@pleri/olam-cli 0.1.158 → 0.1.159
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/doctor.d.ts +21 -10
- package/dist/commands/doctor.d.ts.map +1 -1
- package/dist/commands/doctor.js +95 -39
- package/dist/commands/doctor.js.map +1 -1
- package/dist/image-digests.json +7 -7
- package/dist/index.js +593 -234
- package/dist/index.js.map +1 -1
- package/dist/lib/host-side-proxy.d.ts +67 -0
- package/dist/lib/host-side-proxy.d.ts.map +1 -0
- package/dist/lib/host-side-proxy.js +177 -0
- package/dist/lib/host-side-proxy.js.map +1 -0
- package/dist/lib/upgrade-kubernetes.d.ts +13 -12
- package/dist/lib/upgrade-kubernetes.d.ts.map +1 -1
- package/dist/lib/upgrade-kubernetes.js +87 -134
- package/dist/lib/upgrade-kubernetes.js.map +1 -1
- package/hermes-bundle/version.json +1 -1
- package/host-cp/k8s/host-side/docker-socket-proxy.compose.yaml +58 -0
- package/host-cp/k8s/manifests/50-deployment.yaml +47 -70
- package/host-cp/k8s/manifests/auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml +37 -0
- package/host-cp/k8s/manifests/kg-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/memory-service/50-deployment.yaml +1 -1
- package/host-cp/src/server.mjs +9 -0
- package/host-cp/src/tasks-route.mjs +191 -0
- package/package.json +1 -1
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* host-side-proxy.ts — Phase A A3 of olam-k3d-on-mac-substrate-decision.
|
|
3
|
+
*
|
|
4
|
+
* Manages the host-side `tecnativa/docker-socket-proxy` container that
|
|
5
|
+
* fronts the operator's docker daemon on macOS+colima+virtiofs. Wraps
|
|
6
|
+
* `docker compose -f <yaml> {up,down,ps}` calls with idempotent semantics.
|
|
7
|
+
*
|
|
8
|
+
* Background — round-4 wave-2 R4-W2-F: an in-cluster docker-socket-proxy
|
|
9
|
+
* Pod would itself need a hostPath bind mount of /var/run/docker.sock and
|
|
10
|
+
* hit virtiofs ENOTSUP. The proxy MUST live on the operator's docker
|
|
11
|
+
* daemon (sibling to k3d), not inside the k3d cluster. This helper is
|
|
12
|
+
* what `olam upgrade` Step 0.7 calls to ensure that sibling container
|
|
13
|
+
* is running before host-cp pods reference the in-cluster ExternalName
|
|
14
|
+
* Service (packages/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml).
|
|
15
|
+
*
|
|
16
|
+
* The compose yaml managed here:
|
|
17
|
+
* packages/host-cp/k8s/host-side/docker-socket-proxy.compose.yaml
|
|
18
|
+
*
|
|
19
|
+
* Resolution: shipped in the npm tarball via packages/cli/package.json's
|
|
20
|
+
* `files` glob; resolved at runtime relative to the CLI's install location
|
|
21
|
+
* via resolveHostSideProxyComposePath (read by callers; this module
|
|
22
|
+
* accepts the path as a dep for testability).
|
|
23
|
+
*
|
|
24
|
+
* Idempotency: `docker compose up -d` is idempotent at the docker level
|
|
25
|
+
* (running container → no-op success). `docker compose down` removes
|
|
26
|
+
* the container even if absent. `ps` returns running/stopped/absent.
|
|
27
|
+
*
|
|
28
|
+
* D20 stdin-safe: this module never accepts secret values as argv; the
|
|
29
|
+
* proxy container has no secrets. Plain `docker compose` invocation.
|
|
30
|
+
*/
|
|
31
|
+
import { spawnSync } from 'node:child_process';
|
|
32
|
+
export type ProxyStatus = 'running' | 'stopped' | 'unknown';
|
|
33
|
+
export interface HostSideProxyDeps {
|
|
34
|
+
/** Spawn wrapper for testability. Defaults to node:child_process spawnSync. */
|
|
35
|
+
readonly spawnSyncImpl?: typeof spawnSync;
|
|
36
|
+
/** DOCKER_CONTEXT env override (e.g. "colima"). When unset, inherits process env. */
|
|
37
|
+
readonly dockerContext?: string;
|
|
38
|
+
}
|
|
39
|
+
export interface HostSideProxyResult {
|
|
40
|
+
readonly ok: boolean;
|
|
41
|
+
/** Structured remediation string surfaced when ok=false. */
|
|
42
|
+
readonly reason?: string;
|
|
43
|
+
}
|
|
44
|
+
export interface HostSideProxyStatusResult {
|
|
45
|
+
readonly ok: boolean;
|
|
46
|
+
readonly status: ProxyStatus;
|
|
47
|
+
readonly reason?: string;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Start the host-side proxy container. Idempotent: running container
|
|
51
|
+
* → no-op success.
|
|
52
|
+
*
|
|
53
|
+
* @param composePath Absolute path to docker-socket-proxy.compose.yaml.
|
|
54
|
+
*/
|
|
55
|
+
export declare function startHostSideProxy(composePath: string, deps?: HostSideProxyDeps): HostSideProxyResult;
|
|
56
|
+
/**
|
|
57
|
+
* Stop the host-side proxy container. Idempotent: absent container
|
|
58
|
+
* → no-op success.
|
|
59
|
+
*/
|
|
60
|
+
export declare function stopHostSideProxy(composePath: string, deps?: HostSideProxyDeps): HostSideProxyResult;
|
|
61
|
+
/**
|
|
62
|
+
* Status of the host-side proxy container. Returns 'running' / 'stopped' /
|
|
63
|
+
* 'unknown' based on `docker compose ps --format json`. 'unknown' indicates
|
|
64
|
+
* a probe failure (plugin absent, daemon unreachable, malformed output).
|
|
65
|
+
*/
|
|
66
|
+
export declare function statusHostSideProxy(composePath: string, deps?: HostSideProxyDeps): HostSideProxyStatusResult;
|
|
67
|
+
//# sourceMappingURL=host-side-proxy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"host-side-proxy.d.ts","sourceRoot":"","sources":["../../src/lib/host-side-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAE5D,MAAM,WAAW,iBAAiB;IAChC,+EAA+E;IAC/E,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,SAAS,CAAC;IAC1C,qFAAqF;IACrF,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AA6BD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE,iBAAsB,GAC3B,mBAAmB,CA4BrB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE,iBAAsB,GAC3B,mBAAmB,CAyBrB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE,iBAAsB,GAC3B,yBAAyB,CAiD3B"}
|
|
@@ -0,0 +1,177 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* host-side-proxy.ts — Phase A A3 of olam-k3d-on-mac-substrate-decision.
|
|
3
|
+
*
|
|
4
|
+
* Manages the host-side `tecnativa/docker-socket-proxy` container that
|
|
5
|
+
* fronts the operator's docker daemon on macOS+colima+virtiofs. Wraps
|
|
6
|
+
* `docker compose -f <yaml> {up,down,ps}` calls with idempotent semantics.
|
|
7
|
+
*
|
|
8
|
+
* Background — round-4 wave-2 R4-W2-F: an in-cluster docker-socket-proxy
|
|
9
|
+
* Pod would itself need a hostPath bind mount of /var/run/docker.sock and
|
|
10
|
+
* hit virtiofs ENOTSUP. The proxy MUST live on the operator's docker
|
|
11
|
+
* daemon (sibling to k3d), not inside the k3d cluster. This helper is
|
|
12
|
+
* what `olam upgrade` Step 0.7 calls to ensure that sibling container
|
|
13
|
+
* is running before host-cp pods reference the in-cluster ExternalName
|
|
14
|
+
* Service (packages/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml).
|
|
15
|
+
*
|
|
16
|
+
* The compose yaml managed here:
|
|
17
|
+
* packages/host-cp/k8s/host-side/docker-socket-proxy.compose.yaml
|
|
18
|
+
*
|
|
19
|
+
* Resolution: shipped in the npm tarball via packages/cli/package.json's
|
|
20
|
+
* `files` glob; resolved at runtime relative to the CLI's install location
|
|
21
|
+
* via resolveHostSideProxyComposePath (read by callers; this module
|
|
22
|
+
* accepts the path as a dep for testability).
|
|
23
|
+
*
|
|
24
|
+
* Idempotency: `docker compose up -d` is idempotent at the docker level
|
|
25
|
+
* (running container → no-op success). `docker compose down` removes
|
|
26
|
+
* the container even if absent. `ps` returns running/stopped/absent.
|
|
27
|
+
*
|
|
28
|
+
* D20 stdin-safe: this module never accepts secret values as argv; the
|
|
29
|
+
* proxy container has no secrets. Plain `docker compose` invocation.
|
|
30
|
+
*/
|
|
31
|
+
import { spawnSync } from 'node:child_process';
|
|
32
|
+
/**
|
|
33
|
+
* Probe `docker compose version`. Returns ok=false with remediation when
|
|
34
|
+
* the compose plugin is absent. Required preflight before up/down/ps.
|
|
35
|
+
*/
|
|
36
|
+
function probeDockerCompose(deps) {
|
|
37
|
+
const spawn = deps.spawnSyncImpl ?? spawnSync;
|
|
38
|
+
const env = deps.dockerContext !== undefined
|
|
39
|
+
? { ...process.env, DOCKER_CONTEXT: deps.dockerContext }
|
|
40
|
+
: process.env;
|
|
41
|
+
const r = spawn('docker', ['compose', 'version'], {
|
|
42
|
+
env,
|
|
43
|
+
encoding: 'utf8',
|
|
44
|
+
timeout: 5000,
|
|
45
|
+
});
|
|
46
|
+
if (r.error !== undefined || r.status !== 0) {
|
|
47
|
+
return {
|
|
48
|
+
ok: false,
|
|
49
|
+
reason: 'docker compose plugin not found. Install via `brew install docker-compose` ' +
|
|
50
|
+
'or the Docker Desktop installer. The legacy `docker-compose` binary is NOT ' +
|
|
51
|
+
'a substitute — olam requires `docker compose` (v2 plugin) for the host-side ' +
|
|
52
|
+
'docker-socket-proxy lifecycle on macOS.',
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
return { ok: true };
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Start the host-side proxy container. Idempotent: running container
|
|
59
|
+
* → no-op success.
|
|
60
|
+
*
|
|
61
|
+
* @param composePath Absolute path to docker-socket-proxy.compose.yaml.
|
|
62
|
+
*/
|
|
63
|
+
export function startHostSideProxy(composePath, deps = {}) {
|
|
64
|
+
const probe = probeDockerCompose(deps);
|
|
65
|
+
if (!probe.ok) {
|
|
66
|
+
return probe;
|
|
67
|
+
}
|
|
68
|
+
const spawn = deps.spawnSyncImpl ?? spawnSync;
|
|
69
|
+
const env = deps.dockerContext !== undefined
|
|
70
|
+
? { ...process.env, DOCKER_CONTEXT: deps.dockerContext }
|
|
71
|
+
: process.env;
|
|
72
|
+
const r = spawn('docker', ['compose', '-f', composePath, 'up', '-d'], {
|
|
73
|
+
env,
|
|
74
|
+
encoding: 'utf8',
|
|
75
|
+
timeout: 60_000,
|
|
76
|
+
});
|
|
77
|
+
if (r.error !== undefined) {
|
|
78
|
+
return { ok: false, reason: `docker compose up failed: ${r.error.message}` };
|
|
79
|
+
}
|
|
80
|
+
if (r.status !== 0) {
|
|
81
|
+
const stderr = (r.stderr ?? '').toString().trim();
|
|
82
|
+
return {
|
|
83
|
+
ok: false,
|
|
84
|
+
reason: `docker compose -f ${composePath} up -d exited ${r.status ?? 'null'}: ${stderr || '(no stderr)'}. ` +
|
|
85
|
+
`Check: \`docker context ls\` shows colima active; \`docker info\` succeeds; the compose ` +
|
|
86
|
+
`file exists at the printed path.`,
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
return { ok: true };
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Stop the host-side proxy container. Idempotent: absent container
|
|
93
|
+
* → no-op success.
|
|
94
|
+
*/
|
|
95
|
+
export function stopHostSideProxy(composePath, deps = {}) {
|
|
96
|
+
const probe = probeDockerCompose(deps);
|
|
97
|
+
if (!probe.ok) {
|
|
98
|
+
return probe;
|
|
99
|
+
}
|
|
100
|
+
const spawn = deps.spawnSyncImpl ?? spawnSync;
|
|
101
|
+
const env = deps.dockerContext !== undefined
|
|
102
|
+
? { ...process.env, DOCKER_CONTEXT: deps.dockerContext }
|
|
103
|
+
: process.env;
|
|
104
|
+
const r = spawn('docker', ['compose', '-f', composePath, 'down'], {
|
|
105
|
+
env,
|
|
106
|
+
encoding: 'utf8',
|
|
107
|
+
timeout: 30_000,
|
|
108
|
+
});
|
|
109
|
+
if (r.error !== undefined) {
|
|
110
|
+
return { ok: false, reason: `docker compose down failed: ${r.error.message}` };
|
|
111
|
+
}
|
|
112
|
+
if (r.status !== 0) {
|
|
113
|
+
const stderr = (r.stderr ?? '').toString().trim();
|
|
114
|
+
return {
|
|
115
|
+
ok: false,
|
|
116
|
+
reason: `docker compose down exited ${r.status ?? 'null'}: ${stderr || '(no stderr)'}.`,
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
return { ok: true };
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Status of the host-side proxy container. Returns 'running' / 'stopped' /
|
|
123
|
+
* 'unknown' based on `docker compose ps --format json`. 'unknown' indicates
|
|
124
|
+
* a probe failure (plugin absent, daemon unreachable, malformed output).
|
|
125
|
+
*/
|
|
126
|
+
export function statusHostSideProxy(composePath, deps = {}) {
|
|
127
|
+
const probe = probeDockerCompose(deps);
|
|
128
|
+
if (!probe.ok) {
|
|
129
|
+
return { ok: false, status: 'unknown', reason: probe.reason };
|
|
130
|
+
}
|
|
131
|
+
const spawn = deps.spawnSyncImpl ?? spawnSync;
|
|
132
|
+
const env = deps.dockerContext !== undefined
|
|
133
|
+
? { ...process.env, DOCKER_CONTEXT: deps.dockerContext }
|
|
134
|
+
: process.env;
|
|
135
|
+
const r = spawn('docker', ['compose', '-f', composePath, 'ps', '--format', 'json'], {
|
|
136
|
+
env,
|
|
137
|
+
encoding: 'utf8',
|
|
138
|
+
timeout: 10_000,
|
|
139
|
+
});
|
|
140
|
+
if (r.error !== undefined || r.status !== 0) {
|
|
141
|
+
return {
|
|
142
|
+
ok: false,
|
|
143
|
+
status: 'unknown',
|
|
144
|
+
reason: `docker compose ps failed: ${(r.stderr ?? r.error?.message ?? '(no detail)').toString().trim()}`,
|
|
145
|
+
};
|
|
146
|
+
}
|
|
147
|
+
const stdout = (r.stdout ?? '').toString().trim();
|
|
148
|
+
if (stdout === '' || stdout === '[]') {
|
|
149
|
+
return { ok: true, status: 'stopped' };
|
|
150
|
+
}
|
|
151
|
+
// Compose v2 `--format json` emits either a JSON array OR newline-delimited
|
|
152
|
+
// JSON objects depending on plugin version. Handle both.
|
|
153
|
+
try {
|
|
154
|
+
const parsed = stdout.startsWith('[')
|
|
155
|
+
? JSON.parse(stdout)
|
|
156
|
+
: stdout.split('\n').filter((line) => line.trim() !== '').map((line) => JSON.parse(line));
|
|
157
|
+
if (!Array.isArray(parsed) || parsed.length === 0) {
|
|
158
|
+
return { ok: true, status: 'stopped' };
|
|
159
|
+
}
|
|
160
|
+
const allRunning = parsed.every((entry) => {
|
|
161
|
+
if (typeof entry !== 'object' || entry === null) {
|
|
162
|
+
return false;
|
|
163
|
+
}
|
|
164
|
+
const state = entry.State;
|
|
165
|
+
return typeof state === 'string' && state.toLowerCase() === 'running';
|
|
166
|
+
});
|
|
167
|
+
return { ok: true, status: allRunning ? 'running' : 'stopped' };
|
|
168
|
+
}
|
|
169
|
+
catch {
|
|
170
|
+
return {
|
|
171
|
+
ok: false,
|
|
172
|
+
status: 'unknown',
|
|
173
|
+
reason: 'docker compose ps emitted unparseable JSON; check `docker compose version`.',
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
//# sourceMappingURL=host-side-proxy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"host-side-proxy.js","sourceRoot":"","sources":["../../src/lib/host-side-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAuB/C;;;GAGG;AACH,SAAS,kBAAkB,CAAC,IAAuB;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,KAAK,SAAS;QAC1C,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,CAAC,aAAa,EAAE;QACxD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChB,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE;QAChD,GAAG;QACH,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,6EAA6E;gBAC7E,6EAA6E;gBAC7E,8EAA8E;gBAC9E,yCAAyC;SAC5C,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,WAAmB,EACnB,OAA0B,EAAE;IAE5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,KAAK,SAAS;QAC1C,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,CAAC,aAAa,EAAE;QACxD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChB,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;QACpE,GAAG;QACH,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;IAC/E,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EACJ,qBAAqB,WAAW,iBAAiB,CAAC,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,aAAa,IAAI;gBACnG,0FAA0F;gBAC1F,kCAAkC;SACrC,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAmB,EACnB,OAA0B,EAAE;IAE5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,KAAK,SAAS;QAC1C,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,CAAC,aAAa,EAAE;QACxD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChB,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,EAAE;QAChE,GAAG;QACH,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;IACjF,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,8BAA8B,CAAC,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,aAAa,GAAG;SACxF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,WAAmB,EACnB,OAA0B,EAAE;IAE5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IAChE,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,KAAK,SAAS;QAC1C,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,CAAC,aAAa,EAAE;QACxD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChB,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE;QAClF,GAAG;QACH,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,6BAA6B,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,EAAE,OAAO,IAAI,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE;SACzG,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IAClD,IAAI,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACrC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACzC,CAAC;IACD,4EAA4E;IAC5E,yDAAyD;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,GAAY,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;YACpB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5F,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QACzC,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;YACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAChD,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,GAAI,KAA6B,CAAC,KAAK,CAAC;YACnD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC;QACxE,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,6EAA6E;SACtF,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
@@ -23,12 +23,19 @@
|
|
|
23
23
|
* D27 — audit log entry (phase2.flag_removed) emitted per upgrade run
|
|
24
24
|
*
|
|
25
25
|
* Step order (Phase D — kubernetes substrate, Phase 2 GA):
|
|
26
|
-
* 0.5 D4 k3d node docker socket bind-mount preflight (Decision #11 backward-compat surface)
|
|
27
26
|
* 0 probeKubernetesApiReachable — 5s timeout kubectl cluster-info
|
|
27
|
+
* (Step 0.5 D4 k3d node bind-mount preflight REMOVED in
|
|
28
|
+
* olam-k3d-on-mac-substrate-decision Phase B B3 — R3-A retracted.)
|
|
28
29
|
* 0.5b B4 ensureK8sBootstrap (namespace + RBAC + ConfigMap + PVC + secrets)
|
|
29
30
|
* 0.6 R3-C create/update ghcr-pull imagePullSecret in olam namespace (when GH_TOKEN available)
|
|
30
31
|
* NOTE: relocated from pre-step 0.4 to post-bootstrap (R4-W2-A) — the
|
|
31
32
|
* `olam` namespace must exist before kubectl can create the secret.
|
|
33
|
+
* 0.7 olam-k3d-on-mac-substrate-decision Phase A — host-side docker-
|
|
34
|
+
* socket-proxy auto-start on macOS (Decision #1 + #3). Linux substrate
|
|
35
|
+
* is a no-op. Resolves R4-W2-F (virtiofs ENOTSUP on stat of docker.sock
|
|
36
|
+
* hostPath bind mounts) by routing host-cp's docker access through a
|
|
37
|
+
* host-side proxy container reachable via in-cluster ExternalName
|
|
38
|
+
* Service (host.k3d.internal:2375).
|
|
32
39
|
* 1 D10 context-allowlist + OLAM_K8S_CONTEXT_ACK strict-equality byte-for-byte
|
|
33
40
|
* 2 D12 Secret pre-check (olam-host-cp-secret; base64-decode; key-name check)
|
|
34
41
|
* 2.6 C2 per-peripheral Secret pre-check (iterates PERIPHERALS; unconditional — D5)
|
|
@@ -100,9 +107,11 @@ export interface UpgradeKubernetesDeps {
|
|
|
100
107
|
*/
|
|
101
108
|
readonly getClusterServerUrlImpl?: () => Promise<string | null>;
|
|
102
109
|
/**
|
|
103
|
-
* D7
|
|
104
|
-
*
|
|
105
|
-
*
|
|
110
|
+
* D7 (RETIRED in olam-k3d-on-mac-substrate-decision Phase B B3): the
|
|
111
|
+
* docker socket accessibility preflight is gone (host-cp no longer mounts
|
|
112
|
+
* docker.sock — it talks TCP to docker-socket-proxy). Field kept in the
|
|
113
|
+
* interface so existing test injections compile; the value is never read.
|
|
114
|
+
* New tests should not inject this field.
|
|
106
115
|
*/
|
|
107
116
|
readonly checkDockerSocketImpl?: (context: string) => Promise<boolean>;
|
|
108
117
|
/**
|
|
@@ -126,14 +135,6 @@ export interface UpgradeKubernetesDeps {
|
|
|
126
135
|
*/
|
|
127
136
|
readonly ghTokenOverride?: string;
|
|
128
137
|
readonly ghTokenOverrideActive?: boolean;
|
|
129
|
-
/**
|
|
130
|
-
* Phase D D4: override for k3d node mount detection (step 0.5 preflight).
|
|
131
|
-
* Returns 'new-form' when /host-colima/ bind is present (correct),
|
|
132
|
-
* 'old-form' when /var/run/docker.sock direct file-bind is present (broken on colima),
|
|
133
|
-
* or 'none' when neither is detectable (non-k3d or bare k3s cluster — warn only).
|
|
134
|
-
* Tests inject a mock to avoid real `docker inspect` invocations.
|
|
135
|
-
*/
|
|
136
|
-
readonly checkK3dNodeMountsImpl?: () => Promise<'new-form' | 'old-form' | 'none'>;
|
|
137
138
|
}
|
|
138
139
|
export interface UpgradeKubernetesOpts {
|
|
139
140
|
readonly forceRefreshManifests?: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/upgrade-kubernetes.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"upgrade-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/upgrade-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAS9B,OAAO,EAAE,WAAW,EAAwB,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,wBAAwB,EAAE,KAAK,eAAe,EAAE,KAAK,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AACrK,OAAO,EAAE,mBAAmB,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAA4B,KAAK,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAItI,OAAO,EAAE,kBAAkB,EAAwB,KAAK,aAAa,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAgBtH,eAAO,MAAM,sBAAsB,QAA2C,CAAC;AAC/E,eAAO,MAAM,aAAa,SAAS,CAAC;AACpC,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AACzD,eAAO,MAAM,uBAAuB,iBAAiB,CAAC;AACtD,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAC1D,eAAO,MAAM,kBAAkB,kCAAkC,CAAC;AAElE,oDAAoD;AACpD,eAAO,MAAM,mBAAmB,QAAqD,CAAC;AA2HtF,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,WAAW,CAAC;IAC9C,2CAA2C;IAC3C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,gBAAgB,CAAC;IACxD,yDAAyD;IACzD,QAAQ,CAAC,kCAAkC,CAAC,EAAE,OAAO,8BAA8B,CAAC;IACpF,mDAAmD;IACnD,QAAQ,CAAC,4BAA4B,CAAC,EAAE,OAAO,wBAAwB,CAAC;IACxE,wDAAwD;IACxD,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5E,8CAA8C;IAC9C,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,mBAAmB,CAAC;IAC/C,2CAA2C;IAC3C,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACzD,2CAA2C;IAC3C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,uBAAuB,CAAC;IAC5D,sFAAsF;IACtF,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IAC/C,6CAA6C;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,yEAAyE;IACzE,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAC3C,iGAAiG;IACjG,QAAQ,CAAC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IAC/D,oCAAoC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAC7B,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC,YAAY,CAAC;IACnD,yDAAyD;IACzD,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,MAAM,CAAC;IAChC;;;;OAIG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAChE;;;;;;OAMG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvE;;;OAGG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACtD,sDAAsD;IACtD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAC7C;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;CAK1C;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAC5C,wFAAwF;IACxF,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAgYD;;;;GAIG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,GAAE,qBAA0B,EAChC,IAAI,GAAE,qBAA0B,GAC/B,OAAO,CAAC,uBAAuB,CAAC,CAwblC"}
|
|
@@ -23,12 +23,19 @@
|
|
|
23
23
|
* D27 — audit log entry (phase2.flag_removed) emitted per upgrade run
|
|
24
24
|
*
|
|
25
25
|
* Step order (Phase D — kubernetes substrate, Phase 2 GA):
|
|
26
|
-
* 0.5 D4 k3d node docker socket bind-mount preflight (Decision #11 backward-compat surface)
|
|
27
26
|
* 0 probeKubernetesApiReachable — 5s timeout kubectl cluster-info
|
|
27
|
+
* (Step 0.5 D4 k3d node bind-mount preflight REMOVED in
|
|
28
|
+
* olam-k3d-on-mac-substrate-decision Phase B B3 — R3-A retracted.)
|
|
28
29
|
* 0.5b B4 ensureK8sBootstrap (namespace + RBAC + ConfigMap + PVC + secrets)
|
|
29
30
|
* 0.6 R3-C create/update ghcr-pull imagePullSecret in olam namespace (when GH_TOKEN available)
|
|
30
31
|
* NOTE: relocated from pre-step 0.4 to post-bootstrap (R4-W2-A) — the
|
|
31
32
|
* `olam` namespace must exist before kubectl can create the secret.
|
|
33
|
+
* 0.7 olam-k3d-on-mac-substrate-decision Phase A — host-side docker-
|
|
34
|
+
* socket-proxy auto-start on macOS (Decision #1 + #3). Linux substrate
|
|
35
|
+
* is a no-op. Resolves R4-W2-F (virtiofs ENOTSUP on stat of docker.sock
|
|
36
|
+
* hostPath bind mounts) by routing host-cp's docker access through a
|
|
37
|
+
* host-side proxy container reachable via in-cluster ExternalName
|
|
38
|
+
* Service (host.k3d.internal:2375).
|
|
32
39
|
* 1 D10 context-allowlist + OLAM_K8S_CONTEXT_ACK strict-equality byte-for-byte
|
|
33
40
|
* 2 D12 Secret pre-check (olam-host-cp-secret; base64-decode; key-name check)
|
|
34
41
|
* 2.6 C2 per-peripheral Secret pre-check (iterates PERIPHERALS; unconditional — D5)
|
|
@@ -51,7 +58,8 @@ import { parse as yamlParse, stringify as yamlStringify } from 'yaml';
|
|
|
51
58
|
import ora from 'ora';
|
|
52
59
|
import pc from 'picocolors';
|
|
53
60
|
import { printError, printSuccess, printInfo, printWarning } from '../output.js';
|
|
54
|
-
|
|
61
|
+
// buildDockerSocketRemedy + defaultDetectK8sClusterType removed in
|
|
62
|
+
// olam-k3d-on-mac-substrate-decision Phase B B3 — Pre-step 0b retracted.
|
|
55
63
|
import { kubectlWrap } from './kubectl-wrap.js';
|
|
56
64
|
import { spawnPortForward, spawnAllPeripheralPortForwards, probePortForwardLiveness } from './port-forward.js';
|
|
57
65
|
import { emitUpgradeComplete } from './instrumentation.js';
|
|
@@ -59,7 +67,21 @@ import { runManifestRefresh, seedManifestsFromBundle } from './manifest-refresh.
|
|
|
59
67
|
import { OLAM_HOME, OLAM_STATE_DIR } from './config.js';
|
|
60
68
|
import { PERIPHERALS } from './peripheral-registry.js';
|
|
61
69
|
import { resolveKubectlContext } from './kubectl-context.js';
|
|
62
|
-
import { ensureK8sBootstrap } from './k8s-bootstrap.js';
|
|
70
|
+
import { ensureK8sBootstrap, resolveK8sAssetsRoot } from './k8s-bootstrap.js';
|
|
71
|
+
import { startHostSideProxy } from './host-side-proxy.js';
|
|
72
|
+
/**
|
|
73
|
+
* Resolve the bundled docker-socket-proxy.compose.yaml path. Looks under
|
|
74
|
+
* the same k8s-assets root that ships the in-cluster manifests. Returns
|
|
75
|
+
* null when the bundle layout is unexpected (dev contexts without a built
|
|
76
|
+
* tarball). Step 0.7's caller treats null as a continue-with-warning.
|
|
77
|
+
*/
|
|
78
|
+
function resolveHostSideProxyComposePath() {
|
|
79
|
+
const root = resolveK8sAssetsRoot();
|
|
80
|
+
if (root === null)
|
|
81
|
+
return null;
|
|
82
|
+
const candidate = path.join(root, 'host-side', 'docker-socket-proxy.compose.yaml');
|
|
83
|
+
return fs.existsSync(candidate) ? candidate : null;
|
|
84
|
+
}
|
|
63
85
|
export const OLAM_K8S_MANIFESTS_DIR = path.join(OLAM_HOME, 'k8s', 'manifests');
|
|
64
86
|
export const K8S_NAMESPACE = 'olam';
|
|
65
87
|
export const HOST_CP_SECRET_NAME = 'olam-host-cp-secret';
|
|
@@ -174,25 +196,6 @@ async function detectManagedK8sProvider(deps) {
|
|
|
174
196
|
}
|
|
175
197
|
return null;
|
|
176
198
|
}
|
|
177
|
-
/**
|
|
178
|
-
* D7 — Check docker socket accessibility inside the host-cp pod.
|
|
179
|
-
* Uses `kubectl exec deploy/olam-host-cp -n olam -- test -S /var/run/docker.sock`.
|
|
180
|
-
* Returns true when socket is accessible; false when absent or unreachable.
|
|
181
|
-
*/
|
|
182
|
-
async function checkDockerSocketAccessible(context, deps) {
|
|
183
|
-
if (deps.checkDockerSocketImpl) {
|
|
184
|
-
return deps.checkDockerSocketImpl(context);
|
|
185
|
-
}
|
|
186
|
-
const wrap = deps.kubectlWrapImpl ?? kubectlWrap;
|
|
187
|
-
const result = await wrap([
|
|
188
|
-
'--context', context,
|
|
189
|
-
'exec', 'deploy/olam-host-cp',
|
|
190
|
-
'-n', 'olam',
|
|
191
|
-
'--',
|
|
192
|
-
'test', '-S', '/var/run/docker.sock',
|
|
193
|
-
], { timeout: 10_000 });
|
|
194
|
-
return result.ok;
|
|
195
|
-
}
|
|
196
199
|
/**
|
|
197
200
|
* Step 0 — D22: probe Kubernetes API reachability (5s timeout).
|
|
198
201
|
* Uses kubectl cluster-info with a tight timeout to detect unreachable API server.
|
|
@@ -467,82 +470,12 @@ async function createGhcrPullSecret(context, deps, stderr) {
|
|
|
467
470
|
}
|
|
468
471
|
return { skipped: false };
|
|
469
472
|
}
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
* Returns:
|
|
477
|
-
* 'new-form' — /host-colima/ bind present (correct form per Phase B B1)
|
|
478
|
-
* 'old-form' — /var/run/docker.sock direct file-bind present (broken on colima, R3-A)
|
|
479
|
-
* 'none' — container not found or neither bind detectable (non-k3d / bare k3s)
|
|
480
|
-
*/
|
|
481
|
-
async function defaultCheckK3dNodeMounts() {
|
|
482
|
-
const { execFile } = await import('node:child_process');
|
|
483
|
-
const { promisify } = await import('node:util');
|
|
484
|
-
const execFileAsync = promisify(execFile);
|
|
485
|
-
try {
|
|
486
|
-
const { stdout } = await execFileAsync('docker', ['inspect', K3D_NODE_CONTAINER, '--format', '{{json .HostConfig.Binds}}'], { timeout: 8_000 });
|
|
487
|
-
const binds = JSON.parse(stdout.trim());
|
|
488
|
-
if (!Array.isArray(binds))
|
|
489
|
-
return 'none';
|
|
490
|
-
// New form: bind contains /host-colima/ (directory bind from Phase B B1).
|
|
491
|
-
if (binds.some((b) => b.includes('/host-colima/')))
|
|
492
|
-
return 'new-form';
|
|
493
|
-
// Old form: bind contains /var/run/docker.sock as a file source (R3-A broken form).
|
|
494
|
-
if (binds.some((b) => b.startsWith('/var/run/docker.sock:')))
|
|
495
|
-
return 'old-form';
|
|
496
|
-
return 'none';
|
|
497
|
-
}
|
|
498
|
-
catch {
|
|
499
|
-
// Container not found, docker unavailable, or JSON parse error — treat as non-k3d.
|
|
500
|
-
return 'none';
|
|
501
|
-
}
|
|
502
|
-
}
|
|
503
|
-
/**
|
|
504
|
-
* Step 0.5 — Phase D D4: k3d node docker socket bind-mount preflight (Decision #11).
|
|
505
|
-
*
|
|
506
|
-
* Detects whether the k3d-olam-host cluster was created with the correct
|
|
507
|
-
* `--volume "$HOME/.colima/default/:/host-colima/@server:*"` bind (new form,
|
|
508
|
-
* Phase B B1) or the old `--volume /var/run/docker.sock:/var/run/docker.sock`
|
|
509
|
-
* direct file-bind (broken on colima, R3-A).
|
|
510
|
-
*
|
|
511
|
-
* - 'new-form' → proceed (correct)
|
|
512
|
-
* - 'old-form' → hard error with actionable Decision #11 recreate command
|
|
513
|
-
* - 'none' → WARN only (non-k3d or bare k3s without socket bind; may work)
|
|
514
|
-
*
|
|
515
|
-
* Runs ONLY on kubernetes substrate. The check is host-side (`docker inspect`)
|
|
516
|
-
* so it can fire BEFORE any kubectl apply (pre-step 0b runs AFTER cluster is
|
|
517
|
-
* deployed; this runs BEFORE step 0 so fresh-install operators catch the
|
|
518
|
-
* broken bind before wasting a full upgrade attempt).
|
|
519
|
-
*
|
|
520
|
-
* Returns null on pass/warn (upgrade should continue);
|
|
521
|
-
* returns error message string on hard failure (upgrade should abort).
|
|
522
|
-
*/
|
|
523
|
-
async function preflightK3dNodeMounts(deps, stderr) {
|
|
524
|
-
const check = deps.checkK3dNodeMountsImpl ?? defaultCheckK3dNodeMounts;
|
|
525
|
-
const form = await check();
|
|
526
|
-
if (form === 'new-form') {
|
|
527
|
-
// Correct bind — proceed silently.
|
|
528
|
-
return null;
|
|
529
|
-
}
|
|
530
|
-
if (form === 'old-form') {
|
|
531
|
-
// Decision #11 backward-compat error: operator must recreate the cluster.
|
|
532
|
-
return (`Your k3d cluster was created with the old --volume form which fails on colima.\n` +
|
|
533
|
-
` Recreate the cluster with:\n` +
|
|
534
|
-
` k3d cluster delete olam-host\n` +
|
|
535
|
-
` k3d cluster create olam-host --volume "$HOME/.colima/default/:/host-colima/@server:*"\n` +
|
|
536
|
-
` Then re-run olam upgrade.`);
|
|
537
|
-
}
|
|
538
|
-
// 'none': k3d node container not found or non-k3d cluster (bare k3s, minikube, etc.).
|
|
539
|
-
// Emit WARN only — we cannot detect the bind on non-k3d setups, so do not block.
|
|
540
|
-
stderr.write(`${pc.yellow('[warn]')} step 0.5: k3d node container "${K3D_NODE_CONTAINER}" not found or bind form undetectable.\n` +
|
|
541
|
-
` This is expected on non-k3d clusters (bare k3s, minikube). Continuing.\n` +
|
|
542
|
-
` On colima+k3d: ensure the cluster was created with:\n` +
|
|
543
|
-
` k3d cluster create olam-host --volume "$HOME/.colima/default/:/host-colima/@server:*"\n`);
|
|
544
|
-
return null;
|
|
545
|
-
}
|
|
473
|
+
// K3D_NODE_CONTAINER, defaultCheckK3dNodeMounts, preflightK3dNodeMounts
|
|
474
|
+
// REMOVED in olam-k3d-on-mac-substrate-decision Phase B B3 (2026-05-21).
|
|
475
|
+
// They were the Decision #11 backward-compat preflight for the R3-A
|
|
476
|
+
// two-volume hostPath approach, which is fully retracted (Phase B B2).
|
|
477
|
+
// host-cp now reaches docker via TCP through the docker-socket-proxy
|
|
478
|
+
// ExternalName Service — no docker socket bind into k3d nodes at all.
|
|
546
479
|
/**
|
|
547
480
|
* Main entrypoint for the kubernetes upgrade path.
|
|
548
481
|
*
|
|
@@ -576,18 +509,13 @@ export async function runUpgradeKubernetes(opts = {}, deps = {}) {
|
|
|
576
509
|
// silently dropped the secret. Subsequent host-cp rollouts then 401'd on
|
|
577
510
|
// image pull. Step 0.4 now runs AFTER Step 0.5 (B4 bootstrap creates the
|
|
578
511
|
// namespace + RBAC) — see below.
|
|
579
|
-
//
|
|
580
|
-
//
|
|
581
|
-
//
|
|
582
|
-
//
|
|
583
|
-
//
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
if (step05Error !== null) {
|
|
587
|
-
stderr.write(`${pc.red('error:')} ${step05Error}\n`);
|
|
588
|
-
return { exitCode: 1, summary: 'k3d node bind-mount preflight failed (Decision #11)' };
|
|
589
|
-
}
|
|
590
|
-
}
|
|
512
|
+
// Step 0.5 REMOVED in olam-k3d-on-mac-substrate-decision Phase B B3
|
|
513
|
+
// (2026-05-21). The k3d node docker socket bind-mount preflight checked
|
|
514
|
+
// whether the cluster was created with the R3-A two-volume hostPath form,
|
|
515
|
+
// which is fully retracted in Phase B B2. There is no longer any docker
|
|
516
|
+
// socket binding into k3d node containers — host-cp reaches docker via
|
|
517
|
+
// TCP through the docker-socket-proxy ExternalName Service, served by a
|
|
518
|
+
// host-side proxy container started by Step 0.7. No preflight needed.
|
|
591
519
|
// ── Pre-step 0a-prelude: B3 — resolve kubectl context ONCE (config + env) ──
|
|
592
520
|
// The context is needed by ALL kubectl-invoking pre-steps and steps below.
|
|
593
521
|
// Resolution policy lives in `kubectl-context.ts` (single source of truth):
|
|
@@ -622,30 +550,14 @@ export async function runUpgradeKubernetes(opts = {}, deps = {}) {
|
|
|
622
550
|
return { exitCode: 1, summary: 'managed-k8s context detected (Decision #18 retraction)' };
|
|
623
551
|
}
|
|
624
552
|
}
|
|
625
|
-
//
|
|
626
|
-
//
|
|
627
|
-
//
|
|
628
|
-
//
|
|
629
|
-
//
|
|
630
|
-
//
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
if (!socketAccessible) {
|
|
634
|
-
// Issue #713: emit a cluster-type-aware remedy (colima vs k3d).
|
|
635
|
-
const clusterType = defaultDetectK8sClusterType(pinnedContext);
|
|
636
|
-
const remedyText = buildDockerSocketRemedy(clusterType)
|
|
637
|
-
.split('\n')
|
|
638
|
-
.map((line) => ` ${line}`)
|
|
639
|
-
.join('\n');
|
|
640
|
-
stderr.write(`${pc.yellow('[WARN]')} docker socket not accessible at /var/run/docker.sock inside the host-cp pod.\n` +
|
|
641
|
-
` This means the cluster was not created with the docker socket bind-mount,\n` +
|
|
642
|
-
` or host-cp is not yet deployed (first install — this warning is expected).\n` +
|
|
643
|
-
` For subsequent upgrades:\n` +
|
|
644
|
-
`${remedyText}\n` +
|
|
645
|
-
` Run olam doctor to check probe 28 (probeDockerSocketBindMount).\n`);
|
|
646
|
-
// WARN only — do not abort. Fresh installs have no pod yet.
|
|
647
|
-
}
|
|
648
|
-
}
|
|
553
|
+
// Pre-step 0b D7 (docker socket bind-mount preflight) REMOVED in
|
|
554
|
+
// olam-k3d-on-mac-substrate-decision Phase B B3 (2026-05-21). The
|
|
555
|
+
// preflight checked /var/run/docker.sock inside host-cp via `kubectl exec`,
|
|
556
|
+
// which is obsolete: host-cp no longer has a docker socket volumeMount
|
|
557
|
+
// (see packages/host-cp/k8s/manifests/50-deployment.yaml). Docker access
|
|
558
|
+
// is via TCP to docker-socket-proxy. Step 0.7 (above) handles the new
|
|
559
|
+
// substrate's UX; the doctor probe for proxy reachability lives in
|
|
560
|
+
// Phase C C1.
|
|
649
561
|
// ── Step 0: D22 — probe Kubernetes API reachability (5s) ─────────
|
|
650
562
|
const step0Spinner = ora('Probing Kubernetes API reachability').start();
|
|
651
563
|
const reachable = await probeKubernetesApiReachable(pinnedContext, deps);
|
|
@@ -714,6 +626,47 @@ export async function runUpgradeKubernetes(opts = {}, deps = {}) {
|
|
|
714
626
|
step06Spinner.succeed('ghcr-pull imagePullSecret created/updated');
|
|
715
627
|
}
|
|
716
628
|
}
|
|
629
|
+
// ── Step 0.7: olam-k3d-on-mac-substrate-decision Phase A — host-side ────
|
|
630
|
+
// docker-socket-proxy auto-start on macOS (Decisions #1 + #3 + #7).
|
|
631
|
+
//
|
|
632
|
+
// Resolves R4-W2-F: on macOS + colima + virtiofs, containerd's OCI runtime
|
|
633
|
+
// spec generator calls stat() on docker.sock hostPath bind mounts; virtiofs
|
|
634
|
+
// returns ENOTSUP on stat/statx for socket files. The R3-A two-volume
|
|
635
|
+
// hostPath approach is unrecoverable. This step routes around it by
|
|
636
|
+
// ensuring a host-side `tecnativa/docker-socket-proxy` container is
|
|
637
|
+
// running on the operator's docker daemon (sibling to k3d). The
|
|
638
|
+
// in-cluster Service (packages/host-cp/k8s/manifests/docker-socket-proxy/
|
|
639
|
+
// 60-service.yaml) is `type: ExternalName` aliased to host.k3d.internal,
|
|
640
|
+
// which routes traffic to this host-side container.
|
|
641
|
+
//
|
|
642
|
+
// Decision #7 (Universal): runs on all host OSes regardless of substrate.
|
|
643
|
+
// This means Linux operators also get the proxy. The per-Pod cost is
|
|
644
|
+
// invisible against the maintenance tax of OS-conditional Service generation.
|
|
645
|
+
//
|
|
646
|
+
// Idempotent: `docker compose up -d` on a running container is a no-op
|
|
647
|
+
// success. Failure surfaces an actionable remediation string but does
|
|
648
|
+
// NOT abort the upgrade — host-cp will then fail at Step 4 rollout with
|
|
649
|
+
// a clearer "proxy unreachable" symptom that the new doctor probe
|
|
650
|
+
// (olam-k3d-on-mac-substrate-decision Phase C C1) diagnoses.
|
|
651
|
+
if (process.platform === 'darwin') {
|
|
652
|
+
const step07Spinner = ora('Starting host-side docker-socket-proxy (R4-W2-F)').start();
|
|
653
|
+
const composePath = resolveHostSideProxyComposePath();
|
|
654
|
+
if (composePath === null) {
|
|
655
|
+
step07Spinner.warn('host-side docker-socket-proxy compose yaml not found (bundle layout?)');
|
|
656
|
+
stderr.write(`${pc.yellow('[warn]')} could not locate docker-socket-proxy.compose.yaml in the bundled k8s assets.\n` +
|
|
657
|
+
` This is a packaging bug — please report. Continuing without auto-start.\n`);
|
|
658
|
+
}
|
|
659
|
+
else {
|
|
660
|
+
const startResult = startHostSideProxy(composePath);
|
|
661
|
+
if (!startResult.ok) {
|
|
662
|
+
step07Spinner.warn(`host-side docker-socket-proxy start failed (continuing): ${startResult.reason ?? 'unknown'}`);
|
|
663
|
+
stderr.write(`${pc.yellow('[warn]')} ${startResult.reason ?? 'unknown error'}\n`);
|
|
664
|
+
}
|
|
665
|
+
else {
|
|
666
|
+
step07Spinner.succeed('docker-socket-proxy ready on host');
|
|
667
|
+
}
|
|
668
|
+
}
|
|
669
|
+
}
|
|
717
670
|
// ── Step 1: D10 — context-allowlist validation ───────────────────
|
|
718
671
|
// The context was already resolved (config-first, env-fallback) before
|
|
719
672
|
// pre-step 0a. Step 1 keeps the D10 allowlist gate + the audit WARN so
|