@meshxdata/fops 0.1.37 → 0.1.39

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/acr-webhook-controller.yaml

@@ -0,0 +1,63 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: acr-webhook-controller
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/acr-webhook-controller
+  prune: false
+  patches:
+  - target:
+      kind: Secret
+      name: acr-pull-secret
+      namespace: acr-cache-system
+    patch: |-
+      - op: replace
+        path: /stringData/.dockerconfigjson
+        value: |
+          {
+            "auths": {
+              "meshxregistry.azurecr.io": {
+                "username": "{{ACR_USERNAME}}",
+                "password": "{{ACR_PASSWORD}}"
+              }
+            }
+          }
+  - target:
+      kind: Secret
+      name: meshxregistry-helm-secret
+      namespace: acr-cache-system
+    patch: |-
+      - op: replace
+        path: /stringData/username
+        value: "{{ACR_USERNAME}}"
+      - op: replace
+        path: /stringData/password
+        value: "{{ACR_PASSWORD}}"
+  - target:
+      kind: Deployment
+      name: acr-cache-webhook
+      namespace: acr-cache-system
+    patch: |
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: acr-cache-webhook
+      spec:
+        replicas: 3
+        template:
+          spec:
+            affinity:
+              podAntiAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchExpressions:
+                    - key: app
+                      operator: In
+                      values:
+                      - acr-cache-webhook
+                  topologyKey: kubernetes.io/hostname

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/externalsecrets.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: external-secrets
+  namespace: flux-system
+spec:
+  interval: 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/external-secrets/manifests
+  prune: false
+  dependsOn:
+    - name: acr-webhook-controller
+      namespace: flux-system

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/istio.yaml

@@ -0,0 +1,42 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: istio-operator
+  namespace: flux-system
+spec:
+  interval: 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/istio-operator
+  prune: false
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: istio-controlplane
+  namespace: flux-system
+spec:
+  dependsOn:
+    - name: istio-operator
+  interval: 10s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/istio-tenant/demo/azure/uaenorth
+  prune: false
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: jaeger
+  namespace: flux-system
+spec:
+  dependsOn:
+    - name: istio-operator
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/jaeger
+  prune: false

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/kafka.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kafka-operator
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/kafka-operator/velora
+  prune: false
+  dependsOn:
+    - name: acr-webhook-controller
+      namespace: flux-system

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/kube-reflector.yaml

@@ -0,0 +1,33 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kube-reflector
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/reflector
+  prune: false
+  targetNamespace: reflector
+  dependsOn:
+    - name: acr-webhook-controller
+      namespace: flux-system
+  patches:
+  - target:
+      kind: Secret
+      name: acr-pull-secret
+      namespace: reflector
+    patch: |-
+      - op: replace
+        path: /stringData/.dockerconfigjson
+        value: |
+          {
+            "auths": {
+              "meshxregistry.azurecr.io": {
+                "username": "{{ACR_USERNAME}}",
+                "password": "{{ACR_PASSWORD}}"
+              }
+            }
+          }

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/kubecost.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kubecost
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/kubecost/{{CLUSTER_NAME}}
+  prune: false

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/nats-server.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: nats-server
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/nats-server/velora
+  prune: false
+  dependsOn:
+    - name: acr-webhook-controller
+      namespace: flux-system

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/prometheus-agent.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: prometheus-agent
+  namespace: flux-system
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/prometheus-agent
+  prune: false
+  patches:
+    - target:
+        kind: ConfigMap
+        name: prometheus-agent-server
+      patch: |
+        apiVersion: v1
+        kind: ConfigMap
+        metadata:
+          name: prometheus-agent-server
+          namespace: monitoring
+        data:
+          prometheus.yml: |
+            global:
+              scrape_interval: 15s
+              evaluation_interval: 30s
+            scrape_configs:
+              - job_name: "{{CLUSTER_NAME}}-nats-exporter"
+                static_configs:
+                  - targets: ["nats.nats.svc.cluster.local:7777"]
+            remote_write:
+              - url: "http://central-live-prometheus.privatelink.uaenorth.azmk8s.io/api/v1/write"

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/reloader.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: reloader
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/reloader
+  prune: false

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/spark.yaml

@@ -0,0 +1,112 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: spark
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/spark-operator/launchpad
+  prune: false
+  dependsOn:
+    - name: velora
+      namespace: flux-system
+    - name: acr-webhook-controller
+      namespace: flux-system
+  patches:
+    - target:
+        kind: HelmRelease
+        name: spark-operator
+        namespace: flux-system
+      patch: |-
+        apiVersion: helm.toolkit.fluxcd.io/v2
+        kind: HelmRelease
+        metadata:
+          name: spark-operator
+          namespace: flux-system
+        spec:
+          values:
+            image:
+              pullSecrets:
+                - name: ecr-credentials
+            spark:
+              jobNamespaces:
+                - velora
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: job-creator
+  namespace: velora
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["create", "delete", "get"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods/status"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["sparkoperator.k8s.io"]
+  resources: ["sparkapplications"]
+  verbs: ["create", "delete", "get"]
+- apiGroups: ["sparkoperator.k8s.io"]
+  resources: ["scheduledsparkapplications"]
+  verbs: ["create", "delete", "get", "patch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "delete", "get", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: create-jobs
+  namespace: velora
+subjects:
+- kind: Group
+  name: system:serviceaccounts:foundation
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: job-creator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: spark
+  namespace: velora
+subjects:
+  - kind: Group
+    name: system:serviceaccounts:foundation
+roleRef:
+  kind: ClusterRole
+  name: job-creator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: allow-velora-sas-in-spark-jobs
+  namespace: spark-jobs
+subjects:
+- kind: Group
+  name: system:serviceaccounts:velora
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: job-creator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: spark-jobs
+  labels:
+    name: spark-jobs

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/tailscale.yaml

@@ -0,0 +1,67 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: tailscale-operator
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/tailscale/operator
+  prune: false
+  dependsOn:
+    - name: acr-webhook-controller
+      namespace: flux-system
+  patches:
+    - target:
+        kind: HelmRelease
+        name: tailscale-operator
+        namespace: flux-system
+      patch: |-
+        apiVersion: helm.toolkit.fluxcd.io/v2
+        kind: HelmRelease
+        metadata:
+          name: tailscale-operator
+          namespace: flux-system
+        spec:
+          values:
+            oauth:
+              clientId: "{{TAILSCALE_CLIENT_ID}}"
+              clientSecret: "{{TAILSCALE_CLIENT_SECRET}}"
+            operatorConfig:
+              hostname: "{{CLUSTER_NAME}}"
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: tailscale-connector
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/tailscale/connector
+  prune: false
+  dependsOn:
+    - name: tailscale-operator
+  patches:
+  - target:
+      kind: Connector
+      name: default-connector
+      namespace: tailscale
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: "{{CLUSTER_NAME}}"
+      - op: replace
+        path: /spec/hostname
+        value: "{{CLUSTER_NAME}}"
+      - op: replace
+        path: /spec/exitNode
+        value: true
+      - op: replace
+        path: /spec/subnetRouter/advertiseRoutes
+        value:
+        - 10.50.0.0/16

package/src/plugins/bundled/fops-plugin-azure/templates/cluster/operator/vertical-pod-autoscaler.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: vertical-pod-autoscaler
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/vertical-pod-autoscaler/overlays/{{OVERLAY}}
+  prune: false
+  dependsOn:
+    - name: acr-webhook-controller
+      namespace: flux-system

package/src/plugins/bundled/fops-plugin-foundation/index.js

@@ -986,23 +986,44 @@ app.run()
       .option("--url <url>", "Override the backend API URL")
       .action(async (opts) => {
         const { spawn } = await import("node:child_process");
-        const { writeFileSync, existsSync, realpathSync, readFileSync } = await import("node:fs");
+        const { writeFileSync, existsSync, realpathSync, readFileSync, unlinkSync, mkdirSync } = await import("node:fs");
         const { tmpdir, homedir } = await import("node:os");
         const { join, dirname } = await import("node:path");
         const { findComposeRoot } = await import("./lib/tools-write.js");
 
+        // ── Singleton: kill any existing tray process ──────────────────────────
+        const pidDir = join(homedir(), ".fops");
+        const pidFile = join(pidDir, "tray.pid");
+        if (existsSync(pidFile)) {
+          try {
+            const oldPid = parseInt(readFileSync(pidFile, "utf8").trim(), 10);
+            if (oldPid) process.kill(oldPid, "SIGTERM");
+          } catch {
+            // process already gone — ignore
+          }
+          try { unlinkSync(pidFile); } catch {}
+        }
+
         const composeRoot = program._fopsRoot || findComposeRoot() || "";
 
         let apiUrl = opts.url || process.env.FOPS_API_URL || "http://127.0.0.1:9001";
 
-        // Current fops version
+        // Current fops version — resolve from the running binary's location
         let fopsVersion = "0.0.0";
         try {
-          const pluginsNodeModules2 = join(homedir(), ".fops", "plugins", "node_modules");
-          const fopsRoot2 = dirname(realpathSync(pluginsNodeModules2));
+          // process.argv[1] is the path to fops.mjs; package.json sits next to it
+          const fopsRoot2 = dirname(realpathSync(process.argv[1]));
           const pkgJson = JSON.parse(readFileSync(join(fopsRoot2, "package.json"), "utf8"));
           fopsVersion = pkgJson.version || "0.0.0";
-        } catch { /* fallback */ }
+        } catch {
+          // Fallback: try the plugins node_modules path
+          try {
+            const pluginsNodeModules2 = join(homedir(), ".fops", "plugins", "node_modules");
+            const fopsRoot2 = dirname(realpathSync(pluginsNodeModules2));
+            const pkgJson = JSON.parse(readFileSync(join(fopsRoot2, "package.json"), "utf8"));
+            fopsVersion = pkgJson.version || "0.0.0";
+          } catch { /* stay at 0.0.0 */ }
+        }
 
         // Resolve icon
         let iconPath = "";
@@ -1227,6 +1248,8 @@ $tray.Visible = $false
             env: trayEnv,
             windowsHide: true,
           });
+          if (!existsSync(pidDir)) mkdirSync(pidDir, { recursive: true });
+          writeFileSync(pidFile, String(winChild.pid));
           winChild.unref();
           return;
         }
@@ -1449,6 +1472,8 @@ menu.addItem(NSMenuItem.separator())
 let updateItem = NSMenuItem(title: "", action: #selector(AppDelegate.runUpdate), keyEquivalent: "")
 updateItem.isHidden = true
 menu.addItem(updateItem)
+let checkUpdateItem = NSMenuItem(title: "Check for updates", action: #selector(AppDelegate.checkForUpdateManual), keyEquivalent: "")
+menu.addItem(checkUpdateItem)
 
 menu.addItem(NSMenuItem.separator())
 menu.addItem(NSMenuItem(title: "Quit", action: #selector(NSApplication.terminate(_:)), keyEquivalent: "q"))
@@ -1467,9 +1492,9 @@ class AppDelegate: NSObject, NSApplicationDelegate, NSMenuDelegate {
         refresh()
         let pollTimer = Timer(timeInterval: 8, repeats: true) { _ in self.refresh() }
         RunLoop.main.add(pollTimer, forMode: .common)
-        // Check for updates on launch, then every hour
+        // Check for updates on launch, then every 15 minutes
         checkForUpdate()
-        let updateTimer = Timer(timeInterval: 3600, repeats: true) { _ in self.checkForUpdate() }
+        let updateTimer = Timer(timeInterval: 900, repeats: true) { _ in self.checkForUpdate() }
         RunLoop.main.add(updateTimer, forMode: .common)
     }
 
@@ -1526,6 +1551,16 @@ class AppDelegate: NSObject, NSApplicationDelegate, NSMenuDelegate {
         RunLoop.main.add(pulse, forMode: .common)
     }
 
+    @objc func checkForUpdateManual() {
+        checkUpdateItem.title = "Checking…"
+        checkUpdateItem.isEnabled = false
+        checkForUpdate()
+        DispatchQueue.main.asyncAfter(deadline: .now() + 3) {
+            checkUpdateItem.title = "Check for updates"
+            checkUpdateItem.isEnabled = true
+        }
+    }
+
     @objc func runUpdate() {
         updateItem.title = "⬆ Updating…"
         updateItem.isEnabled = false
@@ -1975,6 +2010,8 @@ app.run()
           detached: true,
           env: trayEnv,
         });
+        if (!existsSync(pidDir)) mkdirSync(pidDir, { recursive: true });
+        writeFileSync(pidFile, String(child.pid));
         child.unref();
       });
   });

package/src/plugins/loader.js

@@ -156,21 +156,38 @@ function parseFrontmatter(content) {
 // Alias for backward compatibility
 const parseSkillFrontmatter = parseFrontmatter;
 
+/**
+ * Plugins that are disabled by default and must be explicitly enabled via
+ * `fops plugin enable <id>` or by setting `enabled: true` in ~/.fops.json.
+ */
+const DEFAULT_DISABLED = new Set([
+  "fops-plugin-teleport",
+  "coda",
+  "fops-plugin-github-roles",
+  "fops-plugin-ecr",
+  "fops-plugin-vm-users",
+  "fops-plugin-aws",
+  "fops-plugin-dai-ttyd",
+]);
+
 /**
  * Check if a plugin is enabled in ~/.fops.json.
- * Default: enabled unless explicitly set to false.
+ * Plugins in DEFAULT_DISABLED are off unless explicitly enabled.
+ * All other plugins are on unless explicitly disabled.
  */
 function isPluginEnabled(pluginId) {
   try {
     const fopsConfig = path.join(os.homedir(), ".fops.json");
-    if (!fs.existsSync(fopsConfig)) return true;
-    const raw = JSON.parse(fs.readFileSync(fopsConfig, "utf8"));
-    const entry = raw?.plugins?.entries?.[pluginId];
-    if (entry && entry.enabled === false) return false;
+    if (fs.existsSync(fopsConfig)) {
+      const raw = JSON.parse(fs.readFileSync(fopsConfig, "utf8"));
+      const entry = raw?.plugins?.entries?.[pluginId];
+      if (entry?.enabled === false) return false;
+      if (entry?.enabled === true) return true;
+    }
   } catch {
     // ignore parse errors
   }
-  return true;
+  return !DEFAULT_DISABLED.has(pluginId);
 }
 
 /**