@intentius/chant-lexicon-k8s 0.0.24 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/integrity.json +3 -3
  2. package/dist/manifest.json +1 -1
  3. package/dist/skills/chant-k8s-gke.md +1 -1
  4. package/package.json +5 -4
  5. package/src/composites/cockroachdb-cluster.ts +16 -0
  6. package/src/composites/composites.test.ts +4 -4
  7. package/src/composites/config-connector-context.ts +3 -3
  8. package/src/serializer.ts +4 -0
  9. package/src/skills/chant-k8s-gke.md +1 -1
package/dist/integrity.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "algorithm": "xxhash64",
3
3
  "artifacts": {
4
- "manifest.json": "65da11d30f270ee5",
4
+ "manifest.json": "aff81f16893ceb64",
5
5
  "meta.json": "1ce194f36f9b5f90",
6
6
  "types/index.d.ts": "beec4cc869064186",
7
7
  "rules/missing-resource-limits.ts": "a6f776d2ff477948",
@@ -36,8 +36,8 @@
36
36
  "skills/chant-k8s-deployment-strategies.md": "74f179e7cdb15ed5",
37
37
  "skills/chant-k8s-security.md": "f377edc5fe0a3587",
38
38
  "skills/chant-k8s-eks.md": "f79f31f058c7f2ed",
39
- "skills/chant-k8s-gke.md": "196b839fc8a6849c",
39
+ "skills/chant-k8s-gke.md": "2f65ca45aef40c22",
40
40
  "skills/chant-k8s-aks.md": "764fa4b1408b618d"
41
41
  },
42
- "composite": "91eed8e99d4982de"
42
+ "composite": "583e41307c91a103"
43
43
  }
package/dist/manifest.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "k8s",
3
- "version": "0.0.24",
3
+ "version": "0.1.0",
4
4
  "chantVersion": ">=0.1.0",
5
5
  "namespace": "K8s",
6
6
  "intrinsics": [],
package/dist/skills/chant-k8s-gke.md CHANGED
@@ -206,7 +206,7 @@ import { ConfigConnectorContext } from "@intentius/chant-lexicon-k8s";
206
206
  const { context } = ConfigConnectorContext({
207
207
  googleServiceAccountEmail: "cc-sa@my-project.iam.gserviceaccount.com",
208
208
  namespace: "config-connector",
209
- stateIntoSpec: "absent",
209
+ stateIntoSpec: "Absent",
210
210
  });
211
211
  ```
212
212
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@intentius/chant-lexicon-k8s",
3
- "version": "0.0.24",
3
+ "version": "0.1.0",
4
4
  "description": "Kubernetes lexicon for chant — declarative IaC in TypeScript",
5
5
  "license": "Apache-2.0",
6
6
  "homepage": "https://intentius.io/chant",
@@ -42,10 +42,11 @@
42
42
  "docs": "bun run src/codegen/docs-cli.ts",
43
43
  "prepack": "bun run generate && bun run bundle && bun run validate"
44
44
  },
45
- "dependencies": {
46
- "@intentius/chant": "0.0.22"
47
- },
48
45
  "devDependencies": {
46
+ "@intentius/chant": "0.1.0",
49
47
  "typescript": "^5.9.3"
48
+ },
49
+ "peerDependencies": {
50
+ "@intentius/chant": "^0.1.0"
50
51
  }
51
52
  }
package/src/composites/cockroachdb-cluster.ts CHANGED
@@ -66,6 +66,16 @@ export interface CockroachDbClusterProps {
66
66
  * E.g. pod "cockroachdb-0" in east advertises "cockroachdb-0.east.crdb.internal".
67
67
  */
68
68
  advertiseHostDomain?: string;
69
+ /**
70
+ * Mount the client certs secret (`${name}-client-certs`) into pods at
71
+ * `/cockroach/cockroach-client-certs` (default: false).
72
+ *
73
+ * Enable for multi-region deployments where `cockroach init`, `cockroach sql`,
74
+ * and backup schedule setup run inside a pod via `kubectl exec`. The client cert
75
+ * is separate from the node cert and is NOT included in the node certs secret.
76
+ * Without this flag you must inject client certs manually (e.g. via /tmp).
77
+ */
78
+ mountClientCerts?: boolean;
69
79
  /** Additional labels to apply to all resources. */
70
80
  labels?: Record<string, string>;
71
81
  /** Per-member defaults for fine-grained overrides. */
@@ -142,12 +152,14 @@ export const CockroachDbCluster = Composite<CockroachDbClusterProps>((props) =>
142
152
  skipCertGen = false,
143
153
  extraCertNodeAddresses = [],
144
154
  advertiseHostDomain,
155
+ mountClientCerts = false,
145
156
  labels: extraLabels = {},
146
157
  defaults: defs,
147
158
  } = props;
148
159
 
149
160
  const saName = name;
150
161
  const certsDir = "/cockroach/cockroach-certs";
162
+ const clientCertsDir = "/cockroach/cockroach-client-certs";
151
163
  const dataDir = "/cockroach/cockroach-data";
152
164
 
153
165
  const commonLabels: Record<string, string> = {
@@ -302,6 +314,10 @@ export const CockroachDbCluster = Composite<CockroachDbClusterProps>((props) =>
302
314
  if (secure) {
303
315
  volumes.push({ name: "certs", secret: { secretName: `${name}-node-certs`, defaultMode: 0o400 } });
304
316
  volumeMounts.push({ name: "certs", mountPath: certsDir });
317
+ if (mountClientCerts) {
318
+ volumes.push({ name: "client-certs", secret: { secretName: `${name}-client-certs`, defaultMode: 0o400 } });
319
+ volumeMounts.push({ name: "client-certs", mountPath: clientCertsDir });
320
+ }
305
321
  }
306
322
 
307
323
  const container: Record<string, unknown> = {
package/src/composites/composites.test.ts CHANGED
@@ -2752,14 +2752,14 @@ describe("ConfigConnectorContext", () => {
2752
2752
  expect(spec.googleServiceAccount).toBe("cnrm@my-project.iam.gserviceaccount.com");
2753
2753
  });
2754
2754
 
2755
- test("default stateIntoSpec is absent", () => {
2755
+ test("default stateIntoSpec is Absent", () => {
2756
2756
  const result = ConfigConnectorContext(minProps);
2757
- expect((p(result.context) as any).spec.stateIntoSpec).toBe("absent");
2757
+ expect((p(result.context) as any).spec.stateIntoSpec).toBe("Absent");
2758
2758
  });
2759
2759
 
2760
2760
  test("custom stateIntoSpec", () => {
2761
- const result = ConfigConnectorContext({ ...minProps, stateIntoSpec: "merge" });
2762
- expect((p(result.context) as any).spec.stateIntoSpec).toBe("merge");
2761
+ const result = ConfigConnectorContext({ ...minProps, stateIntoSpec: "Merge" });
2762
+ expect((p(result.context) as any).spec.stateIntoSpec).toBe("Merge");
2763
2763
  });
2764
2764
 
2765
2765
  test("default namespace is default", () => {
package/src/composites/config-connector-context.ts CHANGED
@@ -15,8 +15,8 @@ export interface ConfigConnectorContextProps {
15
15
  googleServiceAccountEmail: string;
16
16
  /** Namespace for the context (default: "default"). */
17
17
  namespace?: string;
18
- /** Whether to sync status into spec (default: "absent"). */
19
- stateIntoSpec?: "absent" | "merge";
18
+ /** Whether to sync status into spec (default: "Absent"). */
19
+ stateIntoSpec?: "Absent" | "Merge";
20
20
  /** Per-member defaults for fine-grained overrides. */
21
21
  defaults?: {
22
22
  context?: Partial<Record<string, unknown>>;
@@ -47,7 +47,7 @@ export const ConfigConnectorContext = Composite<ConfigConnectorContextProps>((pr
47
47
  name = "configconnectorcontext.core.cnrm.cloud.google.com",
48
48
  googleServiceAccountEmail,
49
49
  namespace = "default",
50
- stateIntoSpec = "absent",
50
+ stateIntoSpec = "Absent",
51
51
  defaults: defs,
52
52
  } = props;
53
53
 
package/src/serializer.ts CHANGED
@@ -91,6 +91,10 @@ const API_GROUP_VERSIONS: Record<string, string> = {
91
91
  GKE: "cloud.google.com/v1",
92
92
  NetworkingGKE: "networking.gke.io/v1",
93
93
  NetworkingGKEBeta: "networking.gke.io/v1beta1",
94
+ // Common Kubernetes operator CRDs
95
+ CertManager: "cert-manager.io/v1",
96
+ ExternalSecrets: "external-secrets.io/v1",
97
+ Monitoring: "monitoring.coreos.com/v1",
94
98
  };
95
99
 
96
100
  function deriveGVKFromType(entityType: string): { apiVersion: string; kind: string } | null {
package/src/skills/chant-k8s-gke.md CHANGED
@@ -206,7 +206,7 @@ import { ConfigConnectorContext } from "@intentius/chant-lexicon-k8s";
206
206
  const { context } = ConfigConnectorContext({
207
207
  googleServiceAccountEmail: "cc-sa@my-project.iam.gserviceaccount.com",
208
208
  namespace: "config-connector",
209
- stateIntoSpec: "absent",
209
+ stateIntoSpec: "Absent",
210
210
  });
211
211
  ```
212
212