@pleri/olam-cli 0.1.186 → 0.1.195
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/ask/knowledge-pack-builder.d.ts.map +1 -1
- package/dist/ask/knowledge-pack-builder.js +5 -0
- package/dist/ask/knowledge-pack-builder.js.map +1 -1
- package/dist/ask/knowledge-pack.generated.d.ts.map +1 -1
- package/dist/ask/knowledge-pack.generated.js +442 -33
- package/dist/ask/knowledge-pack.generated.js.map +1 -1
- package/dist/commands/auth-status.js +2 -2
- package/dist/commands/auth-status.js.map +1 -1
- package/dist/commands/auth.js +1 -1
- package/dist/commands/auth.js.map +1 -1
- package/dist/commands/bootstrap.d.ts +4 -0
- package/dist/commands/bootstrap.d.ts.map +1 -1
- package/dist/commands/bootstrap.js +6 -9
- package/dist/commands/bootstrap.js.map +1 -1
- package/dist/commands/clean.js +1 -1
- package/dist/commands/clean.js.map +1 -1
- package/dist/commands/completion.d.ts.map +1 -1
- package/dist/commands/completion.js +1 -4
- package/dist/commands/completion.js.map +1 -1
- package/dist/commands/create.d.ts.map +1 -1
- package/dist/commands/create.js +10 -0
- package/dist/commands/create.js.map +1 -1
- package/dist/commands/crystallize.js +12 -14
- package/dist/commands/crystallize.js.map +1 -1
- package/dist/commands/destroy.d.ts +13 -1
- package/dist/commands/destroy.d.ts.map +1 -1
- package/dist/commands/destroy.js +52 -6
- package/dist/commands/destroy.js.map +1 -1
- package/dist/commands/dispatch.d.ts +9 -0
- package/dist/commands/dispatch.d.ts.map +1 -1
- package/dist/commands/dispatch.js +21 -2
- package/dist/commands/dispatch.js.map +1 -1
- package/dist/commands/doctor.d.ts +1 -1
- package/dist/commands/doctor.d.ts.map +1 -1
- package/dist/commands/doctor.js +29 -22
- package/dist/commands/doctor.js.map +1 -1
- package/dist/commands/enter.d.ts +3 -3
- package/dist/commands/enter.d.ts.map +1 -1
- package/dist/commands/enter.js +57 -44
- package/dist/commands/enter.js.map +1 -1
- package/dist/commands/flywheel/index.d.ts.map +1 -1
- package/dist/commands/flywheel/index.js +1 -1
- package/dist/commands/flywheel/index.js.map +1 -1
- package/dist/commands/host-cp.d.ts.map +1 -1
- package/dist/commands/host-cp.js +2 -1
- package/dist/commands/host-cp.js.map +1 -1
- package/dist/commands/implode.d.ts.map +1 -1
- package/dist/commands/implode.js +1 -1
- package/dist/commands/implode.js.map +1 -1
- package/dist/commands/init.d.ts +20 -0
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +102 -9
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/install.js +2 -2
- package/dist/commands/install.js.map +1 -1
- package/dist/commands/kg-build.d.ts.map +1 -1
- package/dist/commands/kg-build.js +3 -0
- package/dist/commands/kg-build.js.map +1 -1
- package/dist/commands/kg-classify.d.ts +20 -0
- package/dist/commands/kg-classify.d.ts.map +1 -1
- package/dist/commands/kg-classify.js +59 -42
- package/dist/commands/kg-classify.js.map +1 -1
- package/dist/commands/kg-mirror.d.ts +40 -0
- package/dist/commands/kg-mirror.d.ts.map +1 -0
- package/dist/commands/kg-mirror.js +228 -0
- package/dist/commands/kg-mirror.js.map +1 -0
- package/dist/commands/mcp/index.js +1 -1
- package/dist/commands/mcp/index.js.map +1 -1
- package/dist/commands/memory/index.d.ts.map +1 -1
- package/dist/commands/memory/index.js +1 -1
- package/dist/commands/memory/index.js.map +1 -1
- package/dist/commands/resume.d.ts.map +1 -1
- package/dist/commands/resume.js +1 -1
- package/dist/commands/resume.js.map +1 -1
- package/dist/commands/services-tls.d.ts +120 -0
- package/dist/commands/services-tls.d.ts.map +1 -0
- package/dist/commands/services-tls.js +434 -0
- package/dist/commands/services-tls.js.map +1 -0
- package/dist/commands/services.d.ts.map +1 -1
- package/dist/commands/services.js +40 -1
- package/dist/commands/services.js.map +1 -1
- package/dist/commands/setup-linux-gate.d.ts.map +1 -1
- package/dist/commands/setup-linux-gate.js +1 -3
- package/dist/commands/setup-linux-gate.js.map +1 -1
- package/dist/commands/setup-metrics.d.ts.map +1 -1
- package/dist/commands/setup-metrics.js +1 -2
- package/dist/commands/setup-metrics.js.map +1 -1
- package/dist/commands/setup-phase-5a-skill-source.d.ts +17 -1
- package/dist/commands/setup-phase-5a-skill-source.d.ts.map +1 -1
- package/dist/commands/setup-phase-5a-skill-source.js +69 -6
- package/dist/commands/setup-phase-5a-skill-source.js.map +1 -1
- package/dist/commands/setup.d.ts +26 -1
- package/dist/commands/setup.d.ts.map +1 -1
- package/dist/commands/setup.js +189 -47
- package/dist/commands/setup.js.map +1 -1
- package/dist/commands/skills-onboard.d.ts.map +1 -1
- package/dist/commands/skills-onboard.js +4 -1
- package/dist/commands/skills-onboard.js.map +1 -1
- package/dist/commands/skills-source.d.ts.map +1 -1
- package/dist/commands/skills-source.js +20 -4
- package/dist/commands/skills-source.js.map +1 -1
- package/dist/commands/status.d.ts.map +1 -1
- package/dist/commands/status.js +5 -1
- package/dist/commands/status.js.map +1 -1
- package/dist/commands/upgrade.d.ts.map +1 -1
- package/dist/commands/upgrade.js +1 -3
- package/dist/commands/upgrade.js.map +1 -1
- package/dist/commands/yolo.d.ts.map +1 -1
- package/dist/commands/yolo.js +1 -1
- package/dist/commands/yolo.js.map +1 -1
- package/dist/context.d.ts +4 -0
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +3 -2
- package/dist/context.js.map +1 -1
- package/dist/image-digests.json +8 -8
- package/dist/index.js +4409 -2375
- package/dist/index.js.map +1 -1
- package/dist/lib/auth-refresh-kubernetes.d.ts.map +1 -1
- package/dist/lib/auth-refresh-kubernetes.js +14 -5
- package/dist/lib/auth-refresh-kubernetes.js.map +1 -1
- package/dist/lib/bootstrap-kubernetes.d.ts +41 -0
- package/dist/lib/bootstrap-kubernetes.d.ts.map +1 -1
- package/dist/lib/bootstrap-kubernetes.js +289 -36
- package/dist/lib/bootstrap-kubernetes.js.map +1 -1
- package/dist/lib/cf-access-token.d.ts.map +1 -1
- package/dist/lib/cf-access-token.js +2 -3
- package/dist/lib/cf-access-token.js.map +1 -1
- package/dist/lib/health-probes.d.ts +14 -0
- package/dist/lib/health-probes.d.ts.map +1 -1
- package/dist/lib/health-probes.js +41 -3
- package/dist/lib/health-probes.js.map +1 -1
- package/dist/lib/help-groups.d.ts +36 -0
- package/dist/lib/help-groups.d.ts.map +1 -0
- package/dist/lib/help-groups.js +124 -0
- package/dist/lib/help-groups.js.map +1 -0
- package/dist/lib/k8s-bootstrap.d.ts +6 -0
- package/dist/lib/k8s-bootstrap.d.ts.map +1 -1
- package/dist/lib/k8s-bootstrap.js +15 -2
- package/dist/lib/k8s-bootstrap.js.map +1 -1
- package/dist/lib/k8s-secret-render.d.ts.map +1 -1
- package/dist/lib/k8s-secret-render.js +17 -10
- package/dist/lib/k8s-secret-render.js.map +1 -1
- package/dist/lib/memory-secret.d.ts +15 -2
- package/dist/lib/memory-secret.d.ts.map +1 -1
- package/dist/lib/memory-secret.js +25 -8
- package/dist/lib/memory-secret.js.map +1 -1
- package/dist/lib/upgrade-check.d.ts +60 -0
- package/dist/lib/upgrade-check.d.ts.map +1 -0
- package/dist/lib/upgrade-check.js +169 -0
- package/dist/lib/upgrade-check.js.map +1 -0
- package/dist/lib/upgrade-kubernetes.d.ts +17 -0
- package/dist/lib/upgrade-kubernetes.d.ts.map +1 -1
- package/dist/lib/upgrade-kubernetes.js +125 -1
- package/dist/lib/upgrade-kubernetes.js.map +1 -1
- package/dist/mcp-server.js +2687 -2818
- package/hermes-bundle/version.json +1 -1
- package/host-cp/k8s/manifests/30-configmap.yaml +8 -1
- package/host-cp/k8s/manifests/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/60-service.yaml +12 -4
- package/host-cp/k8s/manifests/70-ingressroute.yaml +58 -0
- package/host-cp/k8s/manifests/auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/chunks-electric/10-serviceaccount.yaml +8 -0
- package/host-cp/k8s/manifests/chunks-electric/20-rbac.yaml +27 -0
- package/host-cp/k8s/manifests/chunks-electric/30-configmap.yaml +23 -0
- package/host-cp/k8s/manifests/chunks-electric/45-pvc.yaml +19 -0
- package/host-cp/k8s/manifests/chunks-electric/50-deployment.yaml +84 -0
- package/host-cp/k8s/manifests/chunks-electric/60-service.yaml +17 -0
- package/host-cp/k8s/manifests/chunks-postgres/10-serviceaccount.yaml +8 -0
- package/host-cp/k8s/manifests/chunks-postgres/20-rbac.yaml +29 -0
- package/host-cp/k8s/manifests/chunks-postgres/30-configmap.yaml +185 -0
- package/host-cp/k8s/manifests/chunks-postgres/45-pvc.yaml +24 -0
- package/host-cp/k8s/manifests/chunks-postgres/50-deployment.yaml +101 -0
- package/host-cp/k8s/manifests/chunks-postgres/60-service.yaml +24 -0
- package/host-cp/k8s/manifests/kg-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/memory-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/plan-chat-service/10-serviceaccount.yaml +8 -0
- package/host-cp/k8s/manifests/plan-chat-service/20-rbac.yaml +29 -0
- package/host-cp/k8s/manifests/plan-chat-service/30-configmap.yaml +36 -0
- package/host-cp/k8s/manifests/plan-chat-service/45-pvc.yaml +24 -0
- package/host-cp/k8s/manifests/plan-chat-service/50-deployment.yaml +135 -0
- package/host-cp/k8s/manifests/plan-chat-service/60-service.yaml +17 -0
- package/host-cp/src/plan-chat-secret.mjs +16 -1
- package/host-cp/src/plan-chat-service.mjs +709 -11
- package/host-cp/src/planning-sessions.mjs +252 -0
- package/host-cp/src/pr-cache.mjs +11 -2
- package/host-cp/src/server.mjs +128 -22
- package/package.json +2 -1
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;AACpC,iFAAiF;AACjF,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,UAAU,CAAC;AAE7C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,UAAU,CAAC;KACnB,aAAa,CAAC,yBAAyB,EAAE,CAAC,CAAC;AAE9C,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,6EAA6E;AAC7E,4EAA4E;AAC5E,uEAAuE;AACvE,iEAAiE;AACjE,KAAK,oBAAoB,CAAC,UAAU,CAAC,CAAC;AAEtC,wEAAwE;AACxE,0EAA0E;AAC1E,uEAAuE;AACvE,wEAAwE;AACxE,qEAAqE;AACrE,wEAAwE;AACxE,2EAA2E;AAC3E,+DAA+D;AAC/D,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;AAC3B,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-refresh-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/auth-refresh-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-refresh-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/auth-refresh-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAOhD,MAAM,WAAW,yBAAyB;IACxC,yEAAyE;IACzE,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,WAAW,CAAC;IAC9C,+DAA+D;IAC/D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,MAAM,CAAC;IAC/D,gEAAgE;IAChE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;IACvF,6CAA6C;IAC7C,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,4DAA4D;IAC5D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,yBAAyB;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,yBAAyB;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CACzC;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAYxF;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG;IAC1D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAEA;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,MAAM,EACrB,IAAI,GAAE,yBAA8B,GACnC,OAAO,CAAC,MAAM,CAAC,CA4EjB"}
|
|
@@ -17,6 +17,7 @@ import { OLAM_HOME } from './config.js';
|
|
|
17
17
|
import { kubectlWrap } from './kubectl-wrap.js';
|
|
18
18
|
import { HOST_CP_SECRET_NAME, HOST_CP_DEPLOYMENT_NAME } from './upgrade-kubernetes.js';
|
|
19
19
|
import { resolveKubectlContext as resolveKubectlContextShared } from './kubectl-context.js';
|
|
20
|
+
import { resolveSecretPath, canonicalSecretPath, ensureSecretsDir } from '@olam/core/src/secrets/paths.js';
|
|
20
21
|
const K8S_NAMESPACE = 'olam';
|
|
21
22
|
/**
|
|
22
23
|
* Construct the olam-host-cp-secret YAML in-process (D20 stdin-safe design).
|
|
@@ -65,26 +66,34 @@ export async function applyK8sAuthRefresh(pinnedContext, deps = {}) {
|
|
|
65
66
|
const stdout = deps.stdout ?? process.stdout;
|
|
66
67
|
const stderr = deps.stderr ?? process.stderr;
|
|
67
68
|
const olamHome = deps.olamHomeOverride ?? OLAM_HOME;
|
|
68
|
-
|
|
69
|
+
// READ from resolved path (new canonical or legacy fallback).
|
|
70
|
+
const authSecretReadFile = deps.olamHomeOverride
|
|
71
|
+
? path.join(olamHome, 'auth-secret')
|
|
72
|
+
: resolveSecretPath('auth-secret');
|
|
73
|
+
// WRITE to canonical path.
|
|
74
|
+
const authSecretWriteFile = deps.olamHomeOverride
|
|
75
|
+
? path.join(olamHome, 'auth-secret')
|
|
76
|
+
: canonicalSecretPath('auth-secret');
|
|
69
77
|
const readFn = deps.readFileSyncImpl ?? ((p, enc) => fs.readFileSync(p, enc));
|
|
70
78
|
const writeFn = deps.writeFileSyncImpl ?? ((p, data, opts) => {
|
|
79
|
+
ensureSecretsDir();
|
|
71
80
|
fs.mkdirSync(path.dirname(p), { recursive: true });
|
|
72
81
|
fs.writeFileSync(p, data, { encoding: 'utf8', mode: opts.mode });
|
|
73
82
|
});
|
|
74
83
|
const wrap = deps.kubectlWrapImpl ?? kubectlWrap;
|
|
75
|
-
// Read current
|
|
84
|
+
// Read current auth-secret.
|
|
76
85
|
let authSecretValue = null;
|
|
77
86
|
try {
|
|
78
|
-
const raw = readFn(
|
|
87
|
+
const raw = readFn(authSecretReadFile, 'utf8').trim();
|
|
79
88
|
if (raw.length > 0)
|
|
80
89
|
authSecretValue = raw;
|
|
81
90
|
}
|
|
82
91
|
catch {
|
|
83
92
|
// File absent — warn and skip Secret update.
|
|
84
93
|
}
|
|
85
|
-
// Write
|
|
94
|
+
// Write to canonical location (both substrates; idempotent).
|
|
86
95
|
if (authSecretValue !== null) {
|
|
87
|
-
writeFn(
|
|
96
|
+
writeFn(authSecretWriteFile, authSecretValue + '\n', { mode: 0o600 });
|
|
88
97
|
}
|
|
89
98
|
else {
|
|
90
99
|
stderr.write(`${pc.yellow('[warn]')} ~/.olam/auth-secret not found — skipping kubernetes Secret update. ` +
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-refresh-kubernetes.js","sourceRoot":"","sources":["../../src/lib/auth-refresh-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,SAAS,IAAI,aAAa,EAAE,MAAM,MAAM,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AACvF,OAAO,EAAE,qBAAqB,IAAI,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-refresh-kubernetes.js","sourceRoot":"","sources":["../../src/lib/auth-refresh-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,SAAS,IAAI,aAAa,EAAE,MAAM,MAAM,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AACvF,OAAO,EAAE,qBAAqB,IAAI,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAE3G,MAAM,aAAa,GAAG,MAAM,CAAC;AAmB7B;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB,EAAE,IAA4B;IAC9E,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,UAAU,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,aAAa,CAAC;QACnB,UAAU,EAAE,IAAI;QAChB,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE;QACxD,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,UAAU;KACjB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAmB;IAKvD,OAAO,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACjD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,aAAqB,EACrB,OAAkC,EAAE;IAEpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC;IACpD,8DAA8D;IAC9D,MAAM,kBAAkB,GAAG,IAAI,CAAC,gBAAgB;QAC9C,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;QACpC,CAAC,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;IACrC,2BAA2B;IAC3B,MAAM,mBAAmB,GAAG,IAAI,CAAC,gBAAgB;QAC/C,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;QACpC,CAAC,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAEvC,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,IAAI,CAAC,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC9F,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,CAAC,CAAS,EAAE,IAAY,EAAE,IAAsB,EAAE,EAAE;QAC7F,gBAAgB,EAAE,CAAC;QACnB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,IAAI,WAAW,CAAC;IAEjD,4BAA4B;IAC5B,IAAI,eAAe,GAAkB,IAAI,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,eAAe,GAAG,GAAG,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;IAED,6DAA6D;IAC7D,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO,CAAC,mBAAmB,EAAE,eAAe,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,sEAAsE;YAC5F,gDAAgD,CACjD,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,gFAAgF;IAChF,MAAM,UAAU,GAAG,eAAe,CAAC,mBAAmB,EAAE;QACtD,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,mCAAmC;IACnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAC5B,CAAC,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,EAChD,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CACvC,CAAC;IAEF,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,0CAA0C,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CACzG,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,uEAAuE;IACvE,MAAM,aAAa,GAAG,MAAM,IAAI,CAC9B,CAAC,WAAW,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,uBAAuB,EAAE,EAAE,IAAI,EAAE,aAAa,CAAC,EAChH,EAAE,OAAO,EAAE,MAAM,EAAE,CACpB,CAAC;IAEF,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,4BAA4B,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI;YAC/F,qEAAqE,CACtE,CAAC;QACF,iDAAiD;IACnD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,uBAAuB,wBAAwB,CAAC,CAAC;IACzG,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC"}
|
|
@@ -33,10 +33,51 @@ export interface BootstrapKubernetesOptions {
|
|
|
33
33
|
readonly autoInstall: boolean;
|
|
34
34
|
readonly skipObservability: boolean;
|
|
35
35
|
readonly skipClusterCreate: boolean;
|
|
36
|
+
readonly forceObservability: boolean;
|
|
37
|
+
/** Stream raw script output to the terminal instead of buffering. Useful when
|
|
38
|
+
* debugging a failing observability script. Mirrors the --force-observability
|
|
39
|
+
* pattern. Default: false (buffered; one-line status per script). */
|
|
40
|
+
readonly verboseObservability: boolean;
|
|
41
|
+
/**
|
|
42
|
+
* DEV-ONLY: mount a local olam source checkout into the k3d node at
|
|
43
|
+
* /host/olam. See `RunSetupOptions.hostCpDevPath` for full rationale —
|
|
44
|
+
* regular operators leave this unset; the published image is
|
|
45
|
+
* self-contained.
|
|
46
|
+
*/
|
|
47
|
+
readonly hostCpDevPath?: string;
|
|
36
48
|
}
|
|
37
49
|
export interface BootstrapKubernetesResult {
|
|
38
50
|
readonly exitCode: number;
|
|
39
51
|
readonly summary: string;
|
|
40
52
|
}
|
|
53
|
+
/**
|
|
54
|
+
* Probe whether the component installed by `script` is already healthy.
|
|
55
|
+
* Uses `spawnSync` with `stdio: 'pipe'` so output never leaks to the operator.
|
|
56
|
+
* Returns false on any error or unexpected output — conservatively runs the
|
|
57
|
+
* script when in doubt.
|
|
58
|
+
*/
|
|
59
|
+
export declare function isObservabilityComponentReady(component: string): boolean;
|
|
60
|
+
/**
|
|
61
|
+
* Read the Grafana admin credentials from the cluster secret.
|
|
62
|
+
* Returns null when the secret is absent or kubectl fails (bootstrap
|
|
63
|
+
* may not have run observability yet).
|
|
64
|
+
*/
|
|
65
|
+
export declare function getGrafanaCredentials(): {
|
|
66
|
+
user: string;
|
|
67
|
+
password: string;
|
|
68
|
+
} | null;
|
|
69
|
+
/**
|
|
70
|
+
* Run a single observability bash script, capturing all output to a log file
|
|
71
|
+
* instead of streaming it to the terminal. Returns whether the script
|
|
72
|
+
* succeeded, how long it took, and the log path for error context.
|
|
73
|
+
*
|
|
74
|
+
* When `verbose` is true the function falls back to `stdio: 'inherit'` so the
|
|
75
|
+
* operator can watch the raw output live (useful when debugging a failure).
|
|
76
|
+
*/
|
|
77
|
+
export declare function runObservabilityScript(scriptPath: string, scriptName: string, env: NodeJS.ProcessEnv, verbose?: boolean): {
|
|
78
|
+
ok: boolean;
|
|
79
|
+
durationMs: number;
|
|
80
|
+
logPath: string;
|
|
81
|
+
};
|
|
41
82
|
export declare function runBootstrapKubernetes(rawOpts: Partial<BootstrapKubernetesOptions>): Promise<BootstrapKubernetesResult>;
|
|
42
83
|
//# sourceMappingURL=bootstrap-kubernetes.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/bootstrap-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;
|
|
1
|
+
{"version":3,"file":"bootstrap-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/bootstrap-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AA4BH,eAAO,MAAM,mBAAmB,cAAc,CAAC;AAsC/C,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;IACrC;;0EAEsE;IACtE,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAqSD;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAqFxE;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,IAAI;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,IAAI,CA0BP;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,MAAM,CAAC,UAAU,EACtB,OAAO,GAAE,OAAe,GACvB;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAwBtD;AA+QD,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,OAAO,CAAC,0BAA0B,CAAC,GAC3C,OAAO,CAAC,yBAAyB,CAAC,CAmCpC"}
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
* the prereq + cluster-create + observability wrapper around it.
|
|
29
29
|
*/
|
|
30
30
|
import { spawnSync } from "node:child_process";
|
|
31
|
-
import { existsSync, mkdirSync, readdirSync, writeFileSync, chmodSync, } from "node:fs";
|
|
31
|
+
import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync, chmodSync, } from "node:fs";
|
|
32
32
|
import { join } from "node:path";
|
|
33
33
|
import { homedir, platform } from "node:os";
|
|
34
34
|
import { randomBytes } from "node:crypto";
|
|
@@ -36,6 +36,7 @@ import pc from "picocolors";
|
|
|
36
36
|
import { printError, printSuccess, printInfo, printWarning, printHeader, } from "../output.js";
|
|
37
37
|
import { installRoot } from "../install-root.js";
|
|
38
38
|
import { resolveK8sAssetsRoot } from "./k8s-bootstrap.js";
|
|
39
|
+
import { canonicalSecretPath, ensureSecretsDir } from "@olam/core/src/secrets/paths.js";
|
|
39
40
|
const OLAM_HOME = join(homedir(), ".olam");
|
|
40
41
|
export const DEFAULT_K3S_CLUSTER = "olam-host";
|
|
41
42
|
const REQUIRED_TOOLS = [
|
|
@@ -159,16 +160,20 @@ function preflight(opts) {
|
|
|
159
160
|
function ensureSecrets() {
|
|
160
161
|
step("1/6 — operator secrets");
|
|
161
162
|
mkdirSync(OLAM_HOME, { recursive: true });
|
|
163
|
+
ensureSecretsDir();
|
|
162
164
|
for (const name of SECRET_FILES) {
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
165
|
+
// Write to canonical new location (~/.olam/secrets/<name>).
|
|
166
|
+
const newPath = canonicalSecretPath(name);
|
|
167
|
+
// Legacy path — if it already exists there, skip (migration handles move).
|
|
168
|
+
const legacyPath = join(OLAM_HOME, name);
|
|
169
|
+
if (existsSync(newPath) || existsSync(legacyPath)) {
|
|
170
|
+
printInfo("skip", `~/.olam/secrets/${name} already exists`);
|
|
166
171
|
continue;
|
|
167
172
|
}
|
|
168
173
|
const hex = randomBytes(32).toString("hex");
|
|
169
|
-
writeFileSync(
|
|
170
|
-
chmodSync(
|
|
171
|
-
printSuccess(`generated ~/.olam/${name}`);
|
|
174
|
+
writeFileSync(newPath, hex + "\n", { encoding: "utf8", mode: 0o600 });
|
|
175
|
+
chmodSync(newPath, 0o600);
|
|
176
|
+
printSuccess(`generated ~/.olam/secrets/${name}`);
|
|
172
177
|
}
|
|
173
178
|
}
|
|
174
179
|
function ensureColima() {
|
|
@@ -214,13 +219,32 @@ function ensureCluster(opts) {
|
|
|
214
219
|
printInfo("cluster", `'${opts.cluster}' already exists`);
|
|
215
220
|
return;
|
|
216
221
|
}
|
|
217
|
-
|
|
222
|
+
// host-cp's deployment has two hostPath mounts:
|
|
223
|
+
// /host/.config/gh ← gh CLI config (optional; bound when present)
|
|
224
|
+
// /host/olam ← operator's olam source (DEV ONLY via --host-cp-dev-path)
|
|
225
|
+
// Published-CLI consumers have no olam checkout; the operator-repo mount
|
|
226
|
+
// is left absent + DirectoryOrCreate handles it gracefully in-cluster.
|
|
227
|
+
const volumes = [];
|
|
228
|
+
const ghConfigDir = `${homedir()}/.config/gh`;
|
|
229
|
+
if (existsSync(ghConfigDir)) {
|
|
230
|
+
volumes.push("--volume", `${ghConfigDir}:/host/.config/gh`);
|
|
231
|
+
}
|
|
232
|
+
else {
|
|
233
|
+
printInfo("cluster", `${ghConfigDir} not found; skipping gh-config bind (run \`gh auth login\` to enable)`);
|
|
234
|
+
}
|
|
235
|
+
if (opts.hostCpDevPath) {
|
|
236
|
+
if (!existsSync(opts.hostCpDevPath)) {
|
|
237
|
+
printError(`--host-cp-dev-path ${opts.hostCpDevPath} does not exist`);
|
|
238
|
+
process.exit(1);
|
|
239
|
+
}
|
|
240
|
+
volumes.push("--volume", `${opts.hostCpDevPath}:/host/olam`);
|
|
241
|
+
printInfo("cluster", `dev-mode: mounting ${opts.hostCpDevPath} → /host/olam`);
|
|
242
|
+
}
|
|
218
243
|
runOrFail("k3d", [
|
|
219
244
|
"cluster",
|
|
220
245
|
"create",
|
|
221
246
|
opts.cluster,
|
|
222
|
-
|
|
223
|
-
ghConfigBind,
|
|
247
|
+
...volumes,
|
|
224
248
|
"--wait",
|
|
225
249
|
"--timeout",
|
|
226
250
|
"90s",
|
|
@@ -284,12 +308,147 @@ function resolveBundleRoot() {
|
|
|
284
308
|
}
|
|
285
309
|
return null;
|
|
286
310
|
}
|
|
311
|
+
/**
|
|
312
|
+
* Probe whether the component installed by `script` is already healthy.
|
|
313
|
+
* Uses `spawnSync` with `stdio: 'pipe'` so output never leaks to the operator.
|
|
314
|
+
* Returns false on any error or unexpected output — conservatively runs the
|
|
315
|
+
* script when in doubt.
|
|
316
|
+
*/
|
|
317
|
+
export function isObservabilityComponentReady(component) {
|
|
318
|
+
/** Silent kubectl probe — returns trimmed stdout or empty string on failure. */
|
|
319
|
+
function kget(args) {
|
|
320
|
+
const r = spawnSync("kubectl", [...args], {
|
|
321
|
+
encoding: "utf-8",
|
|
322
|
+
stdio: "pipe",
|
|
323
|
+
});
|
|
324
|
+
if (r.status !== 0)
|
|
325
|
+
return "";
|
|
326
|
+
return (r.stdout ?? "").trim();
|
|
327
|
+
}
|
|
328
|
+
switch (component) {
|
|
329
|
+
case "kyverno-cardinality-mutate": {
|
|
330
|
+
// ClusterPolicy doesn't expose `.status.ready` as a flat field — the real
|
|
331
|
+
// shape is `.status.conditions[?(@.type=="Ready")].status == "True"`.
|
|
332
|
+
// The previous flat probe always returned empty → script re-ran every
|
|
333
|
+
// boot. Caught during live verification on 2026-05-28.
|
|
334
|
+
const policyReady = kget([
|
|
335
|
+
"get", "clusterpolicy", "enforce-cardinality-labeldrop",
|
|
336
|
+
"-o", `jsonpath={.status.conditions[?(@.type=="Ready")].status}`,
|
|
337
|
+
]);
|
|
338
|
+
const admissionReplicas = parseInt(kget([
|
|
339
|
+
"get", "deploy", "-n", "kyverno", "kyverno-admission-controller",
|
|
340
|
+
"-o", "jsonpath={.status.readyReplicas}",
|
|
341
|
+
]) || "0", 10);
|
|
342
|
+
return policyReady === "True" && admissionReplicas >= 1;
|
|
343
|
+
}
|
|
344
|
+
case "prom-no-double-grafana": {
|
|
345
|
+
const grafanaReplicas = parseInt(kget([
|
|
346
|
+
"-n", "monitoring", "get", "deploy", "olam-grafana",
|
|
347
|
+
"-o", "jsonpath={.status.readyReplicas}",
|
|
348
|
+
]) || "0", 10);
|
|
349
|
+
const promReplicas = parseInt(kget([
|
|
350
|
+
"-n", "monitoring", "get", "sts",
|
|
351
|
+
"prometheus-olam-prom-kube-prometheus-prometheus",
|
|
352
|
+
"-o", "jsonpath={.status.readyReplicas}",
|
|
353
|
+
]) || "0", 10);
|
|
354
|
+
return grafanaReplicas >= 1 && promReplicas >= 1;
|
|
355
|
+
}
|
|
356
|
+
case "loki-ingest": {
|
|
357
|
+
const lokiReplicas = parseInt(kget([
|
|
358
|
+
"-n", "monitoring", "get", "sts", "olam-loki",
|
|
359
|
+
"-o", "jsonpath={.status.readyReplicas}",
|
|
360
|
+
]) || "0", 10);
|
|
361
|
+
const promtailReady = parseInt(kget([
|
|
362
|
+
"-n", "monitoring", "get", "ds", "olam-promtail",
|
|
363
|
+
"-o", "jsonpath={.status.numberReady}",
|
|
364
|
+
]) || "0", 10);
|
|
365
|
+
return lokiReplicas >= 1 && promtailReady >= 1;
|
|
366
|
+
}
|
|
367
|
+
case "grafana-port-forward": {
|
|
368
|
+
// Probe: Grafana deploy has >= 1 ready replica AND the olam-dashboards
|
|
369
|
+
// ConfigMap exists (created by this script). When both are true the
|
|
370
|
+
// chart + dashboards are already installed; skip the re-run.
|
|
371
|
+
const grafanaReplicas = parseInt(kget([
|
|
372
|
+
"-n", "monitoring", "get", "deploy", "olam-grafana",
|
|
373
|
+
"-o", "jsonpath={.status.readyReplicas}",
|
|
374
|
+
]) || "0", 10);
|
|
375
|
+
const dashboardsCm = kget([
|
|
376
|
+
"-n", "monitoring", "get", "cm", "olam-dashboards",
|
|
377
|
+
"-o", "name",
|
|
378
|
+
]);
|
|
379
|
+
return grafanaReplicas >= 1 && dashboardsCm.trim().length > 0;
|
|
380
|
+
}
|
|
381
|
+
default:
|
|
382
|
+
return false;
|
|
383
|
+
}
|
|
384
|
+
}
|
|
385
|
+
/**
|
|
386
|
+
* Read the Grafana admin credentials from the cluster secret.
|
|
387
|
+
* Returns null when the secret is absent or kubectl fails (bootstrap
|
|
388
|
+
* may not have run observability yet).
|
|
389
|
+
*/
|
|
390
|
+
export function getGrafanaCredentials() {
|
|
391
|
+
function getSecretKey(key) {
|
|
392
|
+
const r = spawnSync("kubectl", [
|
|
393
|
+
"-n", "monitoring", "get", "secret", "olam-grafana-admin",
|
|
394
|
+
"-o", `jsonpath={.data.${key}}`,
|
|
395
|
+
], { encoding: "utf-8", stdio: "pipe" });
|
|
396
|
+
if (r.status !== 0)
|
|
397
|
+
return "";
|
|
398
|
+
return (r.stdout ?? "").trim();
|
|
399
|
+
}
|
|
400
|
+
const rawUser = getSecretKey("admin-user");
|
|
401
|
+
const rawPassword = getSecretKey("admin-password");
|
|
402
|
+
if (!rawUser || !rawPassword)
|
|
403
|
+
return null;
|
|
404
|
+
try {
|
|
405
|
+
const user = Buffer.from(rawUser, "base64").toString("utf-8");
|
|
406
|
+
const password = Buffer.from(rawPassword, "base64").toString("utf-8");
|
|
407
|
+
if (!user || !password)
|
|
408
|
+
return null;
|
|
409
|
+
return { user, password };
|
|
410
|
+
}
|
|
411
|
+
catch {
|
|
412
|
+
return null;
|
|
413
|
+
}
|
|
414
|
+
}
|
|
415
|
+
/**
|
|
416
|
+
* Run a single observability bash script, capturing all output to a log file
|
|
417
|
+
* instead of streaming it to the terminal. Returns whether the script
|
|
418
|
+
* succeeded, how long it took, and the log path for error context.
|
|
419
|
+
*
|
|
420
|
+
* When `verbose` is true the function falls back to `stdio: 'inherit'` so the
|
|
421
|
+
* operator can watch the raw output live (useful when debugging a failure).
|
|
422
|
+
*/
|
|
423
|
+
export function runObservabilityScript(scriptPath, scriptName, env, verbose = false) {
|
|
424
|
+
const logDir = join(homedir(), ".olam", "logs");
|
|
425
|
+
mkdirSync(logDir, { recursive: true });
|
|
426
|
+
const baseName = scriptName.replace(/\.sh$/, "");
|
|
427
|
+
const logPath = join(logDir, `observability-${baseName}.log`);
|
|
428
|
+
const startMs = Date.now();
|
|
429
|
+
if (verbose) {
|
|
430
|
+
// Verbose mode: stream directly to terminal; log file captures nothing.
|
|
431
|
+
const result = spawnSync("bash", [scriptPath], { stdio: "inherit", env });
|
|
432
|
+
const durationMs = Date.now() - startMs;
|
|
433
|
+
writeFileSync(logPath, `(verbose mode — output streamed to terminal)\n`, "utf-8");
|
|
434
|
+
return { ok: result.status === 0, durationMs, logPath };
|
|
435
|
+
}
|
|
436
|
+
const result = spawnSync("bash", [scriptPath], {
|
|
437
|
+
stdio: "pipe",
|
|
438
|
+
env,
|
|
439
|
+
encoding: "utf-8",
|
|
440
|
+
});
|
|
441
|
+
const durationMs = Date.now() - startMs;
|
|
442
|
+
const combined = (result.stdout ?? "") + (result.stderr ?? "");
|
|
443
|
+
writeFileSync(logPath, combined, "utf-8");
|
|
444
|
+
return { ok: result.status === 0, durationMs, logPath };
|
|
445
|
+
}
|
|
287
446
|
function installObservability(opts) {
|
|
288
447
|
if (opts.skipObservability) {
|
|
289
448
|
step("4/6 — observability (skipped via --skip-observability)");
|
|
290
449
|
return;
|
|
291
450
|
}
|
|
292
|
-
step("4/6 — observability
|
|
451
|
+
step("4/6 — observability");
|
|
293
452
|
const observabilityDir = resolveObservabilityScriptsDir();
|
|
294
453
|
if (!observabilityDir) {
|
|
295
454
|
throw new Error(`Bundled observability assets missing. ` +
|
|
@@ -306,30 +465,85 @@ function installObservability(opts) {
|
|
|
306
465
|
if (bundleRoot) {
|
|
307
466
|
scriptEnv.OLAM_BUNDLE_ROOT = bundleRoot;
|
|
308
467
|
}
|
|
468
|
+
const outcomes = [];
|
|
309
469
|
for (const script of OBSERVABILITY_SCRIPTS) {
|
|
310
470
|
const path = join(observabilityDir, script);
|
|
311
471
|
if (!existsSync(path)) {
|
|
312
|
-
|
|
472
|
+
outcomes.push({ script, state: "missing" });
|
|
313
473
|
continue;
|
|
314
474
|
}
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
if (result.status !== 0) {
|
|
321
|
-
// loki-ingest's 10s scrub-wait is known to flake on cold-start; the
|
|
322
|
-
// underlying Loki/Promtail install almost always succeeded.
|
|
323
|
-
if (script === "loki-ingest.sh") {
|
|
324
|
-
printWarning("loki-ingest non-zero — likely Promtail scrub-wait flake; continuing");
|
|
325
|
-
}
|
|
326
|
-
else {
|
|
327
|
-
printError(`${script} failed — observability stack not ready`);
|
|
328
|
-
process.exit(1);
|
|
475
|
+
if (!opts.forceObservability) {
|
|
476
|
+
const component = script.replace(/\.sh$/, "");
|
|
477
|
+
if (isObservabilityComponentReady(component)) {
|
|
478
|
+
outcomes.push({ script, state: "skipped" });
|
|
479
|
+
continue;
|
|
329
480
|
}
|
|
330
481
|
}
|
|
482
|
+
const runResult = runObservabilityScript(path, script, scriptEnv, opts.verboseObservability);
|
|
483
|
+
if (runResult.ok) {
|
|
484
|
+
outcomes.push({
|
|
485
|
+
script,
|
|
486
|
+
state: "ran",
|
|
487
|
+
durationMs: runResult.durationMs,
|
|
488
|
+
logPath: runResult.logPath,
|
|
489
|
+
});
|
|
490
|
+
}
|
|
491
|
+
else if (script === "loki-ingest.sh") {
|
|
492
|
+
outcomes.push({
|
|
493
|
+
script,
|
|
494
|
+
state: "loki-flake",
|
|
495
|
+
durationMs: runResult.durationMs,
|
|
496
|
+
logPath: runResult.logPath,
|
|
497
|
+
});
|
|
498
|
+
}
|
|
331
499
|
else {
|
|
332
|
-
|
|
500
|
+
outcomes.push({
|
|
501
|
+
script,
|
|
502
|
+
state: "ran-failed",
|
|
503
|
+
durationMs: runResult.durationMs,
|
|
504
|
+
logPath: runResult.logPath,
|
|
505
|
+
});
|
|
506
|
+
}
|
|
507
|
+
}
|
|
508
|
+
// Compact name: strip the .sh suffix and the cardinality-mutate suffix that
|
|
509
|
+
// serves no informational purpose at this level.
|
|
510
|
+
const niceName = (script) => script.replace(/\.sh$/, "").replace(/-cardinality-mutate$/, "");
|
|
511
|
+
// All-installed fast path: one line instead of four. Trims the most common
|
|
512
|
+
// case (operator re-runs setup on a healthy cluster) to a single line.
|
|
513
|
+
const allSkipped = outcomes.length > 0 && outcomes.every((o) => o.state === "skipped");
|
|
514
|
+
if (allSkipped) {
|
|
515
|
+
printSuccess(`all ${outcomes.length} already installed (--force-observability to reinstall)`);
|
|
516
|
+
return;
|
|
517
|
+
}
|
|
518
|
+
for (const o of outcomes) {
|
|
519
|
+
const name = niceName(o.script);
|
|
520
|
+
const seconds = o.durationMs !== undefined
|
|
521
|
+
? `${(o.durationMs / 1000).toFixed(1)}s`
|
|
522
|
+
: "";
|
|
523
|
+
switch (o.state) {
|
|
524
|
+
case "missing":
|
|
525
|
+
printWarning(`${name}: script not found — skipping`);
|
|
526
|
+
break;
|
|
527
|
+
case "skipped":
|
|
528
|
+
printSuccess(`${name}: already installed`);
|
|
529
|
+
break;
|
|
530
|
+
case "ran":
|
|
531
|
+
printSuccess(`${name}: ${seconds}`);
|
|
532
|
+
break;
|
|
533
|
+
case "loki-flake":
|
|
534
|
+
printWarning(`${name}: ${seconds} (promtail scrub-wait flake; continuing)`);
|
|
535
|
+
break;
|
|
536
|
+
case "ran-failed": {
|
|
537
|
+
printError(`${name}: failed (${seconds}) — log=${o.logPath}`);
|
|
538
|
+
if (o.logPath !== undefined) {
|
|
539
|
+
const tail = readFileSync(o.logPath, "utf-8")
|
|
540
|
+
.split("\n")
|
|
541
|
+
.slice(-20)
|
|
542
|
+
.join("\n");
|
|
543
|
+
process.stderr.write(` --- last 20 lines from ${o.script} ---\n${tail}\n`);
|
|
544
|
+
}
|
|
545
|
+
process.exit(1);
|
|
546
|
+
}
|
|
333
547
|
}
|
|
334
548
|
}
|
|
335
549
|
}
|
|
@@ -364,17 +578,46 @@ function applyPeripheralServicesManifests() {
|
|
|
364
578
|
printWarning("no non-deployment peripheral-services manifests found — skipping");
|
|
365
579
|
return;
|
|
366
580
|
}
|
|
581
|
+
// Capture kubectl apply output for each manifest; count unchanged vs changed.
|
|
582
|
+
// On a healthy re-run every resource reports "unchanged" — no per-manifest spam.
|
|
583
|
+
// Verbose output is written to ~/.olam/logs/peripheral-services-apply.log.
|
|
584
|
+
const logDir = join(homedir(), ".olam", "logs");
|
|
585
|
+
mkdirSync(logDir, { recursive: true });
|
|
586
|
+
const logPath = join(logDir, "peripheral-services-apply.log");
|
|
587
|
+
const logLines = [];
|
|
588
|
+
let unchangedCount = 0;
|
|
589
|
+
let changedCount = 0;
|
|
367
590
|
for (const manifest of manifestFiles) {
|
|
368
|
-
printInfo("apply", manifest.replace(manifestsDir + "/", ""));
|
|
369
591
|
const r = spawnSync("kubectl", ["apply", "-f", manifest], {
|
|
370
|
-
stdio: "
|
|
592
|
+
stdio: "pipe",
|
|
593
|
+
encoding: "utf-8",
|
|
371
594
|
});
|
|
595
|
+
const combined = (r.stdout ?? "") + (r.stderr ?? "");
|
|
596
|
+
logLines.push(`==> ${manifest}\n${combined}`);
|
|
372
597
|
if (r.status !== 0) {
|
|
373
|
-
|
|
598
|
+
// Write the full log before aborting so the operator can diagnose.
|
|
599
|
+
writeFileSync(logPath, logLines.join("\n"), "utf-8");
|
|
600
|
+
printError(`kubectl apply failed for ${manifest.replace(manifestsDir + "/", "")} — see ${logPath}`);
|
|
601
|
+
process.stderr.write(` --- last lines ---\n${combined.split("\n").slice(-10).join("\n")}\n`);
|
|
374
602
|
process.exit(r.status ?? 1);
|
|
375
603
|
}
|
|
604
|
+
// Count resources by whether kubectl reported "unchanged" or "configured"/"created".
|
|
605
|
+
const lines = combined.split("\n").filter((l) => l.trim().length > 0);
|
|
606
|
+
for (const line of lines) {
|
|
607
|
+
if (/unchanged$/.test(line.trim())) {
|
|
608
|
+
unchangedCount++;
|
|
609
|
+
}
|
|
610
|
+
else if (/configured$|created$/.test(line.trim())) {
|
|
611
|
+
changedCount++;
|
|
612
|
+
}
|
|
613
|
+
}
|
|
376
614
|
}
|
|
377
|
-
|
|
615
|
+
writeFileSync(logPath, logLines.join("\n"), "utf-8");
|
|
616
|
+
// Compact: "12 manifests — no-op" or "12 manifests — 3 changed"
|
|
617
|
+
const summary = changedCount > 0
|
|
618
|
+
? `${manifestFiles.length} manifests — ${changedCount} changed`
|
|
619
|
+
: `${manifestFiles.length} manifests — no-op`;
|
|
620
|
+
printSuccess(`peripheral-services: ${summary}`);
|
|
378
621
|
}
|
|
379
622
|
function delegateToUpgrade() {
|
|
380
623
|
step("6/6 — apply host-cp + peripherals + rollout (olam upgrade)");
|
|
@@ -393,6 +636,11 @@ function delegateToUpgrade() {
|
|
|
393
636
|
}
|
|
394
637
|
function summary(opts) {
|
|
395
638
|
step("done");
|
|
639
|
+
const grafanaCreds = getGrafanaCredentials();
|
|
640
|
+
const grafanaCredsBlock = grafanaCreds
|
|
641
|
+
? ` User: ${grafanaCreds.user}\n Password: ${grafanaCreds.password}`
|
|
642
|
+
: ` # Get password: kubectl -n monitoring get secret olam-grafana-admin \\
|
|
643
|
+
# -o jsonpath='{.data.admin-password}' | base64 -d`;
|
|
396
644
|
process.stdout.write(`
|
|
397
645
|
Cluster: ${opts.cluster}
|
|
398
646
|
Next steps:
|
|
@@ -401,11 +649,13 @@ function summary(opts) {
|
|
|
401
649
|
kubectl get pods -n olam
|
|
402
650
|
|
|
403
651
|
Grafana:
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
652
|
+
URL: http://localhost:3000 (after the port-forward below)
|
|
653
|
+
${grafanaCredsBlock}
|
|
654
|
+
Port-forward: kubectl port-forward -n monitoring svc/olam-grafana 3000:80
|
|
655
|
+
|
|
656
|
+
Prometheus:
|
|
657
|
+
URL: http://localhost:9090 (after the port-forward below)
|
|
658
|
+
Port-forward: kubectl port-forward -n monitoring svc/olam-prom-kube-prometheus-prometheus 9090:9090
|
|
409
659
|
`);
|
|
410
660
|
}
|
|
411
661
|
export async function runBootstrapKubernetes(rawOpts) {
|
|
@@ -421,6 +671,9 @@ export async function runBootstrapKubernetes(rawOpts) {
|
|
|
421
671
|
autoInstall: rawOpts.autoInstall ?? defaultAutoInstall,
|
|
422
672
|
skipObservability: rawOpts.skipObservability ?? false,
|
|
423
673
|
skipClusterCreate: rawOpts.skipClusterCreate ?? false,
|
|
674
|
+
forceObservability: rawOpts.forceObservability ?? false,
|
|
675
|
+
verboseObservability: rawOpts.verboseObservability ?? false,
|
|
676
|
+
hostCpDevPath: rawOpts.hostCpDevPath,
|
|
424
677
|
};
|
|
425
678
|
printHeader("olam setup — k3s mode");
|
|
426
679
|
printInfo("mode", "one-command bring-up of olam peripherals + observability on a local k3d cluster");
|