pepr 0.51.6-nightly.3 → 0.51.6-nightly.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/build.d.ts.map +1 -1
- package/dist/cli/build.helpers.d.ts.map +1 -1
- package/dist/cli/deploy.d.ts +1 -1
- package/dist/cli/deploy.d.ts.map +1 -1
- package/dist/cli.js +229 -130
- package/dist/controller.js +1 -1
- package/dist/lib/assets/assets.d.ts +13 -2
- package/dist/lib/assets/assets.d.ts.map +1 -1
- package/dist/lib/assets/deploy.d.ts.map +1 -1
- package/dist/lib/assets/{envrionment.d.ts → environment.d.ts} +1 -1
- package/dist/lib/assets/environment.d.ts.map +1 -0
- package/dist/lib/assets/helm.d.ts +4 -3
- package/dist/lib/assets/helm.d.ts.map +1 -1
- package/dist/lib/assets/{pods.d.ts → k8sObjects.d.ts} +4 -2
- package/dist/lib/assets/k8sObjects.d.ts.map +1 -0
- package/dist/lib/assets/networking.d.ts +0 -2
- package/dist/lib/assets/networking.d.ts.map +1 -1
- package/dist/lib/assets/yaml/generateAllYaml.d.ts +8 -3
- package/dist/lib/assets/yaml/generateAllYaml.d.ts.map +1 -1
- package/dist/lib/assets/yaml/overridesFile.d.ts +4 -1
- package/dist/lib/assets/yaml/overridesFile.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/cli/build.helpers.ts +17 -2
- package/src/cli/build.ts +27 -39
- package/src/cli/deploy.ts +13 -13
- package/src/lib/assets/assets.ts +81 -22
- package/src/lib/assets/deploy.ts +26 -12
- package/src/lib/assets/helm.ts +31 -3
- package/src/lib/assets/{pods.ts → k8sObjects.ts} +69 -22
- package/src/lib/assets/networking.ts +0 -52
- package/src/lib/assets/yaml/generateAllYaml.ts +38 -11
- package/src/lib/assets/yaml/overridesFile.ts +4 -1
- package/src/templates/tsconfig.module.json +2 -2
- package/dist/lib/assets/envrionment.d.ts.map +0 -1
- package/dist/lib/assets/pods.d.ts.map +0 -1
- /package/src/lib/assets/{envrionment.ts → environment.ts} +0 -0
package/dist/controller.js
CHANGED
|
@@ -50,7 +50,7 @@ if (process.env.LOG_LEVEL) {
|
|
|
50
50
|
var logger_default = Log;
|
|
51
51
|
|
|
52
52
|
// src/templates/data.json
|
|
53
|
-
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, files: ["/dist", "/src", "!src/**/*.test.ts", "!src/fixtures/**", "!dist/**/*.test.d.ts*"], version: "0.51.6-nightly.
|
|
53
|
+
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, files: ["/dist", "/src", "!src/**/*.test.ts", "!src/fixtures/**", "!dist/**/*.test.d.ts*"], version: "0.51.6-nightly.5", main: "dist/lib.js", types: "dist/lib.d.ts", scripts: { ci: "npm ci", "gen-data-json": "node hack/build-template-data.js", prebuild: "rm -fr dist/* && npm run gen-data-json", build: "tsc -p config/tsconfig.root.json && node build.mjs && npm pack", "build:image": "npm run build && docker buildx build --output type=docker --tag pepr:dev .", "build:image:unicorn": "npm run build && docker buildx build --output type=docker --tag pepr/private:dev $(node scripts/read-unicorn-build-args.mjs) .", "set:version": "node scripts/set-version.js", test: "npm run test:unit && npm run test:journey && npm run test:journey-wasm", "test:artifacts": "npm run build && vitest run src/build-artifact.test.ts", "test:docs": "vitest run --config=config/vitest.integration.config.ts integration/cli/docs/*.test.ts", "test:integration": "npm run test:integration:prep && npm run test:integration:run", "test:integration:prep": "./integration/prep.sh", "test:integration:run": "vitest run --config=config/vitest.integration.config.ts integration", "test:journey": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run", "test:journey-wasm": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run-wasm", "test:journey-wasm:unicorn": "npm run test:journey:k3d && npm run build && npm run test:journey:image:unicorn && npm run test:journey:run-wasm", "test:journey:image": "docker buildx build --output type=docker --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev", "test:journey:image:unicorn": "npm run build && docker buildx build --output type=docker --tag pepr/private:dev $(node scripts/read-unicorn-build-args.mjs) . && k3d image import pepr/private:dev -c pepr-dev", "test:journey:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0' --wait && kubectl rollout status deployment -n kube-system", "test:journey:run": "vitest run --config=config/vitest.journey.config.ts journey/entrypoint.test.ts && npm run test:journey:upgrade", "test:journey:run-wasm": "vitest run --config=config/vitest.journey.config.ts journey/entrypoint-wasm.test.ts", "test:journey:unicorn": "npm run test:journey:k3d && npm run test:journey:image:unicorn && npm run test:journey:run", "format:check": "npm run format:src && npm run format:tests && npm run format:markdown && npm run format:integration && npm run format:prettier -- --check", "format:fix": "npm run format:src -- --fix && npm run format:markdown -- --fix && npm run format:integration -- --fix && npm run format:prettier -- --write", "format:integration": "eslint --config config/eslint.integration.config.mjs integration/cli integration/helpers", "format:markdown": 'npx -y markdownlint-cli --config config/.markdownlint.json --ignore adr --ignore integration/testroot --ignore pepr-test-module --ignore pepr-upgrade-test --ignore node_modules "**/*.md"', "format:prettier": "prettier --config config/.prettierrc src integration/cli/**/*.ts integration/helpers/**/*.ts", "format:src": "eslint --config config/eslint.root.config.mjs 'src/**/*.ts' --ignore-pattern '**/*.test.ts' --ignore-pattern 'src/templates/**'", "format:tests": "eslint --config config/eslint.test.config.mjs 'src/**/*.test.ts'", "test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && vitest run --config=config/vitest.journey.config.ts journey/pepr-upgrade.test.ts", "test:unit": "npm run gen-data-json && NODE_OPTIONS=--no-deprecation vitest --config config/vitest.root.config.ts run --coverage", prepare: `if [ "$NODE_ENV" != 'production' ]; then husky; fi` }, dependencies: { "@types/ramda": "0.30.2", commander: "14.0.0", express: "5.1.0", "fast-json-patch": "3.1.1", heredoc: "^1.3.1", "http-status-codes": "^2.3.0", "json-pointer": "^0.6.2", "kubernetes-fluent-client": "3.8.0", pino: "9.7.0", "pino-pretty": "13.0.0", "prom-client": "15.1.3", ramda: "0.31.3", sigstore: "3.1.0", "ts-morph": "^26.0.0" }, devDependencies: { "@commitlint/cli": "19.8.1", "@commitlint/config-conventional": "19.8.1", "@fast-check/vitest": "^0.2.1", "@types/eslint": "9.6.1", "@types/express": "5.0.3", "@types/json-pointer": "^1.0.34", "@types/node": "24.x.x", "@types/node-forge": "1.3.12", "@types/uuid": "10.0.0", "@types/ws": "^8.18.1", "@vitest/coverage-v8": "^3.2.3", "fast-check": "^4.0.0", globals: "^16.0.0", husky: "^9.1.6", "js-yaml": "^4.1.0", shellcheck: "^3.0.0", tsx: "^4.20.3", undici: "^7.0.1", vitest: "^3.2.3" }, overrides: { glob: "^9.0.0", "brace-expansion": "1.1.11" }, peerDependencies: { "@types/prompts": "2.4.9", "@typescript-eslint/eslint-plugin": "8.33.0", "@typescript-eslint/parser": "8.33.0", esbuild: "0.25.5", eslint: "^9.26.0", "node-forge": "1.3.1", prettier: "3.5.3", prompts: "2.4.2", typescript: "5.8.3", uuid: "11.1.0" } };
|
|
54
54
|
|
|
55
55
|
// src/lib/k8s.ts
|
|
56
56
|
var import_kubernetes_fluent_client = require("kubernetes-fluent-client");
|
|
@@ -5,6 +5,9 @@ import { WebhookIgnore } from "../k8s";
|
|
|
5
5
|
import { V1Deployment, V1MutatingWebhookConfiguration, V1ValidatingWebhookConfiguration } from "@kubernetes/client-node/dist/gen";
|
|
6
6
|
import { WebhookType } from "../enums";
|
|
7
7
|
import { kind } from "kubernetes-fluent-client";
|
|
8
|
+
export declare function norWatchOrAdmission(capabilities: CapabilityExport[]): boolean;
|
|
9
|
+
export declare function isAdmission(capabilities: CapabilityExport[]): boolean;
|
|
10
|
+
export declare function isWatcher(capabilities: CapabilityExport[]): boolean;
|
|
8
11
|
export declare class Assets {
|
|
9
12
|
readonly name: string;
|
|
10
13
|
readonly tls: TLSOut;
|
|
@@ -22,9 +25,17 @@ export declare class Assets {
|
|
|
22
25
|
zarfYaml: (zarfYamlGenerator: (assets: Assets, path: string, type: "manifests" | "charts") => string, path: string) => string;
|
|
23
26
|
zarfYamlChart: (zarfYamlGenerator: (assets: Assets, path: string, type: "manifests" | "charts") => string, path: string) => string;
|
|
24
27
|
allYaml: (yamlGenerationFunction: (assets: Assets, deployments: {
|
|
25
|
-
|
|
28
|
+
admission: V1Deployment | null;
|
|
26
29
|
watch: V1Deployment | null;
|
|
27
|
-
}
|
|
30
|
+
}, services: {
|
|
31
|
+
admission: kind.Service | null;
|
|
32
|
+
watch: kind.Service | null;
|
|
33
|
+
}) => Promise<string>, getControllerManifests: {
|
|
34
|
+
getDeploymentFunction: (assets: Assets, hash: string, buildTimestamp: string, imagePullSecret?: string) => kind.Deployment | null;
|
|
35
|
+
getWatcherFunction: (assets: Assets, hash: string, buildTimestamp: string, imagePullSecret?: string) => kind.Deployment | null;
|
|
36
|
+
getServiceFunction: (name: string, assets: Assets) => kind.Service | null;
|
|
37
|
+
getWatcherServiceFunction: (name: string, assets: Assets) => kind.Service | null;
|
|
38
|
+
}, imagePullSecret?: string) => Promise<string>;
|
|
28
39
|
writeWebhookFiles: (validateWebhook: V1MutatingWebhookConfiguration | V1ValidatingWebhookConfiguration | null, mutateWebhook: V1MutatingWebhookConfiguration | V1ValidatingWebhookConfiguration | null, helm: Record<string, Record<string, string>>) => Promise<void>;
|
|
29
40
|
generateHelmChart: (webhookGeneratorFunction: (assets: Assets, mutateOrValidate: WebhookType, timeoutSeconds: number | undefined) => Promise<V1MutatingWebhookConfiguration | V1ValidatingWebhookConfiguration | null>, getWatcherFunction: (assets: Assets, hash: string, buildTimestamp: string, imagePullSecret?: string) => kind.Deployment | null, getModuleSecretFunction: (name: string, data: Buffer, hash: string) => kind.Secret, basePath: string) => Promise<void>;
|
|
30
41
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/assets.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,MAAM,EAAU,MAAM,QAAQ,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/assets.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,MAAM,EAAU,MAAM,QAAQ,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAUvC,OAAO,EACL,YAAY,EACZ,8BAA8B,EAC9B,gCAAgC,EACjC,MAAM,kCAAkC,CAAC;AAS1C,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAEhD,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAE7E;AACD,wBAAgB,WAAW,CAAC,YAAY,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAUrE;AACD,wBAAgB,SAAS,CAAC,YAAY,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAanE;AAED,qBAAa,MAAM;IACjB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,YAAY,EAAG,aAAa,CAAC;IACtC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,EAAG,gBAAgB,EAAE,CAAC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBAEX,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,EAAE,MAAM;IAiBnF,MAAM,CACV,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,EACzF,KAAK,EAAE,OAAO,EACd,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,IAAI,CAAC;IAQhB,QAAQ,GACN,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,QAAQ,KAAK,MAAM,EACzF,MAAM,MAAM,KACX,MAAM,CAA+C;IAExD,aAAa,GACX,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,QAAQ,KAAK,MAAM,EACzF,MAAM,MAAM,KACX,MAAM,CAA4C;IAErD,OAAO,GACL,wBAAwB,CACtB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE;QAAE,SAAS,EAAE,YAAY,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAA;KAAE,EAC3E,QAAQ,EAAE;QAAE,SAAS,EAAE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;KAAE,KACrE,OAAO,CAAC,MAAM,CAAC,EACpB,wBAAwB;QACtB,qBAAqB,EAAE,CACrB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,KACrB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,kBAAkB,EAAE,CAClB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,KACrB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,kBAAkB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAC1E,yBAAyB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;KAClF,EACD,kBAAkB,MAAM,KACvB,OAAO,CAAC,MAAM,CAAC,CAuChB;IAEF,iBAAiB,GACf,iBAAiB,8BAA8B,GAAG,gCAAgC,GAAG,IAAI,EACzF,eAAe,8BAA8B,GAAG,gCAAgC,GAAG,IAAI,EACvF,MAAM,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,KAC3C,OAAO,CAAC,IAAI,CAAC,CAgCd;IAEF,iBAAiB,GACf,0BAA0B,CACxB,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,WAAW,EAC7B,cAAc,EAAE,MAAM,GAAG,SAAS,KAC/B,OAAO,CAAC,8BAA8B,GAAG,gCAAgC,GAAG,IAAI,CAAC,EACtF,oBAAoB,CAClB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,KACrB,IAAI,CAAC,UAAU,GAAG,IAAI,EAC3B,yBAAyB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC,MAAM,EAClF,UAAU,MAAM,KACf,OAAO,CAAC,IAAI,CAAC,CA6Fd;CACH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/deploy.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/deploy.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,EAAoC,MAAM,UAAU,CAAC;AAoBpE,OAAO,EAAoB,eAAe,EAAE,MAAM,UAAU,CAAC;AAG7D,wBAAsB,qBAAqB,CACzC,eAAe,EAAE,eAAe,EAChC,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CA0Bf;AA0BD,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,OAAO,EACd,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CAwBf"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import { V1EnvVar } from "@kubernetes/client-node";
|
|
2
2
|
import { ModuleConfig } from "../types";
|
|
3
3
|
export declare function genEnv(config: ModuleConfig, watchMode?: boolean, ignoreWatchMode?: boolean): V1EnvVar[];
|
|
4
|
-
//# sourceMappingURL=
|
|
4
|
+
//# sourceMappingURL=environment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/environment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,wBAAgB,MAAM,CACpB,MAAM,EAAE,YAAY,EACpB,SAAS,UAAQ,EACjB,eAAe,UAAQ,GACtB,QAAQ,EAAE,CAkBZ"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
+
type ControllerType = "admission" | "watcher";
|
|
1
2
|
export declare function clusterRoleTemplate(): string;
|
|
2
3
|
export declare function namespaceTemplate(): string;
|
|
3
4
|
export declare function chartYaml(name: string, description?: string): string;
|
|
4
|
-
export declare function watcherDeployTemplate(buildTimestamp: string): string;
|
|
5
|
-
export declare function admissionDeployTemplate(buildTimestamp: string): string;
|
|
6
|
-
type ControllerType = "admission" | "watcher";
|
|
5
|
+
export declare function watcherDeployTemplate(buildTimestamp: string, type: ControllerType): string;
|
|
6
|
+
export declare function admissionDeployTemplate(buildTimestamp: string, type: ControllerType): string;
|
|
7
7
|
export declare function serviceMonitorTemplate(name: string, type: ControllerType): string;
|
|
8
|
+
export declare function serviceTemplate(name: string, type: ControllerType): string;
|
|
8
9
|
export {};
|
|
9
10
|
//# sourceMappingURL=helm.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"helm.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/helm.ts"],"names":[],"mappings":"AAGA,wBAAgB,mBAAmB,IAAI,MAAM,CAY5C;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAe1C;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CA2BpE;AAED,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"helm.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/helm.ts"],"names":[],"mappings":"AAGA,KAAK,cAAc,GAAG,WAAW,GAAG,SAAS,CAAC;AAE9C,wBAAgB,mBAAmB,IAAI,MAAM,CAY5C;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAe1C;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CA2BpE;AAED,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,MAAM,CAgG1F;AAED,wBAAgB,uBAAuB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,MAAM,CAoH5F;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,MAAM,CA0BjF;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,MAAM,CAoB1E"}
|
|
@@ -4,6 +4,8 @@ import { Assets } from "./assets";
|
|
|
4
4
|
/** Generate the pepr-system namespace */
|
|
5
5
|
export declare function getNamespace(namespaceLabels?: Record<string, string>): KubernetesObject;
|
|
6
6
|
export declare function getWatcher(assets: Assets, hash: string, buildTimestamp: string, imagePullSecret?: string): kind.Deployment | null;
|
|
7
|
-
export declare function getDeployment(assets: Assets, hash: string, buildTimestamp: string, imagePullSecret?: string): kind.Deployment;
|
|
7
|
+
export declare function getDeployment(assets: Assets, hash: string, buildTimestamp: string, imagePullSecret?: string): kind.Deployment | null;
|
|
8
8
|
export declare function getModuleSecret(name: string, data: Buffer, hash: string): kind.Secret;
|
|
9
|
-
|
|
9
|
+
export declare function service(name: string, assets: Assets): kind.Service | null;
|
|
10
|
+
export declare function watcherService(name: string, assets: Assets): kind.Service | null;
|
|
11
|
+
//# sourceMappingURL=k8sObjects.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"k8sObjects.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/k8sObjects.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGhD,OAAO,EAAE,MAAM,EAA+C,MAAM,UAAU,CAAC;AAG/E,yCAAyC;AACzC,wBAAgB,YAAY,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,gBAAgB,CAmBvF;AAED,wBAAgB,UAAU,CACxB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,GACvB,IAAI,CAAC,UAAU,GAAG,IAAI,CA2IxB;AAED,wBAAgB,aAAa,CAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,GACvB,IAAI,CAAC,UAAU,GAAG,IAAI,CAmJxB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAsBrF;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,CA2BzE;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,CA2BhF"}
|
|
@@ -2,6 +2,4 @@ import { kind } from "kubernetes-fluent-client";
|
|
|
2
2
|
import { TLSOut } from "../tls";
|
|
3
3
|
export declare function apiPathSecret(name: string, apiPath: string): kind.Secret;
|
|
4
4
|
export declare function tlsSecret(name: string, tls: TLSOut): kind.Secret;
|
|
5
|
-
export declare function service(name: string): kind.Service;
|
|
6
|
-
export declare function watcherService(name: string): kind.Service;
|
|
7
5
|
//# sourceMappingURL=networking.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"networking.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/networking.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAaxE;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAchE
|
|
1
|
+
{"version":3,"file":"networking.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/networking.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAaxE;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAchE"}
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
import { Assets } from "../assets";
|
|
2
|
-
import { V1Deployment } from "@kubernetes/client-node";
|
|
2
|
+
import { V1Deployment, V1Service, KubernetesObject } from "@kubernetes/client-node";
|
|
3
3
|
type deployments = {
|
|
4
|
-
|
|
4
|
+
admission: V1Deployment | null;
|
|
5
5
|
watch: V1Deployment | null;
|
|
6
6
|
};
|
|
7
|
-
|
|
7
|
+
type services = {
|
|
8
|
+
admission: V1Service | null;
|
|
9
|
+
watch: V1Service | null;
|
|
10
|
+
};
|
|
11
|
+
export declare function pushControllerManifests(resources: KubernetesObject[], deployments: deployments, services: services): KubernetesObject[];
|
|
12
|
+
export declare function generateAllYaml(assets: Assets, deployments: deployments, services: services): Promise<string>;
|
|
8
13
|
export {};
|
|
9
14
|
//# sourceMappingURL=generateAllYaml.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateAllYaml.d.ts","sourceRoot":"","sources":["../../../../src/lib/assets/yaml/generateAllYaml.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAUnC,OAAO,EAAY,YAAY,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"generateAllYaml.d.ts","sourceRoot":"","sources":["../../../../src/lib/assets/yaml/generateAllYaml.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAUnC,OAAO,EAAY,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAK9F,KAAK,WAAW,GAAG;IAAE,SAAS,EAAE,YAAY,GAAG,IAAI,CAAC;IAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAA;CAAE,CAAC;AAClF,KAAK,QAAQ,GAAG;IACd,SAAS,EAAE,SAAS,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,SAAS,GAAG,IAAI,CAAC;CACzB,CAAC;AAEF,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,gBAAgB,EAAE,EAC7B,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,GACjB,gBAAgB,EAAE,CAcpB;AAED,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,MAAM,CAAC,CAqCjB"}
|
|
@@ -7,5 +7,8 @@ export type ChartOverrides = {
|
|
|
7
7
|
name: string;
|
|
8
8
|
image: string;
|
|
9
9
|
};
|
|
10
|
-
export declare function overridesFile({ hash, name, image, config, apiPath, capabilities }: ChartOverrides, path: string, imagePullSecrets: string[]
|
|
10
|
+
export declare function overridesFile({ hash, name, image, config, apiPath, capabilities }: ChartOverrides, path: string, imagePullSecrets: string[], controllerType?: {
|
|
11
|
+
admission: boolean;
|
|
12
|
+
watcher: boolean;
|
|
13
|
+
}): Promise<void>;
|
|
11
14
|
//# sourceMappingURL=overridesFile.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"overridesFile.d.ts","sourceRoot":"","sources":["../../../../src/lib/assets/yaml/overridesFile.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAK7D,MAAM,MAAM,cAAc,GAAG;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,wBAAsB,aAAa,CACjC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,cAAc,EACpE,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"overridesFile.d.ts","sourceRoot":"","sources":["../../../../src/lib/assets/yaml/overridesFile.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAK7D,MAAM,MAAM,cAAc,GAAG;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,wBAAsB,aAAa,CACjC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,cAAc,EACpE,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,EAAE,EAC1B,cAAc,GAAE;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAuC,GAC5F,OAAO,CAAC,IAAI,CAAC,CAkKf"}
|
package/package.json
CHANGED
package/src/cli/build.helpers.ts
CHANGED
|
@@ -11,7 +11,13 @@ import { promises as fs } from "fs";
|
|
|
11
11
|
import { generateAllYaml } from "../lib/assets/yaml/generateAllYaml";
|
|
12
12
|
import { webhookConfigGenerator } from "../lib/assets/webhooks";
|
|
13
13
|
import { generateZarfYamlGeneric } from "../lib/assets/yaml/generateZarfYaml";
|
|
14
|
-
import {
|
|
14
|
+
import {
|
|
15
|
+
getDeployment,
|
|
16
|
+
getModuleSecret,
|
|
17
|
+
getWatcher,
|
|
18
|
+
service,
|
|
19
|
+
watcherService,
|
|
20
|
+
} from "../lib/assets/k8sObjects";
|
|
15
21
|
|
|
16
22
|
interface ImageOptions {
|
|
17
23
|
customImage?: string;
|
|
@@ -193,7 +199,16 @@ export async function generateYamlAndWriteToDisk(obj: {
|
|
|
193
199
|
const chartPath = `${uuid}-chart`;
|
|
194
200
|
const yamlPath = resolve(outputDir, yamlFile);
|
|
195
201
|
try {
|
|
196
|
-
const yaml = await assets.allYaml(
|
|
202
|
+
const yaml = await assets.allYaml(
|
|
203
|
+
generateAllYaml,
|
|
204
|
+
{
|
|
205
|
+
getDeploymentFunction: getDeployment,
|
|
206
|
+
getWatcherFunction: getWatcher,
|
|
207
|
+
getServiceFunction: service,
|
|
208
|
+
getWatcherServiceFunction: watcherService,
|
|
209
|
+
},
|
|
210
|
+
imagePullSecret,
|
|
211
|
+
);
|
|
197
212
|
const zarfPath = resolve(outputDir, "zarf.yaml");
|
|
198
213
|
|
|
199
214
|
let localZarf = "";
|
package/src/cli/build.ts
CHANGED
|
@@ -68,67 +68,55 @@ export default function (program: RootCmd): void {
|
|
|
68
68
|
program
|
|
69
69
|
.command("build")
|
|
70
70
|
.description("Build a Pepr Module for deployment")
|
|
71
|
-
.
|
|
72
|
-
|
|
73
|
-
"-n, --no-embed",
|
|
74
|
-
"Disables embedding of deployment files into output module. Useful when creating library modules intended solely for reuse/distribution via NPM.",
|
|
71
|
+
.addOption(
|
|
72
|
+
new Option("-M, --rbac-mode <admin|scoped>", "Set RBAC mode.").choices(["admin", "scoped"]),
|
|
75
73
|
)
|
|
76
74
|
.addOption(
|
|
77
75
|
new Option(
|
|
78
|
-
"-
|
|
79
|
-
"
|
|
80
|
-
).conflicts(["
|
|
76
|
+
"-I, --registry-info <registry/username>",
|
|
77
|
+
"Provide the image registry and username for building and pushing a custom WASM container. Requires authentication. Conflicts with --custom-image and --registry. Builds and pushes `'<registry/username>/custom-pepr-controller:<current-version>'`.",
|
|
78
|
+
).conflicts(["customImage", "registry"]),
|
|
81
79
|
)
|
|
80
|
+
.option("-P, --with-pull-secret <name>", "Use image pull secret for controller Deployment.", "")
|
|
82
81
|
.addOption(
|
|
83
82
|
new Option(
|
|
84
|
-
"-
|
|
85
|
-
"
|
|
86
|
-
)
|
|
83
|
+
"-c, --custom-name <name>",
|
|
84
|
+
"Set name for zarf component and service monitors in helm charts.",
|
|
85
|
+
),
|
|
87
86
|
)
|
|
88
|
-
|
|
89
|
-
.
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
87
|
+
.option("-e, --entry-point <file>", "Specify the entry point file to build with.", peprTS)
|
|
88
|
+
.addOption(
|
|
89
|
+
new Option(
|
|
90
|
+
"-i, --custom-image <image>",
|
|
91
|
+
"Specify a custom image with version for deployments. Conflicts with --registry-info and --registry. Example: 'docker.io/username/custom-pepr-controller:v1.0.0'",
|
|
92
|
+
).conflicts(["registryInfo", "registry"]),
|
|
94
93
|
)
|
|
95
94
|
.option(
|
|
96
|
-
"--
|
|
97
|
-
"
|
|
98
|
-
"",
|
|
95
|
+
"-n, --no-embed",
|
|
96
|
+
"Disable embedding of deployment files into output module. Useful when creating library modules intended solely for reuse/distribution via NPM.",
|
|
99
97
|
)
|
|
100
|
-
|
|
98
|
+
.option("-o, --output <directory>", "Set output directory.")
|
|
101
99
|
.addOption(
|
|
102
100
|
new Option(
|
|
103
|
-
"--registry <GitHub|Iron Bank>",
|
|
104
|
-
"Container registry: Choose container registry for deployment manifests.
|
|
101
|
+
"-r, --registry <GitHub|Iron Bank>",
|
|
102
|
+
"Container registry: Choose container registry for deployment manifests. Conflicts with --custom-image and --registry-info.",
|
|
105
103
|
)
|
|
106
104
|
.conflicts(["customImage", "registryInfo"])
|
|
107
105
|
.choices(["GitHub", "Iron Bank"]),
|
|
108
106
|
)
|
|
109
|
-
|
|
107
|
+
.option(
|
|
108
|
+
"-t, --timeout <seconds>",
|
|
109
|
+
"How long the API server should wait for a webhook to respond before treating the call as a failure.",
|
|
110
|
+
parseTimeout,
|
|
111
|
+
)
|
|
110
112
|
.addOption(
|
|
111
|
-
new Option(
|
|
112
|
-
"-z, --zarf [manifest|chart]",
|
|
113
|
-
"Zarf package type: manifest, chart (default: manifest)",
|
|
114
|
-
)
|
|
113
|
+
new Option("-z, --zarf <manifest|chart>", "Set Zarf package type")
|
|
115
114
|
.choices(["manifest", "chart"])
|
|
116
115
|
.default("manifest"),
|
|
117
116
|
)
|
|
118
|
-
.addOption(
|
|
119
|
-
new Option("--rbac-mode [admin|scoped]", "Rbac Mode: admin, scoped (default: admin)").choices(
|
|
120
|
-
["admin", "scoped"],
|
|
121
|
-
),
|
|
122
|
-
)
|
|
123
|
-
.addOption(
|
|
124
|
-
new Option(
|
|
125
|
-
"--custom-name [name]",
|
|
126
|
-
"Specify a custom name for zarf component and service monitors in helm charts.",
|
|
127
|
-
),
|
|
128
|
-
)
|
|
129
117
|
.action(async opts => {
|
|
130
118
|
// assign custom output directory if provided
|
|
131
|
-
outputDir = await handleCustomOutputDir(opts.
|
|
119
|
+
outputDir = await handleCustomOutputDir(opts.output);
|
|
132
120
|
|
|
133
121
|
// Build the module
|
|
134
122
|
const buildModuleResult = await buildModule(undefined, opts.entryPoint, opts.embed);
|
package/src/cli/deploy.ts
CHANGED
|
@@ -79,19 +79,19 @@ function generateImagePullSecret(details: ValidatedImagePullSecretDetails): Imag
|
|
|
79
79
|
};
|
|
80
80
|
}
|
|
81
81
|
|
|
82
|
-
export async function getUserConfirmation(opts: {
|
|
83
|
-
if (opts.
|
|
82
|
+
export async function getUserConfirmation(opts: { yes: boolean }): Promise<boolean> {
|
|
83
|
+
if (opts.yes) {
|
|
84
84
|
return true;
|
|
85
85
|
}
|
|
86
86
|
|
|
87
87
|
// Prompt the user to confirm
|
|
88
|
-
const
|
|
88
|
+
const confirmation = await prompt({
|
|
89
89
|
type: "confirm",
|
|
90
|
-
name: "
|
|
90
|
+
name: "yes",
|
|
91
91
|
message: "This will remove and redeploy the module. Continue?",
|
|
92
92
|
});
|
|
93
93
|
|
|
94
|
-
return
|
|
94
|
+
return confirmation.yes ? true : false;
|
|
95
95
|
}
|
|
96
96
|
|
|
97
97
|
async function buildAndDeployModule(image: string, force: boolean): Promise<void> {
|
|
@@ -130,14 +130,14 @@ export default function (program: RootCmd): void {
|
|
|
130
130
|
program
|
|
131
131
|
.command("deploy")
|
|
132
132
|
.description("Deploy a Pepr Module")
|
|
133
|
-
.option("-
|
|
134
|
-
.option("--
|
|
135
|
-
.option("--
|
|
136
|
-
.option("--docker-
|
|
137
|
-
.option("
|
|
138
|
-
.option("
|
|
139
|
-
.option("--
|
|
140
|
-
.option("--
|
|
133
|
+
.option("-E, --docker-email <email>", "Email for Docker registry.")
|
|
134
|
+
.option("-P, --docker-password <password>", "Password for Docker registry.")
|
|
135
|
+
.option("-S, --docker-server <server>", "Docker server address.")
|
|
136
|
+
.option("-U, --docker-username <username>", "Docker registry username.")
|
|
137
|
+
.option("-f, --force", "Force deploy the module, override manager field.")
|
|
138
|
+
.option("-i, --image <image>", "Override the image tag.")
|
|
139
|
+
.option("-p, --pull-secret <name>", "Deploy imagePullSecret for Controller private registry.")
|
|
140
|
+
.option("-y, --yes", "Skip confirmation prompts.")
|
|
141
141
|
.action(async opts => {
|
|
142
142
|
const valResp = validateImagePullSecretDetails(opts);
|
|
143
143
|
if (!valResp.valid) {
|
package/src/lib/assets/assets.ts
CHANGED
|
@@ -8,6 +8,7 @@ import {
|
|
|
8
8
|
namespaceTemplate,
|
|
9
9
|
clusterRoleTemplate,
|
|
10
10
|
admissionDeployTemplate,
|
|
11
|
+
serviceTemplate,
|
|
11
12
|
serviceMonitorTemplate,
|
|
12
13
|
watcherDeployTemplate,
|
|
13
14
|
} from "./helm";
|
|
@@ -23,10 +24,39 @@ import { loadCapabilities } from "./loader";
|
|
|
23
24
|
import { namespaceComplianceValidator, dedent } from "../helpers";
|
|
24
25
|
import { promises as fs } from "fs";
|
|
25
26
|
import { storeRole, storeRoleBinding, clusterRoleBinding, serviceAccount } from "./rbac";
|
|
26
|
-
import {
|
|
27
|
+
import { tlsSecret, apiPathSecret } from "./networking";
|
|
27
28
|
import { WebhookType } from "../enums";
|
|
28
29
|
import { kind } from "kubernetes-fluent-client";
|
|
29
30
|
|
|
31
|
+
export function norWatchOrAdmission(capabilities: CapabilityExport[]): boolean {
|
|
32
|
+
return !isAdmission(capabilities) && !isWatcher(capabilities);
|
|
33
|
+
}
|
|
34
|
+
export function isAdmission(capabilities: CapabilityExport[]): boolean {
|
|
35
|
+
for (const capability of capabilities) {
|
|
36
|
+
const admissionBindings = capability.bindings.filter(
|
|
37
|
+
binding => binding.isFinalize || binding.isMutate || binding.isValidate,
|
|
38
|
+
);
|
|
39
|
+
if (admissionBindings.length > 0) {
|
|
40
|
+
return true;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
return false;
|
|
44
|
+
}
|
|
45
|
+
export function isWatcher(capabilities: CapabilityExport[]): boolean {
|
|
46
|
+
for (const capability of capabilities) {
|
|
47
|
+
if (capability.hasSchedule) {
|
|
48
|
+
return true;
|
|
49
|
+
}
|
|
50
|
+
const watcherBindings = capability.bindings.filter(
|
|
51
|
+
binding => binding.isFinalize || binding.isWatch || binding.isQueue,
|
|
52
|
+
);
|
|
53
|
+
if (watcherBindings.length > 0) {
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
59
|
+
|
|
30
60
|
export class Assets {
|
|
31
61
|
readonly name: string;
|
|
32
62
|
readonly tls: TLSOut;
|
|
@@ -82,20 +112,25 @@ export class Assets {
|
|
|
82
112
|
allYaml = async (
|
|
83
113
|
yamlGenerationFunction: (
|
|
84
114
|
assets: Assets,
|
|
85
|
-
deployments: {
|
|
115
|
+
deployments: { admission: V1Deployment | null; watch: V1Deployment | null },
|
|
116
|
+
services: { admission: kind.Service | null; watch: kind.Service | null },
|
|
86
117
|
) => Promise<string>,
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
118
|
+
getControllerManifests: {
|
|
119
|
+
getDeploymentFunction: (
|
|
120
|
+
assets: Assets,
|
|
121
|
+
hash: string,
|
|
122
|
+
buildTimestamp: string,
|
|
123
|
+
imagePullSecret?: string,
|
|
124
|
+
) => kind.Deployment | null;
|
|
125
|
+
getWatcherFunction: (
|
|
126
|
+
assets: Assets,
|
|
127
|
+
hash: string,
|
|
128
|
+
buildTimestamp: string,
|
|
129
|
+
imagePullSecret?: string,
|
|
130
|
+
) => kind.Deployment | null;
|
|
131
|
+
getServiceFunction: (name: string, assets: Assets) => kind.Service | null;
|
|
132
|
+
getWatcherServiceFunction: (name: string, assets: Assets) => kind.Service | null;
|
|
133
|
+
},
|
|
99
134
|
imagePullSecret?: string,
|
|
100
135
|
): Promise<string> => {
|
|
101
136
|
this.capabilities = await loadCapabilities(this.path);
|
|
@@ -116,11 +151,26 @@ export class Assets {
|
|
|
116
151
|
const moduleHash = crypto.createHash("sha256").update(code).digest("hex");
|
|
117
152
|
|
|
118
153
|
const deployments = {
|
|
119
|
-
|
|
120
|
-
|
|
154
|
+
admission: getControllerManifests.getDeploymentFunction(
|
|
155
|
+
this,
|
|
156
|
+
moduleHash,
|
|
157
|
+
this.buildTimestamp,
|
|
158
|
+
imagePullSecret,
|
|
159
|
+
),
|
|
160
|
+
watch: getControllerManifests.getWatcherFunction(
|
|
161
|
+
this,
|
|
162
|
+
moduleHash,
|
|
163
|
+
this.buildTimestamp,
|
|
164
|
+
imagePullSecret,
|
|
165
|
+
),
|
|
121
166
|
};
|
|
122
167
|
|
|
123
|
-
|
|
168
|
+
const services = {
|
|
169
|
+
admission: getControllerManifests.getServiceFunction(this.name, this),
|
|
170
|
+
watch: getControllerManifests.getWatcherServiceFunction(this.name, this),
|
|
171
|
+
};
|
|
172
|
+
|
|
173
|
+
return yamlGenerationFunction(this, deployments, services);
|
|
124
174
|
};
|
|
125
175
|
|
|
126
176
|
writeWebhookFiles = async (
|
|
@@ -131,7 +181,7 @@ export class Assets {
|
|
|
131
181
|
if (validateWebhook || mutateWebhook) {
|
|
132
182
|
await fs.writeFile(
|
|
133
183
|
helm.files.admissionDeploymentYaml,
|
|
134
|
-
dedent(admissionDeployTemplate(this.buildTimestamp)),
|
|
184
|
+
dedent(admissionDeployTemplate(this.buildTimestamp, "admission")),
|
|
135
185
|
);
|
|
136
186
|
await fs.writeFile(
|
|
137
187
|
helm.files.admissionServiceMonitorYaml,
|
|
@@ -194,8 +244,14 @@ export class Assets {
|
|
|
194
244
|
(): string => dedent(chartYaml(this.config.uuid, this.config.description || "")),
|
|
195
245
|
],
|
|
196
246
|
[helm.files.namespaceYaml, (): string => dedent(namespaceTemplate())],
|
|
197
|
-
[
|
|
198
|
-
|
|
247
|
+
[
|
|
248
|
+
helm.files.watcherServiceYaml,
|
|
249
|
+
(): string => dedent(serviceTemplate(this.name, "watcher")),
|
|
250
|
+
],
|
|
251
|
+
[
|
|
252
|
+
helm.files.admissionServiceYaml,
|
|
253
|
+
(): string => dedent(serviceTemplate(this.name, "admission")),
|
|
254
|
+
],
|
|
199
255
|
[helm.files.tlsSecretYaml, (): string => toYaml(tlsSecret(this.name, this.tls))],
|
|
200
256
|
[
|
|
201
257
|
helm.files.apiPathSecretYaml,
|
|
@@ -221,7 +277,10 @@ export class Assets {
|
|
|
221
277
|
apiPath: this.apiPath,
|
|
222
278
|
capabilities: this.capabilities,
|
|
223
279
|
};
|
|
224
|
-
await overridesFile(overrideData, helm.files.valuesYaml, this.imagePullSecrets
|
|
280
|
+
await overridesFile(overrideData, helm.files.valuesYaml, this.imagePullSecrets, {
|
|
281
|
+
admission: isAdmission(this.capabilities) || norWatchOrAdmission(this.capabilities),
|
|
282
|
+
watcher: isWatcher(this.capabilities),
|
|
283
|
+
});
|
|
225
284
|
|
|
226
285
|
const webhooks = {
|
|
227
286
|
mutate: await webhookGeneratorFunction(
|
|
@@ -242,7 +301,7 @@ export class Assets {
|
|
|
242
301
|
if (watchDeployment) {
|
|
243
302
|
await fs.writeFile(
|
|
244
303
|
helm.files.watcherDeploymentYaml,
|
|
245
|
-
dedent(watcherDeployTemplate(this.buildTimestamp)),
|
|
304
|
+
dedent(watcherDeployTemplate(this.buildTimestamp, "watcher")),
|
|
246
305
|
);
|
|
247
306
|
await fs.writeFile(
|
|
248
307
|
helm.files.watcherServiceMonitorYaml,
|
package/src/lib/assets/deploy.ts
CHANGED
|
@@ -6,10 +6,17 @@ import { promises as fs } from "fs";
|
|
|
6
6
|
import { K8s, kind } from "kubernetes-fluent-client";
|
|
7
7
|
import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";
|
|
8
8
|
|
|
9
|
-
import { Assets } from "./assets";
|
|
9
|
+
import { Assets, isAdmission, norWatchOrAdmission } from "./assets";
|
|
10
10
|
import Log from "../telemetry/logger";
|
|
11
|
-
import { apiPathSecret,
|
|
12
|
-
import {
|
|
11
|
+
import { apiPathSecret, tlsSecret } from "./networking";
|
|
12
|
+
import {
|
|
13
|
+
getDeployment,
|
|
14
|
+
service,
|
|
15
|
+
watcherService,
|
|
16
|
+
getModuleSecret,
|
|
17
|
+
getNamespace,
|
|
18
|
+
getWatcher,
|
|
19
|
+
} from "./k8sObjects";
|
|
13
20
|
import {
|
|
14
21
|
clusterRole,
|
|
15
22
|
clusterRoleBinding,
|
|
@@ -148,9 +155,19 @@ async function setupController(
|
|
|
148
155
|
const mod = getModuleSecret(name, code, hash);
|
|
149
156
|
await K8s(kind.Secret).Apply(mod, { force });
|
|
150
157
|
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
158
|
+
if (isAdmission(assets.capabilities) || norWatchOrAdmission(assets.capabilities)) {
|
|
159
|
+
const svc = service(name, assets);
|
|
160
|
+
if (svc) {
|
|
161
|
+
Log.info("Applying controller service");
|
|
162
|
+
await K8s(kind.Service).Apply(svc, { force });
|
|
163
|
+
}
|
|
164
|
+
|
|
165
|
+
const dep = getDeployment(assets, hash, assets.buildTimestamp);
|
|
166
|
+
if (dep) {
|
|
167
|
+
Log.info("Applying deployment");
|
|
168
|
+
await K8s(kind.Deployment).Apply(dep, { force });
|
|
169
|
+
}
|
|
170
|
+
}
|
|
154
171
|
|
|
155
172
|
Log.info("Applying TLS secret");
|
|
156
173
|
const tls = tlsSecret(name, assets.tls);
|
|
@@ -159,10 +176,6 @@ async function setupController(
|
|
|
159
176
|
Log.info("Applying API path secret");
|
|
160
177
|
const apiPath = apiPathSecret(name, assets.apiPath);
|
|
161
178
|
await K8s(kind.Secret).Apply(apiPath, { force });
|
|
162
|
-
|
|
163
|
-
Log.info("Applying deployment");
|
|
164
|
-
const dep = getDeployment(assets, hash, assets.buildTimestamp);
|
|
165
|
-
await K8s(kind.Deployment).Apply(dep, { force });
|
|
166
179
|
}
|
|
167
180
|
|
|
168
181
|
// Setup the watcher deployment and service
|
|
@@ -172,9 +185,10 @@ async function setupWatcher(assets: Assets, hash: string, force: boolean): Promi
|
|
|
172
185
|
if (watchDeployment) {
|
|
173
186
|
Log.info("Applying watcher deployment");
|
|
174
187
|
await K8s(kind.Deployment).Apply(watchDeployment, { force });
|
|
175
|
-
|
|
188
|
+
}
|
|
189
|
+
const watchSvc = watcherService(assets.name, assets);
|
|
190
|
+
if (watchSvc) {
|
|
176
191
|
Log.info("Applying watcher service");
|
|
177
|
-
const watchSvc = watcherService(assets.name);
|
|
178
192
|
await K8s(kind.Service).Apply(watchSvc, { force });
|
|
179
193
|
}
|
|
180
194
|
}
|