult {
+export const FluentBitAgent = Composite<FluentBitAgentProps>((props) => {
   const {
     name = "fluent-bit",
     image = "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable",
@@ -70,6 +81,7 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     cpuLimit = "200m",
     memoryLimit = "128Mi",
     iamRoleArn,
+    defaults: defs,
   } = props;
 
   const saName = `${name}-sa`;
@@ -137,7 +149,7 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     },
   };
 
-  const daemonSetProps: Record<string, unknown> = {
+  const daemonSet = new DaemonSet(mergeDefaults({
     metadata: {
       name,
       namespace,
@@ -159,18 +171,18 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
         },
       },
     },
-  };
+  }, defs?.daemonSet));
 
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name: saName,
       namespace,
       labels: { ...commonLabels, "app.kubernetes.io/component": "agent" },
       ...(iamRoleArn ? { annotations: { "eks.amazonaws.com/role-arn": iamRoleArn } } : {}),
     },
-  };
+  }, defs?.serviceAccount));
 
-  const clusterRoleProps: Record<string, unknown> = {
+  const clusterRole = new ClusterRole(mergeDefaults({
     metadata: {
       name: clusterRoleName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -178,9 +190,9 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     rules: [
       { apiGroups: [""], resources: ["namespaces", "pods"], verbs: ["get", "list", "watch"] },
     ],
-  };
+  }, defs?.clusterRole));
 
-  const clusterRoleBindingProps: Record<string, unknown> = {
+  const clusterRoleBinding = new ClusterRoleBinding(mergeDefaults({
     metadata: {
       name: bindingName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -197,9 +209,9 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
         namespace,
       },
     ],
-  };
+  }, defs?.clusterRoleBinding));
 
-  const configMapProps: Record<string, unknown> = {
+  const configMap = new ConfigMap(mergeDefaults({
     metadata: {
       name: configMapName,
       namespace,
@@ -208,13 +220,7 @@ export function FluentBitAgent(props: FluentBitAgentProps): FluentBitAgentResult
     data: {
       "fluent-bit.conf": fluentBitConfig,
     },
-  };
+  }, defs?.configMap));
 
-  return {
-    daemonSet: daemonSetProps,
-    serviceAccount: serviceAccountProps,
-    clusterRole: clusterRoleProps,
-    clusterRoleBinding: clusterRoleBindingProps,
-    configMap: configMapProps,
-  };
-}
+  return { daemonSet, serviceAccount, clusterRole, clusterRoleBinding, configMap };
+}, "FluentBitAgent");

package/src/composites/gce-ingress.ts

@@ -5,6 +5,9 @@
  * including static IP, managed certificates, and FrontendConfig.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Ingress } from "../generated";
+
 export interface GceIngressHost {
   /** Hostname (e.g., "api.example.com"). */
   hostname: string;
@@ -39,10 +42,14 @@ export interface GceIngressProps {
   labels?: Record<string, string>;
   /** Namespace for all resources. */
   namespace?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    ingress?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface GceIngressResult {
-  ingress: Record<string, unknown>;
+  ingress: InstanceType<typeof Ingress>;
 }
 
 /**
@@ -67,7 +74,7 @@ export interface GceIngressResult {
  * });
  * ```
  */
-export function GceIngress(props: GceIngressProps): GceIngressResult {
+export const GceIngress = Composite<GceIngressProps>((props) => {
   const {
     name,
     hosts,
@@ -79,6 +86,7 @@ export function GceIngress(props: GceIngressProps): GceIngressResult {
     annotations: extraAnnotations = {},
     labels: extraLabels = {},
     namespace,
+    defaults: defs,
   } = props;
 
   const commonLabels: Record<string, string> = {
@@ -127,7 +135,7 @@ export function GceIngress(props: GceIngressProps): GceIngressResult {
     },
   }));
 
-  const ingressProps: Record<string, unknown> = {
+  const ingress = new Ingress(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -137,7 +145,7 @@ export function GceIngress(props: GceIngressProps): GceIngressResult {
     spec: {
       rules: ingressRules,
     },
-  };
+  }, defs?.ingress));
 
-  return { ingress: ingressProps };
-}
+  return { ingress };
+}, "GceIngress");

package/src/composites/gce-pd-storage-class.ts

@@ -4,6 +4,9 @@
  * @gke Creates a StorageClass with the `pd.csi.storage.gke.io` provisioner.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { StorageClass } from "../generated";
+
 export interface GcePdStorageClassProps {
   /** StorageClass name. */
   name: string;
@@ -21,10 +24,14 @@ export interface GcePdStorageClassProps {
   allowVolumeExpansion?: boolean;
   /** Additional labels. */
   labels?: Record<string, string>;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    storageClass?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface GcePdStorageClassResult {
-  storageClass: Record<string, unknown>;
+  storageClass: InstanceType<typeof StorageClass>;
 }
 
 /**
@@ -42,7 +49,7 @@ export interface GcePdStorageClassResult {
  * });
  * ```
  */
-export function GcePdStorageClass(props: GcePdStorageClassProps): GcePdStorageClassResult {
+export const GcePdStorageClass = Composite<GcePdStorageClassProps>((props) => {
   const {
     name,
     type = "pd-balanced",
@@ -52,6 +59,7 @@ export function GcePdStorageClass(props: GcePdStorageClassProps): GcePdStorageCl
     volumeBindingMode = "WaitForFirstConsumer",
     allowVolumeExpansion = true,
     labels: extraLabels = {},
+    defaults: defs,
   } = props;
 
   const commonLabels: Record<string, string> = {
@@ -69,7 +77,7 @@ export function GcePdStorageClass(props: GcePdStorageClassProps): GcePdStorageCl
     parameters["replication-type"] = replicationType;
   }
 
-  const storageClassProps: Record<string, unknown> = {
+  const storageClass = new StorageClass(mergeDefaults({
     metadata: {
       name,
       labels: { ...commonLabels, "app.kubernetes.io/component": "storage" },
@@ -79,7 +87,7 @@ export function GcePdStorageClass(props: GcePdStorageClassProps): GcePdStorageCl
     reclaimPolicy,
     volumeBindingMode,
     allowVolumeExpansion,
-  };
+  }, defs?.storageClass));
 
-  return { storageClass: storageClassProps };
-}
+  return { storageClass };
+}, "GcePdStorageClass");

package/src/composites/gke-external-dns-agent.ts

@@ -5,6 +5,9 @@
  * instead of IRSA for Cloud DNS management.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Deployment, ServiceAccount, ClusterRole, ClusterRoleBinding } from "../generated";
+
 export interface GkeExternalDnsAgentProps {
   /** GCP service account email for Workload Identity (needs Cloud DNS permissions). */
   gcpServiceAccountEmail: string;
@@ -14,8 +17,8 @@ export interface GkeExternalDnsAgentProps {
   domainFilters: string[];
   /** TXT record owner ID for identifying managed records. */
   txtOwnerId?: string;
-  /** Source of DNS records (default: "ingress"). */
-  source?: string;
+  /** Source(s) of DNS records (default: "ingress"). Pass an array for multiple sources. */
+  source?: string | string[];
   /** Agent name (default: "external-dns"). */
   name?: string;
   /** Container image (default: "registry.k8s.io/external-dns/external-dns:v0.14.0"). */
@@ -24,13 +27,20 @@ export interface GkeExternalDnsAgentProps {
   namespace?: string;
   /** Additional labels. */
   labels?: Record<string, string>;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    deployment?: Partial<Record<string, unknown>>;
+    serviceAccount?: Partial<Record<string, unknown>>;
+    clusterRole?: Partial<Record<string, unknown>>;
+    clusterRoleBinding?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface GkeExternalDnsAgentResult {
-  deployment: Record<string, unknown>;
-  serviceAccount: Record<string, unknown>;
-  clusterRole: Record<string, unknown>;
-  clusterRoleBinding: Record<string, unknown>;
+  deployment: InstanceType<typeof Deployment>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  clusterRole: InstanceType<typeof ClusterRole>;
+  clusterRoleBinding: InstanceType<typeof ClusterRoleBinding>;
 }
 
 /**
@@ -50,7 +60,7 @@ export interface GkeExternalDnsAgentResult {
  * });
  * ```
  */
-export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExternalDnsAgentResult {
+export const GkeExternalDnsAgent = Composite<GkeExternalDnsAgentProps>((props) => {
   const {
     gcpServiceAccountEmail,
     gcpProjectId,
@@ -61,6 +71,7 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
     image = "registry.k8s.io/external-dns/external-dns:v0.14.0",
     namespace = "kube-system",
     labels: extraLabels = {},
+    defaults: defs,
   } = props;
 
   const saName = `${name}-sa`;
@@ -73,8 +84,10 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
     ...extraLabels,
   };
 
+  const sources = Array.isArray(source) ? source : [source];
+
   const args: string[] = [
-    `--source=${source}`,
+    ...sources.map((s) => `--source=${s}`),
     "--provider=google",
     `--google-project=${gcpProjectId}`,
     "--policy=upsert-only",
@@ -89,7 +102,7 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
     args.push(`--txt-owner-id=${txtOwnerId}`);
   }
 
-  const deploymentProps: Record<string, unknown> = {
+  const deployment = new Deployment(mergeDefaults({
     metadata: {
       name,
       namespace,
@@ -122,9 +135,9 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
         },
       },
     },
-  };
+  }, defs?.deployment));
 
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name: saName,
       namespace,
@@ -133,9 +146,9 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
         "iam.gke.io/gcp-service-account": gcpServiceAccountEmail,
       },
     },
-  };
+  }, defs?.serviceAccount));
 
-  const clusterRoleProps: Record<string, unknown> = {
+  const clusterRole = new ClusterRole(mergeDefaults({
     metadata: {
       name: clusterRoleName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -145,9 +158,9 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
       { apiGroups: ["extensions", "networking.k8s.io"], resources: ["ingresses"], verbs: ["get", "watch", "list"] },
       { apiGroups: [""], resources: ["nodes"], verbs: ["list", "watch"] },
     ],
-  };
+  }, defs?.clusterRole));
 
-  const clusterRoleBindingProps: Record<string, unknown> = {
+  const clusterRoleBinding = new ClusterRoleBinding(mergeDefaults({
     metadata: {
       name: bindingName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -164,12 +177,12 @@ export function GkeExternalDnsAgent(props: GkeExternalDnsAgentProps): GkeExterna
         namespace,
       },
     ],
-  };
+  }, defs?.clusterRoleBinding));
 
   return {
-    deployment: deploymentProps,
-    serviceAccount: serviceAccountProps,
-    clusterRole: clusterRoleProps,
-    clusterRoleBinding: clusterRoleBindingProps,
+    deployment,
+    serviceAccount,
+    clusterRole,
+    clusterRoleBinding,
   };
-}
+}, "GkeExternalDnsAgent");

package/src/composites/gke-fluent-bit-agent.ts

@@ -5,6 +5,9 @@
  * output plugin and uses GKE Workload Identity instead of IRSA.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { DaemonSet, ServiceAccount, ClusterRole, ClusterRoleBinding, ConfigMap } from "../generated";
+
 export interface GkeFluentBitAgentProps {
   /** GKE cluster name — used as log stream prefix. */
   clusterName: string;
@@ -28,14 +31,22 @@ export interface GkeFluentBitAgentProps {
   cpuLimit?: string;
   /** Memory limit (default: "128Mi"). */
   memoryLimit?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    daemonSet?: Partial<Record<string, unknown>>;
+    serviceAccount?: Partial<Record<string, unknown>>;
+    clusterRole?: Partial<Record<string, unknown>>;
+    clusterRoleBinding?: Partial<Record<string, unknown>>;
+    configMap?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface GkeFluentBitAgentResult {
-  daemonSet: Record<string, unknown>;
-  serviceAccount: Record<string, unknown>;
-  clusterRole: Record<string, unknown>;
-  clusterRoleBinding: Record<string, unknown>;
-  configMap: Record<string, unknown>;
+  daemonSet: InstanceType<typeof DaemonSet>;
+  serviceAccount: InstanceType<typeof ServiceAccount>;
+  clusterRole: InstanceType<typeof ClusterRole>;
+  clusterRoleBinding: InstanceType<typeof ClusterRoleBinding>;
+  configMap: InstanceType<typeof ConfigMap>;
 }
 
 /**
@@ -54,7 +65,7 @@ export interface GkeFluentBitAgentResult {
  * });
  * ```
  */
-export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAgentResult {
+export const GkeFluentBitAgent = Composite<GkeFluentBitAgentProps>((props) => {
   const {
     clusterName,
     projectId,
@@ -67,6 +78,7 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
     memoryRequest = "64Mi",
     cpuLimit = "200m",
     memoryLimit = "128Mi",
+    defaults: defs,
   } = props;
 
   const saName = `${name}-sa`;
@@ -134,7 +146,7 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
     },
   };
 
-  const daemonSetProps: Record<string, unknown> = {
+  const daemonSet = new DaemonSet(mergeDefaults({
     metadata: {
       name,
       namespace,
@@ -156,9 +168,9 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
         },
       },
     },
-  };
+  }, defs?.daemonSet));
 
-  const serviceAccountProps: Record<string, unknown> = {
+  const serviceAccount = new ServiceAccount(mergeDefaults({
     metadata: {
       name: saName,
       namespace,
@@ -167,9 +179,9 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
         ? { annotations: { "iam.gke.io/gcp-service-account": gcpServiceAccountEmail } }
         : {}),
     },
-  };
+  }, defs?.serviceAccount));
 
-  const clusterRoleProps: Record<string, unknown> = {
+  const clusterRole = new ClusterRole(mergeDefaults({
     metadata: {
       name: clusterRoleName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -177,9 +189,9 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
     rules: [
       { apiGroups: [""], resources: ["namespaces", "pods"], verbs: ["get", "list", "watch"] },
     ],
-  };
+  }, defs?.clusterRole));
 
-  const clusterRoleBindingProps: Record<string, unknown> = {
+  const clusterRoleBinding = new ClusterRoleBinding(mergeDefaults({
     metadata: {
       name: bindingName,
       labels: { ...commonLabels, "app.kubernetes.io/component": "rbac" },
@@ -196,9 +208,9 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
         namespace,
       },
     ],
-  };
+  }, defs?.clusterRoleBinding));
 
-  const configMapProps: Record<string, unknown> = {
+  const configMap = new ConfigMap(mergeDefaults({
     metadata: {
       name: configMapName,
       namespace,
@@ -207,13 +219,13 @@ export function GkeFluentBitAgent(props: GkeFluentBitAgentProps): GkeFluentBitAg
     data: {
       "fluent-bit.conf": fluentBitConfig,
     },
-  };
+  }, defs?.configMap));
 
   return {
-    daemonSet: daemonSetProps,
-    serviceAccount: serviceAccountProps,
-    clusterRole: clusterRoleProps,
-    clusterRoleBinding: clusterRoleBindingProps,
-    configMap: configMapProps,
+    daemonSet,
+    serviceAccount,
+    clusterRole,
+    clusterRoleBinding,
+    configMap,
   };
-}
+}, "GkeFluentBitAgent");

package/src/composites/gke-gateway.ts

@@ -5,6 +5,9 @@
  * HTTPRoute resources for traffic routing.
  */
 
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { Deployment } from "../generated";
+
 export interface GkeGatewayHost {
   /** Hostname (e.g., "api.example.com"). */
   hostname: string;
@@ -32,11 +35,16 @@ export interface GkeGatewayProps {
   labels?: Record<string, string>;
   /** Namespace for all resources. */
   namespace?: string;
+  /** Per-member defaults for fine-grained overrides. */
+  defaults?: {
+    gateway?: Partial<Record<string, unknown>>;
+    httpRoute?: Partial<Record<string, unknown>>;
+  };
 }
 
 export interface GkeGatewayResult {
-  gateway: Record<string, unknown>;
-  httpRoute: Record<string, unknown>;
+  gateway: InstanceType<typeof Deployment>; // CRD — use Deployment as proxy Declarable
+  httpRoute: InstanceType<typeof Deployment>; // CRD — use Deployment as proxy Declarable
 }
 
 /**
@@ -60,7 +68,7 @@ export interface GkeGatewayResult {
  * });
  * ```
  */
-export function GkeGateway(props: GkeGatewayProps): GkeGatewayResult {
+export const GkeGateway = Composite<GkeGatewayProps>((props) => {
   const {
     name,
     gatewayClassName = "gke-l7-global-external-managed",
@@ -68,6 +76,7 @@ export function GkeGateway(props: GkeGatewayProps): GkeGatewayResult {
     certificateName,
     labels: extraLabels = {},
     namespace,
+    defaults: defs,
   } = props;
 
   const routeName = `${name}-route`;
@@ -99,7 +108,8 @@ export function GkeGateway(props: GkeGatewayProps): GkeGatewayResult {
     });
   }
 
-  const gatewayProps: Record<string, unknown> = {
+  // Gateway and HTTPRoute are CRDs — use Deployment constructor as a generic Declarable wrapper
+  const gateway = new Deployment(mergeDefaults({
     metadata: {
       name,
       ...(namespace && { namespace }),
@@ -109,7 +119,7 @@ export function GkeGateway(props: GkeGatewayProps): GkeGatewayResult {
       gatewayClassName,
       listeners,
     },
-  };
+  }, defs?.gateway));
 
   // Build HTTPRoute rules
   const hostnames = hosts.map((h) => h.hostname);
@@ -123,7 +133,7 @@ export function GkeGateway(props: GkeGatewayProps): GkeGatewayResult {
     })),
   );
 
-  const httpRouteProps: Record<string, unknown> = {
+  const httpRoute = new Deployment(mergeDefaults({
     metadata: {
       name: routeName,
       ...(namespace && { namespace }),
@@ -134,10 +144,7 @@ export function GkeGateway(props: GkeGatewayProps): GkeGatewayResult {
       hostnames,
       rules,
     },
-  };
+  }, defs?.httpRoute));
 
-  return {
-    gateway: gatewayProps,
-    httpRoute: httpRouteProps,
-  };
-}
+  return { gateway, httpRoute };
+}, "GkeGateway");