nvoi 0.1.5

data/lib/nvoi/steps/database_provisioner.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # DatabaseProvisioner handles database deployment
+    class DatabaseProvisioner
+      def initialize(config, ssh, log)
+        @config = config
+        @ssh = ssh
+        @log = log
+        @service_deployer = Deployer::ServiceDeployer.new(config, ssh, log)
+      end
+
+      def run
+        db_config = @config.deploy.application.database
+        return unless db_config
+
+        # SQLite is handled by app deployment with PVC volumes
+        if db_config.adapter == "sqlite3"
+          @log.info "SQLite database will be provisioned with app deployment"
+          return
+        end
+
+        @log.info "Provisioning %s database via K8s", db_config.adapter
+
+        db_spec = db_config.to_service_spec(@config.namer)
+        @service_deployer.deploy_database(db_spec)
+
+        # Wait for database to be ready
+        wait_for_database(db_spec.name)
+
+        @log.success "Database provisioned"
+      end
+
+      private
+
+        def wait_for_database(name, timeout: 120)
+          @log.info "Waiting for database to be ready..."
+
+          start_time = Time.now
+          loop do
+            begin
+              output = @ssh.execute("kubectl get pods -l app=#{name} -o jsonpath='{.items[0].status.phase}'")
+              if output.strip == "Running"
+                @log.success "Database is running"
+                return
+              end
+            rescue SSHCommandError
+              # Not ready yet
+            end
+
+            elapsed = Time.now - start_time
+            raise K8sError, "database failed to start within #{timeout}s" if elapsed > timeout
+
+            sleep(5)
+          end
+        end
+    end
+  end
+end

data/lib/nvoi/steps/k3s_cluster_setup.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # K3sClusterSetup coordinates K3s installation across master and worker nodes
+    class K3sClusterSetup
+      def initialize(config, provider, log, main_server_ip)
+        @config = config
+        @provider = provider
+        @log = log
+        @main_server_ip = main_server_ip
+      end
+
+      def run
+        @log.info "Setting up K3s cluster"
+
+        # Find master server group
+        master_group, master_config = find_master_group
+        raise K8sError, "no master server group found" unless master_group
+
+        # Setup K3s on master
+        master_name = @config.namer.server_name(master_group, 1)
+        master = @provider.find_server(master_name)
+        raise K8sError, "master server not found: #{master_name}" unless master
+
+        master_ssh = Remote::SSHExecutor.new(master.public_ipv4, @config.ssh_key_path)
+        master_provisioner = K3sProvisioner.new(master_ssh, @log, server_role: master_group, server_name: master_name)
+        master_provisioner.provision
+
+        # Get cluster token and private IP from master
+        cluster_token = master_provisioner.get_cluster_token
+        master_private_ip = master_provisioner.get_private_ip
+
+        # Setup K3s on worker nodes
+        @config.deploy.application.servers.each do |group_name, group_config|
+          next if group_name == master_group
+          next unless group_config
+
+          count = group_config.count.positive? ? group_config.count : 1
+
+          (1..count).each do |i|
+            worker_name = @config.namer.server_name(group_name, i)
+            setup_worker(worker_name, group_name, cluster_token, master_private_ip, master_ssh)
+          end
+        end
+
+        @log.success "K3s cluster setup complete"
+      end
+
+      private
+
+        def find_master_group
+          @config.deploy.application.servers.each do |name, cfg|
+            return [name, cfg] if cfg&.master
+          end
+
+          # If only one group, use it as master
+          if @config.deploy.application.servers.size == 1
+            return @config.deploy.application.servers.first
+          end
+
+          nil
+        end
+
+        def setup_worker(worker_name, group_name, cluster_token, master_private_ip, master_ssh)
+          @log.info "Setting up K3s worker: %s", worker_name
+
+          worker = @provider.find_server(worker_name)
+          unless worker
+            @log.warning "Worker server not found: %s", worker_name
+            return
+          end
+
+          worker_ssh = Remote::SSHExecutor.new(worker.public_ipv4, @config.ssh_key_path)
+          worker_provisioner = K3sProvisioner.new(worker_ssh, @log, server_role: group_name, server_name: worker_name)
+          worker_provisioner.cluster_token = cluster_token
+          worker_provisioner.main_server_private_ip = master_private_ip
+          worker_provisioner.provision
+
+          # Label worker node from master
+          @log.info "Labeling worker node: %s", worker_name
+          label_worker_from_master(master_ssh, worker_name, group_name)
+        end
+
+        def label_worker_from_master(master_ssh, worker_name, group_name)
+          # Wait for node to join cluster
+          30.times do
+            begin
+              output = master_ssh.execute("kubectl get nodes -o name")
+              if output.include?(worker_name)
+                master_ssh.execute("kubectl label node #{worker_name} nvoi.io/server-name=#{group_name} --overwrite")
+                @log.success "Worker labeled: %s", worker_name
+                return
+              end
+            rescue SSHCommandError
+              # Not ready
+            end
+            sleep(5)
+          end
+
+          @log.warning "Worker node did not join cluster in time: %s", worker_name
+        end
+    end
+  end
+end

data/lib/nvoi/steps/k3s_provisioner.rb

@@ -0,0 +1,351 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # K3sProvisioner handles K3s installation and server setup
+    class K3sProvisioner
+      attr_accessor :main_server_ip, :main_server_private_ip, :cluster_token
+
+      def initialize(ssh, log, k3s_version: nil, enable_k3s: true, server_role: nil, server_name: nil)
+        @ssh = ssh
+        @log = log
+        @k3s_version = k3s_version || Constants::DEFAULT_K3S_VERSION
+        @enable_k3s = enable_k3s
+        @server_role = server_role
+        @server_name = server_name
+      end
+
+      def provision
+        @log.info "Starting K3s provisioning"
+
+        wait_for_cloud_init
+
+        if @enable_k3s
+          is_master = @cluster_token.nil? || @cluster_token.empty?
+
+          if is_master
+            install_k3s_server
+            label_node(@server_name, { "nvoi.io/server-name" => @server_role })
+            setup_registry
+            setup_ingress_controller
+          else
+            install_k3s_agent
+          end
+        end
+
+        @log.success "K3s provisioning complete"
+      end
+
+      def get_cluster_token
+        @log.info "Retrieving K3s cluster token"
+        output = @ssh.execute("sudo cat /var/lib/rancher/k3s/server/node-token")
+        token = output.strip
+        raise K8sError, "cluster token is empty" if token.empty?
+
+        @log.success "Cluster token retrieved"
+        token
+      end
+
+      def get_private_ip
+        output = @ssh.execute("ip addr show | grep 'inet 10\\.' | awk '{print $2}' | cut -d/ -f1 | head -1")
+        private_ip = output.strip
+        raise SSHError, "private IP not found" if private_ip.empty?
+
+        private_ip
+      end
+
+      private
+
+        def wait_for_cloud_init
+          @log.info "Waiting for cloud-init to complete"
+
+          60.times do
+            begin
+              output = @ssh.execute("test -f /var/lib/cloud/instance/boot-finished && echo 'ready'")
+              if output.include?("ready")
+                @log.success "Cloud-init complete"
+                return
+              end
+            rescue SSHCommandError
+              # Not ready yet
+            end
+            sleep(5)
+          end
+
+          raise K8sError, "cloud-init timeout"
+        end
+
+        def install_k3s_server
+          # Check if K3s is already running
+          begin
+            @ssh.execute("systemctl is-active k3s")
+            @log.info "K3s already running, skipping installation"
+            setup_kubeconfig
+            return
+          rescue SSHCommandError
+            # Not running, continue
+          end
+
+          @log.info "Installing K3s server"
+
+          # Detect private IP and interface
+          private_ip = get_private_ip
+          private_iface = @ssh.execute("ip addr show | grep 'inet 10\\.' | awk '{print $NF}' | head -1").strip
+
+          @log.info "Installing k3s on private IP: %s, interface: %s", private_ip, private_iface
+
+          # Install Docker for image building
+          install_docker(private_ip)
+
+          # Configure k3s registries
+          configure_registries
+
+          # Install K3s with full configuration
+          install_cmd = <<~CMD
+          curl -sfL https://get.k3s.io | sudo sh -s - server \
+            --bind-address=#{private_ip} \
+            --advertise-address=#{private_ip} \
+            --node-ip=#{private_ip} \
+            --tls-san=#{private_ip} \
+            --flannel-iface=#{private_iface} \
+            --flannel-backend=wireguard-native \
+            --disable=traefik \
+            --write-kubeconfig-mode=644 \
+            --cluster-cidr=10.42.0.0/16 \
+            --service-cidr=10.43.0.0/16
+        CMD
+
+          @ssh.execute(install_cmd, stream: true)
+          @log.success "K3s server installed"
+
+          setup_kubeconfig(private_ip)
+          wait_for_k3s_ready
+        end
+
+        def install_k3s_agent
+          # Check if K3s agent is already running
+          begin
+            @ssh.execute("systemctl is-active k3s-agent")
+            @log.info "K3s agent already running, skipping installation"
+            return
+          rescue SSHCommandError
+            # Not running, continue
+          end
+
+          @log.info "Installing K3s agent"
+
+          private_ip = get_private_ip
+          private_iface = @ssh.execute("ip addr show | grep 'inet 10\\.' | awk '{print $NF}' | head -1").strip
+
+          @log.info "Worker private IP: %s, interface: %s", private_ip, private_iface
+
+          cmd = <<~CMD
+          curl -sfL https://get.k3s.io | K3S_URL="https://#{@main_server_private_ip}:6443" K3S_TOKEN="#{@cluster_token}" sh -s - agent \
+            --node-ip=#{private_ip} \
+            --flannel-iface=#{private_iface} \
+            --node-name=#{@server_name}
+        CMD
+
+          @ssh.execute(cmd, stream: true)
+          @log.success "K3s agent installed"
+        end
+
+        def install_docker(private_ip)
+          # Check if Docker is already installed and running
+          begin
+            @ssh.execute("systemctl is-active docker")
+            @log.info "Docker already running, skipping installation"
+          rescue SSHCommandError
+            # Not running, install it
+            docker_install = <<~CMD
+            sudo apt-get update && sudo apt-get install -y docker.io
+            sudo systemctl start docker
+            sudo systemctl enable docker
+            sudo usermod -aG docker deploy
+          CMD
+
+            @ssh.execute(docker_install, stream: true)
+          end
+
+          # Configure Docker for insecure registry
+          docker_config = <<~CMD
+          sudo mkdir -p /etc/docker
+          sudo tee /etc/docker/daemon.json > /dev/null <<EOF
+          {"insecure-registries": ["#{private_ip}:5001", "localhost:30500"]}
+          EOF
+          sudo systemctl restart docker
+        CMD
+
+          @ssh.execute(docker_config)
+
+          # Add registry domain to /etc/hosts
+          @ssh.execute('grep -q "nvoi-registry.default.svc.cluster.local" /etc/hosts || echo "127.0.0.1 nvoi-registry.default.svc.cluster.local" | sudo tee -a /etc/hosts')
+        end
+
+        def configure_registries
+          config = <<~CMD
+          sudo mkdir -p /etc/rancher/k3s
+          sudo tee /etc/rancher/k3s/registries.yaml > /dev/null <<'REGEOF'
+          mirrors:
+            "nvoi-registry.default.svc.cluster.local:5000":
+              endpoint:
+                - "http://localhost:30500"
+            "localhost:30500":
+              endpoint:
+                - "http://localhost:30500"
+          configs:
+            "nvoi-registry.default.svc.cluster.local:5000":
+              tls:
+                insecure_skip_verify: true
+            "localhost:30500":
+              tls:
+                insecure_skip_verify: true
+          REGEOF
+        CMD
+
+          @ssh.execute(config)
+        end
+
+        def setup_kubeconfig(private_ip = nil)
+          private_ip ||= get_private_ip
+
+          cmd = <<~CMD
+          sudo mkdir -p /home/deploy/.kube
+          sudo cp /etc/rancher/k3s/k3s.yaml /home/deploy/.kube/config
+          sudo sed -i "s/127.0.0.1/#{private_ip}/g" /home/deploy/.kube/config
+          sudo chown -R deploy:deploy /home/deploy/.kube
+        CMD
+
+          @ssh.execute(cmd)
+        end
+
+        def wait_for_k3s_ready
+          @log.info "Waiting for K3s to be ready"
+
+          60.times do
+            begin
+              output = @ssh.execute("kubectl get nodes")
+              if output.include?("Ready")
+                @log.success "K3s is ready"
+                return
+              end
+            rescue SSHCommandError
+              # Not ready yet
+            end
+            sleep(5)
+          end
+
+          raise K8sError, "K3s failed to become ready"
+        end
+
+        def label_node(node_name, labels)
+          # Get actual node name from K3s
+          actual_node = @ssh.execute("kubectl get nodes -o jsonpath='{.items[0].metadata.name}'").strip
+
+          labels.each do |key, value|
+            @ssh.execute("kubectl label node #{actual_node} #{key}=#{value} --overwrite")
+          end
+        end
+
+        def setup_registry
+          @log.info "Setting up in-cluster registry"
+
+          manifest = <<~YAML
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: nvoi-system
+          ---
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: nvoi-registry
+            namespace: default
+          spec:
+            replicas: 1
+            selector:
+              matchLabels:
+                app: nvoi-registry
+            template:
+              metadata:
+                labels:
+                  app: nvoi-registry
+              spec:
+                containers:
+                - name: registry
+                  image: registry:2
+                  ports:
+                  - containerPort: 5000
+                    protocol: TCP
+                  env:
+                  - name: REGISTRY_HTTP_ADDR
+                    value: "0.0.0.0:5000"
+                  volumeMounts:
+                  - name: registry-storage
+                    mountPath: /var/lib/registry
+                volumes:
+                - name: registry-storage
+                  emptyDir: {}
+          ---
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: nvoi-registry
+            namespace: default
+          spec:
+            type: NodePort
+            ports:
+            - port: 5000
+              targetPort: 5000
+              nodePort: 30500
+            selector:
+              app: nvoi-registry
+        YAML
+
+          @ssh.execute("cat <<'EOF' | kubectl apply -f -\n#{manifest}\nEOF")
+
+          # Wait for registry to be ready
+          @log.info "Waiting for registry to be ready"
+          24.times do
+            begin
+              output = @ssh.execute("kubectl get deployment nvoi-registry -n default -o jsonpath='{.status.readyReplicas}'")
+              if output.strip == "1"
+                @log.success "In-cluster registry running on :30500"
+                return
+              end
+            rescue SSHCommandError
+              # Not ready
+            end
+            sleep(5)
+          end
+
+          raise K8sError, "registry failed to become ready"
+        end
+
+        def setup_ingress_controller
+          @log.info "Setting up NGINX Ingress Controller"
+
+          @ssh.execute("kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/baremetal/deploy.yaml", stream: true)
+
+          # Wait for ingress controller
+          @log.info "Waiting for NGINX Ingress Controller to be ready"
+          60.times do
+            begin
+              ready = @ssh.execute("kubectl get deployment ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.readyReplicas}'").strip
+              desired = @ssh.execute("kubectl get deployment ingress-nginx-controller -n ingress-nginx -o jsonpath='{.spec.replicas}'").strip
+
+              if !ready.empty? && !desired.empty? && ready == desired
+                @log.success "NGINX Ingress Controller is ready"
+                return
+              end
+            rescue SSHCommandError
+              # Not ready
+            end
+            sleep(10)
+          end
+
+          raise K8sError, "NGINX Ingress Controller failed to become ready"
+        end
+    end
+  end
+end

data/lib/nvoi/steps/server_provisioner.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # ServerProvisioner handles provisioning of compute servers
+    class ServerProvisioner
+      def initialize(config, provider, log)
+        @config = config
+        @provider = provider
+        @log = log
+        @infrastructure = Deployer::Infrastructure.new(config, provider, log)
+      end
+
+      # Run provisions all servers and returns the main server IP
+      def run
+        @log.info "Provisioning servers"
+
+        # Provision network and firewall
+        network = @infrastructure.provision_network
+        firewall = @infrastructure.provision_firewall
+
+        servers = @config.deploy.application.servers
+        main_server_ip = nil
+
+        # Provision each server group
+        servers.each do |group_name, group_config|
+          count = group_config&.count&.positive? ? group_config.count : 1
+
+          (1..count).each do |i|
+            server_name = @config.namer.server_name(group_name, i)
+            server = @infrastructure.provision_server(server_name, network.id, firewall.id, group_config)
+
+            # Track main server IP (first master, or just first server)
+            main_server_ip ||= server.public_ipv4 if group_config&.master || i == 1
+          end
+        end
+
+        @log.success "All servers provisioned"
+        main_server_ip
+      end
+    end
+  end
+end

data/lib/nvoi/steps/services_provisioner.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # ServicesProvisioner handles deployment of additional services (redis, etc.)
+    class ServicesProvisioner
+      def initialize(config, ssh, log)
+        @config = config
+        @ssh = ssh
+        @log = log
+        @service_deployer = Deployer::ServiceDeployer.new(config, ssh, log)
+      end
+
+      def run
+        services = @config.deploy.application.services
+        return if services.empty?
+
+        @log.info "Provisioning %d additional service(s)", services.size
+
+        services.each do |service_name, service_config|
+          service_spec = service_config.to_service_spec(@config.deploy.application.name, service_name)
+          @service_deployer.deploy_service(service_name, service_spec)
+        end
+
+        @log.success "Additional services provisioned"
+      end
+    end
+  end
+end

data/lib/nvoi/steps/tunnel_configurator.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # TunnelConfigurator handles Cloudflare tunnel setup for services
+    class TunnelConfigurator
+      def initialize(config, log)
+        @config = config
+        @log = log
+
+        cf = config.cloudflare
+        @cf_client = Cloudflare::Client.new(cf.api_token, cf.account_id)
+        @tunnel_manager = Deployer::TunnelManager.new(@cf_client, log)
+      end
+
+      def run
+        @log.info "Configuring Cloudflare tunnels"
+
+        tunnels = []
+
+        @config.deploy.application.app.each do |service_name, service_config|
+          next unless service_config.domain && !service_config.domain.empty?
+          next unless service_config.port && service_config.port.positive?
+          # Allow empty subdomain or "@" for apex domain
+          next if service_config.subdomain.nil?
+
+          tunnel_info = configure_service_tunnel(service_name, service_config)
+          tunnels << tunnel_info
+        end
+
+        @log.success "All tunnels configured (%d)", tunnels.size
+        tunnels
+      end
+
+      private
+
+        def configure_service_tunnel(service_name, service_config)
+          tunnel_name = @config.namer.tunnel_name(service_name)
+          hostname = build_hostname(service_config.subdomain, service_config.domain)
+
+          # Service URL points to the K8s service
+          k8s_service_name = @config.namer.app_service_name(service_name)
+          service_url = "http://#{k8s_service_name}:#{service_config.port}"
+
+          tunnel = @tunnel_manager.setup_tunnel(tunnel_name, hostname, service_url, service_config.domain)
+
+          Deployer::TunnelInfo.new(
+            service_name:,
+            hostname:,
+            tunnel_id: tunnel.tunnel_id,
+            tunnel_token: tunnel.tunnel_token
+          )
+        end
+
+        # Build hostname from subdomain and domain
+        # Supports: "app" -> "app.example.com", "" or "@" -> "example.com", "*" -> "*.example.com"
+        def build_hostname(subdomain, domain)
+          if subdomain.nil? || subdomain.empty? || subdomain == "@"
+            domain
+          else
+            "#{subdomain}.#{domain}"
+          end
+        end
+    end
+  end
+end