pepr 0.2.10 → 0.3.0

package/README.md

@@ -9,7 +9,7 @@ Pepr is on a mission to save Kubernetes from the tyranny of YAML, intimidating g
 - Zero-config K8s webhook mutations and [validations soon](https://github.com/defenseunicorns/pepr/issues/73).
 - Human-readable fluent API for generating [Pepr Capabilities](#capability)
 - Generate new K8s resources based off of cluster resource changes
-- Perform other exec/API calls based off of cluster resources changes or any other abitrary schedule
+- Perform other exec/API calls based off of cluster resources changes or any other arbitrary schedule
 - Out of the box airgap support with [Zarf](https://zarf.dev)
 - Entire NPM ecosystem available for advanced operations
 - Realtime K8s debugging system for testing/reacting to cluster changes
@@ -76,7 +76,7 @@ https://user-images.githubusercontent.com/882485/230895880-c5623077-f811-4870-bb
 
 ### Module
 
-A module is the top-level collection of capabilities. It is a single, complete TypeScript project that includes an entry point to load all the configuration and capabilities, along with their CapabilityActions. During the Pepr build process, each module produces a unique Kubernetes MutatingWebhookConfiguration and ValidatingWebhookConfiguration, along with a secret containing the transpiled and compressed TypeScript code. The webhooks and secret are deployed into the Kubernetes cluster for processing by a common Pepr controller.
+A module is the top-level collection of capabilities. It is a single, complete TypeScript project that includes an entry point to load all the configuration and capabilities, along with their CapabilityActions. During the Pepr build process, each module produces a unique Kubernetes MutatingWebhookConfiguration and ValidatingWebhookConfiguration, along with a secret containing the transpiled and compressed TypeScript code. The webhooks and secret are deployed into the Kubernetes cluster with their own isolated controller.
 
 See [Module](./docs/module.md) for more details.
 
@@ -95,50 +95,7 @@ For example, a CapabilityAction could be responsible for adding a specific label
 See [CapabilityActions](./docs/actions.md) for more details.
 
 ## Logical Pepr Flow
-
-```mermaid
-graph LR
-
-subgraph "Module 3 (Validate Only)"
-    direction LR
-    Q[entrypoint 3] --> R[Validate Webhook];
-    R --> S[Capability a <br><i>- action 1<br>- action 2</i>];
-    S --> T[Capability b <br><i>- action 1<br>- action 2</i>];
-end
-
-subgraph "Module 2 (Mutate Only)"
-    direction LR
-    K[entrypoint 2] --> L[Mutate Webhook];
-    L --> M[Capability a <br><i>- action 1<br>- action 2</i>];
-    M --> N[Capability b <br><i>- action 1<br>- action 2<br>- action 3</i>];
-    N --> O[Capability c <br><i>- action 1</i>];
-end
-
-subgraph "Module 1 (Mutate & Validate)"
-    direction LR
-    A[entrypoint 1] --> B[Mutate Webhook];
-    A --> C[Validate Webhook];
-    B --> D[Capability a <br><i>- action 1</i>];
-    D --> E[Capability b <br><i>- action 1<br>- action 2</i>];
-    E --> F[Capability c <br><i>- action 1<br>- action 2</i>];
-    C --> G[Capability d <br><i>- action 1<br>- action 2</i>];
-    G --> H[Capability e <br><i>- action 1</i>];
-    H --> I[Capability f <br><i>- action 1<br>- action 2<br>- action 3</i>];
-end
-
-
-
-%% Defining node styles
-classDef Validate fill:#66ff66,color:#000;
-classDef Mutate fill:#5786ea,color:#000;
-
-
-class L,M,N,O Mutate;
-class B,D,E,F Mutate;
-
-class R,S,T Validate;
-class C,G,H,I Validate;
-```
+![Module Diagram](./.images/modules.svg)
 
 ## TypeScript
 

package/dist/package.json

@@ -4,29 +4,17 @@
     "author": "Defense Unicorns",
     "homepage": "https://github.com/defenseunicorns/pepr",
     "license": "Apache-2.0",
-    "bin": "dist/cli.js",
+    "bin": "dist/src/cli/index.js",
     "repository": "defenseunicorns/pepr",
     "engines": {
         "node": ">=18.0.0"
     },
-    "version": "0.2.10",
+    "version": "0.3.0",
     "main": "dist/index.js",
-    "types": "dist/index.d.ts",
-    "pepr": {
-        "name": "Development Module",
-        "uuid": "20e17cf6-a2e4-46b2-b626-75d88d96c88b",
-        "description": "Development module for pepr",
-        "version": "dev",
-        "onError": "ignore",
-        "alwaysIgnore": {
-            "namespaces": [],
-            "labels": []
-        }
-    },
     "scripts": {
         "prebuild": "rm -fr dist/* && node hack/build-template-data.js",
-        "build": "tsc -p tsconfig.build.json",
-        "test:unit": "npm run build && ava",
+        "build": "tsc",
+        "test:unit": "npm run build && ava dist/**/*.test.js",
         "test:e2e": "npm run test:e2e:k3d && npm run test:e2e:build && npm run test:e2e:image && npm run test:e2e:run",
         "test:e2e:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0'",
         "test:e2e:build": "npm run build && npm uninstall pepr -g && npm install -g . && pepr",
@@ -37,45 +25,39 @@
     },
     "dependencies": {
         "@kubernetes/client-node": "0.18.1",
-        "@rollup/plugin-json": "6.0.0",
-        "@rollup/plugin-node-resolve": "15.0.2",
-        "@rollup/plugin-typescript": "11.1.0",
-        "@types/ramda": "0.29.1",
-        "chokidar": "3.5.3",
-        "commander": "10.0.1",
         "express": "4.18.2",
         "fast-json-patch": "3.1.1",
         "http-status-codes": "2.2.0",
         "node-fetch": "2.6.9",
-        "node-forge": "1.3.1",
-        "prettier": "2.8.8",
-        "prompts": "2.4.2",
-        "ramda": "0.29.0",
-        "rollup": "3.21.4",
-        "ts-node": "10.9.1",
-        "tslib": "2.5.0",
-        "typescript": "5.0.4",
-        "uuid": "9.0.0"
+        "ramda": "0.29.0"
     },
     "devDependencies": {
         "@types/express": "4.17.17",
         "@types/node-fetch": "2.6.3",
         "@types/node-forge": "1.3.2",
         "@types/prompts": "2.4.4",
+        "@types/ramda": "0.29.1",
         "@types/uuid": "9.0.1",
         "@typescript-eslint/eslint-plugin": "5.59.2",
         "@typescript-eslint/parser": "5.59.2",
         "ava": "5.2.0",
-        "eslint": "8.39.0",
-        "nock": "13.3.1"
+        "eslint": "8.40.0",
+        "nock": "13.3.1",
+        "prettier": "2.8.8"
+    },
+    "peerDependencies": {
+        "@rollup/plugin-json": "6.0.0",
+        "@rollup/plugin-node-resolve": "15.0.2",
+        "@rollup/plugin-typescript": "11.1.0",
+        "chokidar": "3.5.3",
+        "commander": "10.0.1",
+        "node-forge": "1.3.1",
+        "prompts": "2.4.2",
+        "rollup": "3.21.5",
+        "typescript": "5.0.4",
+        "uuid": "9.0.0"
     },
     "ava": {
-        "extensions": [
-            "ts"
-        ],
-        "require": [
-            "ts-node/register"
-        ],
         "failFast": true,
         "verbose": true
     }

package/dist/src/cli/build.js

@@ -111,7 +111,9 @@ async function buildModule() {
     catch (e) {
         // On any other error, exit with a non-zero exit code
         logger_1.default.debug(e);
-        logger_1.default.error(e.message);
+        if (e instanceof Error) {
+            logger_1.default.error(e.message);
+        }
         process.exit(1);
     }
 }

package/dist/src/cli/dev.js

@@ -47,23 +47,38 @@ function default_1(program) {
         try {
             await webhook.deploy(code);
             logger_1.default.info(`Module deployed successfully`);
-            const moduleFiles = (0, path_1.resolve)(".", "**", "*.ts");
-            const watcher = (0, chokidar_1.watch)(moduleFiles);
-            const peprTS = (0, path_1.resolve)(".", "pepr.ts");
-            let program;
-            // Run the module once to start the server
-            runDev(peprTS);
+            const moduleFiles = [
+                (0, path_1.resolve)(".", "pepr.ts"),
+                (0, path_1.resolve)(".", "capabilities", "*.ts"),
+                (0, path_1.resolve)(".", "capabilities", "**", "*.ts"),
+            ];
+            const watcher = (0, chokidar_1.watch)(moduleFiles, {
+                awaitWriteFinish: {
+                    stabilityThreshold: 3000,
+                    pollInterval: 500,
+                },
+            });
             // Watch for changes
-            watcher.on("ready", () => {
+            watcher.on("ready", async () => {
+                let building = false;
+                // Run the module once to start the server
+                let program = await runDev();
                 logger_1.default.info(`Watching for changes in ${moduleFiles}`);
                 watcher.on("all", async (event, path) => {
                     logger_1.default.debug({ event, path }, "File changed");
-                    // Kill the running process
-                    if (program) {
-                        program.kill("SIGKILL");
+                    // If we're already building, skip this event
+                    if (building) {
+                        return;
                     }
-                    // Start the process again
-                    program = runDev(peprTS);
+                    // Set building to true
+                    building = true;
+                    // Don't start a new process until the old one exits
+                    program.once("exit", async () => {
+                        program = await runDev();
+                        building = false;
+                    });
+                    // Kill the running process
+                    program.kill();
                 });
             });
         }
@@ -74,9 +89,11 @@ function default_1(program) {
     });
 }
 exports.default = default_1;
-function runDev(path) {
+async function runDev() {
     try {
-        const program = (0, child_process_1.spawn)("./node_modules/.bin/ts-node", [path], {
+        const { path } = await (0, build_1.buildModule)();
+        logger_1.default.info(`Running module ${path}`);
+        const program = (0, child_process_1.fork)(path, {
             env: {
                 ...process.env,
                 LOG_LEVEL: "debug",
@@ -84,11 +101,6 @@ function runDev(path) {
                 SSL_CERT_PATH: "insecure-tls.crt",
             },
         });
-        program.stdout.on("data", data => console.log(data.toString()));
-        program.stderr.on("data", data => console.error(data.toString()));
-        program.on("close", code => {
-            logger_1.default.info(`Process exited with code ${code}`);
-        });
         return program;
     }
     catch (e) {

package/dist/src/cli/index.js

@@ -1,3 +1,4 @@
+#!/usr/bin/env node
 "use strict";
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors

package/dist/src/cli/init/index.js

@@ -70,7 +70,9 @@ function default_1(program) {
             }
             catch (e) {
                 logger_1.default.debug(e);
-                logger_1.default.error(e.message);
+                if (e instanceof Error) {
+                    logger_1.default.error(e.message);
+                }
                 process.exit(1);
             }
         }

package/dist/src/cli/init/templates.js

@@ -22,7 +22,8 @@ function genPkgJSON(opts, pgkVerOverride) {
     // Generate a name for the module based on the module name
     const name = (0, utils_1.sanitizeName)(opts.name);
     // Make typescript a dev dependency
-    const { typescript, "ts-node": tsNode } = package_json_1.dependencies;
+    const { typescript } = package_json_1.peerDependencies;
+    const { prettier } = package_json_1.devDependencies;
     const data = {
         name,
         version: "0.0.1",
@@ -47,8 +48,8 @@ function genPkgJSON(opts, pgkVerOverride) {
             pepr: pgkVerOverride || `${package_json_1.version}`,
         },
         devDependencies: {
+            prettier,
             typescript,
-            "ts-node": tsNode,
         },
     };
     return {

package/dist/src/cli/init/utils.js

@@ -31,7 +31,7 @@ async function createDir(dir) {
     }
     catch (err) {
         // The directory already exists
-        if (err.code === "EEXIST") {
+        if (err && err.code === "EEXIST") {
             throw new Error(`Directory ${dir} already exists`);
         }
         else {

package/dist/src/cli/init/walkthrough.js

@@ -35,7 +35,7 @@ function walkthrough() {
     const askErrorBehavior = {
         type: "select",
         name: "errorBehavior",
-        validate: val => types_1.ErrorBehavior[val],
+        validate: (val) => types_1.ErrorBehavior[val],
         message: "How do you want Pepr to handle errors encountered during K8s operations?",
         choices: [
             {

package/dist/src/cli/run.js

@@ -1,3 +1,4 @@
+#!/usr/bin/env node
 "use strict";
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
@@ -5,32 +6,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const commander_1 = require("commander");
+const child_process_1 = require("child_process");
 const crypto_1 = __importDefault(require("crypto"));
 const fs_1 = __importDefault(require("fs"));
 const zlib_1 = require("zlib");
 const package_json_1 = require("../../package.json");
 const logger_1 = __importDefault(require("../lib/logger"));
-commander_1.program
-    .version(package_json_1.version)
-    .description(`Pepr Kubernetes Runtime (v${package_json_1.version})`)
-    .argument("<hash>", "Hash of the module to run")
-    .option("-l, --log-level [level]", "Log level: debug, info, warn, error", "info")
-    .action((expectedHash, opts) => {
-    const gzPath = `/app/load/module-${expectedHash}.js.gz`;
-    const jsPath = `/app/module-${expectedHash}.js`;
-    // Require the has to be 64 characters long
-    if (expectedHash.length !== 64) {
+function validateHash(expectedHash) {
+    // Require the hash to be 64 characters long
+    if (!expectedHash || expectedHash.length !== 64) {
         logger_1.default.error("Invalid hash");
         process.exit(1);
     }
+}
+function runModule(expectedHash) {
+    const gzPath = `/app/load/module-${expectedHash}.js.gz`;
+    const jsPath = `/app/module-${expectedHash}.js`;
+    // Set the log level
+    logger_1.default.SetLogLevel("debug");
     // Check if the path is a valid file
     if (!fs_1.default.existsSync(gzPath)) {
         logger_1.default.error(`File not found: ${gzPath}`);
         process.exit(1);
     }
-    // Set the log level
-    logger_1.default.SetLogLevel(opts.logLevel);
     try {
         logger_1.default.info(`Loading module ${gzPath}`);
         // Extract the code from the file
@@ -47,12 +45,14 @@ commander_1.program
         // Write the code to a file
         fs_1.default.writeFileSync(jsPath, code);
         // Run the module
-        // @todo: evaluate vm (isolate) vs require
-        require(jsPath);
+        (0, child_process_1.fork)(jsPath);
     }
     catch (e) {
         logger_1.default.error(`Failed to decompress module: ${e}`);
         process.exit(1);
     }
-});
-commander_1.program.parse();
+}
+logger_1.default.info(`Pepr Controller (v${package_json_1.version})`);
+const hash = process.argv[2];
+validateHash(hash);
+runModule(hash);

package/dist/src/cli/update.js

@@ -48,7 +48,9 @@ function default_1(program) {
         }
         catch (e) {
             logger_1.default.debug(e);
-            logger_1.default.error(e.message);
+            if (e instanceof Error) {
+                logger_1.default.error(e.message);
+            }
             process.exit(1);
         }
     });

package/dist/src/lib/capability.js

@@ -56,7 +56,7 @@ class Capability {
                     labels: {},
                     annotations: {},
                 },
-                callback: () => null,
+                callback: () => undefined,
             };
             const prefix = `${this._name}: ${model.name}`;
             logger_1.default.info(`Binding created`, prefix);

package/dist/src/lib/controller.js

@@ -29,11 +29,19 @@ class Controller {
                 throw new Error("Cannot start Pepr module: Pepr module was not instantiated with deferStart=true");
             }
             // Create HTTPS server
-            https_1.default.createServer(options, this.app).listen(port, () => {
+            const server = https_1.default.createServer(options, this.app).listen(port, () => {
                 console.log(`Server listening on port ${port}`);
                 // Track that the server is running
                 this.running = true;
             });
+            // Listen for the SIGTERM signal and gracefully close the server
+            process.on("SIGTERM", () => {
+                console.log("Received SIGTERM, closing server");
+                server.close(() => {
+                    console.log("Server closed");
+                    process.exit(0);
+                });
+            });
         };
         this.logger = (req, res, next) => {
             const startTime = Date.now();

package/dist/src/lib/fetch.js

@@ -1,13 +1,36 @@
 "use strict";
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fetch = exports.fetchRaw = void 0;
 const http_status_codes_1 = require("http-status-codes");
-const node_fetch_1 = __importDefault(require("node-fetch"));
+const node_fetch_1 = __importStar(require("node-fetch"));
 exports.fetchRaw = node_fetch_1.default;
 const logger_1 = __importDefault(require("./logger"));
 /**
@@ -24,11 +47,11 @@ const logger_1 = __importDefault(require("./logger"));
  * @returns
  */
 async function fetch(url, init) {
+    let data = undefined;
     try {
         logger_1.default.debug(`Fetching ${url}`);
         const resp = await (0, node_fetch_1.default)(url, init);
         const contentType = resp.headers.get("content-type") || "";
-        let data;
         if (resp.ok) {
             // Parse the response as JSON if the content type is JSON
             if (contentType.includes("application/json")) {
@@ -47,12 +70,22 @@ async function fetch(url, init) {
         };
     }
     catch (e) {
-        logger_1.default.debug(`Fetch failed: ${e.message}`);
+        if (e instanceof node_fetch_1.FetchError) {
+            logger_1.default.debug(`Fetch failed: ${e instanceof Error ? e.message : e}`);
+            // Parse the error code from the FetchError or default to 400 (Bad Request)
+            const status = parseInt(e.code || "400");
+            return {
+                data,
+                ok: false,
+                status,
+                statusText: e.message,
+            };
+        }
         return {
-            data: null,
+            data,
             ok: false,
-            status: e.code || http_status_codes_1.StatusCodes.BAD_REQUEST,
-            statusText: e.message,
+            status: http_status_codes_1.StatusCodes.BAD_REQUEST,
+            statusText: "Unknown error",
         };
     }
 }

package/dist/src/lib/k8s/webhook.js

@@ -106,7 +106,7 @@ class Webhook {
         const { name } = this;
         const ignore = [peprIgnore];
         // Add any namespaces to ignore
-        if (this.config.alwaysIgnore.namespaces.length > 0) {
+        if (this.config.alwaysIgnore.namespaces && this.config.alwaysIgnore.namespaces.length > 0) {
             ignore.push({
                 key: "kubernetes.io/metadata.name",
                 operator: "NotIn",
@@ -193,7 +193,7 @@ class Webhook {
                                 name: "server",
                                 image: this.image,
                                 imagePullPolicy: "IfNotPresent",
-                                command: ["node", "/app/node_modules/pepr/dist/run.js", hash, "-l", "debug"],
+                                command: ["node", "/app/node_modules/pepr/dist/src/cli/run.js", hash],
                                 livenessProbe: {
                                     httpGet: {
                                         path: "/healthz",
@@ -386,7 +386,7 @@ class Webhook {
             await coreV1Api.readNamespace(namespace);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Creating namespace");
             await coreV1Api.createNamespace(ns);
         }
@@ -396,9 +396,9 @@ class Webhook {
             await admissionApi.createMutatingWebhookConfiguration(wh);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating mutating webhook");
-            await admissionApi.deleteMutatingWebhookConfiguration(wh.metadata.name);
+            await admissionApi.deleteMutatingWebhookConfiguration(wh.metadata?.name ?? "");
             await admissionApi.createMutatingWebhookConfiguration(wh);
         }
         // If a host is specified, we don't need to deploy the rest of the resources
@@ -408,10 +408,10 @@ class Webhook {
         const netpol = this.networkPolicy();
         try {
             logger_1.default.info("Checking for network policy");
-            await networkApi.readNamespacedNetworkPolicy(netpol.metadata.name, namespace);
+            await networkApi.readNamespacedNetworkPolicy(netpol.metadata?.name ?? "", namespace);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Creating network policy");
             await networkApi.createNamespacedNetworkPolicy(namespace, netpol);
         }
@@ -421,9 +421,9 @@ class Webhook {
             await rbacApi.createClusterRoleBinding(crb);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating cluster role binding");
-            await rbacApi.deleteClusterRoleBinding(crb.metadata.name);
+            await rbacApi.deleteClusterRoleBinding(crb.metadata?.name ?? "");
             await rbacApi.createClusterRoleBinding(crb);
         }
         const cr = this.clusterRole();
@@ -432,14 +432,14 @@ class Webhook {
             await rbacApi.createClusterRole(cr);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating  the cluster role");
             try {
-                await rbacApi.deleteClusterRole(cr.metadata.name);
+                await rbacApi.deleteClusterRole(cr.metadata?.name ?? "");
                 await rbacApi.createClusterRole(cr);
             }
             catch (e) {
-                logger_1.default.debug(e.body);
+                logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             }
         }
         const sa = this.serviceAccount();
@@ -448,9 +448,9 @@ class Webhook {
             await coreV1Api.createNamespacedServiceAccount(namespace, sa);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating service account");
-            await coreV1Api.deleteNamespacedServiceAccount(sa.metadata.name, namespace);
+            await coreV1Api.deleteNamespacedServiceAccount(sa.metadata?.name ?? "", namespace);
             await coreV1Api.createNamespacedServiceAccount(namespace, sa);
         }
         const mod = this.moduleSecret(code, hash);
@@ -459,9 +459,9 @@ class Webhook {
             await coreV1Api.createNamespacedSecret(namespace, mod);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating module secret");
-            await coreV1Api.deleteNamespacedSecret(mod.metadata.name, namespace);
+            await coreV1Api.deleteNamespacedSecret(mod.metadata?.name ?? "", namespace);
             await coreV1Api.createNamespacedSecret(namespace, mod);
         }
         const svc = this.service();
@@ -470,9 +470,9 @@ class Webhook {
             await coreV1Api.createNamespacedService(namespace, svc);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating service");
-            await coreV1Api.deleteNamespacedService(svc.metadata.name, namespace);
+            await coreV1Api.deleteNamespacedService(svc.metadata?.name ?? "", namespace);
             await coreV1Api.createNamespacedService(namespace, svc);
         }
         const tls = this.tlsSecret();
@@ -481,9 +481,9 @@ class Webhook {
             await coreV1Api.createNamespacedSecret(namespace, tls);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating TLS secret");
-            await coreV1Api.deleteNamespacedSecret(tls.metadata.name, namespace);
+            await coreV1Api.deleteNamespacedSecret(tls.metadata?.name ?? "", namespace);
             await coreV1Api.createNamespacedSecret(namespace, tls);
         }
         const dep = this.deployment(hash);
@@ -492,9 +492,9 @@ class Webhook {
             await appsApi.createNamespacedDeployment(namespace, dep);
         }
         catch (e) {
-            logger_1.default.debug(e.body);
+            logger_1.default.debug(e instanceof client_node_1.HttpError ? e.body : e);
             logger_1.default.info("Removing and re-creating deployment");
-            await appsApi.deleteNamespacedDeployment(dep.metadata.name, namespace);
+            await appsApi.deleteNamespacedDeployment(dep.metadata?.name ?? "", namespace);
             await appsApi.createNamespacedDeployment(namespace, dep);
         }
     }