RubyGems - nvoi - Versions diffs - 0.1.5 → 0.1.6 - Mend

nvoi 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

checksums.yaml +4 -4
data/.claude/todo/refactor/00-overview.md +171 -0
data/.claude/todo/refactor/01-objects.md +96 -0
data/.claude/todo/refactor/02-utils.md +143 -0
data/.claude/todo/refactor/03-external-cloud.md +164 -0
data/.claude/todo/refactor/04-external-dns.md +104 -0
data/.claude/todo/refactor/05-external.md +133 -0
data/.claude/todo/refactor/06-cli.md +123 -0
data/.claude/todo/refactor/07-cli-deploy-command.md +177 -0
data/.claude/todo/refactor/08-cli-deploy-steps.md +201 -0
data/.claude/todo/refactor/09-cli-delete-command.md +169 -0
data/.claude/todo/refactor/10-cli-exec-command.md +157 -0
data/.claude/todo/refactor/11-cli-credentials-command.md +190 -0
data/.claude/todo/refactor/_target.md +79 -0
data/.claude/todo/scaleway.impl.md +644 -0
data/.claude/todo/scaleway.reference.md +520 -0
data/Gemfile +1 -0
data/Gemfile.lock +12 -2
data/doc/config-schema.yaml +44 -11
data/examples/golang/deploy.enc +0 -0
data/examples/golang/main.go +18 -0
data/exe/nvoi +3 -1
data/lib/nvoi/cli/credentials/edit/command.rb +384 -0
data/lib/nvoi/cli/credentials/show/command.rb +35 -0
data/lib/nvoi/cli/db/command.rb +308 -0
data/lib/nvoi/cli/delete/command.rb +75 -0
data/lib/nvoi/cli/delete/steps/detach_volumes.rb +98 -0
data/lib/nvoi/cli/delete/steps/teardown_dns.rb +49 -0
data/lib/nvoi/cli/delete/steps/teardown_firewall.rb +46 -0
data/lib/nvoi/cli/delete/steps/teardown_network.rb +30 -0
data/lib/nvoi/cli/delete/steps/teardown_server.rb +50 -0
data/lib/nvoi/cli/delete/steps/teardown_tunnel.rb +44 -0
data/lib/nvoi/cli/delete/steps/teardown_volume.rb +61 -0
data/lib/nvoi/cli/deploy/command.rb +184 -0
data/lib/nvoi/cli/deploy/steps/build_image.rb +27 -0
data/lib/nvoi/cli/deploy/steps/cleanup_images.rb +42 -0
data/lib/nvoi/cli/deploy/steps/configure_tunnel.rb +100 -0
data/lib/nvoi/cli/deploy/steps/deploy_service.rb +396 -0
data/lib/nvoi/cli/deploy/steps/provision_network.rb +44 -0
data/lib/nvoi/cli/deploy/steps/provision_server.rb +143 -0
data/lib/nvoi/cli/deploy/steps/provision_volume.rb +171 -0
data/lib/nvoi/cli/deploy/steps/setup_k3s.rb +481 -0
data/lib/nvoi/cli/exec/command.rb +173 -0
data/lib/nvoi/cli.rb +83 -142
data/lib/nvoi/config_api/actions/app.rb +53 -0
data/lib/nvoi/config_api/actions/compute_provider.rb +55 -0
data/lib/nvoi/config_api/actions/database.rb +70 -0
data/lib/nvoi/config_api/actions/env.rb +32 -0
data/lib/nvoi/config_api/actions/secret.rb +32 -0
data/lib/nvoi/config_api/actions/server.rb +66 -0
data/lib/nvoi/config_api/actions/volume.rb +40 -0
data/lib/nvoi/config_api/base.rb +44 -0
data/lib/nvoi/config_api/result.rb +26 -0
data/lib/nvoi/config_api.rb +70 -0
data/lib/nvoi/errors.rb +68 -50
data/lib/nvoi/external/cloud/aws.rb +425 -0
data/lib/nvoi/external/cloud/base.rb +99 -0
data/lib/nvoi/external/cloud/factory.rb +48 -0
data/lib/nvoi/external/cloud/hetzner.rb +376 -0
data/lib/nvoi/external/cloud/scaleway.rb +533 -0
data/lib/nvoi/external/cloud.rb +15 -0
data/lib/nvoi/external/containerd.rb +82 -0
data/lib/nvoi/external/database/mysql.rb +84 -0
data/lib/nvoi/external/database/postgres.rb +82 -0
data/lib/nvoi/external/database/provider.rb +65 -0
data/lib/nvoi/external/database/sqlite.rb +72 -0
data/lib/nvoi/external/database.rb +22 -0
data/lib/nvoi/external/dns/cloudflare.rb +292 -0
data/lib/nvoi/external/kubectl.rb +65 -0
data/lib/nvoi/external/ssh.rb +106 -0
data/lib/nvoi/objects/config_override.rb +60 -0
data/lib/nvoi/objects/configuration.rb +463 -0
data/lib/nvoi/objects/database.rb +56 -0
data/lib/nvoi/objects/dns.rb +14 -0
data/lib/nvoi/objects/firewall.rb +11 -0
data/lib/nvoi/objects/network.rb +11 -0
data/lib/nvoi/objects/server.rb +14 -0
data/lib/nvoi/objects/service_spec.rb +26 -0
data/lib/nvoi/objects/tunnel.rb +14 -0
data/lib/nvoi/objects/volume.rb +17 -0
data/lib/nvoi/utils/config_loader.rb +172 -0
data/lib/nvoi/utils/constants.rb +61 -0
data/lib/nvoi/{credentials/manager.rb → utils/credential_store.rb} +16 -16
data/lib/nvoi/{credentials → utils}/crypto.rb +8 -5
data/lib/nvoi/{config → utils}/env_resolver.rb +10 -2
data/lib/nvoi/utils/logger.rb +84 -0
data/lib/nvoi/{config/naming.rb → utils/namer.rb} +28 -25
data/lib/nvoi/{deployer → utils}/retry.rb +23 -3
data/lib/nvoi/utils/templates.rb +62 -0
data/lib/nvoi/version.rb +1 -1
data/lib/nvoi.rb +10 -54
data/templates/error-backend.yaml.erb +134 -0
metadata +97 -44
data/examples/golang/deploy.yml +0 -54
data/lib/nvoi/cloudflare/client.rb +0 -287
data/lib/nvoi/config/config.rb +0 -248
data/lib/nvoi/config/loader.rb +0 -102
data/lib/nvoi/config/ssh_keys.rb +0 -82
data/lib/nvoi/config/types.rb +0 -274
data/lib/nvoi/constants.rb +0 -59
data/lib/nvoi/credentials/editor.rb +0 -272
data/lib/nvoi/deployer/cleaner.rb +0 -36
data/lib/nvoi/deployer/image_builder.rb +0 -23
data/lib/nvoi/deployer/infrastructure.rb +0 -126
data/lib/nvoi/deployer/orchestrator.rb +0 -146
data/lib/nvoi/deployer/service_deployer.rb +0 -311
data/lib/nvoi/deployer/tunnel_manager.rb +0 -57
data/lib/nvoi/deployer/types.rb +0 -8
data/lib/nvoi/k8s/renderer.rb +0 -44
data/lib/nvoi/k8s/templates.rb +0 -29
data/lib/nvoi/logger.rb +0 -72
data/lib/nvoi/providers/aws.rb +0 -403
data/lib/nvoi/providers/base.rb +0 -111
data/lib/nvoi/providers/hetzner.rb +0 -288
data/lib/nvoi/providers/hetzner_client.rb +0 -170
data/lib/nvoi/remote/docker_manager.rb +0 -203
data/lib/nvoi/remote/ssh_executor.rb +0 -72
data/lib/nvoi/remote/volume_manager.rb +0 -103
data/lib/nvoi/service/delete.rb +0 -234
data/lib/nvoi/service/deploy.rb +0 -80
data/lib/nvoi/service/exec.rb +0 -144
data/lib/nvoi/service/provider.rb +0 -36
data/lib/nvoi/steps/application_deployer.rb +0 -26
data/lib/nvoi/steps/database_provisioner.rb +0 -60
data/lib/nvoi/steps/k3s_cluster_setup.rb +0 -105
data/lib/nvoi/steps/k3s_provisioner.rb +0 -351
data/lib/nvoi/steps/server_provisioner.rb +0 -43
data/lib/nvoi/steps/services_provisioner.rb +0 -29
data/lib/nvoi/steps/tunnel_configurator.rb +0 -66
data/lib/nvoi/steps/volume_provisioner.rb +0 -154

data/lib/nvoi/external/database/mysql.rb ADDED Viewed

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+module Nvoi
+  module External
+    module Database
+      # MySQL provider using mysqldump/mysql via kubectl exec
+      class Mysql < Provider
+        def default_port
+          "3306"
+        end
+        def parse_url(url)
+          parse_standard_url(url, default_port)
+        end
+        def build_url(creds, host: nil)
+          h = host || creds.host
+          "mysql://#{creds.user}:#{creds.password}@#{h}:#{creds.port}/#{creds.database}"
+        end
+        def container_env(creds)
+          {
+            "MYSQL_USER" => creds.user,
+            "MYSQL_PASSWORD" => creds.password,
+            "MYSQL_DATABASE" => creds.database,
+            "MYSQL_ROOT_PASSWORD" => creds.password
+          }
+        end
+        def app_env(creds, host:)
+          {
+            "DATABASE_URL" => build_url(creds, host:),
+            "MYSQL_HOST" => host,
+            "MYSQL_PORT" => creds.port,
+            "MYSQL_USER" => creds.user,
+            "MYSQL_PASSWORD" => creds.password,
+            "MYSQL_DATABASE" => creds.database
+          }
+        end
+        def dump(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "mysqldump -u #{opts.user} -p#{opts.password} #{opts.database} " \
+                "--single-transaction --routines --triggers"
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("dump", "mysqldump failed: #{e.message}")
+        end
+        def restore(ssh, data, opts)
+          create_database(ssh, Objects::Database::CreateOptions.new(
+            pod_name: opts.pod_name,
+            database: opts.database,
+            user: opts.user,
+            password: opts.password
+          ))
+          temp_file = "/tmp/restore_#{opts.database}.sql"
+          write_cmd = "cat > #{temp_file} << 'SQLDUMP'\n#{data}\nSQLDUMP"
+          ssh.execute(write_cmd)
+          ssh.execute("kubectl cp #{temp_file} default/#{opts.pod_name}:#{temp_file}")
+          restore_cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                        "sh -c 'mysql -u #{opts.user} -p#{opts.password} #{opts.database} < #{temp_file}'"
+          ssh.execute(restore_cmd)
+          ssh.execute_ignore_errors("rm -f #{temp_file}")
+          ssh.execute_ignore_errors("kubectl exec -n default #{opts.pod_name} -- rm -f #{temp_file}")
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("restore", "mysql restore failed: #{e.message}")
+        end
+        def create_database(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "mysql -u #{opts.user} -p#{opts.password} -e \"CREATE DATABASE #{opts.database}\""
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("create_database", "failed to create database: #{e.message}")
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database/postgres.rb ADDED Viewed

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+module Nvoi
+  module External
+    module Database
+      # PostgreSQL provider using pg_dump/psql via kubectl exec
+      class Postgres < Provider
+        def default_port
+          "5432"
+        end
+        def parse_url(url)
+          parse_standard_url(url, default_port)
+        end
+        def build_url(creds, host: nil)
+          h = host || creds.host
+          "postgresql://#{creds.user}:#{creds.password}@#{h}:#{creds.port}/#{creds.database}"
+        end
+        def container_env(creds)
+          {
+            "POSTGRES_USER" => creds.user,
+            "POSTGRES_PASSWORD" => creds.password,
+            "POSTGRES_DB" => creds.database
+          }
+        end
+        def app_env(creds, host:)
+          {
+            "DATABASE_URL" => build_url(creds, host:),
+            "POSTGRES_HOST" => host,
+            "POSTGRES_PORT" => creds.port,
+            "POSTGRES_USER" => creds.user,
+            "POSTGRES_PASSWORD" => creds.password,
+            "POSTGRES_DB" => creds.database
+          }
+        end
+        def dump(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "pg_dump -U #{opts.user} -d #{opts.database} --no-owner --no-acl"
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("dump", "pg_dump failed: #{e.message}")
+        end
+        def restore(ssh, data, opts)
+          create_database(ssh, Objects::Database::CreateOptions.new(
+            pod_name: opts.pod_name,
+            database: opts.database,
+            user: opts.user,
+            password: opts.password
+          ))
+          temp_file = "/tmp/restore_#{opts.database}.sql"
+          write_cmd = "cat > #{temp_file} << 'SQLDUMP'\n#{data}\nSQLDUMP"
+          ssh.execute(write_cmd)
+          ssh.execute("kubectl cp #{temp_file} default/#{opts.pod_name}:#{temp_file}")
+          restore_cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                        "psql -U #{opts.user} -d #{opts.database} -f #{temp_file}"
+          ssh.execute(restore_cmd)
+          ssh.execute_ignore_errors("rm -f #{temp_file}")
+          ssh.execute_ignore_errors("kubectl exec -n default #{opts.pod_name} -- rm -f #{temp_file}")
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("restore", "psql restore failed: #{e.message}")
+        end
+        def create_database(ssh, opts)
+          cmd = "kubectl exec -n default #{opts.pod_name} -- " \
+                "psql -U #{opts.user} -c \"CREATE DATABASE #{opts.database}\""
+          ssh.execute(cmd)
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("create_database", "failed to create database: #{e.message}")
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database/provider.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module Nvoi
+  module External
+    module Database
+      # Base provider interface for database backup/restore operations
+      class Provider
+        def parse_url(url)
+          raise NotImplementedError
+        end
+        def build_url(creds, host: nil)
+          raise NotImplementedError
+        end
+        def container_env(creds)
+          raise NotImplementedError
+        end
+        def app_env(creds, host:)
+          raise NotImplementedError
+        end
+        def dump(ssh, opts)
+          raise NotImplementedError
+        end
+        def restore(ssh, data, opts)
+          raise NotImplementedError
+        end
+        def create_database(ssh, opts)
+          raise NotImplementedError
+        end
+        def extension
+          "sql"
+        end
+        def needs_container?
+          true
+        end
+        def default_port
+          raise NotImplementedError
+        end
+        protected
+          def parse_standard_url(url, default_port)
+            uri = URI.parse(url)
+            Objects::Database::Credentials.new(
+              user: uri.user,
+              password: uri.password,
+              host: uri.host,
+              port: (uri.port || default_port).to_s,
+              database: uri.path&.sub(%r{^/}, "")
+            )
+          rescue URI::InvalidURIError => e
+            raise Errors::DatabaseError.new("parse_url", "invalid URL format: #{e.message}")
+          end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database/sqlite.rb ADDED Viewed

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+module Nvoi
+  module External
+    module Database
+      # SQLite provider using direct SSH file access on hostPath volume
+      class Sqlite < Provider
+        def default_port
+          nil
+        end
+        def needs_container?
+          false
+        end
+        def parse_url(url)
+          path = url.sub(%r{^sqlite3?:///?}, "")
+          Objects::Database::Credentials.new(
+            path:,
+            database: File.basename(path)
+          )
+        end
+        def build_url(creds, host: nil)
+          "sqlite://#{creds.path}"
+        end
+        def container_env(_creds)
+          {}
+        end
+        def app_env(creds, host: nil)
+          {
+            "DATABASE_URL" => build_url(creds)
+          }
+        end
+        def dump(ssh, opts)
+          db_path = opts.host_path
+          raise Errors::DatabaseError.new("dump", "host_path required for SQLite dump") unless db_path
+          ssh.execute("sqlite3 #{db_path} .dump")
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("dump", "sqlite3 dump failed: #{e.message}")
+        end
+        def restore(ssh, data, opts)
+          db_path = opts.host_path
+          raise Errors::DatabaseError.new("restore", "host_path required for SQLite restore") unless db_path
+          dir = File.dirname(db_path)
+          new_db_path = "#{dir}/#{opts.database}.sqlite3"
+          temp_file = "/tmp/restore_#{opts.database}.sql"
+          write_cmd = "cat > #{temp_file} << 'SQLDUMP'\n#{data}\nSQLDUMP"
+          ssh.execute(write_cmd)
+          ssh.execute("sqlite3 #{new_db_path} < #{temp_file}")
+          ssh.execute_ignore_errors("rm -f #{temp_file}")
+          new_db_path
+        rescue Errors::SshCommandError => e
+          raise Errors::DatabaseError.new("restore", "sqlite3 restore failed: #{e.message}")
+        end
+        def create_database(_ssh, _opts)
+          # No-op for SQLite
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/database.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Nvoi
+  module External
+    # Database module provides database backup/restore operations
+    module Database
+      # Factory method to create provider by adapter name
+      def self.provider_for(adapter)
+        case adapter&.downcase
+        when "postgres", "postgresql"
+          Postgres.new
+        when "mysql", "mysql2"
+          Mysql.new
+        when "sqlite", "sqlite3"
+          Sqlite.new
+        else
+          raise ArgumentError, "Unsupported database adapter: #{adapter}"
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/external/dns/cloudflare.rb ADDED Viewed

@@ -0,0 +1,292 @@
+# frozen_string_literal: true
+require "faraday"
+require "base64"
+require "securerandom"
+module Nvoi
+  module External
+    module Dns
+      # Cloudflare handles Cloudflare API operations for DNS and tunnels
+      class Cloudflare
+        BASE_URL = "https://api.cloudflare.com/client/v4"
+        attr_reader :account_id
+        def initialize(token, account_id)
+          @token = token
+          @account_id = account_id
+          @conn = Faraday.new(url: BASE_URL) do |f|
+            f.request :json
+            f.response :json
+            f.adapter Faraday.default_adapter
+          end
+        end
+        # Tunnel operations
+        def create_tunnel(name)
+          url = "accounts/#{@account_id}/cfd_tunnel"
+          tunnel_secret = generate_tunnel_secret
+          response = post(url, {
+            name:,
+            tunnel_secret:,
+            config_src: "cloudflare"
+          })
+          result = response["result"]
+          Objects::Tunnel::Record.new(
+            id: result["id"],
+            name: result["name"],
+            token: result["token"]
+          )
+        end
+        def find_tunnel(name)
+          url = "accounts/#{@account_id}/cfd_tunnel"
+          response = get(url, { name:, is_deleted: false })
+          results = response["result"]
+          return nil if results.nil? || results.empty?
+          result = results[0]
+          Objects::Tunnel::Record.new(
+            id: result["id"],
+            name: result["name"],
+            token: result["token"]
+          )
+        end
+        def get_tunnel_token(tunnel_id)
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/token"
+          response = get(url)
+          response["result"]
+        end
+        def update_tunnel_configuration(tunnel_id, hostname, service_url)
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/configurations"
+          config = {
+            ingress: [
+              {
+                hostname:,
+                service: service_url,
+                originRequest: { httpHostHeader: hostname }
+              },
+              { service: "http_status:404" }
+            ]
+          }
+          put(url, { config: })
+        end
+        def verify_tunnel_configuration(tunnel_id, expected_hostname, expected_service, max_attempts)
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/configurations"
+          max_attempts.times do
+            begin
+              response = get(url)
+              if response["success"]
+                config = response.dig("result", "config")
+                config&.dig("ingress")&.each do |rule|
+                  if rule["hostname"] == expected_hostname && rule["service"] == expected_service
+                    return true
+                  end
+                end
+              end
+            rescue StandardError
+              # Continue retrying
+            end
+            sleep(2)
+          end
+          raise Errors::TunnelError, "tunnel configuration not propagated after #{max_attempts} attempts"
+        end
+        def delete_tunnel(tunnel_id)
+          # Clean up all connections first
+          connections_url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}/connections"
+          begin
+            delete(connections_url)
+          rescue StandardError
+            # Ignore connection cleanup errors
+          end
+          # Now delete the tunnel
+          url = "accounts/#{@account_id}/cfd_tunnel/#{tunnel_id}"
+          delete(url)
+        end
+        # DNS operations
+        def find_zone(domain)
+          url = "zones"
+          response = get(url)
+          results = response["result"]
+          return nil unless results
+          zone_data = results.find { |z| z["name"] == domain }
+          return nil unless zone_data
+          Objects::Dns::Zone.new(id: zone_data["id"], name: zone_data["name"])
+        end
+        def find_dns_record(zone_id, name, record_type)
+          url = "zones/#{zone_id}/dns_records"
+          response = get(url)
+          results = response["result"]
+          return nil unless results
+          record_data = results.find { |r| r["name"] == name && r["type"] == record_type }
+          return nil unless record_data
+          Objects::Dns::Record.new(
+            id: record_data["id"],
+            type: record_data["type"],
+            name: record_data["name"],
+            content: record_data["content"],
+            proxied: record_data["proxied"],
+            ttl: record_data["ttl"]
+          )
+        end
+        def create_dns_record(zone_id, name, record_type, content, proxied: true)
+          url = "zones/#{zone_id}/dns_records"
+          response = post(url, {
+            type: record_type,
+            name:,
+            content:,
+            proxied:,
+            ttl: 1
+          })
+          result = response["result"]
+          Objects::Dns::Record.new(
+            id: result["id"],
+            type: result["type"],
+            name: result["name"],
+            content: result["content"],
+            proxied: result["proxied"],
+            ttl: result["ttl"]
+          )
+        end
+        def update_dns_record(zone_id, record_id, name, record_type, content, proxied: true)
+          url = "zones/#{zone_id}/dns_records/#{record_id}"
+          response = patch(url, {
+            type: record_type,
+            name:,
+            content:,
+            proxied:,
+            ttl: 1
+          })
+          result = response["result"]
+          Objects::Dns::Record.new(
+            id: result["id"],
+            type: result["type"],
+            name: result["name"],
+            content: result["content"],
+            proxied: result["proxied"],
+            ttl: result["ttl"]
+          )
+        end
+        def create_or_update_dns_record(zone_id, name, record_type, content, proxied: true)
+          existing = find_dns_record(zone_id, name, record_type)
+          if existing
+            update_dns_record(zone_id, existing.id, name, record_type, content, proxied:)
+          else
+            create_dns_record(zone_id, name, record_type, content, proxied:)
+          end
+        end
+        def delete_dns_record(zone_id, record_id)
+          url = "zones/#{zone_id}/dns_records/#{record_id}"
+          delete(url)
+        end
+        # Validation
+        def validate_credentials
+          get("user/tokens/verify")
+          true
+        rescue Errors::CloudflareError => e
+          raise Errors::ValidationError, "cloudflare credentials invalid: #{e.message}"
+        end
+        private
+          def get(url, params = {})
+            response = @conn.get(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.params = params unless params.empty?
+            end
+            handle_response(response)
+          end
+          def post(url, body)
+            response = @conn.post(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.body = body
+            end
+            handle_response(response)
+          end
+          def put(url, body)
+            response = @conn.put(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.body = body
+            end
+            handle_response(response)
+          end
+          def patch(url, body)
+            response = @conn.patch(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+              req.body = body
+            end
+            handle_response(response)
+          end
+          def delete(url)
+            response = @conn.delete(url) do |req|
+              req.headers["Authorization"] = "Bearer #{@token}"
+            end
+            # 404 is ok for idempotent delete
+            return { "success" => true } if response.status == 404
+            handle_response(response)
+          end
+          def handle_response(response)
+            body = response.body
+            unless body.is_a?(Hash)
+              raise Errors::CloudflareError, "unexpected response format"
+            end
+            unless body["success"]
+              errors = body["errors"]&.map { |e| e["message"] }&.join(", ") || "unknown error"
+              raise Errors::CloudflareError, "API error: #{errors}"
+            end
+            body
+          end
+          def generate_tunnel_secret
+            Base64.strict_encode64(SecureRandom.random_bytes(32))
+          end
+      end
+    end
+  end
+end

data/lib/nvoi/external/kubectl.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module Nvoi
+  module External
+    # Kubectl handles kubernetes operations via kubectl on remote servers
+    class Kubectl
+      attr_reader :ssh
+      def initialize(ssh)
+        @ssh = ssh
+      end
+      def apply(manifest)
+        cmd = "cat <<'EOF' | kubectl apply -f -\n#{manifest}\nEOF"
+        @ssh.execute(cmd)
+      end
+      def delete(resource_type, name, namespace: "default")
+        @ssh.execute("kubectl delete #{resource_type} #{name} -n #{namespace} --ignore-not-found")
+      end
+      def get(resource_type, name, namespace: "default", jsonpath: nil)
+        cmd = "kubectl get #{resource_type} #{name} -n #{namespace}"
+        cmd += " -o jsonpath='#{jsonpath}'" if jsonpath
+        @ssh.execute(cmd)
+      end
+      def exec(pod_name, command, namespace: "default")
+        @ssh.execute("kubectl exec -n #{namespace} #{pod_name} -- #{command}")
+      end
+      def logs(pod_name, namespace: "default", tail: nil)
+        cmd = "kubectl logs #{pod_name} -n #{namespace}"
+        cmd += " --tail=#{tail}" if tail
+        @ssh.execute(cmd)
+      end
+      def rollout_status(resource_type, name, namespace: "default", timeout: 300)
+        @ssh.execute("kubectl rollout status #{resource_type}/#{name} -n #{namespace} --timeout=#{timeout}s")
+      end
+      def wait_for_deployment(name, namespace: "default", timeout: 300)
+        rollout_status("deployment", name, namespace:, timeout:)
+      end
+      def wait_for_statefulset(name, namespace: "default", timeout: 300)
+        rollout_status("statefulset", name, namespace:, timeout:)
+      end
+      def label_node(node_name, labels)
+        labels.each do |key, value|
+          @ssh.execute("kubectl label node #{node_name} #{key}=#{value} --overwrite")
+        end
+      end
+      def get_nodes
+        @ssh.execute("kubectl get nodes -o name")
+      end
+      def cp(local_path, pod_path, namespace: "default")
+        @ssh.execute("kubectl cp #{local_path} #{namespace}/#{pod_path}")
+      end
+    end
+  end
+end